diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 2eb320983f6a..3eb2c5b8fb18 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,3 @@ # To find available Node images, see https://mcr.microsoft.com/en-us/product/devcontainers/javascript-node/tags - -# [Choice] Node.js version -ARG VARIANT="dev-24-bullseye" -FROM mcr.microsoft.com/devcontainers/javascript-node:${VARIANT} +ARG VARIANT=dev-24-bullseye +FROM mcr.microsoft.com/devcontainers/javascript-node:dev-24-bullseye@sha256:3502f1f21b1989500e8c72ada7d6e496dc4540b0707d4ea4ff743077f88a6c2d diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 30f6ce6a2427..b04da84f0758 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -12,6 +12,9 @@ // Install features. Type 'feature' in the VS Code command palette for a full list. "features": { "sshd": "latest", + "ghcr.io/devcontainers/features/copilot-cli:1": { + "version": "prerelease" + }, "ghcr.io/devcontainers/features/github-cli:1": {} }, @@ -59,10 +62,8 @@ }, // Lifecycle commands - // Install dependencies then install Copilot CLI - "onCreateCommand": "npm ci && npm install -g @github/copilot@prerelease", // Start a web server and keep it running - "postStartCommand": "nohup bash -c 'npm start &'", + "postStartCommand": "nohup bash -c 'npm ci && npm start &'", // Set port 4000 to be public "postAttachCommand": "gh cs ports visibility 4000:public -c \"$CODESPACE_NAME\"", diff --git a/.github/actions/labeler/labeler.ts b/.github/actions/labeler/labeler.ts index f08d586dbe2d..03606570cd6a 100644 --- a/.github/actions/labeler/labeler.ts +++ b/.github/actions/labeler/labeler.ts @@ -1,6 +1,6 @@ /* See function main in this file for documentation */ -import coreLib from '@actions/core' +import * as coreLib from '@actions/core' import { type Octokit } from '@octokit/rest' import { CoreInject } from '@/links/scripts/action-injections' diff --git a/.github/agents/readability-editor.md b/.github/agents/readability-editor.md new file mode 100644 index 000000000000..1cfcf9159bc5 --- /dev/null +++ b/.github/agents/readability-editor.md @@ -0,0 +1,71 @@ +--- + +name: "Readability-Editor" +description: "Improves the readability and scannability of an article provided by the user, applying plain language principles and the GitHub Docs team's style guide and writing standards." +tools: ['read', 'edit/editFiles', 'search', 'web', 'github/*', 'execute'] + +--- + +# Readability-Editor Agent + +You are an expert editor for the GitHub Docs content team. Your job is to maximize the readability of articles, using plain language principles and abiding by the Docs team’s writing standards. + +## Agent Purpose + +- Enhance readability: Apply plain language, simplify sentences, and remove unnecessary jargon. +- Use lists, logical headings, short paragraphs, and reorganize information if it helps readers quickly find key details. + +## Review Process + +- Read through the article once, noting barriers to readability. +- Note barriers to scannability. +- Note content with the weakest plain language usage. +- Make changes according to the guidelines below. +- Only analyze and edit the specific .md files provided. +- Do not move or delete files, but you may suggest splitting or renaming if it improves the docs. +- Make edits only when they provide meaningful improvements. Do not revise purely for minor aesthetics. +- Do not remove sentences about defaults, feature scope, or access unless clearly repeated. +- Retain essential usage details, admin options, and warnings unless obviously redundant. +- Submit edits as a pull request. + +## Editing Guidelines and Plain Language Principles + +### Writing Style + +- Use concise, everyday language. Explain or remove jargon when it doesn't explicitly support user understanding and the context of the article. +- When two possible phrasings are equally clear, choose the one with fewer words. Brevity directly improves readability. +- Use full terms and not their shortened versions. +- Use active voice and personal pronouns ("you," "your"); favor present tense. +- When “you can” introduces an instruction and does not convey optionality or permission, replace it with an active verb. For example, “You can enable” becomes “Enable”. Keep “you can” or add “optionally”/“if you want” when you need to express choice or permission. +- Retain essential technical details, such as defaults, warnings, and admin options. +- Do not alter the intent of verbs and actions (ex. "navigate" does not necessarily mean "select"). +- Start at least half of steps or instructions with a direct verb, unless another structure improves clarity. +- Use sentence case for headings and list items (capitalize only the first word and proper nouns). +- Match names of buttons, menus, and UI elements exactly as they appear in the original documentation. Do not paraphrase. + +### Structure + +- Don’t append new information or expository text to existing content. +- Structure logically with clear, descriptive headings, short sections, and organized (bulleted or numbered) lists. +- Do not create new headers if they would only have one sentence worth of content. +- End every list item with a period if it is a complete sentence; omit periods for list fragments or single-word items. + +### Paragraphs + +- State the topic at the start of each paragraph; clarify connections between paragraphs. +- Limit paragraphs to 150 words or fewer. +- Split a paragraph or list item when it includes two topics or steps. + +### Sentences + +- Write one idea per sentence; avoid redundancy, vague modifiers, and ambiguous phrasing. +- Avoid consecutive sentences starting the same way. +- Make sure no more than 25% of sentences contain more than 20 words. +- Split sentences that contain multiple clauses into separate sentences. + +## References + +These PRs demonstrate successful improvement in readability: +- https://github.com/github/docs-internal/pull/59219 +- https://github.com/github/docs-internal/pull/59300 +- https://github.com/github/docs-internal/pull/57154 diff --git a/.github/instructions/all.instructions.md b/.github/instructions/all.instructions.md index 6c093e5aaa67..b370dc3dbb98 100644 --- a/.github/instructions/all.instructions.md +++ b/.github/instructions/all.instructions.md @@ -12,9 +12,9 @@ When you create a pull request: 1. **Always** make the first line of the PR description the following (in italics): - `_Copilot Chat generated this pull request._` + `_GitHub Copilot generated this pull request._` -2. Optionally, you may include a collapsed section summarizing the prompt or discussion with Copilot Chat: +2. Optionally, you may include a collapsed section summarizing the prompt or discussion with Copilot: ```markdown
Prompt summary - submitted by @GITHUB-USER-ID @@ -28,4 +28,5 @@ When you create a pull request: 3. Label with "llm-generated". 4. If an issue exists, include "fixes owner/repo#issue" or "towards owner/repo#issue" as appropriate. -5. Always _escape backticks_ when you use gh cli. +5. Always create PRs in **draft mode** using `--draft` flag. +6. When you are using gh cli, always _escape backticks_. diff --git a/.github/instructions/code.instructions.md b/.github/instructions/code.instructions.md index 24edc8a25681..f2ba0e5bba17 100644 --- a/.github/instructions/code.instructions.md +++ b/.github/instructions/code.instructions.md @@ -9,10 +9,10 @@ For code reviews, follow guidelines, tests, and validate instructions. For creat ## Guidelines - If available, use ripgrep (`rg`) instead of `grep`. -- Make sure to always _escape backticks_ when using gh cli. +- When using gh cli, always _escape backticks_. - All scripts should be listed in `package.json` and use `tsx`. -- Whenever you create or comment on an issue or pull request, indicate you are an LLM. -- Be careful fetching full HTML pages off the internet. Prefer to use gh cli whenever possible for github.com. Limit the number of tokens when grabbing HTML. +- Whenever you create or comment on an issue or pull request, indicate you are GitHub Copilot. +- Be careful fetching full HTML pages off the internet. Prefer to use MCP or gh cli whenever possible for github.com. Limit the number of tokens when grabbing HTML. - Avoid pull requests with over 300 lines of code changed. When significantly larger, offer to split up into smaller pull requests if possible. - All new code should be written in TypeScript and not JavaScript. - We use absolute imports, relative to the `src` directory, using the `@` symbol. For example, `getRedirect` which lives in `src/redirects/lib/get-redirect.ts` can be imported with `import getRedirect from '@/redirects/lib/get-redirect'`. The same rule applies for TypeScript (`.ts`) imports, e.g. `import type { GeneralSearchHit } from '@/search/types'` @@ -43,7 +43,7 @@ Run the following commands to validate your changes: 0. Ask the human if they would like you to follow these steps. 1. If this is new work, make sure you have the latest changes by running `git checkout main && git pull`. If this is existing work, update the branch you are working on with the head branch -- usually `main`. -2. If the human provides a GitHub issue, use gh cli to read the issue and all comments. +2. If the human provides a GitHub issue, use MCP or gh cli to read the issue and all comments. 3. Begin by evaluating impact, effort, and estimate non-test lines of code that will change. Ask for more context and examples if needed. 4. If you are running in agentic mode, _stop_ at this point and request approval from the human. 5. If you need to add or change tests, work on tests before implementing. @@ -52,7 +52,7 @@ Run the following commands to validate your changes: 8. Validate that any new or changed tests pass. See "Tests". 9. Validate that these changes meet our guidelines. See "Guidelines". 10. If you are running in agentic mode, _stop_ at this point and request review before continuing. Suggest how the human should review the changes. -11. If a branch and pull request already exist, commit and push, then _concisely_ comment on the pull request that you are an LLM and what changes you made and why. +11. If a branch and pull request already exist, commit and push, then _concisely_ comment on the pull request that you are GitHub Copilot and what changes you made and why. 12. If this is new work and no pull request exists yet, make a pull request: - label "llm-generated" - draft mode @@ -61,4 +61,4 @@ Run the following commands to validate your changes: 14. If you are in agentic mode, offer to do any or all of: - mark the pull request as ready, - assign the issue to the human if it is not already assigned, - - _concisely_ comment on the issue explaining the change, indicating you are an LLM. + - _concisely_ comment on the issue explaining the change, indicating you are GitHub Copilot. diff --git a/.github/workflows/all-documents.yml b/.github/workflows/all-documents.yml index 58ce83b578df..f52aebfb8374 100644 --- a/.github/workflows/all-documents.yml +++ b/.github/workflows/all-documents.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/article-api-docs.yml b/.github/workflows/article-api-docs.yml index e6552f4fa380..b856b43b8b3b 100644 --- a/.github/workflows/article-api-docs.yml +++ b/.github/workflows/article-api-docs.yml @@ -22,7 +22,7 @@ jobs: if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/auto-add-ready-for-doc-review.yml b/.github/workflows/auto-add-ready-for-doc-review.yml index 4a78f5a76d66..3d556a58d65a 100644 --- a/.github/workflows/auto-add-ready-for-doc-review.yml +++ b/.github/workflows/auto-add-ready-for-doc-review.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check team membership id: membership_check diff --git a/.github/workflows/check-broken-links-github-github.yml b/.github/workflows/check-broken-links-github-github.yml index 9ed65c286704..9ec1037fc099 100644 --- a/.github/workflows/check-broken-links-github-github.yml +++ b/.github/workflows/check-broken-links-github-github.yml @@ -7,7 +7,7 @@ name: Check Broken Docs Links in github/github on: workflow_dispatch: schedule: - - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST — link & content quality theme permissions: contents: read @@ -24,7 +24,7 @@ jobs: REPORT_REPOSITORY: github/docs-content steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # To prevent issues with cloning early access content later persist-credentials: 'false' @@ -44,10 +44,9 @@ jobs: PORT: 4000 ENABLED_LANGUAGES: en run: | - - npm run start & + npm run start-for-ci & sleep 5 - curl --retry-connrefused --retry 3 -I http://localhost:4000/ + curl --retry-connrefused --retry 5 -I http://localhost:4000/ - name: Run broken github/github link check run: | diff --git a/.github/workflows/close-on-invalid-label.yaml b/.github/workflows/close-on-invalid-label.yaml index 7c7e12b3d478..cf68f22a396b 100644 --- a/.github/workflows/close-on-invalid-label.yaml +++ b/.github/workflows/close-on-invalid-label.yaml @@ -37,7 +37,7 @@ jobs: - name: Check out repo if: ${{ failure() && github.event_name != 'pull_request_target' }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'pull_request_target' }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 39a961119a60..f6bc4e7e872e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' runs-on: ubuntu-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7 with: languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp, ruby} diff --git a/.github/workflows/confirm-internal-staff-work-in-docs.yml b/.github/workflows/confirm-internal-staff-work-in-docs.yml index 776157ce8acf..00dd5c555a6a 100644 --- a/.github/workflows/confirm-internal-staff-work-in-docs.yml +++ b/.github/workflows/confirm-internal-staff-work-in-docs.yml @@ -83,7 +83,7 @@ jobs: - name: Check out repo if: ${{ failure() && github.event_name != 'pull_request_target' }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'pull_request_target' }} with: diff --git a/.github/workflows/content-lint-markdown.yml b/.github/workflows/content-lint-markdown.yml index f00366bc9ab8..d2f998bd9084 100644 --- a/.github/workflows/content-lint-markdown.yml +++ b/.github/workflows/content-lint-markdown.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Node and dependencies uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/content-linter-rules-docs.yml b/.github/workflows/content-linter-rules-docs.yml index 4d17f0cc2ae0..1f0c7ebe9d64 100644 --- a/.github/workflows/content-linter-rules-docs.yml +++ b/.github/workflows/content-linter-rules-docs.yml @@ -25,7 +25,7 @@ jobs: if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/copy-api-issue-to-internal.yml b/.github/workflows/copy-api-issue-to-internal.yml index 4f52dd60d3ab..df1bf1a31fa9 100644 --- a/.github/workflows/copy-api-issue-to-internal.yml +++ b/.github/workflows/copy-api-issue-to-internal.yml @@ -73,7 +73,7 @@ jobs: - name: Check out repo if: ${{ failure() && github.event_name != 'workflow_dispatch' && github.repository == 'github/docs-internal' }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'workflow_dispatch' && github.repository == 'github/docs-internal' }} with: diff --git a/.github/workflows/count-translation-corruptions.yml b/.github/workflows/count-translation-corruptions.yml index 0c8b901f0ee2..8045fcc713c9 100644 --- a/.github/workflows/count-translation-corruptions.yml +++ b/.github/workflows/count-translation-corruptions.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout English repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # Using a PAT is necessary so that the new commit will trigger the # CI in the PR. (Events from GITHUB_TOKEN don't trigger new workflows.) diff --git a/.github/workflows/create-changelog-pr.yml b/.github/workflows/create-changelog-pr.yml index 626af254771f..e4cc83aaf36a 100644 --- a/.github/workflows/create-changelog-pr.yml +++ b/.github/workflows/create-changelog-pr.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: 'Ensure ${{ env.CHANGELOG_FILE }} exists' run: | diff --git a/.github/workflows/delete-orphan-translation-files.yml b/.github/workflows/delete-orphan-translation-files.yml index d97fa24b30c5..3615b25161ff 100644 --- a/.github/workflows/delete-orphan-translation-files.yml +++ b/.github/workflows/delete-orphan-translation-files.yml @@ -14,7 +14,7 @@ name: Delete orphan translation files on: workflow_dispatch: schedule: - - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 3' # Run every Wednesday at 16:20 UTC / 8:20 PST — orphan & hygiene cleanup theme permissions: contents: write @@ -60,10 +60,10 @@ jobs: language_repo: github/docs-internal.ko-kr steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Checkout the language-specific repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: ${{ matrix.language_repo }} token: ${{ secrets.DOCS_BOT_PAT_BASE }} diff --git a/.github/workflows/docs-review-collect.yml b/.github/workflows/docs-review-collect.yml index f97bfbca4ae4..49a514c9c872 100644 --- a/.github/workflows/docs-review-collect.yml +++ b/.github/workflows/docs-review-collect.yml @@ -7,7 +7,7 @@ name: Add docs-reviewers request to the docs-content review board on: workflow_dispatch: schedule: - - cron: '20 */6 * * *' # Run every 6 hours at 20 minutes after + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST permissions: contents: read @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repo content - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 @@ -29,7 +29,7 @@ jobs: cache: npm - name: Install dependencies - run: npm install @octokit/graphql + run: npm ci - name: Run script for audit-log-allowlists run: | diff --git a/.github/workflows/dont-delete-assets.yml b/.github/workflows/dont-delete-assets.yml index 17ff82230cdb..3d66d1c6dc82 100644 --- a/.github/workflows/dont-delete-assets.yml +++ b/.github/workflows/dont-delete-assets.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/dont-delete-features.yml b/.github/workflows/dont-delete-features.yml index 16a0cea8f555..9790d399ed2a 100644 --- a/.github/workflows/dont-delete-features.yml +++ b/.github/workflows/dont-delete-features.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/enterprise-dates.yml b/.github/workflows/enterprise-dates.yml index c81e32b9a36c..ebc927c2fa3c 100644 --- a/.github/workflows/enterprise-dates.yml +++ b/.github/workflows/enterprise-dates.yml @@ -11,7 +11,7 @@ name: Enterprise date updater on: workflow_dispatch: schedule: - - cron: '20 16 * * 2' # Run every Tuesday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 4' # Run every Thursday at 16:20 UTC / 8:20 PST — infrastructure & releases theme permissions: contents: write @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup @@ -35,7 +35,7 @@ jobs: - name: Create pull request id: create-pull-request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # pin @v7.0.9 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # pin @v8.0.0 env: # Disable pre-commit hooks; they don't play nicely here HUSKY: '0' diff --git a/.github/workflows/enterprise-release-issue.yml b/.github/workflows/enterprise-release-issue.yml index eabaf5bf0f27..3b6e87ad768b 100644 --- a/.github/workflows/enterprise-release-issue.yml +++ b/.github/workflows/enterprise-release-issue.yml @@ -7,7 +7,7 @@ name: Open Enterprise release or deprecation issue on: workflow_dispatch: schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 4' # Run every Thursday at 16:20 UTC / 8:20 PST — infrastructure & releases theme permissions: contents: read @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/feedback-prompt.yml b/.github/workflows/feedback-prompt.yml index 66908c4d05e0..5cb1a6bdab99 100644 --- a/.github/workflows/feedback-prompt.yml +++ b/.github/workflows/feedback-prompt.yml @@ -53,22 +53,21 @@ jobs: .join(" "); let commentBody; - if (assignees) { commentBody = "👋 " + assignees + - " - Please leave us feedback on your contributing experience! " + - "To do this, please go to `#docs-contributor-feedback` on Slack."; + " - Thanks for your contribution! " + + "If you think something could be improved about the contributor experience, please post in `#docs-contributor-feedback` on Slack."; } else if (prAuthor.toLowerCase() !== "copilot") { commentBody = "👋 @" + prAuthor + - " - Please leave us feedback on your contributing experience! " + - "To do this, please go to `#docs-contributor-feedback` on Slack."; + " - Thanks for your contribution! " + + "If you think something could be improved about the contributor experience, please post in `#docs-contributor-feedback` on Slack."; } else { // nobody to mention! commentBody = - "👋 Please leave us feedback on your contributing experience! " + - "To do this, please go to `#docs-contributor-feedback` on Slack."; + "👋 Thanks for your contribution! " + + "If you think something could be improved about the contributor experience, please post in `#docs-contributor-feedback` on Slack."; } await github.rest.issues.createComment({ diff --git a/.github/workflows/first-responder-v2-prs-collect.yml b/.github/workflows/first-responder-v2-prs-collect.yml index 4ebc9dcbac6e..5428ca37c66a 100644 --- a/.github/workflows/first-responder-v2-prs-collect.yml +++ b/.github/workflows/first-responder-v2-prs-collect.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 # Add to the FR project # and set type to "Maintenance" diff --git a/.github/workflows/generate-code-scanning-query-lists.yml b/.github/workflows/generate-code-scanning-query-lists.yml index bf4aa979fcec..b3309211e0ae 100644 --- a/.github/workflows/generate-code-scanning-query-lists.yml +++ b/.github/workflows/generate-code-scanning-query-lists.yml @@ -19,7 +19,8 @@ on: pull_request: paths: - .github/workflows/generate-code-scanning-query-lists.yml - - src/code-scanning/scripts/generate-code-scanning-query-list.ts + - src/codeql-queries/scripts/generate-code-scanning-query-list.ts + - src/codeql-queries/scripts/generate-code-quality-query-list.ts - .github/actions/install-cocofix/action.yml permissions: @@ -27,17 +28,17 @@ permissions: pull-requests: write jobs: - generate-query-lists: + generate-security-query-lists: if: github.repository == 'github/docs-internal' runs-on: ubuntu-latest steps: - name: Checkout repository code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup - name: Checkout codeql repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: github/codeql path: codeql @@ -45,6 +46,7 @@ jobs: - name: Get the codeql SHA being synced id: codeql + shell: bash run: | cd codeql OPENAPI_COMMIT_SHA=$(git rev-parse HEAD) @@ -56,12 +58,14 @@ jobs: uses: ./codeql/.github/actions/fetch-codeql - name: Test CodeQL CLI Download + shell: bash run: codeql --version # "Server for running multiple commands while avoiding repeated JVM initialization." # Having started this should speed up the execution of the various # CLI calls of the executable. - name: Start CodeQL CLI server in the background + shell: bash run: | codeql execute cli-server & sleep 3 @@ -71,21 +75,8 @@ jobs: with: token: ${{ secrets.DOCS_BOT_PAT_BASE }} - - name: Lint the code (eslint) - if: ${{ github.event_name == 'pull_request' }} - env: - PATH: '$PATH:${{ github.workspace }}/node_modules/.bin' - run: | - eslint --no-ignore src/code-scanning/scripts/generate-code-scanning-query-list.ts - - - name: Lint the code (tsc) - if: ${{ github.event_name == 'pull_request' }} - env: - PATH: '$PATH:${{ github.workspace }}/node_modules/.bin' - run: | - tsc --noEmit --project src/code-scanning/scripts/tsconfig.json - - - name: Build code scanning query list + - name: Build code scanning security query lists + shell: bash run: | for lang in "actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "rust" "swift"; do echo "Generating code scanning query list for $lang" @@ -97,7 +88,112 @@ jobs: $lang done + - name: Upload security query lists + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: security-query-lists + path: data/reusables/code-scanning/codeql-query-tables/ + + generate-quality-query-lists: + if: github.repository == 'github/docs-internal' + runs-on: ubuntu-latest + steps: + - name: Checkout repository code + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - uses: ./.github/actions/node-npm-setup + + - name: Checkout codeql repo + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + repository: github/codeql + path: codeql + ref: ${{ inputs.SOURCE_BRANCH || 'main' }} + + - name: Get the codeql SHA being synced + id: codeql + shell: bash + run: | + cd codeql + OPENAPI_COMMIT_SHA=$(git rev-parse HEAD) + echo "OPENAPI_COMMIT_SHA=$OPENAPI_COMMIT_SHA" >> $GITHUB_OUTPUT + echo "Copied files from github/codeql repo. Commit SHA: $OPENAPI_COMMIT_SHA" + + - name: Download CodeQL CLI + # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo + uses: ./codeql/.github/actions/fetch-codeql + + - name: Test CodeQL CLI Download + shell: bash + run: codeql --version + + # "Server for running multiple commands while avoiding repeated JVM initialization." + # Having started this should speed up the execution of the various + # CLI calls of the executable. + - name: Start CodeQL CLI server in the background + shell: bash + run: | + codeql execute cli-server & + sleep 3 + codeql --version + + - name: Build code quality query lists + shell: bash + run: | + for lang in "csharp" "go" "java" "javascript" "python" "ruby"; do + echo "Generating code quality query list for $lang" + npm run generate-code-quality-query-list -- \ + --verbose \ + --codeql-path codeql \ + --codeql-dir codeql \ + -o data/reusables/code-quality/codeql-query-tables/$lang.md \ + $lang + done + + - name: Upload quality query lists + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: quality-query-lists + path: data/reusables/code-quality/codeql-query-tables/ + + create-pull-request: + if: github.repository == 'github/docs-internal' + runs-on: ubuntu-latest + needs: [generate-security-query-lists, generate-quality-query-lists] + steps: + - name: Checkout repository code + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - name: Checkout codeql repo + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + repository: github/codeql + path: codeql + ref: ${{ inputs.SOURCE_BRANCH || 'main' }} + + - name: Get the codeql SHA being synced + id: codeql + shell: bash + run: | + cd codeql + OPENAPI_COMMIT_SHA=$(git rev-parse HEAD) + echo "OPENAPI_COMMIT_SHA=$OPENAPI_COMMIT_SHA" >> $GITHUB_OUTPUT + echo "Copied files from github/codeql repo. Commit SHA: $OPENAPI_COMMIT_SHA" + + - name: Download security query lists + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: security-query-lists + path: data/reusables/code-scanning/codeql-query-tables/ + + - name: Download quality query lists + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: quality-query-lists + path: data/reusables/code-quality/codeql-query-tables/ + - name: Insight into diff + shell: bash run: | git diff @@ -105,6 +201,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }} DRY_RUN: ${{ github.event_name == 'pull_request'}} + shell: bash run: | # When we started, we downloaded the CodeQL CLI here in this workflow. @@ -145,6 +242,7 @@ jobs: fi git add data/reusables/code-scanning/codeql-query-tables + git add data/reusables/code-quality/codeql-query-tables git commit -m "Update CodeQL query tables" git push -u origin $branchname @@ -157,6 +255,6 @@ jobs: No action is required from the first responder for the Docs content team. This PR is automatically added to the Docs content review board. Any writer can review this by checking that the PR looks sensible. If CI does not pass or other problems arise, contact #docs-engineering on slack. - - + + When the DRI for the CodeQL CLI release is ready to publish, they will ask us to merge this PR in #docs-content.' diff --git a/.github/workflows/headless-tests.yml b/.github/workflows/headless-tests.yml index 535d6c036ec2..29d371a28203 100644 --- a/.github/workflows/headless-tests.yml +++ b/.github/workflows/headless-tests.yml @@ -37,7 +37,7 @@ jobs: timeout-minutes: 60 steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/setup-elasticsearch diff --git a/.github/workflows/hubber-contribution-help.yml b/.github/workflows/hubber-contribution-help.yml index a105b8d3042b..aa0f3b6d0164 100644 --- a/.github/workflows/hubber-contribution-help.yml +++ b/.github/workflows/hubber-contribution-help.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - id: membership_check uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd diff --git a/.github/workflows/index-autocomplete-search.yml b/.github/workflows/index-autocomplete-search.yml index 408fecf43061..c4ec2fa40b58 100644 --- a/.github/workflows/index-autocomplete-search.yml +++ b/.github/workflows/index-autocomplete-search.yml @@ -7,7 +7,7 @@ name: Index autocomplete search in Elasticsearch on: workflow_dispatch: schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST pull_request: paths: - .github/workflows/index-autocomplete-search.yml @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup - uses: ./.github/actions/setup-elasticsearch if: ${{ github.event_name == 'pull_request' }} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.DOCS_BOT_PAT_BASE }} repository: github/docs-internal-data diff --git a/.github/workflows/index-general-search-pr.yml b/.github/workflows/index-general-search-pr.yml index dd1ebf27883d..3220a1e6e2d9 100644 --- a/.github/workflows/index-general-search-pr.yml +++ b/.github/workflows/index-general-search-pr.yml @@ -37,10 +37,10 @@ jobs: if: github.repository == 'github/docs-internal' steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Clone docs-internal-data - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: github/docs-internal-data # This works because user `docs-bot` has read access to that private repo. diff --git a/.github/workflows/index-general-search.yml b/.github/workflows/index-general-search.yml index 683833c81628..411cc608866c 100644 --- a/.github/workflows/index-general-search.yml +++ b/.github/workflows/index-general-search.yml @@ -17,7 +17,7 @@ on: required: false default: '' schedule: - - cron: '20 16 * * *' # Run every 24 hours at 20 minutes past the hour + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST workflow_run: workflows: ['Purge Fastly'] types: @@ -26,9 +26,11 @@ on: permissions: contents: read -# This allows a subsequently queued workflow run to cancel previous runs +# This allows a subsequently queued workflow run to cancel previous runs. +# Include the triggering workflow's conclusion in the group so that runs triggered +# by skipped Purge Fastly workflows don't cancel runs triggered by successful ones. concurrency: - group: '${{ github.workflow }} @ ${{ github.head_ref }} ${{ github.event_name }}' + group: '${{ github.workflow }} @ ${{ github.head_ref }} ${{ github.event_name }} ${{ github.event.workflow_run.conclusion }}' cancel-in-progress: true env: @@ -40,7 +42,9 @@ env: jobs: figureOutMatrix: - if: ${{ github.repository == 'github/docs-internal' }} + # Skip immediately if triggered by a non-successful Purge Fastly run. + # This prevents skipped runs from canceling valid indexing runs via concurrency. + if: ${{ github.repository == 'github/docs-internal' && (github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success') }} runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.result }} @@ -55,11 +59,13 @@ jobs: const allPossible = ["en", ...allNonEnglish] if (context.eventName === "workflow_run") { + // Job-level `if` already ensures we only get here for successful runs, + // but keep this as a safety check. if (context.payload.workflow_run.conclusion === "success") { return ["en"] } - console.warn(`NOTE! It was a workflow_run but not success ('${context.payload.workflow_run.conclusion}')`) - console.warn("This means we're not going to index anything in the next dependent step.") + // This shouldn't happen due to job-level filter, but handle gracefully. + console.warn(`Unexpected: workflow_run with conclusion '${context.payload.workflow_run.conclusion}'`) return [] } @@ -87,7 +93,7 @@ jobs: - name: Check out repo if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'workflow_dispatch' }} @@ -115,10 +121,10 @@ jobs: language: ${{ fromJSON(needs.figureOutMatrix.outputs.matrix) }} steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Clone docs-internal-data - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: github/docs-internal-data # This works because user `docs-bot` has read access to that private repo. @@ -146,7 +152,7 @@ jobs: # first sleep to give it a chance to start sleep 6 - curl --retry-connrefused --retry 4 -I http://localhost:4002/ + curl --retry-connrefused --retry 6 -I http://localhost:4002/ - if: ${{ failure() }} name: Debug server outputs on errors @@ -224,21 +230,64 @@ jobs: FASTLY_SURROGATE_KEY: api-search:${{ matrix.language }} run: npm run purge-fastly-edge-cache - - name: Alert on scraping failures - if: ${{ steps.check-failures.outputs.has_failures == 'true' && github.event_name != 'workflow_dispatch' }} - uses: ./.github/actions/slack-alert + - name: Upload failures artifact + if: ${{ steps.check-failures.outputs.has_failures == 'true' }} + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: search-failures-${{ matrix.language }} + path: /tmp/records/failures-summary.json + retention-days: 1 + + - uses: ./.github/actions/slack-alert + if: ${{ failure() && github.event_name != 'workflow_dispatch' }} with: slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} - message: | - :warning: ${{ steps.check-failures.outputs.failed_pages }} page(s) failed to scrape for general search indexing (language: ${{ matrix.language }}) - The indexing completed but some pages could not be scraped. This may affect search results for those pages. + notifyScrapingFailures: + name: Notify scraping failures + needs: updateElasticsearchIndexes + if: ${{ always() && github.repository == 'github/docs-internal' && github.event_name != 'workflow_dispatch' && needs.updateElasticsearchIndexes.result != 'cancelled' }} + runs-on: ubuntu-latest + steps: + - name: Check out repo + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - Workflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + - name: Download all failure artifacts + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + pattern: search-failures-* + path: /tmp/failures + continue-on-error: true - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} + - name: Check if any failures were downloaded + id: check-artifacts + run: | + if [ -d /tmp/failures ] && [ "$(ls -A /tmp/failures 2>/dev/null)" ]; then + echo "has_artifacts=true" >> $GITHUB_OUTPUT + else + echo "has_artifacts=false" >> $GITHUB_OUTPUT + fi + + - uses: ./.github/actions/node-npm-setup + if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }} + + - name: Aggregate failures and format message + if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }} + id: aggregate + run: | + RESULT=$(npx tsx src/search/scripts/aggregate-search-index-failures.ts /tmp/failures \ + --workflow-url "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}") + { + echo 'result<> "$GITHUB_OUTPUT" + + - name: Send consolidated Slack notification + if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }} + uses: ./.github/actions/slack-alert with: slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} + message: ${{ fromJSON(steps.aggregate.outputs.result).message }} diff --git a/.github/workflows/keep-caches-warm.yml b/.github/workflows/keep-caches-warm.yml index e63de3ecd6b1..0cffbf8e205b 100644 --- a/.github/workflows/keep-caches-warm.yml +++ b/.github/workflows/keep-caches-warm.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/link-check-daily.yml b/.github/workflows/link-check-daily.yml deleted file mode 100644 index 63e8933ea4ff..000000000000 --- a/.github/workflows/link-check-daily.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: 'Link Checker: Daily' - -# **What it does**: This script once a day checks all English links and reports in issue if any are broken. -# **Why we have it**: We want to know if any links break internally or externally. -# **Who does it impact**: Docs content. - -on: - workflow_dispatch: - schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST - -permissions: - contents: read - issues: write - -jobs: - check_all_english_links: - name: Check all links - if: github.repository == 'github/docs-internal' - runs-on: ubuntu-latest - steps: - - name: Check that gh CLI is installed - run: gh --version - - - name: Check out repo's default branch - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - - uses: ./.github/actions/node-npm-setup - - - name: Figure out which docs-early-access branch to checkout, if internal repo - if: ${{ github.repository == 'github/docs-internal' }} - id: check-early-access - env: - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }} - run: npm run what-docs-early-access-branch - - - name: Check out docs-early-access too, if internal repo - if: ${{ github.repository == 'github/docs-internal' }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_BASE }} - path: docs-early-access - ref: ${{ steps.check-early-access.outputs.branch }} - - - name: Merge docs-early-access repo's folders - if: ${{ github.repository == 'github/docs-internal' }} - run: src/early-access/scripts/merge-early-access.sh - - - name: Restore disk-cache file for external link checking - uses: actions/cache@v4 - with: - path: external-link-checker-db.json - key: external-link-checker-${{ hashFiles('src/links/scripts/rendered-content-link-checker.ts') }} - - - name: Insight into external link checker DB json file (before) - run: | - if [ -f external-link-checker-db.json ]; then - echo "external-link-checker-db.json exists" - echo -n "Number of URLs in cache: " - jq '.urls | keys_unsorted' external-link-checker-db.json | wc -l - else - echo "external-link-checker-db.json does not exist" - fi - - - name: Run link checker - env: - DISABLE_REWRITE_ASSET_URLS: true - LEVEL: 'critical' - # Set this to true in repo scope to enable debug logs - # ACTIONS_RUNNER_DEBUG = true - ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }} - REPORT_AUTHOR: docs-bot - REPORT_LABEL: broken link report - REPORT_REPOSITORY: github/docs-content - CREATE_REPORT: true - CHECK_EXTERNAL_LINKS: true - PATIENT: true - # This means that we'll *re-check* external URLs once a week. - # But mind you that the number has a 10% chance of "jitter" - # to avoid a stampeding herd when they all expire some day. - EXTERNAL_LINK_CHECKER_MAX_AGE_DAYS: 7 - # If we're unable to connect or the server returns a 50x error, - # treat it as a warning and not as a broken link. - EXTERNAL_SERVER_ERRORS_AS_WARNINGS: true - FAIL_ON_FLAW: false - timeout-minutes: 120 - run: npm run rendered-content-link-checker - - - name: Insight into external link checker DB json file (after) - run: | - if [ -f external-link-checker-db.json ]; then - echo "external-link-checker-db.json exists" - echo -n "Number of URLs in cache: " - jq '.urls | keys_unsorted' external-link-checker-db.json | wc -l - else - echo "external-link-checker-db.json does not exist" - fi - - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/link-check-external.yml b/.github/workflows/link-check-external.yml new file mode 100644 index 000000000000..af32710aa49e --- /dev/null +++ b/.github/workflows/link-check-external.yml @@ -0,0 +1,78 @@ +name: Check External Links + +# Runs weekly (Wednesday) at 16:20 UTC +# Validates external URLs in content files + +on: + schedule: + - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST — link & content quality theme + workflow_dispatch: + inputs: + max_urls: + description: 'Maximum number of URLs to check (leave blank for all)' + type: number + +permissions: + contents: read + issues: write + +jobs: + check-external-links: + if: github.repository == 'github/docs-internal' + runs-on: ubuntu-latest + timeout-minutes: 180 # 3 hours for external checks + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - uses: ./.github/actions/node-npm-setup + + - name: Install dependencies + run: npm ci + + - name: Check external links + env: + ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + CACHE_MAX_AGE_DAYS: '7' + run: | + if [[ -n "${{ inputs.max_urls }}" ]]; then + npm run check-links-external -- --max ${{ inputs.max_urls }} + else + npm run check-links-external + fi + + - name: Upload report artifact + if: always() + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: external-link-report + path: artifacts/external-link-report.* + retention-days: 14 + if-no-files-found: ignore + + - name: Check if report exists + if: always() + id: check_report + run: | + if [ -f "artifacts/external-link-report.md" ]; then + echo "has_report=true" >> $GITHUB_OUTPUT + else + echo "has_report=false" >> $GITHUB_OUTPUT + echo "No broken link report generated - all links valid!" + fi + + - name: Create issue if broken links found + if: always() && steps.check_report.outputs.has_report == 'true' + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v5 + with: + token: ${{ secrets.DOCS_BOT_PAT_BASE }} + repository: github/docs-content + title: '🌐 Broken External Links Report' + content-filepath: artifacts/external-link-report.md + labels: broken link report + + - uses: ./.github/actions/slack-alert + if: ${{ failure() && github.event_name != 'workflow_dispatch' }} + with: + slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} + slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/link-check-internal.yml b/.github/workflows/link-check-internal.yml new file mode 100644 index 000000000000..433df82438c1 --- /dev/null +++ b/.github/workflows/link-check-internal.yml @@ -0,0 +1,160 @@ +name: Check Internal Links + +# Runs weekly (Tuesday) at 16:20 UTC +# On schedule: checks English free-pro-team and latest enterprise-server +# On workflow_dispatch: run any version/language combo + +on: + schedule: + - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST — link & content quality theme + workflow_dispatch: + inputs: + version: + description: 'Version to check (e.g., free-pro-team@latest, enterprise-server@3.19)' + type: string + required: true + language: + description: 'Language to check (e.g., en, es, ja)' + type: string + required: true + default: 'en' + +permissions: + contents: read + issues: write + +jobs: + # Determine which version/language combos to run + setup-matrix: + if: github.repository == 'github/docs-internal' + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - uses: ./.github/actions/node-npm-setup + + - name: Set matrix + id: set-matrix + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + # Manual run: use the provided version and language + echo 'matrix={"include":[{"version":"${{ inputs.version }}","language":"${{ inputs.language }}"}]}' >> $GITHUB_OUTPUT + else + # Scheduled run: English free-pro-team + English latest enterprise-server + LATEST_GHES=$(npx tsx -e "import { latest } from './src/versions/lib/enterprise-server-releases'; console.log(latest)") + echo "matrix={\"include\":[{\"version\":\"free-pro-team@latest\",\"language\":\"en\"},{\"version\":\"enterprise-server@${LATEST_GHES}\",\"language\":\"en\"}]}" >> $GITHUB_OUTPUT + fi + + - uses: ./.github/actions/slack-alert + if: ${{ failure() && github.event_name != 'workflow_dispatch' }} + with: + slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} + slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} + + check-internal-links: + if: github.repository == 'github/docs-internal' + needs: setup-matrix + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }} + env: + # Disable Elasticsearch for faster warmServer + ELASTICSEARCH_URL: '' + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - uses: ./.github/actions/node-npm-setup + + - name: Install dependencies + run: npm ci + + # Clone translations if not English + - name: Clone translations + if: matrix.language != 'en' + uses: ./.github/actions/clone-translations + with: + token: ${{ secrets.DOCS_BOT_PAT_BASE }} + + - name: Check internal links + env: + VERSION: ${{ matrix.version }} + LANGUAGE: ${{ matrix.language }} + CHECK_ANCHORS: true + ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npm run check-links-internal + + - name: Upload report artifact + if: always() + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: link-report-${{ matrix.version }}-${{ matrix.language }} + path: artifacts/link-report-*.md + retention-days: 5 + if-no-files-found: ignore + + - uses: ./.github/actions/slack-alert + if: ${{ failure() && github.event_name != 'workflow_dispatch' }} + with: + slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} + slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} + + # Create combined report after all matrix jobs complete + create-report: + if: always() && github.repository == 'github/docs-internal' + needs: [setup-matrix, check-internal-links] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - name: Download all artifacts + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + path: reports + pattern: link-report-* + merge-multiple: true + + - name: Combine reports + id: combine + run: | + # Check if any reports exist + if ls reports/*.md 1> /dev/null 2>&1; then + echo "has_reports=true" >> $GITHUB_OUTPUT + + # Combine all markdown reports + echo "# Internal Links Report" > combined-report.md + echo "" >> combined-report.md + echo "Generated: $(date -u +'%Y-%m-%d %H:%M UTC')" >> combined-report.md + echo "[Action run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" >> combined-report.md + echo "" >> combined-report.md + + for report in reports/*.md; do + echo "---" >> combined-report.md + cat "$report" >> combined-report.md + echo "" >> combined-report.md + done + else + echo "has_reports=false" >> $GITHUB_OUTPUT + echo "No broken link reports generated - all links valid!" + fi + + - name: Create issue if broken links found + if: steps.combine.outputs.has_reports == 'true' + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v5 + with: + token: ${{ secrets.DOCS_BOT_PAT_BASE }} + repository: github/docs-content + title: '🔗 Broken Internal Links Report' + content-filepath: combined-report.md + labels: broken link report + + - uses: ./.github/actions/slack-alert + if: ${{ failure() && github.event_name != 'workflow_dispatch' }} + with: + slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} + slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/link-check-on-pr.yml b/.github/workflows/link-check-on-pr.yml index 811c47752f3d..dd424e2739c4 100644 --- a/.github/workflows/link-check-on-pr.yml +++ b/.github/workflows/link-check-on-pr.yml @@ -1,7 +1,7 @@ name: 'Link Checker: On PR' -# **What it does**: Renders the content of every page and check all internal links on PR. -# **Why we have it**: To make sure all links connect correctly on changed files. +# **What it does**: Checks internal links in changed content files. +# **Why we have it**: To catch broken links before they're merged. # **Who does it impact**: Docs content. on: @@ -11,22 +11,22 @@ on: permissions: contents: read - # TODO: Uncomment if we uncomment below - # Needed for the 'trilom/file-changes-action' action - # pull-requests: read + pull-requests: write + issues: write -# This allows a subsequently queued workflow run to interrupt previous runs +# Cancel in-progress runs for the same PR concurrency: group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' cancel-in-progress: true jobs: check-links: + name: Check links runs-on: ubuntu-latest if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup @@ -35,19 +35,25 @@ jobs: with: token: ${{ secrets.DOCS_BOT_PAT_BASE }} - - name: Link check all pages (internal links only) + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v45 + with: + files: | + content/**/*.md + data/**/*.md + + - name: Check links in changed files + if: steps.changed-files.outputs.any_changed == 'true' env: - LEVEL: 'critical' + FILES_CHANGED: ${{ steps.changed-files.outputs.all_changed_files }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }} SHOULD_COMMENT: ${{ secrets.DOCS_BOT_PAT_BASE != '' }} - CHECK_EXTERNAL_LINKS: false - CREATE_REPORT: false - CHECK_ANCHORS: true - # Not strictly necessary bit it makes warmServer() a bit faster - # because it only bothers with English to begin with, which - # we're filtering on anyway once the list of all pages has - # been loaded. - ENABLED_LANGUAGES: en FAIL_ON_FLAW: true - run: npm run rendered-content-link-checker + ENABLED_LANGUAGES: en + run: npm run check-links-pr + + - name: No content changes + if: steps.changed-files.outputs.any_changed != 'true' + run: echo "No content files changed. Skipping link check." diff --git a/.github/workflows/lint-code.yml b/.github/workflows/lint-code.yml index da2094ec5a42..e64b584d4e66 100644 --- a/.github/workflows/lint-code.yml +++ b/.github/workflows/lint-code.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/lint-entire-content-data-markdown.yml b/.github/workflows/lint-entire-content-data-markdown.yml index d59a2b89a75d..b99f5ff3385c 100644 --- a/.github/workflows/lint-entire-content-data-markdown.yml +++ b/.github/workflows/lint-entire-content-data-markdown.yml @@ -7,7 +7,7 @@ name: 'Lint entire content and data markdown files' on: workflow_dispatch: schedule: - - cron: '20 16 * * 0' # Run every day at 16:20 UTC / 8:20 PST every Sunday + - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST — link & content quality theme permissions: contents: read @@ -23,7 +23,7 @@ jobs: run: gh --version - name: Check out repo's default branch - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Node and dependencies uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/local-dev.yml b/.github/workflows/local-dev.yml index 8e69474ed211..fc0ff3bef23b 100644 --- a/.github/workflows/local-dev.yml +++ b/.github/workflows/local-dev.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/moda-allowed-ips.yml b/.github/workflows/moda-allowed-ips.yml index c188dbd56935..35609ce02f33 100644 --- a/.github/workflows/moda-allowed-ips.yml +++ b/.github/workflows/moda-allowed-ips.yml @@ -6,7 +6,7 @@ name: Update Moda allowed IPs on: schedule: - - cron: '20 16 * * 4' # Run every Thursday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 4' # Run every Thursday at 16:20 UTC / 8:20 PST — infrastructure & releases theme workflow_dispatch: permissions: @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Update list of allowed IPs run: | diff --git a/.github/workflows/move-content.yml b/.github/workflows/move-content.yml index 9df8f84e9a64..9e85604d7600 100644 --- a/.github/workflows/move-content.yml +++ b/.github/workflows/move-content.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/move-ready-to-merge-pr.yaml b/.github/workflows/move-ready-to-merge-pr.yaml index 8c9b4df87330..590e1580766d 100644 --- a/.github/workflows/move-ready-to-merge-pr.yaml +++ b/.github/workflows/move-ready-to-merge-pr.yaml @@ -31,7 +31,7 @@ jobs: repo-token: ${{ secrets.DOCS_BOT_PAT_BASE }} - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/move-reopened-issues-to-triage.yaml b/.github/workflows/move-reopened-issues-to-triage.yaml index 80726a5c10c8..e14ea8d31f8c 100644 --- a/.github/workflows/move-reopened-issues-to-triage.yaml +++ b/.github/workflows/move-reopened-issues-to-triage.yaml @@ -45,7 +45,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: diff --git a/.github/workflows/needs-sme-stale-check.yaml b/.github/workflows/needs-sme-stale-check.yaml index a847c4997d63..afcd5ec7755b 100644 --- a/.github/workflows/needs-sme-stale-check.yaml +++ b/.github/workflows/needs-sme-stale-check.yaml @@ -6,7 +6,7 @@ name: Stale check for issues or PRs with "needs SME" label on: schedule: - - cron: '20 16 * * 3' # Run each Wedneday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 2' # Run every Tuesday at 16:20 UTC / 8:20 PST — staleness & triage theme permissions: contents: read @@ -35,7 +35,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: diff --git a/.github/workflows/needs-sme-workflow.yml b/.github/workflows/needs-sme-workflow.yml index 1d3b6bef881b..82a9d32c1ecb 100644 --- a/.github/workflows/needs-sme-workflow.yml +++ b/.github/workflows/needs-sme-workflow.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 with: @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 with: diff --git a/.github/workflows/no-response.yaml b/.github/workflows/no-response.yaml index 11c7bccf3665..007faee4a4c7 100644 --- a/.github/workflows/no-response.yaml +++ b/.github/workflows/no-response.yaml @@ -12,7 +12,7 @@ on: types: [created] schedule: - - cron: '20 16 * * 1' # Run each Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 2' # Run every Tuesday at 16:20 UTC / 8:20 PST — staleness & triage theme permissions: contents: read @@ -57,7 +57,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: diff --git a/.github/workflows/notify-about-deployment.yml b/.github/workflows/notify-about-deployment.yml index dfefe3de87fb..30f8443978ed 100644 --- a/.github/workflows/notify-about-deployment.yml +++ b/.github/workflows/notify-about-deployment.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/orphaned-features-check.yml b/.github/workflows/orphaned-features-check.yml index c499e1e38fd1..0c951646a1e9 100644 --- a/.github/workflows/orphaned-features-check.yml +++ b/.github/workflows/orphaned-features-check.yml @@ -7,7 +7,7 @@ name: 'Orphaned features check' on: workflow_dispatch: schedule: - - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 3' # Run every Wednesday at 16:20 UTC / 8:20 PST — orphan & hygiene cleanup theme pull_request: paths: - .github/workflows/orphaned-features-check.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout English repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # Using a PAT is necessary so that the new commit will trigger the # CI in the PR. (Events from GITHUB_TOKEN don't trigger new workflows.) diff --git a/.github/workflows/orphaned-files-check.yml b/.github/workflows/orphaned-files-check.yml index db410c1b5bf3..e72147eb7005 100644 --- a/.github/workflows/orphaned-files-check.yml +++ b/.github/workflows/orphaned-files-check.yml @@ -7,7 +7,7 @@ name: 'Orphaned files check' on: workflow_dispatch: schedule: - - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 3' # Run every Wednesday at 16:20 UTC / 8:20 PST — orphan & hygiene cleanup theme pull_request: paths: - .github/workflows/orphaned-assets-check.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout English repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # Using a PAT is necessary so that the new commit will trigger the # CI in the PR. (Events from GITHUB_TOKEN don't trigger new workflows.) diff --git a/.github/workflows/os-ready-for-review.yml b/.github/workflows/os-ready-for-review.yml index 7aef9268f45c..37c9881b9963 100644 --- a/.github/workflows/os-ready-for-review.yml +++ b/.github/workflows/os-ready-for-review.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo content - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check if this run was triggered by a member of the docs team uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd @@ -54,7 +54,7 @@ jobs: cache: npm - name: Install dependencies - run: npm install @octokit/graphql + run: npm ci - name: Run script run: | diff --git a/.github/workflows/package-lock-lint.yml b/.github/workflows/package-lock-lint.yml index 105d074170ee..dcc3ffa41f9c 100644 --- a/.github/workflows/package-lock-lint.yml +++ b/.github/workflows/package-lock-lint.yml @@ -25,7 +25,7 @@ jobs: if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 diff --git a/.github/workflows/purge-fastly.yml b/.github/workflows/purge-fastly.yml index ad0eae2a4bf6..558817cb55df 100644 --- a/.github/workflows/purge-fastly.yml +++ b/.github/workflows/purge-fastly.yml @@ -22,7 +22,9 @@ env: jobs: send-purges: - # Run when workflow_dispatch is the event (manual) or when deployment_status is the event (automatic) and it's a successful production deploy + # Run when workflow_dispatch is the event (manual) or when deployment_status is the event (automatic) and it's a successful production deploy. + # NOTE: This workflow triggers on all deployment_status events (including staging), but only runs for production. + # Non-production deploys will show as "skipped" - this is expected behavior. if: >- ${{ github.repository == 'github/docs-internal' && @@ -32,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/readability.yml b/.github/workflows/readability.yml index d2dddce67747..5bd3e7210623 100644 --- a/.github/workflows/readability.yml +++ b/.github/workflows/readability.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo with full history - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 diff --git a/.github/workflows/ready-for-doc-review.yml b/.github/workflows/ready-for-doc-review.yml index b34ef6a5aab5..152490b8b801 100644 --- a/.github/workflows/ready-for-doc-review.yml +++ b/.github/workflows/ready-for-doc-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo content - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: github/docs-internal token: ${{ secrets.DOCS_BOT_PAT_BASE }} @@ -33,7 +33,7 @@ jobs: cache: npm - name: Install dependencies - run: npm install @octokit/graphql + run: npm ci - name: Set AUTHOR_LOGIN run: | diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index b6660f12d0a5..c16d053027a2 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -10,7 +10,7 @@ name: Repo Sync on: workflow_dispatch: schedule: - - cron: '20 */3 * * *' # Run every 3rd hour at 20 minutes after + - cron: '20 14-23/3 * * 1-5' # Mon-Fri 6:20a, 9:20a, 12:20p, 3:20p PST permissions: contents: write @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/review-comment.yml b/.github/workflows/review-comment.yml index e048d59b9ec3..6182eb3816af 100644 --- a/.github/workflows/review-comment.yml +++ b/.github/workflows/review-comment.yml @@ -38,7 +38,7 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number }} steps: - name: check out repo content - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup - name: Set APP_URL diff --git a/.github/workflows/reviewers-content-systems.yml b/.github/workflows/reviewers-content-systems.yml index 654707564b44..705474c28cd1 100644 --- a/.github/workflows/reviewers-content-systems.yml +++ b/.github/workflows/reviewers-content-systems.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Add content systems as a reviewer uses: ./.github/actions/retry-command diff --git a/.github/workflows/reviewers-dependabot.yml b/.github/workflows/reviewers-dependabot.yml index d02144dafffa..12a97b8e13c3 100644 --- a/.github/workflows/reviewers-dependabot.yml +++ b/.github/workflows/reviewers-dependabot.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Add dependabot as a reviewer uses: ./.github/actions/retry-command diff --git a/.github/workflows/reviewers-docs-engineering.yml b/.github/workflows/reviewers-docs-engineering.yml index f6bdbb269d45..44b2ef8d4c7d 100644 --- a/.github/workflows/reviewers-docs-engineering.yml +++ b/.github/workflows/reviewers-docs-engineering.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Add docs engineering as a reviewer uses: ./.github/actions/retry-command diff --git a/.github/workflows/reviewers-legal.yml b/.github/workflows/reviewers-legal.yml index 59ad01a5cd85..289e620d30cc 100644 --- a/.github/workflows/reviewers-legal.yml +++ b/.github/workflows/reviewers-legal.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Get changed files id: changed_files diff --git a/.github/workflows/site-policy-sync.yml b/.github/workflows/site-policy-sync.yml index cc2e24c2f7fc..a6d999810e6d 100644 --- a/.github/workflows/site-policy-sync.yml +++ b/.github/workflows/site-policy-sync.yml @@ -27,10 +27,10 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout docs-internal - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: checkout public site-policy - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: repository: github/site-policy token: ${{ secrets.API_TOKEN_SITEPOLICY }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f3ac4f2fecbc..6ae4c489f342 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -6,7 +6,7 @@ name: Stale check for stalled pull requests in the docs-internal repository on: schedule: - - cron: '20 16 * * 1' # Run each Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 2' # Run every Tuesday at 16:20 UTC / 8:20 PST — staleness & triage theme push: paths: - .github/workflows/stale.yml @@ -38,7 +38,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: diff --git a/.github/workflows/sync-audit-logs.yml b/.github/workflows/sync-audit-logs.yml index d49b5d649a3e..8d122131b48a 100644 --- a/.github/workflows/sync-audit-logs.yml +++ b/.github/workflows/sync-audit-logs.yml @@ -7,7 +7,7 @@ name: Sync Audit Log data on: workflow_dispatch: schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST permissions: contents: write @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/sync-codeql-cli.yml b/.github/workflows/sync-codeql-cli.yml index b68c6617f5e3..d5f7bf45e842 100644 --- a/.github/workflows/sync-codeql-cli.yml +++ b/.github/workflows/sync-codeql-cli.yml @@ -30,11 +30,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Check out a nested repository inside of previous checkout - name: Checkout semmle-code repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # By default, only the most recent commit of the `main` branch # will be checked out diff --git a/.github/workflows/sync-graphql.yml b/.github/workflows/sync-graphql.yml index e5c0f55a1914..b2992859f7d6 100644 --- a/.github/workflows/sync-graphql.yml +++ b/.github/workflows/sync-graphql.yml @@ -7,7 +7,7 @@ name: Sync GraphQL schema on: workflow_dispatch: schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST permissions: contents: write @@ -23,7 +23,7 @@ jobs: ignored-types: ${{ steps.sync.outputs.ignored-types }} steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup - name: Run updater scripts id: sync @@ -33,7 +33,7 @@ jobs: run: npm run sync-graphql - name: Create pull request id: create-pull-request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # pin @v7.0.9 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # pin @v8.0.0 env: # Disable pre-commit hooks; they don't play nicely here HUSKY: '0' @@ -82,7 +82,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert with: slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} diff --git a/.github/workflows/sync-openapi.yml b/.github/workflows/sync-openapi.yml index e2474d481d06..f564aac181ee 100644 --- a/.github/workflows/sync-openapi.yml +++ b/.github/workflows/sync-openapi.yml @@ -13,7 +13,7 @@ on: required: true default: 'main' schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST permissions: contents: write @@ -30,11 +30,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Check out a nested repository inside of previous checkout - name: Checkout rest-api-description repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # By default, only the most recent commit of the `main` branch # will be checked out @@ -42,7 +42,7 @@ jobs: path: rest-api-description ref: ${{ inputs.SOURCE_BRANCH }} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # By default, only the most recent commit of the `main` branch # will be checked out diff --git a/.github/workflows/sync-secret-scanning.yml b/.github/workflows/sync-secret-scanning.yml index e83f1d5d9574..a0ec485db4d6 100644 --- a/.github/workflows/sync-secret-scanning.yml +++ b/.github/workflows/sync-secret-scanning.yml @@ -7,7 +7,7 @@ name: Sync Secret Scanning data on: workflow_dispatch: schedule: - - cron: '20 16 * * *' # Run every day at 16:20 UTC / 8:22 PST + - cron: '20 16 * * 1-5' # Run Mon-Fri at 16:20 UTC / 8:20 PST permissions: contents: write @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/test-changed-content.yml b/.github/workflows/test-changed-content.yml index 9581106ca735..23a0a9e2b0ad 100644 --- a/.github/workflows/test-changed-content.yml +++ b/.github/workflows/test-changed-content.yml @@ -27,7 +27,7 @@ jobs: # Each of these ifs needs to be repeated at each step to make sure the required check still runs # Even if if doesn't do anything - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 238b7dd1fab6..4c223305e759 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -87,7 +87,7 @@ jobs: # Each of these ifs needs to be repeated at each step to make sure the required check still runs # Even if if doesn't do anything - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/setup-elasticsearch if: ${{ matrix.name == 'search' || matrix.name == 'languages' }} @@ -163,4 +163,8 @@ jobs: ENABLED_LANGUAGES: ${{ matrix.name == 'languages' && 'all' || '' }} ROOT: ${{ (matrix.name == 'fixtures' || matrix.name == 'article-api' || matrix.name == 'landings' ) && 'src/fixtures/fixtures' || '' }} TRANSLATIONS_FIXTURE_ROOT: ${{ (matrix.name == 'fixtures' || matrix.name == 'article-api') && 'src/fixtures/fixtures/translations' || '' }} - run: npm test -- src/${{ matrix.name }}/tests/ + # Enable debug logging when "Re-run jobs with debug logging" is used in GitHub Actions UI + # This will output additional timing and path information to help diagnose timeout issues + RUNNER_DEBUG: ${{ runner.debug }} + VITEST_FLAGS: ${{ matrix.name == 'article-api' && '--no-file-parallelism --maxWorkers=1' || '' }} + run: npm test -- $VITEST_FLAGS src/${{ matrix.name }}/tests/ diff --git a/.github/workflows/triage-issue-comments.yml b/.github/workflows/triage-issue-comments.yml index 6b96d0f48f5f..f9bfc823db93 100644 --- a/.github/workflows/triage-issue-comments.yml +++ b/.github/workflows/triage-issue-comments.yml @@ -43,7 +43,7 @@ jobs: } - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 4b5d1080c882..e48f13d7e7a4 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/triage-pull-requests.yml b/.github/workflows/triage-pull-requests.yml index 463d08a4e37e..002da127dd66 100644 --- a/.github/workflows/triage-pull-requests.yml +++ b/.github/workflows/triage-pull-requests.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/triage-stale-check.yml b/.github/workflows/triage-stale-check.yml index c88030bc174a..58f71fe8e68b 100644 --- a/.github/workflows/triage-stale-check.yml +++ b/.github/workflows/triage-stale-check.yml @@ -6,7 +6,7 @@ name: Stale check for no activity on: schedule: - - cron: '20 16 * * 2' # Run each Tuesday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 2' # Run every Tuesday at 16:20 UTC / 8:20 PST — staleness & triage theme permissions: contents: read @@ -44,7 +44,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: @@ -72,7 +72,7 @@ jobs: - name: Check out repo if: ${{ failure() }} - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/slack-alert if: ${{ failure() }} with: diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml index c3fea077d274..802d2d8f138b 100644 --- a/.github/workflows/triage-unallowed-contributions.yml +++ b/.github/workflows/triage-unallowed-contributions.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Get files changed uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd diff --git a/.github/workflows/validate-asset-images.yml b/.github/workflows/validate-asset-images.yml index b3eef046db31..23effc21b63d 100644 --- a/.github/workflows/validate-asset-images.yml +++ b/.github/workflows/validate-asset-images.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup diff --git a/.github/workflows/validate-github-github-docs-urls.yml b/.github/workflows/validate-github-github-docs-urls.yml index 488f795dbf45..96afda1e0194 100644 --- a/.github/workflows/validate-github-github-docs-urls.yml +++ b/.github/workflows/validate-github-github-docs-urls.yml @@ -7,7 +7,7 @@ name: Validate github/github docs URLs on: workflow_dispatch: schedule: - - cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST + - cron: '20 16 * * 3' # Run every Wednesday at 16:20 UTC / 8:20 PST — orphan & hygiene cleanup theme # See https://gh.io/AAsyyao before uncommenting: # pull_request: # paths: @@ -34,10 +34,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repo's default branch - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: ./.github/actions/node-npm-setup - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.DOCS_BOT_PAT_BASE }} repository: github/github diff --git a/.github/workflows/validate-openapi-check.yml b/.github/workflows/validate-openapi-check.yml index 93e3460acd73..96f59c7b8ad0 100644 --- a/.github/workflows/validate-openapi-check.yml +++ b/.github/workflows/validate-openapi-check.yml @@ -28,7 +28,7 @@ jobs: if: github.repository == 'github/docs-internal' steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 diff --git a/.gitignore b/.gitignore index 20a95464ff62..8698d163a9fd 100644 --- a/.gitignore +++ b/.gitignore @@ -13,8 +13,7 @@ # JetBrains IDE files .idea/ -# Tracks package-lock.json installation state -.installed.package-lock.json + # Linkinator full site link check results .linkinator/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a66a6094ce1..c4cca58a4635 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,89 @@ # Docs changelog +**4 February 2026** + +We've published a new tutorial on [using GitHub Copilot coding agent to improve a project](https://docs.github.com/copilot/tutorials/coding-agent/improve-a-project). + +
+ +**20 January 2026** + +We published the first iteration of the [GitHub Copilot feature matrix](https://docs.github.com/en/copilot/reference/copilot-feature-matrix) to provide customers with the latest information about which Copilot features are available by which IDE/version. + +Historically, keeping Copilot feature and IDE availability up to date has required manual coordination with the Docs team, which does not scale well with the increasing number of features. The goal of this document and its process is to enable product owners to directly maintain the Copilot feature and IDE availability information as part of their normal release workflow. The feature matrix provides a single, easy to update source of truth. + +The feature matrix is in public preview so that customers have time to gather and submit feedback to us. + +
+ +**16 January 2026** + +The following new articles support the public preview release of Copilot Memory: + +* [About agentic memory for GitHub Copilot](https://docs.github.com/copilot/concepts/agents/copilot-memory) +* [Enabling and curating Copilot Memory](https://docs.github.com/copilot/how-tos/use-copilot-agents/copilot-memory) + +
+ +**16 January 2026** + +We published [About user offboarding on GitHub Enterprise Cloud](https://docs.github.com/en/enterprise-cloud@latest/admin/concepts/identity-and-access-management/user-offboarding) to give enterprise customers clear guidance about offboarding processes. The article covers recommended offboarding methods, the effects of offboarding, and what happens when a user is removed from all organizations in an enterprise. + +We also updated [Removing a member from your enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise) and [Removing a member from your organization](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization) to include instructions for enterprises that use Enterprise Managed Users or SCIM for organizations. + +
+ +**13 January 2026** + +We've added a new reference article to clarify which of the various types of custom instructions for Copilot are supported by Copilot Chat, Copilot coding agent, and Copilot code review in GitHub.com, Visual Studio Code, Visual Studio, JetBrains IDEs, Eclipse, Xcode, and Copilot CLI. + +[Support for different types of custom instructions](https://docs.github.com/copilot/reference/custom-instructions-support) + +
+ +**8 January 2026** + +We've added information about permissions to the article [Using GitHub Copilot CLI](https://docs.github.com/copilot/how-tos/use-copilot-agents/use-copilot-cli#permissions). + +
+ +**18 December 2025** + +The documentation has been updated to reflect the general availability of direct organization billing for premium request usage in Copilot Code Review. Organization members without a Copilot plan can now use Copilot Code Review on GitHub.com, with premium request usage billed directly to their organization or enterprise. See [Copilot code review without a Copilot license](https://docs.github.com/en/copilot/concepts/agents/code-review#copilot-code-review-without-a-copilot-license). + +
+ +**16 December 2025** + +We've added [a tutorial](https://docs.github.com/copilot/tutorials/modernize-java-applications) on how Copilot can help modernize and migrate Java applications by assessing your codebase, identifying upgrade paths, and automating remediation and containerization tasks. + +
+ +**9 December 2025** + +We published [a guide](https://docs.github.com/enterprise-cloud@latest/admin/concepts/enterprise-best-practices/use-innersource) to help customers set up innersource practices in their enterprise. The guide also provides a conceptual introduction to features like internal visibility, organization base permissions, and roles for external collaborators. + +
+ +**8 December 2025** + +We've added a new tutorial on how to use Copilot Chat to write code for you. The tutorial steps you through how to create a time tracking web app using only prompts in Copilot Chat. + +[Vibe coding with GitHub Copilot](https://docs.github.com/copilot/tutorials/vibe-coding) + +
+ **5 December 2025** -We added documentation for the new Code generation tab, which is part of Copilot usage metrics. The docs now describe how to view code generation insights across your enterprise, compare user-initiated and agent-initiated behavior, and understand differences across models, languages, and modes. We also updated related conceptual and reference content for consistency and scannability. See [Viewing the code generation dashboard](https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation). +We added documentation for the new Code generation tab, which is part of Copilot usage metrics. The docs now describe how to view code generation insights across your enterprise, compare user-initiated and agent-initiated behavior, and understand differences across models, languages, and modes. We also updated related conceptual and reference content for consistency and scannability. See [Viewing the code generation dashboard](https://docs.github.com/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation).
**2 December 2025** -You can now share Copilot Spaces publicly. See [Collaborating with others using GitHub Copilot Spaces](https://docs.github.com/en/copilot/how-tos/provide-context/use-copilot-spaces/collaborate-with-others#sharing-spaces). +You can now share Copilot Spaces publicly. See [Collaborating with others using GitHub Copilot Spaces](https://docs.github.com/copilot/how-tos/provide-context/use-copilot-spaces/collaborate-with-others#sharing-spaces). -You can also now add files to a Copilot Space directly from the code view on GitHub, so you don't need to break your flow when building context for your space. See [Creating GitHub Copilot Spaces](https://docs.github.com/en/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces#adding-context-as-youre-working). +You can also now add files to a Copilot Space directly from the code view on GitHub, so you don't need to break your flow when building context for your space. See [Creating GitHub Copilot Spaces](https://docs.github.com/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces#adding-context-as-youre-working).
@@ -26,7 +99,7 @@ See [About GitHub Copilot code review](https://docs.github.com/copilot/concepts/ We've added a new tutorial on burning down technical debt in a project: -[Using GitHub Copilot to reduce technical debt](https://docs.github.com/en/copilot/tutorials/reduce-technical-debt) +[Using GitHub Copilot to reduce technical debt](https://docs.github.com/copilot/tutorials/reduce-technical-debt) The addition of this tutorial was prompted by a presentation by Brittany Ellich at this year's GitHub Universe conference: [Tackling your tech debt with Copilot coding agent](https://www.youtube.com/watch?v=LafpndhNC_E), and is based on a GitHub community post by Akash Sharma: [Stop Letting Technical Debt Slow You Down](https://github.com/orgs/community/discussions/178975). @@ -149,16 +222,16 @@ This is just a very small selection of the articles that were updated for Univer To support the enterprise roles and teams public preview, we: -* Created a new concepts category in the [enterprise admin](https://docs.github.com/en/enterprise-cloud@latest/admin) docs aimed at onboarding administrators, including new articles on roles and teams in an enterprise. -* Built a user journey for setting up roles, teams, and apps to simplify administration, starting with [Identifying the roles required by your enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/identify-role-requirements). -* Published how-to content on [creating custom roles](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/create-custom-roles), [creating enterprise teams](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/create-enterprise-teams), and [assigning roles](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/assign-roles). -* Communicated new conceptual frameworks and best practices for enterprise accounts, including [Best practices for organizing work in your enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/concepts/best-practices) and [Enterprise accounts](https://docs.github.com/en/enterprise-cloud@latest/admin/concepts/enterprise-fundamentals/enterprise-accounts). +* Created a new concepts category in the [enterprise admin](https://docs.github.com/enterprise-cloud@latest/admin) docs aimed at onboarding administrators, including new articles on roles and teams in an enterprise. +* Built a user journey for setting up roles, teams, and apps to simplify administration, starting with [Identifying the roles required by your enterprise](https://docs.github.com/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/identify-role-requirements). +* Published how-to content on [creating custom roles](https://docs.github.com/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/create-custom-roles), [creating enterprise teams](https://docs.github.com/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/create-enterprise-teams), and [assigning roles](https://docs.github.com/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/assign-roles). +* Communicated new conceptual frameworks and best practices for enterprise accounts, including [Best practices for organizing work in your enterprise](https://docs.github.com/enterprise-cloud@latest/admin/concepts/best-practices) and [Enterprise accounts](https://docs.github.com/enterprise-cloud@latest/admin/concepts/enterprise-fundamentals/enterprise-accounts).
**17 October 2025** -We have updated the [Account and profile](https://docs.github.com/en/account-and-profile) and [Subscriptions and notifications](https://docs.github.com/en/subscriptions-and-notifications) docs for improved usability, scannability, and information architecture. +We have updated the [Account and profile](https://docs.github.com/account-and-profile) and [Subscriptions and notifications](https://docs.github.com/subscriptions-and-notifications) docs for improved usability, scannability, and information architecture. To support accomplishing tasks without context switching or sifting through unrelated content, articles are now organized by content type and focused on jobs-to-be-done. Additionally, related information is now linked from content type to content type. @@ -166,13 +239,13 @@ To support accomplishing tasks without context switching or sifting through unre **14 October 2025** -We've added a new tutorial about how to [Review AI-generated code](https://docs.github.com/en/copilot/tutorials/review-ai-generated-code). The article gives techniques to verify and validate AI-generated code, and also suggests how Copilot can help with reviews. +We've added a new tutorial about how to [Review AI-generated code](https://docs.github.com/copilot/tutorials/review-ai-generated-code). The article gives techniques to verify and validate AI-generated code, and also suggests how Copilot can help with reviews.
**13 October 2025** -To help large enterprises keep their automations secure and consistent across many organizations, we published [Automating app installations in your enterprise's organizations](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-github-apps-for-your-enterprise/automate-installations). This is one of the most requested features from customer feedback. +To help large enterprises keep their automations secure and consistent across many organizations, we published [Automating app installations in your enterprise's organizations](https://docs.github.com/enterprise-cloud@latest/admin/managing-github-apps-for-your-enterprise/automate-installations). This is one of the most requested features from customer feedback. The tutorial shows how to manage installations and run automations using enterprise-owned apps and the new apps installation API. Security-conscious enterprises will see that Apps maximize security by providing short-lived, minimally scoped tokens at every stage. @@ -184,8 +257,8 @@ The tutorial shows how to manage installations and run automations using enterpr We’ve updated the Spark documentation to support the launch for Copilot Enterprise users, making it easier to understand and enable Spark: -* Conceptual article: [About GitHub Spark](https://docs.github.com/en/copilot/concepts/spark#enterprise-considerations) now includes enterprise considerations (governance, billing, infrastructure, and benefits). -* How-to: [Managing GitHub Spark in your enterprise](https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-spark) is streamlined to prerequisites and enablement steps, with links to related policies. +* Conceptual article: [About GitHub Spark](https://docs.github.com/copilot/concepts/spark#enterprise-considerations) now includes enterprise considerations (governance, billing, infrastructure, and benefits). +* How-to: [Managing GitHub Spark in your enterprise](https://docs.github.com/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-spark) is streamlined to prerequisites and enablement steps, with links to related policies.
@@ -203,11 +276,11 @@ Claude Sonnet 4.5 has been released as a Public Preview. At the time of launch, The following articles have been updated: -- [About GitHub Copilot coding agent](https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-coding-agent) -- [Supported AI models in GitHub Copilot](https://docs.github.com/en/copilot/reference/ai-models/supported-models) -- [Hosting of models for GitHub Copilot Chat](https://docs.github.com/en/copilot/reference/ai-models/model-hosting) -- [AI model comparison](https://docs.github.com/en/copilot/reference/ai-models/model-comparison) -- [About GitHub Copilot CLI](https://docs.github.com/en/copilot/concepts/agents/about-copilot-cli) +- [About GitHub Copilot coding agent](https://docs.github.com/copilot/concepts/agents/coding-agent/about-coding-agent) +- [Supported AI models in GitHub Copilot](https://docs.github.com/copilot/reference/ai-models/supported-models) +- [Hosting of models for GitHub Copilot Chat](https://docs.github.com/copilot/reference/ai-models/model-hosting) +- [AI model comparison](https://docs.github.com/copilot/reference/ai-models/model-comparison) +- [About GitHub Copilot CLI](https://docs.github.com/copilot/concepts/agents/about-copilot-cli)
diff --git a/Dockerfile b/Dockerfile index 2573d0924ce9..35c61add1f54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ # --------------------------------------------------------------- # To update the sha: # https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble -FROM ghcr.io/github/gh-base-image/gh-base-noble:20251119-090131-gb27dc275c AS base +FROM ghcr.io/github/gh-base-image/gh-base-noble:20260128-000359-ga6d0dc7c0@sha256:e2dd6aa64dc4b3fd0fee388a817b2ce0ce239f1da31fd628c359a74832abdfcb AS base # Install curl for Node install and determining the early access branch # Install git for cloning docs-early-access & translations repos diff --git a/Dockerfile.openapi_decorator b/Dockerfile.openapi_decorator index 8e8ca98b6e95..b6000cef8d20 100644 --- a/Dockerfile.openapi_decorator +++ b/Dockerfile.openapi_decorator @@ -1,4 +1,4 @@ -FROM node:24-alpine +FROM node:24-alpine@sha256:7d042bda1f5999f5bd14a23e9e62d9c320cceb68f93f167ce01ca3ecbd9cef71 WORKDIR /openapi-check diff --git a/LICENSE-CODE b/LICENSE-CODE index f3b5f7eda9e6..6bc46813523b 100644 --- a/LICENSE-CODE +++ b/LICENSE-CODE @@ -1,6 +1,6 @@ MIT License -Copyright 2025 GitHub +Copyright 2026 GitHub Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/assets/images/banner-images/selecting-banner-images.md b/assets/images/banner-images/selecting-banner-images.md new file mode 100644 index 000000000000..3b5ce824a70e --- /dev/null +++ b/assets/images/banner-images/selecting-banner-images.md @@ -0,0 +1,13 @@ +There are 6 different banner images to use on landing pages. + +Journey landing pages +- hero-1 +- hero-2 + + Bespoke landing pages +- hero-3 +- hero-4 + +Discovery landing pages +- hero-5 +- hero-6 diff --git a/assets/images/help/copilot/agent-working-spinner.png b/assets/images/help/copilot/agent-working-spinner.png new file mode 100644 index 000000000000..3fbf3e296a94 Binary files /dev/null and b/assets/images/help/copilot/agent-working-spinner.png differ diff --git a/assets/images/help/copilot/allow-editing-files.png b/assets/images/help/copilot/allow-editing-files.png new file mode 100644 index 000000000000..c07e66adefd8 Binary files /dev/null and b/assets/images/help/copilot/allow-editing-files.png differ diff --git a/assets/images/help/copilot/ask-mode-selection.png b/assets/images/help/copilot/ask-mode-selection.png new file mode 100644 index 000000000000..0f0795947e1b Binary files /dev/null and b/assets/images/help/copilot/ask-mode-selection.png differ diff --git a/assets/images/help/copilot/chat-cancel-button.png b/assets/images/help/copilot/chat-cancel-button.png new file mode 100644 index 000000000000..1f69d3bb58f2 Binary files /dev/null and b/assets/images/help/copilot/chat-cancel-button.png differ diff --git a/assets/images/help/copilot/coding-agent/assign-to-copilot-dialog.png b/assets/images/help/copilot/coding-agent/assign-to-copilot-dialog.png index 500aa9a0f15d..8864e2e7a0c6 100644 Binary files a/assets/images/help/copilot/coding-agent/assign-to-copilot-dialog.png and b/assets/images/help/copilot/coding-agent/assign-to-copilot-dialog.png differ diff --git a/assets/images/help/copilot/coding-agent/open-agent-session-in-copilot-cli.png b/assets/images/help/copilot/coding-agent/open-agent-session-in-copilot-cli.png new file mode 100644 index 000000000000..4feaa802831e Binary files /dev/null and b/assets/images/help/copilot/coding-agent/open-agent-session-in-copilot-cli.png differ diff --git a/assets/images/help/copilot/coding-agent/open-workbench.png b/assets/images/help/copilot/coding-agent/open-workbench.png deleted file mode 100644 index 59d06a65f67b..000000000000 Binary files a/assets/images/help/copilot/coding-agent/open-workbench.png and /dev/null differ diff --git a/assets/images/help/copilot/continue-button-jetbrains.png b/assets/images/help/copilot/continue-button-jetbrains.png new file mode 100644 index 000000000000..aacfb2a35fee Binary files /dev/null and b/assets/images/help/copilot/continue-button-jetbrains.png differ diff --git a/assets/images/help/copilot/copilot-memory-list.png b/assets/images/help/copilot/copilot-memory-list.png new file mode 100644 index 000000000000..26915ea4117e Binary files /dev/null and b/assets/images/help/copilot/copilot-memory-list.png differ diff --git a/assets/images/help/copilot/open-untrusted-web-page.png b/assets/images/help/copilot/open-untrusted-web-page.png new file mode 100644 index 000000000000..26f17a7e6a73 Binary files /dev/null and b/assets/images/help/copilot/open-untrusted-web-page.png differ diff --git a/assets/images/help/copilot/time-tracker-example1.png b/assets/images/help/copilot/time-tracker-example1.png new file mode 100644 index 000000000000..99d9feb3131d Binary files /dev/null and b/assets/images/help/copilot/time-tracker-example1.png differ diff --git a/assets/images/help/copilot/time-tracker-example2.png b/assets/images/help/copilot/time-tracker-example2.png new file mode 100644 index 000000000000..20454a1b7cb3 Binary files /dev/null and b/assets/images/help/copilot/time-tracker-example2.png differ diff --git a/assets/images/help/copilot/time-tracker-example3.png b/assets/images/help/copilot/time-tracker-example3.png new file mode 100644 index 000000000000..6ec00becbd35 Binary files /dev/null and b/assets/images/help/copilot/time-tracker-example3.png differ diff --git a/assets/images/help/copilot/vsc-review-and-comment.png b/assets/images/help/copilot/vsc-review-and-comment.png deleted file mode 100644 index ea9f5c2da494..000000000000 Binary files a/assets/images/help/copilot/vsc-review-and-comment.png and /dev/null differ diff --git a/assets/images/help/enterprises/enterprise-self-removal.png b/assets/images/help/enterprises/enterprise-self-removal.png new file mode 100644 index 000000000000..247e74a7a60b Binary files /dev/null and b/assets/images/help/enterprises/enterprise-self-removal.png differ diff --git a/assets/images/help/repository/rendered-code-snippet.png b/assets/images/help/repository/rendered-code-snippet.png index 6a21e3f21773..a1b41600a88e 100644 Binary files a/assets/images/help/repository/rendered-code-snippet.png and b/assets/images/help/repository/rendered-code-snippet.png differ diff --git a/assets/images/help/security/security-campaigns-tracking-overview.png b/assets/images/help/security/security-campaigns-tracking-overview.png deleted file mode 100644 index 16aa63b6564b..000000000000 Binary files a/assets/images/help/security/security-campaigns-tracking-overview.png and /dev/null differ diff --git a/assets/images/help/security/virtual-registry-decommissioned.png b/assets/images/help/security/virtual-registry-decommissioned.png new file mode 100644 index 000000000000..a4d8422b7d4f Binary files /dev/null and b/assets/images/help/security/virtual-registry-decommissioned.png differ diff --git a/assets/images/help/security/virtual-registry-deleted.png b/assets/images/help/security/virtual-registry-deleted.png new file mode 100644 index 000000000000..f8e9182acc68 Binary files /dev/null and b/assets/images/help/security/virtual-registry-deleted.png differ diff --git a/assets/images/help/security/virtual-registry-deployment-record.png b/assets/images/help/security/virtual-registry-deployment-record.png new file mode 100644 index 000000000000..89baa0b6bc83 Binary files /dev/null and b/assets/images/help/security/virtual-registry-deployment-record.png differ diff --git a/assets/images/help/security/virtual-registry-storage-record.png b/assets/images/help/security/virtual-registry-storage-record.png new file mode 100644 index 000000000000..2f2411c051e0 Binary files /dev/null and b/assets/images/help/security/virtual-registry-storage-record.png differ diff --git a/assets/images/help/teams/list-of-members-selected-bulk.png b/assets/images/help/teams/list-of-members-selected-bulk.png index 91846b4ac8b3..b7089b10a0ab 100644 Binary files a/assets/images/help/teams/list-of-members-selected-bulk.png and b/assets/images/help/teams/list-of-members-selected-bulk.png differ diff --git a/assets/images/site/apple-touch-icon-114x114.png b/assets/images/site/apple-touch-icon-114x114.png index 1792a4283129..0d03234b9fd4 100644 Binary files a/assets/images/site/apple-touch-icon-114x114.png and b/assets/images/site/apple-touch-icon-114x114.png differ diff --git a/assets/images/site/apple-touch-icon-120x120.png b/assets/images/site/apple-touch-icon-120x120.png index 95903a6f899a..5d2a2b929277 100644 Binary files a/assets/images/site/apple-touch-icon-120x120.png and b/assets/images/site/apple-touch-icon-120x120.png differ diff --git a/assets/images/site/apple-touch-icon-144x144.png b/assets/images/site/apple-touch-icon-144x144.png index a7df9a401a44..c4e3d39c4b90 100644 Binary files a/assets/images/site/apple-touch-icon-144x144.png and b/assets/images/site/apple-touch-icon-144x144.png differ diff --git a/assets/images/site/apple-touch-icon-152x152.png b/assets/images/site/apple-touch-icon-152x152.png index 191e190e7312..b793062aeb39 100644 Binary files a/assets/images/site/apple-touch-icon-152x152.png and b/assets/images/site/apple-touch-icon-152x152.png differ diff --git a/assets/images/site/apple-touch-icon-180x180.png b/assets/images/site/apple-touch-icon-180x180.png index 29ab743018bf..04ea5081c168 100644 Binary files a/assets/images/site/apple-touch-icon-180x180.png and b/assets/images/site/apple-touch-icon-180x180.png differ diff --git a/assets/images/site/apple-touch-icon-192x192.png b/assets/images/site/apple-touch-icon-192x192.png index e23ec12299c7..118a6ed982d6 100644 Binary files a/assets/images/site/apple-touch-icon-192x192.png and b/assets/images/site/apple-touch-icon-192x192.png differ diff --git a/assets/images/site/apple-touch-icon-512x512.png b/assets/images/site/apple-touch-icon-512x512.png index ecea91f1d9ce..4a1923fde68b 100644 Binary files a/assets/images/site/apple-touch-icon-512x512.png and b/assets/images/site/apple-touch-icon-512x512.png differ diff --git a/assets/images/site/apple-touch-icon-57x57.png b/assets/images/site/apple-touch-icon-57x57.png index 23f6fc2430b7..75f83baec901 100644 Binary files a/assets/images/site/apple-touch-icon-57x57.png and b/assets/images/site/apple-touch-icon-57x57.png differ diff --git a/assets/images/site/apple-touch-icon-60x60.png b/assets/images/site/apple-touch-icon-60x60.png index 81be8bc98206..bae50ad51ac1 100644 Binary files a/assets/images/site/apple-touch-icon-60x60.png and b/assets/images/site/apple-touch-icon-60x60.png differ diff --git a/assets/images/site/apple-touch-icon-72x72.png b/assets/images/site/apple-touch-icon-72x72.png index b69474e6a7ee..d7c6b5f0d4b7 100644 Binary files a/assets/images/site/apple-touch-icon-72x72.png and b/assets/images/site/apple-touch-icon-72x72.png differ diff --git a/assets/images/site/apple-touch-icon-76x76.png b/assets/images/site/apple-touch-icon-76x76.png index be3506dc410b..9276c93b6d5f 100644 Binary files a/assets/images/site/apple-touch-icon-76x76.png and b/assets/images/site/apple-touch-icon-76x76.png differ diff --git a/assets/images/site/apple-touch-icon.png b/assets/images/site/apple-touch-icon.png index cb10a2b7cba0..5d2a2b929277 100644 Binary files a/assets/images/site/apple-touch-icon.png and b/assets/images/site/apple-touch-icon.png differ diff --git a/assets/images/site/favicon.ico b/assets/images/site/favicon.ico index 40e25b4cdd28..b91c543b8614 100644 Binary files a/assets/images/site/favicon.ico and b/assets/images/site/favicon.ico differ diff --git a/assets/images/site/favicon.png b/assets/images/site/favicon.png index 5d74638170ed..040b47f5ea5c 100644 Binary files a/assets/images/site/favicon.png and b/assets/images/site/favicon.png differ diff --git a/assets/images/site/favicon.svg b/assets/images/site/favicon.svg index 5241f67f951e..5ac282559c44 100644 --- a/assets/images/site/favicon.svg +++ b/assets/images/site/favicon.svg @@ -1 +1,6 @@ - + + + + + + diff --git a/assets/images/social-cards/account-and-profile.png b/assets/images/social-cards/account-and-profile.png new file mode 100644 index 000000000000..77332cb01d66 Binary files /dev/null and b/assets/images/social-cards/account-and-profile.png differ diff --git a/assets/images/social-cards/actions.png b/assets/images/social-cards/actions.png index 40647b6a4c22..7331a4c583c8 100644 Binary files a/assets/images/social-cards/actions.png and b/assets/images/social-cards/actions.png differ diff --git a/assets/images/social-cards/admin.png b/assets/images/social-cards/admin.png new file mode 100644 index 000000000000..195f9dc29684 Binary files /dev/null and b/assets/images/social-cards/admin.png differ diff --git a/assets/images/social-cards/apps.png b/assets/images/social-cards/apps.png new file mode 100644 index 000000000000..024a88142325 Binary files /dev/null and b/assets/images/social-cards/apps.png differ diff --git a/assets/images/social-cards/authentication.png b/assets/images/social-cards/authentication.png new file mode 100644 index 000000000000..dc883334119c Binary files /dev/null and b/assets/images/social-cards/authentication.png differ diff --git a/assets/images/social-cards/billing.png b/assets/images/social-cards/billing.png new file mode 100644 index 000000000000..911c238615c4 Binary files /dev/null and b/assets/images/social-cards/billing.png differ diff --git a/assets/images/social-cards/code-security.png b/assets/images/social-cards/code-security.png index 46cfccf5347c..b199e3c8174b 100644 Binary files a/assets/images/social-cards/code-security.png and b/assets/images/social-cards/code-security.png differ diff --git a/assets/images/social-cards/codespaces.png b/assets/images/social-cards/codespaces.png new file mode 100644 index 000000000000..23f72395ec89 Binary files /dev/null and b/assets/images/social-cards/codespaces.png differ diff --git a/assets/images/social-cards/communities.png b/assets/images/social-cards/communities.png new file mode 100644 index 000000000000..d9e61ed6e5d3 Binary files /dev/null and b/assets/images/social-cards/communities.png differ diff --git a/assets/images/social-cards/contributing.png b/assets/images/social-cards/contributing.png new file mode 100644 index 000000000000..838299ad2c80 Binary files /dev/null and b/assets/images/social-cards/contributing.png differ diff --git a/assets/images/social-cards/copilot.png b/assets/images/social-cards/copilot.png index 2360a07d6d5e..8c4ee54c4a7a 100644 Binary files a/assets/images/social-cards/copilot.png and b/assets/images/social-cards/copilot.png differ diff --git a/assets/images/social-cards/default.png b/assets/images/social-cards/default.png index 7405f132c147..de9ed55c9d9e 100644 Binary files a/assets/images/social-cards/default.png and b/assets/images/social-cards/default.png differ diff --git a/assets/images/social-cards/desktop.png b/assets/images/social-cards/desktop.png new file mode 100644 index 000000000000..81e18f4153ba Binary files /dev/null and b/assets/images/social-cards/desktop.png differ diff --git a/assets/images/social-cards/discussions.png b/assets/images/social-cards/discussions.png new file mode 100644 index 000000000000..a7f8916f6811 Binary files /dev/null and b/assets/images/social-cards/discussions.png differ diff --git a/assets/images/social-cards/education.png b/assets/images/social-cards/education.png new file mode 100644 index 000000000000..05264acec0c5 Binary files /dev/null and b/assets/images/social-cards/education.png differ diff --git a/assets/images/social-cards/enterprise-onboarding.png b/assets/images/social-cards/enterprise-onboarding.png new file mode 100644 index 000000000000..5dcf1233b068 Binary files /dev/null and b/assets/images/social-cards/enterprise-onboarding.png differ diff --git a/assets/images/social-cards/get-started.png b/assets/images/social-cards/get-started.png new file mode 100644 index 000000000000..d532a3a21e14 Binary files /dev/null and b/assets/images/social-cards/get-started.png differ diff --git a/assets/images/social-cards/github-cli.png b/assets/images/social-cards/github-cli.png new file mode 100644 index 000000000000..5fb0887e7b3b Binary files /dev/null and b/assets/images/social-cards/github-cli.png differ diff --git a/assets/images/social-cards/github-models.png b/assets/images/social-cards/github-models.png new file mode 100644 index 000000000000..81476926930f Binary files /dev/null and b/assets/images/social-cards/github-models.png differ diff --git a/assets/images/social-cards/graphql.png b/assets/images/social-cards/graphql.png new file mode 100644 index 000000000000..5545268bdc06 Binary files /dev/null and b/assets/images/social-cards/graphql.png differ diff --git a/assets/images/social-cards/integrations.png b/assets/images/social-cards/integrations.png new file mode 100644 index 000000000000..3c7d49f54399 Binary files /dev/null and b/assets/images/social-cards/integrations.png differ diff --git a/assets/images/social-cards/issues.png b/assets/images/social-cards/issues.png index 906047323ca3..9ba5c37a40f1 100644 Binary files a/assets/images/social-cards/issues.png and b/assets/images/social-cards/issues.png differ diff --git a/assets/images/social-cards/migrations.png b/assets/images/social-cards/migrations.png new file mode 100644 index 000000000000..81fc9a0ad62f Binary files /dev/null and b/assets/images/social-cards/migrations.png differ diff --git a/assets/images/social-cards/nonprofit.png b/assets/images/social-cards/nonprofit.png new file mode 100644 index 000000000000..ce7062ca448a Binary files /dev/null and b/assets/images/social-cards/nonprofit.png differ diff --git a/assets/images/social-cards/organizations.png b/assets/images/social-cards/organizations.png new file mode 100644 index 000000000000..15f22ccbe3a7 Binary files /dev/null and b/assets/images/social-cards/organizations.png differ diff --git a/assets/images/social-cards/packages.png b/assets/images/social-cards/packages.png new file mode 100644 index 000000000000..fbd5979d7a6f Binary files /dev/null and b/assets/images/social-cards/packages.png differ diff --git a/assets/images/social-cards/pages.png b/assets/images/social-cards/pages.png new file mode 100644 index 000000000000..33b8de130cf0 Binary files /dev/null and b/assets/images/social-cards/pages.png differ diff --git a/assets/images/social-cards/pull-requests.png b/assets/images/social-cards/pull-requests.png new file mode 100644 index 000000000000..bd1199dea863 Binary files /dev/null and b/assets/images/social-cards/pull-requests.png differ diff --git a/assets/images/social-cards/repositories.png b/assets/images/social-cards/repositories.png new file mode 100644 index 000000000000..7c806b4fac82 Binary files /dev/null and b/assets/images/social-cards/repositories.png differ diff --git a/assets/images/social-cards/rest.png b/assets/images/social-cards/rest.png new file mode 100644 index 000000000000..b6e19cb2a939 Binary files /dev/null and b/assets/images/social-cards/rest.png differ diff --git a/assets/images/social-cards/search-github.png b/assets/images/social-cards/search-github.png new file mode 100644 index 000000000000..3e26c0e00dbd Binary files /dev/null and b/assets/images/social-cards/search-github.png differ diff --git a/assets/images/social-cards/site-policy.png b/assets/images/social-cards/site-policy.png new file mode 100644 index 000000000000..e8b86c4a8e7c Binary files /dev/null and b/assets/images/social-cards/site-policy.png differ diff --git a/assets/images/social-cards/sponsors.png b/assets/images/social-cards/sponsors.png new file mode 100644 index 000000000000..264e011d75cd Binary files /dev/null and b/assets/images/social-cards/sponsors.png differ diff --git a/assets/images/social-cards/subscriptions-and-notifications.png b/assets/images/social-cards/subscriptions-and-notifications.png new file mode 100644 index 000000000000..77332cb01d66 Binary files /dev/null and b/assets/images/social-cards/subscriptions-and-notifications.png differ diff --git a/assets/images/social-cards/support.png b/assets/images/social-cards/support.png new file mode 100644 index 000000000000..70dcc1f37081 Binary files /dev/null and b/assets/images/social-cards/support.png differ diff --git a/assets/images/social-cards/webhooks.png b/assets/images/social-cards/webhooks.png new file mode 100644 index 000000000000..ed8fcf87b001 Binary files /dev/null and b/assets/images/social-cards/webhooks.png differ diff --git a/config/kubernetes/production/deployments/webapp.yaml b/config/kubernetes/production/deployments/webapp.yaml index d6c5b57b8f7d..b2490d383618 100644 --- a/config/kubernetes/production/deployments/webapp.yaml +++ b/config/kubernetes/production/deployments/webapp.yaml @@ -2,6 +2,8 @@ apiVersion: apps/v1 kind: Deployment metadata: name: webapp + annotations: + moda.github.net/allow-missing-ready-pods: '1' spec: replicas: 6 selector: diff --git a/config/moda/secrets/ci/secrets.yml b/config/moda/secrets/ci/secrets.yml new file mode 100644 index 000000000000..0a481b8efa0a --- /dev/null +++ b/config/moda/secrets/ci/secrets.yml @@ -0,0 +1,9 @@ +--- +secrets: + DOCS_BOT_PAT_BASE: + key: DOCS_BOT_PAT_BASE + type: github_pat + owner: docs-engineering + playbook: '' + externally_usable: true + kind: latest_at_deployment_start diff --git a/config/moda/secrets/production/secrets.yml b/config/moda/secrets/production/secrets.yml new file mode 100644 index 000000000000..ccdb3af5732d --- /dev/null +++ b/config/moda/secrets/production/secrets.yml @@ -0,0 +1,8 @@ +--- +secrets: + COOKIE_SECRET: + kind: latest_at_deployment_start + key: COOKIE_SECRET + type: salt + owner: '@github/docs-engineering' + externally_usable: true diff --git a/config/moda/secrets/staging/secrets.yml b/config/moda/secrets/staging/secrets.yml new file mode 100644 index 000000000000..ccdb3af5732d --- /dev/null +++ b/config/moda/secrets/staging/secrets.yml @@ -0,0 +1,8 @@ +--- +secrets: + COOKIE_SECRET: + kind: latest_at_deployment_start + key: COOKIE_SECRET + type: salt + owner: '@github/docs-engineering' + externally_usable: true diff --git a/content/README.md b/content/README.md index c0806e63ae49..e2740dfeef4a 100644 --- a/content/README.md +++ b/content/README.md @@ -259,7 +259,9 @@ includeGuides: - `id` (required): Unique identifier for the journey. The id only needs to be unique for journeys within a single journey landing page. - `title` (required): Display title for the journey (supports Liquid variables) - `description` (optional): Description of the journey (supports Liquid variables) - - `guides` (required): Array of article paths that make up this journey + - `guides` (required): Array of guide objects that make up this journey. Each guide object has: + - `href` (required): Path to the article + - `alternativeNextStep` (optional): Custom text to guide users to alternative paths in the journey. Supports Liquid variables and `[AUTOTITLE]`. - Only applicable when used with `layout: journey-landing`. - Optional. @@ -271,15 +273,16 @@ journeyTracks: title: 'Getting started with {% data variables.product.prodname_actions %}' description: 'Learn the basics of GitHub Actions.' guides: - - '/actions/quickstart' - - '/actions/learn-github-actions' - - '/actions/using-workflows' + - href: '/actions/quickstart' + - href: '/actions/learn-github-actions' + alternativeNextStep: 'Want to skip ahead? See [AUTOTITLE](/actions/using-workflows).' + - href: '/actions/using-workflows' - id: 'advanced' title: 'Advanced {% data variables.product.prodname_actions %}' description: 'Dive deeper into advanced features.' guides: - - '/actions/using-workflows/workflow-syntax-for-github-actions' - - '/actions/deployment/deploying-with-github-actions' + - href: '/actions/using-workflows/workflow-syntax-for-github-actions' + - href: '/actions/deployment/deploying-with-github-actions' ``` ### `type` diff --git a/content/account-and-profile/concepts/account-management.md b/content/account-and-profile/concepts/account-management.md index 1a10f571cef2..b8f83f42c197 100644 --- a/content/account-and-profile/concepts/account-management.md +++ b/content/account-and-profile/concepts/account-management.md @@ -13,19 +13,26 @@ redirect_from: - /account-and-profile/concepts/personal-account-management --- +{% ifversion ghes < 3.21 %} ## About converting your personal account Converting a personal account into an organization allows you move to a shared account where a large number of people can collaborate across many projects at once. Converting your account: * Preserves the repositories as they are without the need to transfer them to another account manually * Automatically invites collaborators to teams with permissions equivalent to what they had before -{%- ifversion fpt or ghec %} -* For personal accounts on {% data variables.product.prodname_pro %}, automatically transitions billing to [the paid {% data variables.product.prodname_team %}](/billing/managing-the-plan-for-your-github-account/about-billing-for-plans) without the need to re-enter payment information, adjust your billing cycle, or double pay at any time -{%- endif %} When you convert a personal account into an organization, we'll add collaborators on repositories that belong to the account to the new organization as outside collaborators. You can then invite outside collaborators to become members of your new organization if you wish. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators). To convert your personal account into an organization, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization). +{% else %} + +## About moving your work to an organization + +You can move repositories and projects from your personal account to an organization while keeping your personal account intact. This enables team collaboration with granular permissions across your existing work. + +For more information, see [AUTOTITLE](/account-and-profile/how-tos/account-management/moving-your-work-to-an-organization). +{% endif %} + ## About deletion of your personal account Deleting your personal account removes all repositories, forks of private repositories, wikis, issues, pull requests, and pages owned by your account. {% ifversion fpt or ghec %}Issues and pull requests you've created and comments you've made in repositories owned by other users will not be deleted. Your resources and comments will become associated with the [ghost user](https://github.com/ghost).{% else %}Issues and pull requests you've created and comments you've made in repositories owned by other users will not be deleted.{% endif %} diff --git a/content/account-and-profile/how-tos/account-management/converting-a-user-into-an-organization.md b/content/account-and-profile/how-tos/account-management/converting-a-user-into-an-organization.md index 3528a48d83ff..cba85aee110f 100644 --- a/content/account-and-profile/how-tos/account-management/converting-a-user-into-an-organization.md +++ b/content/account-and-profile/how-tos/account-management/converting-a-user-into-an-organization.md @@ -12,9 +12,7 @@ redirect_from: - /account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization intro: You can convert your personal account into an organization. This allows more granular permissions for repositories that belong to the organization. versions: - fpt: '*' - ghes: '*' - ghec: '*' + ghes: '<3.21' topics: - Accounts shortTitle: Convert your account @@ -25,9 +23,7 @@ contentType: how-tos The personal account you want to convert cannot be a member of any organizations. If the personal account you want to convert is a member of an organization, you must leave the organization before you can convert the account. -{% ifversion ghes %} -You may not be able to convert a personal account into an organization, if an enterprise owner has set a policy at the enterprise level. See, [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/preventing-users-from-creating-organizations). -{% endif %} +You may not be able to convert a personal account into an organization if an enterprise owner has set a policy at the enterprise level. See, [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/preventing-users-from-creating-organizations). ## Keep your personal account and create a new organization manually @@ -56,7 +52,4 @@ To convert your personal account into an organization, follow these steps: * [AUTOTITLE](/account-and-profile/reference/personal-account-reference#side-effects-of-converting-an-account-to-an-organization) * [AUTOTITLE](/organizations/organizing-members-into-teams) -{% ifversion fpt or ghec %} -* [AUTOTITLE](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization) -{% endif %} * [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization) diff --git a/content/account-and-profile/how-tos/account-management/index.md b/content/account-and-profile/how-tos/account-management/index.md index 64b0125a06ab..ffbcfd0fc040 100644 --- a/content/account-and-profile/how-tos/account-management/index.md +++ b/content/account-and-profile/how-tos/account-management/index.md @@ -1,6 +1,6 @@ --- title: Managing your personal account -intro: You can manage your personal account on {% data variables.product.github %}. For example, you can {% ifversion fpt or ghec %}manage multiple accounts, {% endif %}convert an account to an organization, or delete an account. +intro: You can manage your personal account on {% data variables.product.github %}. For example, you can change your username, {% ifversion fpt or ghec %}manage multiple accounts, {% endif %}{% ifversion ghes < 3.21 %}convert an account to an organization, {% else %}move your work to an organization, {% endif %}or delete an account. shortTitle: Personal account management versions: fpt: '*' @@ -12,6 +12,7 @@ children: - /managing-multiple-accounts - /merging-multiple-personal-accounts - /changing-your-username + - /moving-your-work-to-an-organization - /converting-a-user-into-an-organization - /unlinking-your-email-address-from-a-locked-account - /deleting-your-personal-account diff --git a/content/account-and-profile/how-tos/account-management/moving-your-work-to-an-organization.md b/content/account-and-profile/how-tos/account-management/moving-your-work-to-an-organization.md new file mode 100644 index 000000000000..6c76c0a24bcc --- /dev/null +++ b/content/account-and-profile/how-tos/account-management/moving-your-work-to-an-organization.md @@ -0,0 +1,32 @@ +--- +title: Moving your work to an organization +intro: You can transfer repositories and projects from your personal account to a new or existing organization through your account settings. +versions: + fpt: '*' + ghes: '>= 3.21' + ghec: '*' +topics: + - Organizations + - Teams +shortTitle: Move work to organization +--- + +## Keeping your username for the organization + +If you want your new organization to use your current personal account username, you'll need to rename your personal account first: + +1. Change your personal account username to something new. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/changing-your-github-username). +1. Create an organization using your original username, then follow the steps below to move your work. + +## Moving your work to an organization + +{% data reusables.user-settings.access_settings %} +{% data reusables.user-settings.organizations %} +1. Under the "Move to an organization" section, click **Move work to an organization**. +1. Follow the prompts to transfer any of your repositories and projects to a new or existing organization. {% ifversion fpt or ghec %}For more information about the plans available for your team, see [AUTOTITLE](/get-started/learning-about-github/githubs-plans).{% endif %} +1. Once done assigning your work to its new location, click **Move to an organization**, then click **Go to your organization**. + +## Further reading + +- [AUTOTITLE](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization) +- [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization) diff --git a/content/account-and-profile/how-tos/organization-membership/index.md b/content/account-and-profile/how-tos/organization-membership/index.md index 97c307d3b6d8..ba5a6f7d2d40 100644 --- a/content/account-and-profile/how-tos/organization-membership/index.md +++ b/content/account-and-profile/how-tos/organization-membership/index.md @@ -19,6 +19,7 @@ children: - /requesting-organization-approval-for-oauth-apps - /publicizing-or-hiding-organization-membership - /removing-yourself-from-an-organization + - /removing-yourself-from-an-enterprise shortTitle: Organization membership contentType: how-tos --- diff --git a/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md b/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md index 20fbbef72471..fa75e0d6d5ca 100644 --- a/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md +++ b/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md @@ -1,6 +1,6 @@ --- title: Publicizing or hiding organization membership -intro: If you'd like to tell the world which organizations you belong to, you can display the avatars of the organizations on your profile. +intro: Show avatars for organizations where you’re an organization member. redirect_from: - /articles/publicizing-or-concealing-organization-membership - /articles/publicizing-or-hiding-organization-membership diff --git a/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-enterprise.md b/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-enterprise.md new file mode 100644 index 000000000000..b70830297b13 --- /dev/null +++ b/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-enterprise.md @@ -0,0 +1,35 @@ +--- +title: Removing yourself from an enterprise +intro: You can leave an enterprise after removing yourself from every organization in the enterprise. +versions: + fpt: '*' + ghec: '*' +topics: + - Accounts +shortTitle: Leave an enterprise +contentType: how-tos +--- + +If your personal {% data variables.product.github %} account is a member of an enterprise, you can leave the enterprise at any time. + +After leaving an enterprise, you will no longer be a member of any organization in the enterprise, and you will lose {% data variables.product.prodname_copilot %} licenses and other privileges granted through the enterprise. + +>[!NOTE] If you use a {% data variables.enterprise.prodname_managed_user %} provided by your enterprise, only administrators can remove you from the enterprise. You're using a {% data variables.enterprise.prodname_managed_user %} if all usernames in your enterprise end with a pattern like `_CODE`, or if you access the enterprise at a domain like `{% data variables.enterprise.data_residency_example_domain %}`. + +## Leaving an enterprise + +To leave an enterprise, you must remove yourself from every organization in the enterprise, then leave the enterprise itself. + +1. Leave every organization in the enterprise. + 1. Go to the [Enterprises](https://github.com/settings/enterprises) page in your settings. + 1. Click the enterprise you want to leave, then click the **Organizations** tab. + 1. Use the **Your role** dropdown to see the organizations that you're a member of. + 1. Leave each organization by following the instructions in [AUTOTITLE](/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization). +1. Go back to the [Enterprises](https://github.com/settings/enterprises) page and check if the enterprise is still listed. If it is **not** listed, you have left the enterprise. +1. If the enterprise **is** still listed, check your role for the enterprise and take the appropriate action to leave: + + * If you're an **unaffiliated member**, next to the enterprise name, click **Leave**. + * If you're an **owner**, you must go to the enterprise settings and remove yourself. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#removing-an-enterprise-administrator-from-your-enterprise-account). + * If you're a **billing manager**, you must ask an enterprise owner to remove you using the instructions in [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#removing-an-enterprise-administrator-from-your-enterprise-account). + + ![Screenshot of the enterprises page. Next to "unaffilated member", the "Leave" button is highlighted with an orange outline.](/assets/images/help/enterprises/enterprise-self-removal.png) diff --git a/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization.md b/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization.md index 333178b0f093..a720b84b26b8 100644 --- a/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization.md +++ b/content/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization.md @@ -30,3 +30,9 @@ contentType: how-tos {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.organizations %} 1. Under "Organizations", next to the organization you'd like to remove yourself from, click **Leave**. + +{% ifversion fpt or ghec %} + +If you remove yourself from every organization in an enterprise, you may also be automatically removed from the enterprise account. If you haven't been removed and want to leave an enterprise, see [AUTOTITLE](/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-enterprise). + +{% endif %} diff --git a/content/actions/concepts/runners/self-hosted-runners.md b/content/actions/concepts/runners/self-hosted-runners.md index 73389d70454a..e20e6907f56e 100644 --- a/content/actions/concepts/runners/self-hosted-runners.md +++ b/content/actions/concepts/runners/self-hosted-runners.md @@ -23,11 +23,11 @@ A self-hosted runner is a system that you deploy and manage to execute jobs from Self-hosted runners: {% ifversion fpt or ghec %} -* Give you more control of hardware, operating system, and software tools than {% data variables.product.prodname_dotcom %}-hosted runners provide. Be aware that you are responsible for updating the operating system and all other software.{% endif %} +* Give you more control of hardware, operating system, and software tools than {% data variables.product.github %}-hosted runners provide. Be aware that you are responsible for updating the operating system and all other software. +* Allow you to use machines and services that your company already maintains and pays to use.{% endif %} * Are free to use with {% data variables.product.prodname_actions %}, but you are responsible for the cost of maintaining your runner machines. * Let you create custom hardware configurations that meet your needs with processing power or memory to run larger jobs, install software available on your local network. * Receive automatic updates for the self-hosted runner application only, though you may disable automatic updates of the runner. -* Can use cloud services or local machines that you already pay for. * Don't need to have a clean instance for every job execution.{% ifversion ghec or ghes %} * Can be organized into groups to restrict access to specific workflows, organizations, and repositories. See [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups).{% endif %} * Can be physical, virtual, in a container, on-premises, or in a cloud. diff --git a/content/actions/concepts/security/openid-connect.md b/content/actions/concepts/security/openid-connect.md index 1aec0d04823f..73704367e0e0 100644 --- a/content/actions/concepts/security/openid-connect.md +++ b/content/actions/concepts/security/openid-connect.md @@ -115,6 +115,20 @@ For more information, see [AUTOTITLE](/actions/reference/openid-connect-referenc {% data variables.product.prodname_actions %} workflows can use OIDC tokens instead of secrets to authenticate with cloud providers. Many popular cloud providers offer official login actions that simplify the process of using OIDC in your workflows. For more information about updating your workflows with specific cloud providers, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments). +## OIDC support for {% data variables.product.prodname_dependabot %} + +{% data variables.product.prodname_dependabot %} can use OIDC to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider. + +{% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on AWS CodeArtifact, Azure DevOps Artifacts, or JFrog Artifactory. + +The benefits of OIDC authentication for {% data variables.product.prodname_dependabot %} are: + +* **Enhanced security:** Eliminates static, long-lived credentials from your repositories. +* **Simpler management:** Enables secure, policy-compliant access to private registries. +* **Avoid rate limiting:** Dynamic credentials help you avoid hitting rate limits associated with static tokens. + +For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication). + ## Next steps For more information about configuring OIDC, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments). diff --git a/content/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments.md b/content/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments.md index 911bf54a87c9..3c2d25aa01c2 100644 --- a/content/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments.md +++ b/content/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments.md @@ -128,6 +128,12 @@ For guidance on writing deployment-specific steps, see [Finding deployment examp When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. For more information about viewing deployments to environments, see [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history). +{% ifversion virtual-registry %} + +Your organization can collect deployment records for all your builds in a single place by uploading data to the {% data variables.product.virtual_registry %}. See [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). + +{% endif %} + ## Monitoring workflow runs Every workflow run generates a real-time graph that illustrates the run progress. You can use this graph to monitor and debug deployments. For more information see, [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph). diff --git a/content/actions/how-tos/get-support.md b/content/actions/how-tos/get-support.md index 500747d0d6b2..ba5bf0ba65fe 100644 --- a/content/actions/how-tos/get-support.md +++ b/content/actions/how-tos/get-support.md @@ -37,7 +37,7 @@ Some information that {% data variables.contact.github_support %} will request c * A copy of your workflow run logs for an example workflow run failure. For more information about workflow run logs, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#downloading-logs). * {% ifversion ghes %}A copy of your runner logs, {% else %}If you are running this workflow on a self-hosted runner, self-hosted runner logs{% endif %} which can be found under the `_diag` folder within the runner. For more information about self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#reviewing-the-self-hosted-runner-application-log-files). - Self-hosted runner log file names are be formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`. + Self-hosted runner log file names are formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`. > [!NOTE] > Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code). diff --git a/content/actions/how-tos/manage-runners/larger-runners/control-access.md b/content/actions/how-tos/manage-runners/larger-runners/control-access.md index 1eae8b439b89..e61536163238 100644 --- a/content/actions/how-tos/manage-runners/larger-runners/control-access.md +++ b/content/actions/how-tos/manage-runners/larger-runners/control-access.md @@ -27,7 +27,7 @@ Runner groups are used to control which repositories can run jobs on your {% dat * **Runners at the enterprise level:** {% data reusables.actions.about-enterprise-level-runner-groups %} * **Runners at the organization level:** {% data reusables.actions.about-organization-level-runner-groups %} -For example, the following diagram has a runner group named `grp-ubuntu-20.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`. +For example, the following diagram has a runner group named `grp-ubuntu-24.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`. ![Diagram showing a runner group defined at the enterprise level with an organization configuration that allows access for two repositories.](/assets/images/help/actions/hosted-runner-mgmt.png) diff --git a/content/actions/how-tos/manage-runners/larger-runners/manage-larger-runners.md b/content/actions/how-tos/manage-runners/larger-runners/manage-larger-runners.md index a241c542805e..cb6609ae0af5 100644 --- a/content/actions/how-tos/manage-runners/larger-runners/manage-larger-runners.md +++ b/content/actions/how-tos/manage-runners/larger-runners/manage-larger-runners.md @@ -36,7 +36,7 @@ Enterprise owners can add {% data variables.actions.hosted_runner %}s to an ente ## Adding a {% data variables.actions.hosted_runner %} to an organization -Organization owners{% ifversion custom-org-roles %} and users with the "Manage organization runners and runner groups" permission{% endif %} can add a {% data variables.actions.hosted_runner %} to an organization control which repositories can use it. When you create a new runner for an organization, by default, all repositories in the organization have access to the runner. To limit which repositories can use the runner, assign it to a runner group with access to specific repositories. For more information, see [Allowing repositories to access larger runners](#allowing-repositories-to-access-larger-runners). +Organization owners{% ifversion custom-org-roles %} and users with the "Manage organization runners and runner groups" permission{% endif %} can add a {% data variables.actions.hosted_runner %} to an organization and control which repositories can use it. When you create a new runner for an organization, by default, all repositories in the organization have access to the runner. To limit which repositories can use the runner, assign it to a runner group with access to specific repositories. For more information, see [Allowing repositories to access larger runners](#allowing-repositories-to-access-larger-runners). {% data reusables.actions.add-hosted-runner-overview %} diff --git a/content/actions/how-tos/manage-runners/larger-runners/use-custom-images.md b/content/actions/how-tos/manage-runners/larger-runners/use-custom-images.md index a04d1cc65e92..82544a91631b 100644 --- a/content/actions/how-tos/manage-runners/larger-runners/use-custom-images.md +++ b/content/actions/how-tos/manage-runners/larger-runners/use-custom-images.md @@ -8,6 +8,8 @@ product: '{% data variables.actions.github_hosted_larger_runners %} are only ava --- +{% data reusables.actions.custom-images-public-preview-note %} + ## Custom images You can create a custom image to define the exact environment that your {% data variables.actions.github_hosted_larger_runners %} use. Custom images let you preinstall tools, dependencies, and configurations to speed up workflows and improve consistency across jobs. @@ -55,6 +57,9 @@ To configure a workflow for image generation: * Each job that includes the `snapshot` keyword creates a separate image. To generate only one image or image version, include all workflow steps in a single job. * Each successful run of a job that includes the `snapshot` keyword creates a new version of that image. + > [!NOTE] + > {% data variables.product.company_short %} recommends configuring image generation as a scheduled workflow on a weekly basis. This approach ensures dependencies remain up-to-date and have the latest security patches. For more information, see [AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#schedule). + It can take some time for your image to be fully generated and ready to use after the workflow completes. Provisioning time varies based on runner size and configuration, and may take several hours for larger runners. The image is generated only when the job completes successfully. This prevents new image versions from being created when a workflow fails or ends in an incomplete state. diff --git a/content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md b/content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md index 53a01c891c73..43b2945db7a1 100644 --- a/content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md +++ b/content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md @@ -85,7 +85,7 @@ Use the labels in the table below to run your workflows on the corresponding mac {% data reusables.actions.runner-labels-implicit %} -In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-20.04-16core` label: +In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-24.04-16core` label: ```yaml name: learn-github-actions @@ -93,7 +93,7 @@ on: [push] jobs: check-bats-version: runs-on: - labels: ubuntu-20.04-16core + labels: ubuntu-24.04-16core steps: - uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-setup-node %} @@ -148,7 +148,7 @@ name: learn-github-actions-testing on: [push] jobs: build: - runs-on: macos-13-xlarge + runs-on: macos-26-xlarge steps: - uses: {% data reusables.actions.action-checkout %} - name: Build diff --git a/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md b/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md index 09c5b1eee9a6..e7daec591b46 100644 --- a/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md +++ b/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md @@ -116,6 +116,11 @@ export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1 > [!WARNING] > Disabling TLS verification is not recommended since TLS provides privacy and data integrity between the self-hosted runner application and {% data variables.product.github %}. We recommend that you install the {% data variables.product.github %} certificate in the operating system certificate store for your self-hosted runner. For guidance on how to install the {% data variables.product.github %} certificate, check with your operating system vendor. +{% ifversion fpt or ghec %} +> [!NOTE] +> For {% data variables.actions.github_hosted_larger_runners %} using Azure private networking, see the TLS interception requirements in [AUTOTITLE](/organizations/managing-organization-settings/configuring-private-networking-for-github-hosted-runners-in-your-organization#prerequisites). +{% endif %} + ## Reviewing the self-hosted runner application log files You can monitor the status of the self-hosted runner application and its activities. Log files are kept in the `_diag` directory where you installed the runner application, and a new log is generated each time the application is started. The filename begins with `Runner_`, and is followed by a UTC timestamp of when the application was started. diff --git a/content/actions/how-tos/manage-runners/use-proxy-servers.md b/content/actions/how-tos/manage-runners/use-proxy-servers.md index cf4753c08dce..7da3b7ee57f4 100644 --- a/content/actions/how-tos/manage-runners/use-proxy-servers.md +++ b/content/actions/how-tos/manage-runners/use-proxy-servers.md @@ -22,11 +22,7 @@ contentType: how-tos If your runner needs to communicate via a proxy server, you can configure proxy settings using environment variables or system-level configurations. -| Variable | Description | Example | -| ------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -| `https_proxy` | Proxy URL for HTTPS traffic. You can include basic authentication if required. | `http://proxy.local`
`http://192.168.1.1:8080`
`http://username:password@proxy.local` | -| `http_proxy` | Proxy URL for HTTP traffic. You can include basic authentication if required. | `http://proxy.local`
`http://192.168.1.1:8080`
`http://username:password@proxy.local` | -| `no_proxy` | A comma-separated list of hosts or IP addresses that should bypass the proxy. Some clients only honor IP addresses when connections are made directly to the IP rather than a hostname. | `example.com`
`example.com,myserver.local:443,example.org` | +{% data reusables.actions.actions-proxy-environment-variables-table %} The proxy environment variables are read when the runner application starts, so you must set the environment variables before configuring or starting the runner application. If your proxy configuration changes, you must restart the runner application. diff --git a/content/actions/how-tos/monitor-workflows/enable-debug-logging.md b/content/actions/how-tos/monitor-workflows/enable-debug-logging.md index 4233769ee5ba..2cc65a5679fa 100644 --- a/content/actions/how-tos/monitor-workflows/enable-debug-logging.md +++ b/content/actions/how-tos/monitor-workflows/enable-debug-logging.md @@ -42,3 +42,5 @@ Step debug logging increases the verbosity of a job's logs during and after a jo 1. To enable step debug logging, set the following secret or variable in the repository that contains the workflow: `ACTIONS_STEP_DEBUG` to `true`. If both the secret and variable are set, the value of the secret takes precedence over the variable. 1. After setting the secret or variable, more debug events are shown in the step logs. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#viewing-logs-to-diagnose-failures). + +You can also use the `runner.debug` context to conditionally run steps only when debug logging is enabled. For more information, see [AUTOTITLE](/actions/reference/workflows-and-actions/contexts#runner-context). diff --git a/content/actions/how-tos/monitor-workflows/index.md b/content/actions/how-tos/monitor-workflows/index.md index 449963c2b164..557de7868aab 100644 --- a/content/actions/how-tos/monitor-workflows/index.md +++ b/content/actions/how-tos/monitor-workflows/index.md @@ -11,6 +11,7 @@ children: - /view-job-execution-time - /add-a-status-badge - /use-workflow-run-logs + - /view-job-condition-logs - /enable-debug-logging redirect_from: - /actions/monitoring-and-troubleshooting-workflows/monitoring-workflows diff --git a/content/actions/how-tos/monitor-workflows/view-job-condition-logs.md b/content/actions/how-tos/monitor-workflows/view-job-condition-logs.md new file mode 100644 index 000000000000..10ffe79d9bfa --- /dev/null +++ b/content/actions/how-tos/monitor-workflows/view-job-condition-logs.md @@ -0,0 +1,40 @@ +--- +title: Viewing job condition expression logs +shortTitle: View job condition logs +intro: 'Learn how to access and interpret expression evaluation logs for job-level `if` conditions in {% data variables.product.prodname_actions %}.' +versions: + fpt: '*' + ghec: '*' +contentType: how-tos +--- + +When a job's `if` condition is evaluated, {% data variables.product.prodname_actions %} logs the expression evaluation to help you understand the result. This is useful for debugging both why a job was skipped and why a job ran when you expected it to be skipped. + +## Accessing expression logs + +1. Navigate to the workflow run summary. +1. Click on the job. +1. Click **{% octicon "gear" aria-label="The Gear icon" %}**. +1. Select **Download log archive**. +1. Extract the ZIP file and open the `JOB-NAME/system.txt` file. + +## Understanding the log output + +The system log shows the expression evaluation: + +```text +Evaluating: (success() && ((github.repository == 'octo-org/octo-repo-prod'))) +Expanded: (true && (('my-username/octo-repo-prod' == 'octo-org/octo-repo-prod'))) +Result: false +``` + +| Line | Description | +|------|-------------| +| **Evaluating** | The original `if` expression from your workflow file. | +| **Expanded** | The expression with context values substituted. This shows you exactly what values were used at runtime. | +| **Result** | The final evaluation result (`true` or `false`). | + +In this example, the expanded line reveals that `github.repository` was `'my-username/octo-repo-prod'` (not `'octo-org/octo-repo-prod'`), which caused the condition to evaluate to `false`. + +> [!NOTE] +> Expression logs are only available for job-level `if` conditions. For step-level conditions, you can enable debug logging to see expression evaluation in the job logs. For more information, see [AUTOTITLE](/actions/how-tos/monitor-workflows/enable-debug-logging). diff --git a/content/actions/how-tos/reuse-automations/create-workflow-templates.md b/content/actions/how-tos/reuse-automations/create-workflow-templates.md index 64ddb49e1015..008181827288 100644 --- a/content/actions/how-tos/reuse-automations/create-workflow-templates.md +++ b/content/actions/how-tos/reuse-automations/create-workflow-templates.md @@ -28,7 +28,47 @@ This procedure demonstrates how to create a workflow template and metadata file. 1. If it doesn't already exist, create a new repository named `.github` in your organization. 1. Create a directory named `workflow-templates`. 1. Create your new workflow file inside the `workflow-templates` directory. -1. Create a metadata file inside the `workflow-templates` directory. + + If you need to refer to a repository's default branch, you can use the `$default-branch` placeholder. When a workflow is created the placeholder will be automatically replaced with the name of the repository's default branch. + + {% ifversion ghes %} + + > [!NOTE] + > The following values in the `runs-on` key are also treated as placeholders: + > + > * `ubuntu-latest` is replaced with `[ self-hosted ]` + > * `windows-latest` is replaced with `[ self-hosted, windows ]` + > * `macos-latest` is replaced with `[ self-hosted, macOS ]` + {% endif %} + + For example, this file named `octo-organization-ci.yml` demonstrates a basic workflow. + + ```yaml copy + name: Octo Organization CI + + on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + + jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: {% data reusables.actions.action-checkout %} + + - name: Run a one-line script + run: echo Hello from Octo Organization + ``` + +1. Create a metadata file inside the `workflow-templates` directory. The metadata file must have the same name as the workflow file, but instead of the `.yml` extension, it must be appended with `.properties.json`. For example, this file named `octo-organization-ci.properties.json` contains the metadata for a workflow file named `octo-organization-ci.yml`: + + {% data reusables.actions.workflow-templates-metadata-example %} + + {% data reusables.actions.workflow-templates-metadata-keys %} + 1. To add another workflow template, add your files to the same `workflow-templates` directory. ## Next steps diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/index.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/index.md index 53e36e2bffa3..ce6a5037665f 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/index.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/index.md @@ -16,6 +16,7 @@ children: - /oidc-in-google-cloud-platform - /oidc-in-hashicorp-vault - /oidc-in-jfrog + - /oidc-in-octopus-deploy - /oidc-in-pypi - /oidc-in-cloud-providers - /oidc-with-reusable-workflows diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md index b0b18fa97c70..d904990b42ae 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md @@ -77,8 +77,6 @@ The [`azure/login`](https://github.com/Azure/login) action receives a JWT from t The following example exchanges an OIDC ID token with Azure to receive an access token, which can then be used to access cloud resources. -{% raw %} - ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} name: Run Azure Login with OIDC @@ -94,9 +92,9 @@ jobs: - name: 'Az CLI login' uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + client-id: {% raw %}${{ secrets.AZURE_CLIENT_ID }}{% endraw %} + tenant-id: {% raw %}${{ secrets.AZURE_TENANT_ID }}{% endraw %} + subscription-id: {% raw %}${{ secrets.AZURE_SUBSCRIPTION_ID }}{% endraw %} - name: 'Run az commands' run: | @@ -104,8 +102,6 @@ jobs: az group list ``` - {% endraw %} - ## Further reading {% data reusables.actions.oidc-further-reading %} diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md index 3be5346d0650..59f40e74b8a6 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md @@ -78,8 +78,6 @@ This example has a job called `Get_OIDC_ID_token` that uses actions to request a This action exchanges a {% data variables.product.prodname_dotcom %} OIDC token for a Google Cloud access token, using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). -{% raw %} - ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} name: List services in GCP @@ -105,12 +103,10 @@ jobs: - id: 'gcloud' name: 'gcloud' run: |- - gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" + gcloud auth login --brief --cred-file="{% raw %}${{ steps.auth.outputs.credentials_file_path }}{% endraw %}" gcloud services list ``` -{% endraw %} - ## Further reading {% data reusables.actions.oidc-further-reading %} diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-jfrog.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-jfrog.md index 4035faf000aa..75ac16db55d3 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-jfrog.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-jfrog.md @@ -55,8 +55,6 @@ In your {% data variables.product.prodname_actions %} workflow file, ensure you The following example uses the placeholders `YOUR_PROVIDER_NAME` and `YOUR_AUDIENCE`. -{% raw %} - ```yaml {% data reusables.actions.actions-not-certified-by-github-comment %} permissions: @@ -71,7 +69,7 @@ jobs: id: setup-jfrog-cli uses: jfrog/setup-jfrog-cli@29fa5190a4123350e81e2a2e8d803b2a27fed15e with: - JF_URL: ${{ env.JF_URL }} + JF_URL: {% raw %}${{ env.JF_URL }}{% endraw %} oidc-provider-name: 'YOUR_PROVIDER_NAME' oidc-audience: 'YOUR_AUDIENCE' # This is optional @@ -80,8 +78,6 @@ jobs: ``` -{% endraw %} - > [!TIP] > When OIDC authentication is used, the `setup-jfrog-cli` action automatically provides `oidc-user` and `oidc-token` as step outputs. > These can be used for other integrations that require authentication with JFrog. @@ -89,20 +85,16 @@ jobs: ### Using OIDC Credentials in other steps -{% raw %} - ```yaml {% data reusables.actions.actions-not-certified-by-github-comment %} - name: Sign in to Artifactory Docker registry uses: docker/login-action@v3 with: - registry: ${{ env.JF_URL }} - username: ${{ steps.setup-jfrog-cli.outputs.oidc-user }} - password: ${{ steps.setup-jfrog-cli.outputs.oidc-token }} + registry: {% raw %}${{ env.JF_URL }}{% endraw %} + username: {% raw %}${{ steps.setup-jfrog-cli.outputs.oidc-user }}{% endraw %} + password: {% raw %}${{ steps.setup-jfrog-cli.outputs.oidc-token }}{% endraw %} ``` -{% endraw %} - ## Further reading * [OpenID Connect Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/openid-connect-integration) in the JFrog documentation diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-octopus-deploy.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-octopus-deploy.md new file mode 100644 index 000000000000..ebab64064359 --- /dev/null +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-octopus-deploy.md @@ -0,0 +1,80 @@ +--- +title: Configuring OpenID Connect in Octopus Deploy +shortTitle: OIDC in Octopus Deploy +intro: Use OpenID Connect within your workflows to authenticate with Octopus Deploy. +versions: + fpt: '*' + ghec: '*' +type: tutorial +topics: + - Security + - Actions +--- + +## Overview + +OpenID Connect (OIDC) allows your {% data variables.product.prodname_actions %} workflows to authenticate with [Octopus Deploy](https://octopus.com/) to push packages, create releases or trigger deployments without storing Octopus Deploy passwords or API keys as long-lived {% data variables.product.prodname_dotcom %} secrets. + +This guide provides an overview of how to configure Octopus Deploy to trust {% data variables.product.prodname_dotcom %}'s OIDC as a federated identity, and includes a workflow example for the [`octopusdeploy/login`](https://github.com/OctopusDeploy/login) action that uses tokens to authenticate to your Octopus Deploy instance. + +## Prerequisites + +{% data reusables.actions.oidc-link-to-intro %} + +{% data reusables.actions.oidc-security-notice %} + +{% data reusables.actions.oidc-on-ghecom %} + +## Adding the identity provider to Octopus Deploy + +To use OIDC with Octopus Deploy, first establish a trust relationship between {% data variables.product.prodname_actions %} and your Octopus Deploy instance. For more information about this process, see [Using OpenID Connect with the Octopus API](https://octopus.com/docs/octopus-rest-api/openid-connect) in the Octopus Deploy documentation. + +1. Sign in to your Octopus Deploy instance. +1. Create or open the Service Account that will be granted access via the token request. +1. Configure a new OIDC Identity, defining the relevant subject that the {% data variables.product.prodname_actions %} workflow token request will be validated against. + +## Updating your {% data variables.product.prodname_actions %} workflow + +To update your workflows for OIDC, you will need to make two changes to your YAML: +1. Add permissions settings for the token. +1. Use the [`OctopusDeploy/login`](https://github.com/OctopusDeploy/login) action to exchange the OIDC token (JWT) for a cloud access token. + +{% data reusables.actions.oidc-deployment-protection-rules %} + +### Adding permissions settings + +{% data reusables.actions.oidc-permissions-token %} + +### Requesting the access token + +The [`OctopusDeploy/login`](https://github.com/OctopusDeploy/login) action receives a JWT from the {% data variables.product.prodname_dotcom %} OIDC provider, and then requests an access token from your Octopus Server instance. For more information, see the [`OctopusDeploy/login`](https://github.com/OctopusDeploy/login) documentation. + +The following example exchanges an OIDC ID token with your Octopus Deploy instance to receive an access token, which can then be used to access your Octopus Deploy resources. Be sure to replace the `server` and `service_account_id` details appropriately for your scenario. + +```yaml copy +{% data reusables.actions.actions-not-certified-by-github-comment %} + +jobs: + create_release_in_octopus: + runs-on: ubuntu-latest + name: Create a release in Octopus + permissions: + # You might need to add other permissions here like `contents: read` depending on what else your job needs to do + id-token: write # This is required to obtain an ID token from GitHub Actions for the job + steps: + - name: Login to Octopus + uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 + with: + server: https://my.octopus.app + service_account_id: 5be4ac10-2679-4041-a8b0-7b05b445e19e + + - name: Create a release in Octopus + uses: OctopusDeploy/create-release-action@fe13cc69c1c037cb7bb085981b152f5e35257e1f #v3.2.2 + with: + space: Default + project: My Octopus Project +``` + +## Further reading + +{% data reusables.actions.oidc-further-reading %} \ No newline at end of file diff --git a/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md b/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md index 50013ab488b4..03613a07a560 100644 --- a/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md +++ b/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md @@ -141,6 +141,14 @@ When you run your updated workflows, they will build your artifacts and generate The value of the `sbom-path` parameter should be set to the path to the JSON-formatted SBOM file you want to attest. +## Uploading artifacts to the {% data variables.product.virtual_registry %} + +We recommend uploading attested assets to your organization's {% data variables.product.virtual_registry %}. This page displays artifacts' build history, deployment records, and storage details. You can use this data to prioritize security alerts or quickly connect vulnerable artifacts to their owning team, source code, and build run. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). + +{% data reusables.actions.attestation-virtual-registry %} + +For an example workflow, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts#generating-an-attestation). + ## Verifying artifact attestations with the {% data variables.product.prodname_cli %} You can validate artifact attestations for binaries and container images and validate SBOM attestations using the {% data variables.product.prodname_cli %}. For more information, see the [`attestation`](https://cli.github.com/manual/gh_attestation) section of the {% data variables.product.prodname_cli %} manual. diff --git a/content/actions/how-tos/troubleshoot-workflows.md b/content/actions/how-tos/troubleshoot-workflows.md index 4e55fdcb9186..8f13dd0cd575 100644 --- a/content/actions/how-tos/troubleshoot-workflows.md +++ b/content/actions/how-tos/troubleshoot-workflows.md @@ -98,6 +98,23 @@ For path filtering, evaluating diffs is limited to the first 300 files. If there Workflow execution involves any issues seen after the workflow was triggered and a workflow run has been created. +{% ifversion fpt or ghec %} + +### Debugging job conditions + +If a job was skipped unexpectedly, or ran when you expected it to be skipped, you can view the expression evaluation to understand why: + +1. Click on the job in the workflow run. +1. Download the log archive from the job's menu. +1. Open the `JOB-NAME/system.txt` file. +1. Look for the `Evaluating`, `Expanded`, and `Result` lines. + +The `Expanded` line shows the actual runtime values that were substituted into your `if` condition, making it clear why the expression evaluated to `true` or `false`. + +For more information, see [AUTOTITLE](/actions/how-tos/monitor-workflows/view-job-condition-logs). + +{% endif %} + ### Canceling Workflows If standard cancellation through the [UI](/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/canceling-a-workflow) or [API](/rest/actions/workflow-runs?apiVersion=2022-11-28#cancel-a-workflow-run) does not process as expected, there may be a conditional statement configured for your running workflow job(s) that causes it to not cancel. diff --git a/content/actions/how-tos/write-workflows/choose-when-workflows-run/control-jobs-with-conditions.md b/content/actions/how-tos/write-workflows/choose-when-workflows-run/control-jobs-with-conditions.md index 2d5cb82666a2..da8210168003 100644 --- a/content/actions/how-tos/write-workflows/choose-when-workflows-run/control-jobs-with-conditions.md +++ b/content/actions/how-tos/write-workflows/choose-when-workflows-run/control-jobs-with-conditions.md @@ -37,3 +37,9 @@ Skipped jobs display the message "This check was skipped." > [!NOTE] > A job that is skipped will report its status as "Success". It will not prevent a pull request from merging, even if it is a required check. + +{% ifversion fpt or ghec %} + +To debug why a job was skipped or ran unexpectedly, you can view job condition expression logs. For more information, see [AUTOTITLE](/actions/how-tos/monitor-workflows/view-job-condition-logs). + +{% endif %} diff --git a/content/actions/reference/limits.md b/content/actions/reference/limits.md index cc6bcb2572c6..0bb6be46a33c 100644 --- a/content/actions/reference/limits.md +++ b/content/actions/reference/limits.md @@ -38,8 +38,9 @@ These limits are subject to change. | All {% data variables.product.github %}-hosted runners | Storage limits | Varies | For more information, see [Storage limits for all {% data variables.product.github %}-hosted runners](#storage-limits-for-all-github-hosted-runners). | {% octicon "x" aria-label="No" %} | | {% endif %} | | Larger runners | Per runner concurrency limit | Varies by runner type | Established when setting up a runner. Normally 1,000 max for Linux CPU runners, but varies by type. See [Job concurrency limits for {% data variables.product.github %}-hosted runners](#job-concurrency-limits-for-github-hosted-runners). | {% octicon "check" aria-label="Yes" %} Support ticket | -| Larger runners | Static IP limits | 10-50 IPs | 10 IPs for team plans, 50 IPs for enterprise, and the limit is configurable. | {% octicon "check" aria-label="Yes" %} Support ticket | +| Larger runners | Static IP limits | 10 IPs | 10 IPs per enterprise and organization. | {% octicon "check" aria-label="Yes" %} Support ticket | | Larger runners | Private IP scaling for vnet injection | 30% buffer | You need a buffer to accommodate the maximum job concurrency you anticipate. See [Private IP scaling for vnet injection on larger runners](#private-ip-scaling-for-vnet-injection-on-larger-runners). | {% octicon "check" aria-label="Yes" %} Configurable Azure virtual network | +| Dependency caching | Uploads per minute | 200 per minute | Each repository is limited to 200 cache entry uploads per minute. If this limit is exceeded, subsequent cache upload attempts will fail until the rate limit resets. | {% octicon "x" aria-label="No" %} | ### Job concurrency limits for {% data variables.product.github %}-hosted runners diff --git a/content/actions/reference/runners/github-hosted-runners.md b/content/actions/reference/runners/github-hosted-runners.md index 9bbddc646cc9..f7ad145edda9 100644 --- a/content/actions/reference/runners/github-hosted-runners.md +++ b/content/actions/reference/runners/github-hosted-runners.md @@ -46,17 +46,14 @@ Workflow logs list the runner used to run a job. For more information, see [AUTO ### Single-CPU runners -> [!NOTE] -> * Single-CPU runners are in {% data variables.release-phases.public_preview %} and subject to change.{% ifversion ghec %} -> * Single-CPU runners are not available in {% data variables.product.prodname_ghe_cloud %} with Data Residency (`ghe.com`). - -{% endif %} - Single-CPU {% data variables.product.github %}-hosted runners are available in both public and private repositories. These runners—specified using the workflow label `ubuntu-slim`—offer a lower-cost option for running lightweight operations. This type of runner is optimized for automation tasks, issue operations and short-running jobs. They are not suitable for typical heavyweight CI/CD builds. `ubuntu-slim` runners execute Actions workflows in Ubuntu Linux, inside a container rather than a full VM instance. When the job begins, {% data variables.product.github %} automatically provisions a new container for that job. All steps in the job execute in the container, allowing the steps in that job to share information using the runner's file system. When the job has finished, the container is automatically decommissioned. Each container provides hypervisor level 2 isolation. -A minimal set of tools is installed on the `ubuntu-slim` runner image, appropriate for lightweight tasks. +> [!NOTE] +> The container for `ubuntu-slim` runners runs in unprivileged mode. This means that some operations requiring elevated privileges—such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features—are not supported. + +A minimal set of tools is installed on the `ubuntu-slim` runner image, appropriate for lightweight tasks. For details on what software is installed on the `ubuntu-slim` image, see the [README file](https://github.com/actions/runner-images/blob/main/images/ubuntu-slim/ubuntu-slim-Readme.md) in the `actions/runner-images` repository. #### Usage limits diff --git a/content/actions/reference/runners/self-hosted-runners.md b/content/actions/reference/runners/self-hosted-runners.md index 7522f25d5a55..fad39165099e 100644 --- a/content/actions/reference/runners/self-hosted-runners.md +++ b/content/actions/reference/runners/self-hosted-runners.md @@ -70,20 +70,34 @@ When routing a job to a self-hosted runner, {% data variables.product.prodname_d ## Autoscaling -You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive with a particular label. +Autoscaling allows you to dynamically adjust the number of self-hosted runners based on demand. This helps optimize resource utilization and ensures sufficient runner capacity during peak times while reducing costs during periods of low activity. There are multiple approaches to implementing autoscaling for self-hosted runners, each with different trade-offs in terms of complexity, reliability, and responsiveness. -### Supported autoscaling solutions +### {% data variables.product.prodname_actions_runner_controller %} {% ifversion fpt or ghec %} -{% data variables.product.prodname_dotcom %}-hosted runners inherently autoscale based on your needs. {% data variables.product.prodname_dotcom %}-hosted runners can be a low-maintenance and cost-effective alternative to developing or implementing autoscaling solutions. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners). +{% data variables.product.github %}-hosted runners inherently autoscale based on your needs. {% data variables.product.github %}-hosted runners can be a low-maintenance and cost-effective alternative to developing or implementing autoscaling solutions. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners). {% endif %} -The [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) (ARC) project is a Kubernetes-based runner autoscaler. {% data variables.product.prodname_dotcom %} recommends ARC if the team deploying it has expert Kubernetes knowledge and experience. +{% data variables.product.prodname_actions_runner_controller %} (ARC) is the reference implementation of {% data variables.product.github %}'s scale set APIs and the recommended Kubernetes-based solution for autoscaling self-hosted runners. ARC provides a complete, production-ready autoscaling solution for teams running {% data variables.product.prodname_actions %} in Kubernetes environments. + +{% data variables.product.github %} recommends ARC for organizations with Kubernetes infrastructure and teams that have Kubernetes expertise. ARC handles the full lifecycle of runners within your cluster, from provisioning to job execution to cleanup. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller). +### {% data variables.product.prodname_actions %} Runner Scale Set Client + +The {% data variables.product.prodname_actions %} Runner Scale Set Client is a standalone Go-based module that empowers platform teams, integrators, and infrastructure providers to build custom autoscaling solutions for {% data variables.product.prodname_actions %} runners across VMs, containers, on-premise infrastructure, and cloud services, with support for Windows, Linux, and macOS platforms. + +The client orchestrates {% data variables.product.github %} API interactions for scale sets while leaving infrastructure provisioning to you. You define how runners are created, scaled, and destroyed, and configure runners with multiple labels for flexible job routing and targeting. This gives organizations granular control over runner lifecycle management and real-time telemetry for job execution. + +The client is designed to work out of the box with basic configurations, allowing teams to quickly implement autoscaling. However, its true power lies in its flexibility—the client is built to be extended and customized to meet each organization's specific infrastructure requirements, compliance constraints, and operational workflows. Whether you need simple scaling logic or complex, multi-environment provisioning strategies, the client adapts to your needs. + +The {% data variables.product.prodname_actions %} Runner Scale Set Client is an open source project. The [actions/scaleset repository](https://github.com/actions/scaleset) contains the complete source code, comprehensive documentation, and practical examples to help you get started. You'll find implementation guides, sample configurations for various infrastructure scenarios, and reference architectures demonstrating how to integrate the client with different provisioning systems. The repository also includes contributing guidelines for teams interested in extending the client or sharing their autoscaling patterns with the community. + +> **Note:** The Runner Scale Set Client is not a replacement for {% data variables.product.prodname_actions_runner_controller %} (ARC), which remains the reference implementation of the scale set APIs and the recommended Kubernetes solution for autoscaling runners. Instead, the client is a complementary tool for interfacing with the same scale set APIs to build custom autoscaling solutions outside of Kubernetes. + ### Ephemeral runners for autoscaling {% data variables.product.prodname_dotcom %} recommends implementing autoscaling with ephemeral self-hosted runners; autoscaling with persistent self-hosted runners is not recommended. In certain cases, {% data variables.product.prodname_dotcom %} cannot guarantee that jobs are not assigned to persistent runners while they are shut down. With ephemeral runners, this can be guaranteed because {% data variables.product.prodname_dotcom %} only assigns one job to a runner. @@ -130,6 +144,8 @@ You can create your own autoscaling environment by using payloads received from * For more information about the `workflow_job` webhook, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job). * To learn how to work with webhooks, see [AUTOTITLE](/webhooks). +> **Note:** This approach relies on the timeliness of webhook delivery for making scaling decisions, which can introduce delays and reliability concerns. Consider using Actions Controller or the Scale Set Client for larger volume autoscaling scenarios. + ### Authentication requirements You can register and delete repository and organization self-hosted runners using [the API](/rest/actions/self-hosted-runners). To authenticate to the API, your autoscaling implementation can use an access token or a {% data variables.product.prodname_dotcom %} app. diff --git a/content/actions/reference/workflows-and-actions/dependency-caching.md b/content/actions/reference/workflows-and-actions/dependency-caching.md index 734f4c49d85f..d738959f92bd 100644 --- a/content/actions/reference/workflows-and-actions/dependency-caching.md +++ b/content/actions/reference/workflows-and-actions/dependency-caching.md @@ -229,14 +229,14 @@ For example, if a pull request contains a `feature` branch and targets the defau If you are caching the package managers listed below, using their respective setup-* actions requires minimal configuration and will create and restore dependency caches for you. -| Package managers | setup-* action for caching | -|---|---| -| npm, Yarn, pnpm | [setup-node](https://github.com/actions/setup-node#caching-global-packages-data) | -| pip, pipenv, Poetry | [setup-python](https://github.com/actions/setup-python#caching-packages-dependencies) | -| Gradle, Maven | [setup-java](https://github.com/actions/setup-java#caching-packages-dependencies) | -| RubyGems | [setup-ruby](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically) | -| Go `go.sum` | [setup-go](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs) | -| .NET NuGet | [setup-dotnet](https://github.com/actions/setup-dotnet?tab=readme-ov-file#caching-nuget-packages) | +| Package managers | setup-* action for caching | +| ------------------- | ------------------------------------------------------------------------------------------------- | +| npm, Yarn, pnpm | [setup-node](https://github.com/actions/setup-node#caching-global-packages-data) | +| pip, pipenv, Poetry | [setup-python](https://github.com/actions/setup-python#caching-packages-dependencies) | +| Gradle, Maven | [setup-java](https://github.com/actions/setup-java#caching-packages-dependencies) | +| RubyGems | [setup-ruby](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically) | +| Go `go.sum` | [setup-go](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs) | +| .NET NuGet | [setup-dotnet](https://github.com/actions/setup-dotnet?tab=readme-ov-file#caching-nuget-packages) | ## Restrictions for accessing a cache @@ -275,6 +275,8 @@ Multiple workflow runs in a repository can share caches. A cache created for a b {% endif %} {% ifversion fpt or ghec %} +You can create cache entries at a rate of up to 200 uploads per minute per repository. If you exceed this rate, subsequent cache upload attempts will fail until the rate limit resets. The time until the rate limit resets is returned in the `Retry-After` header of the response. + ### Increasing cache size If you want to reduce the rate at which cache entries are evicted, you can increase the storage limits for your cache in the Actions Settings. Repositories owned by users can configure up to 10 TB per repository. For repositories owned by organizations, the maximum configurable limit is determined by the organization's settings. For organizations owned by an enterprise, the maximum configurable limit is determined by the enterprise's settings. Increasing the limit beyond the default 10 GB will incur additional costs, if that storage is used. diff --git a/content/actions/reference/workflows-and-actions/deployments-and-environments.md b/content/actions/reference/workflows-and-actions/deployments-and-environments.md index c09c1eab9e1d..21f214414dd3 100644 --- a/content/actions/reference/workflows-and-actions/deployments-and-environments.md +++ b/content/actions/reference/workflows-and-actions/deployments-and-environments.md @@ -56,7 +56,7 @@ Use deployment branches and tags to restrict which branches and tags can deploy * **Selected branches and tags:** Only branches and tags that match your specified name patterns can deploy to the environment. - If you specify `releases/*` as a deployment branch or tag rule, only a branch or tag whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches or tags that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch). + The deployment branch or tag rule is matched against the `GITHUB_REF` of the workflow run. For values of `GITHUB_REF` for each workflow trigger, see [AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows). If you specify `releases/*` as a deployment branch or tag rule, only a `GITHUB_REF` whose name begins with `releases/` can deploy to the environment. Adding another branch rule for `refs/pull/*/merge` would also allow workflows triggered by `pull_request` events to deploy to the environment. Wildcard characters will not match `/`, to match branches or tags that begin with `release/` and contain an additional single slash, use `release/*/*`. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch). {% data reusables.actions.branch-and-tag-deployment-rules-configuration %} diff --git a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md index ca9ae26db64a..032aad462ef0 100644 --- a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md +++ b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md @@ -695,14 +695,18 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| +| {% ifversion ghes < 3.20 %} | | [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `ready_for_review`
- `locked`
- `unlocked`
{% ifversion fpt or ghec %}- `enqueued`
- `dequeued`
{% endif %}- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last commit on the PR base branch | PR base branch | +| {% else %} | +| [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `ready_for_review`
- `locked`
- `unlocked`
{% ifversion fpt or ghec %}- `enqueued`
- `dequeued`
{% endif %}- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last commit on default branch | Default branch | +| {% endif %} | > [!NOTE] > {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request). By default, a workflow only runs when a `pull_request_target` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes). Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. -This event runs in the context of the base of the pull request, rather than in the context of the merge commit, as the `pull_request` event does. This prevents execution of unsafe code from the head of the pull request that could alter your repository or steal any secrets you use in your workflow. This event allows your workflow to do things like label or comment on pull requests from forks. Avoid using this event if you need to build or run code from the pull request. +This event runs in the context of the {% ifversion ghes < 3.20 %}base of the pull request{% else %}default branch of the base repository{% endif %}, rather than in the context of the merge commit, as the `pull_request` event does. This prevents execution of unsafe code from the head of the pull request that could alter your repository or steal any secrets you use in your workflow. This event allows your workflow to do things like label or comment on pull requests from forks. Avoid using this event if you need to build or run code from the pull request. To ensure repository security, branches with names that match certain patterns (such as those which look similar to SHAs) may not trigger workflows with the `pull_request_target` event. diff --git a/content/actions/reference/workflows-and-actions/expressions.md b/content/actions/reference/workflows-and-actions/expressions.md index 418da047a5fe..0e06951605eb 100644 --- a/content/actions/reference/workflows-and-actions/expressions.md +++ b/content/actions/reference/workflows-and-actions/expressions.md @@ -81,21 +81,6 @@ env: * {% data variables.product.prodname_dotcom %} ignores case when comparing strings. * Objects and arrays are only considered equal when they are the same instance. -{% data variables.product.prodname_dotcom %} provides a way to create conditional logic in expressions using binary logical operators (`&&` and `||`). This pattern can be used to achieve similar functionality to the ternary operator (`?:`) found in many programming languages, while actually using only binary operators. - -### Example - -{% raw %} - -```yaml -env: - MY_ENV_VAR: ${{ github.ref == 'refs/heads/main' && 'value_for_main_branch' || 'value_for_other_branches' }} -``` - -{% endraw %} - -In this example, we're using a combination of `&&` and `||` operators to set the value of the `MY_ENV_VAR` environment variable based on whether the {% data variables.product.prodname_dotcom %} reference is set to `refs/heads/main` or not. If it is, the variable is set to `value_for_main_branch`. Otherwise, it is set to `value_for_other_branches`. It is important to note that the first value after the `&&` must be truthy. Otherwise, the value after the `||` will always be returned. - ## Functions {% data variables.product.prodname_dotcom %} offers a set of built-in functions that you can use in expressions. Some functions cast values to a string to perform comparisons. {% data variables.product.prodname_dotcom %} casts data types to a string using these conversions: @@ -287,6 +272,44 @@ Creates a hash for all `.rb` files in the `lib` directory at root level, includi `hashFiles('/lib/**/*.rb', '!/lib/foo/*.rb')` +### case + +`case( pred1, val1, pred2, val2, ..., default )` + +Evaluates predicates in order and returns the value corresponding to the first predicate that evaluates to `true`. If no predicate matches, it returns the last argument as the default value. + +#### Example with a single predicate + +{% raw %} + +```yaml +env: + MY_ENV_VAR: ${{ case(github.ref == 'refs/heads/main', 'production', 'development') }} +``` + +{% endraw %} + +Sets `MY_ENV_VAR` to `production` when the ref is `refs/heads/main`, otherwise sets it to `development`. + +#### Example with multiple predicates + +{% raw %} + +```yaml +env: + MY_ENV_VAR: |- + ${{ case( + github.ref == 'refs/heads/main', 'production', + github.ref == 'refs/heads/staging', 'staging', + startsWith(github.ref, 'refs/heads/feature/'), 'development', + 'unknown' + ) }} +``` + +{% endraw %} + +Sets `MY_ENV_VAR` based on the branch: `production` for `main`, `staging` for `staging`, `development` for branches starting with `feature/`, or `unknown` for all other branches. + ## Status check functions You can use the following status check functions as expressions in `if` conditionals. A default status check of `success()` is applied unless you include one of these functions. For more information about `if` conditionals, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif) and [AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runsstepsif). diff --git a/content/actions/reference/workflows-and-actions/reusing-workflow-configurations.md b/content/actions/reference/workflows-and-actions/reusing-workflow-configurations.md index 61c083c3875e..bf9d93492f63 100644 --- a/content/actions/reference/workflows-and-actions/reusing-workflow-configurations.md +++ b/content/actions/reference/workflows-and-actions/reusing-workflow-configurations.md @@ -170,33 +170,9 @@ jobs: The metadata file must have the same name as the workflow file, but instead of the `.yml` extension, it must be appended with `.properties.json`. For example, this file named `octo-organization-ci.properties.json` contains the metadata for a workflow file named `octo-organization-ci.yml`: - ```json copy - { - "name": "Octo Organization Workflow", - "description": "Octo Organization CI workflow template.", - "iconName": "example-icon", - "categories": [ - "Go" - ], - "filePatterns": [ - "package.json$", - "^Dockerfile", - ".*\\.md$" - ] - } - ``` - -* `name` - **Required.** The name of the workflow. This is displayed in the list of available workflows. -* `description` - **Required.** The description of the workflow. This is displayed in the list of available workflows. -* `iconName` - _Optional._ Specifies an icon for the workflow that is displayed in the list of workflows. `iconName` can one of the following types: - * An SVG file that is stored in the `workflow-templates` directory. To reference a file, the value must be the file name without the file extension. For example, an SVG file named `example-icon.svg` is referenced as `example-icon`. - * An icon from {% data variables.product.prodname_dotcom %}'s set of [Octicons](https://primer.style/octicons/). To reference an octicon, the value must be `octicon `. For example, `octicon smiley`. -* `categories` - **Optional.** Defines the categories that the workflow is shown under. You can use category names from the following lists: - * General category names from the [starter-workflows](https://github.com/actions/starter-workflows/blob/main/README.md#categories) repository. - * Linguist languages from the list in the [linguist](https://github.com/github-linguist/linguist/blob/main/lib/linguist/languages.yml) repository. - * Supported tech stacks from the list in the [starter-workflows](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml) repository. - -* `filePatterns` - **Optional.** Allows the workflow to be used if the user's repository has a file in its root directory that matches a defined regular expression. +{% data reusables.actions.workflow-templates-metadata-example %} + +{% data reusables.actions.workflow-templates-metadata-keys %} {% ifversion fpt or ghec %} diff --git a/content/actions/reference/workflows-and-actions/workflow-syntax.md b/content/actions/reference/workflows-and-actions/workflow-syntax.md index c00653b7ec44..b916b5c66a4e 100644 --- a/content/actions/reference/workflows-and-actions/workflow-syntax.md +++ b/content/actions/reference/workflows-and-actions/workflow-syntax.md @@ -953,7 +953,7 @@ jobs: example_matrix: strategy: matrix: - os: [ubuntu-22.04, ubuntu-20.04] + os: [ubuntu-22.04, ubuntu-24.04] version: [10, 12, 14] runs-on: {% raw %}${{ matrix.os }}{% endraw %} steps: diff --git a/content/actions/tutorials/build-and-test-code/ruby.md b/content/actions/tutorials/build-and-test-code/ruby.md index 6b2142f1a6b2..c44a8331e1c6 100644 --- a/content/actions/tutorials/build-and-test-code/ruby.md +++ b/content/actions/tutorials/build-and-test-code/ruby.md @@ -187,8 +187,6 @@ The `setup-ruby` actions provides a method to automatically handle the caching o To enable caching, set the following. -{% raw %} - ```yaml {% data reusables.actions.actions-not-certified-by-github-comment %} steps: @@ -197,8 +195,6 @@ steps: bundler-cache: true ``` -{% endraw %} - This will configure bundler to install your gems to `vendor/cache`. For each successful run of your workflow, this folder will be cached by {% data variables.product.prodname_actions %} and re-downloaded for subsequent workflow runs. A hash of your `gemfile.lock` and the Ruby version are used as the cache key. If you install any new gems, or change a version, the cache will be invalidated and bundler will do a fresh install. **Caching without setup-ruby** diff --git a/content/actions/tutorials/build-and-test-code/swift.md b/content/actions/tutorials/build-and-test-code/swift.md index 75cb76157e4c..e395d2fc53ed 100644 --- a/content/actions/tutorials/build-and-test-code/swift.md +++ b/content/actions/tutorials/build-and-test-code/swift.md @@ -124,8 +124,6 @@ jobs: You can configure your job to use a single specific version of Swift, such as `5.3.3`. -{% raw %} - ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} steps: @@ -136,8 +134,6 @@ steps: run: swift --version # Swift 5.3.3 ``` -{% endraw %} - ## Building and testing your code You can use the same commands that you use locally to build and test your code using Swift. This example demonstrates how to use `swift build` and `swift test` in a job: diff --git a/content/actions/tutorials/index.md b/content/actions/tutorials/index.md index 04497288c7d2..87a21e7c82ff 100644 --- a/content/actions/tutorials/index.md +++ b/content/actions/tutorials/index.md @@ -10,6 +10,7 @@ children: - /create-an-example-workflow - /build-and-test-code - /authenticate-with-github_token + - /migrate-to-github-runners - /create-actions - /publish-packages - /manage-your-work diff --git a/content/actions/tutorials/migrate-to-github-actions/manual-migrations/migrate-from-azure-pipelines.md b/content/actions/tutorials/migrate-to-github-actions/manual-migrations/migrate-from-azure-pipelines.md index bd09c37e68e5..197fc6cad6fa 100644 --- a/content/actions/tutorials/migrate-to-github-actions/manual-migrations/migrate-from-azure-pipelines.md +++ b/content/actions/tutorials/migrate-to-github-actions/manual-migrations/migrate-from-azure-pipelines.md @@ -216,7 +216,7 @@ jobs: dependsOn: initial steps: - script: echo "This job will run after the initial job, in parallel with fanout1." - - job: fanin: + - job: fanin pool: vmImage: 'ubuntu-latest' dependsOn: [fanout1, fanout2] diff --git a/content/actions/tutorials/migrate-to-github-runners.md b/content/actions/tutorials/migrate-to-github-runners.md new file mode 100644 index 000000000000..e00eb86770d6 --- /dev/null +++ b/content/actions/tutorials/migrate-to-github-runners.md @@ -0,0 +1,150 @@ +--- +title: 'Migrating from self-hosted runners to GitHub-hosted runners' +intro: 'Learn how to assess your current CI infrastructure and migrate workflows from self-hosted runners to {% data variables.product.github %}-hosted runners.' +shortTitle: 'Migrate to GitHub runners' +versions: + fpt: '*' + ghec: '*' +contentType: tutorials +audience: + - driver +--- + +You can run workflows on {% data variables.product.github %}-hosted or self-hosted runners, or use a mixture of runner types. + +This tutorial shows you how to assess your current use of runners, then migrate workflows from self-hosted runners to {% data variables.product.github %}-hosted runners efficiently. + +## 1. Assess your current CI infrastructure + +Migrating from self-hosted runners to {% data variables.product.github %}-hosted larger runners begins with a thorough assessment of your current CI infrastructure. If you take the time to match specifications and environments carefully, you will minimize the time spent fixing problems when you start running workflows on different runners. + +1. Create an inventory of each machine specification used to run workflows, including CPU cores, RAM, storage, chip architecture, and operating system. +1. Note if any of the runners are part of a runner group or have a label. You can use this information to simplify migration of workflows to new runners. +1. Document any custom images and pre-installed dependencies that workflows rely on, as these will influence your migration strategy. +1. Identify which workflows currently target self-hosted runners, and why. For example, in {% data variables.product.prodname_actions %} usage metrics, use the **Jobs** tab and filter by runner label (such as `self-hosted` or a custom label) to see which repositories and jobs are using that label. If you need to validate specific workflow files, you can also use code search to find workflow files that reference `runs-on: self-hosted` or other self-hosted labels. +1. Identify workflows that access private network resources (for example, internal package registries, private APIs, databases, or on-premises services), since these may require additional networking configuration. + +## 2. Map your processing requirements to {% data variables.product.github %}-hosted runner types + +{% data variables.product.github %} offers managed runners in multiple operating systems—Linux, Windows, and macOS—with options for GPU-enabled machines. See [AUTOTITLE](/actions/reference/runners/larger-runners). + +1. Map each distinct machine specification in your inventory to a suitable {% data variables.product.github %}-hosted runner specification. +1. Make a note of any self-hosted runners where there is no suitable {% data variables.product.github %}-hosted runner. +1. Exclude any workflows that must continue to run on self-hosted runners from your migration plans. + +## 3. Estimate capacity requirements + +Before you provision {% data variables.product.github %}-hosted runners, estimate how much compute capacity your workflows will need. Reviewing your current self-hosted runner usage helps you choose appropriate runner sizes, set concurrency limits, and forecast potential cost changes. + +{% data reusables.profile.access_org %} +{% data reusables.user-settings.access_org %} +{% data reusables.organizations.insights %} +1. In the "Insights" navigation menu, click **Actions Usage Metrics**. +1. Click on the tab that contains the metrics you would like to view. See [AUTOTITLE](/actions/concepts/metrics). +1. Review the following data points to estimate hosted runner capacity: + + * **Total minutes consumed**: Helps you estimate baseline compute demand. + * **Number of workflow runs**: Identifies peak activity times that may require more concurrency. + * **Job distribution across OS types**: Ensures you provision the right mix of Linux, Windows, and macOS runners. + * **Runner labels (Jobs tab)**: Filter by a runner label to understand where a label is used. + +1. Convert your findings into a capacity plan: + + * Match high-usage workflows to larger runner sizes where appropriate. + * Identify workflows that may benefit from pre-built or custom images to reduce runtime. + * Estimate concurrency by determining how many jobs typically run simultaneously. + +1. Make a note of any gaps: + + * Workflows with hard dependencies your current hosted runner images do not support. + * Jobs with unusually long runtimes or bespoke environment needs. (You may need custom images for these.) + +Your capacity plan will guide how many runners to provision, which machine types to use, and how to configure runner groups and policies in the next steps. + +## 4. Configure runner groups and policies + +After estimating your capacity needs, configure runner groups and access policies so your {% data variables.product.github %}-hosted runners are available to the right organizations and workflows. + +Configuring runner groups before provisioning runners helps ensure that migration doesn’t accidentally open access too broadly or create unexpected cost increases. + +1. Create runner groups at the enterprise level to define who can use your hosted runners. See [AUTOTITLE](/enterprise-cloud@latest/actions/how-tos/manage-runners/larger-runners/control-access#creating-a-runner-group-for-an-enterprise). + + Use runner groups to scope access by organization, repository, or workflow. If you are migrating from self-hosted runners, consider reusing existing runner group names or labels where possible. This allows workflows to continue working without changes when you switch to {% data variables.product.github %}-hosted runners. + +1. Add new {% data variables.product.github %}-hosted runners to the appropriate group and set concurrency limits based on the usage patterns you identified in step 3. For details on automatic scaling, see [AUTOTITLE](/actions/how-tos/manage-runners/larger-runners/manage-larger-runners#configuring-autoscaling-for-larger-runners). +1. Review policy settings to ensure runners are only used by the intended workflows. For example, restricting use to specific repositories or preventing untrusted workflows from accessing more powerful machine types. + +>[!NOTE] macOS larger runners cannot be added to runner groups and must be referenced directly in your workflow files. + +## 5. Set up {% data variables.product.github %}-hosted runners + +Next, provision your {% data variables.product.github %}-hosted runners based on the machine types and capacity you identified earlier. + +1. Choose the machine size and operating system that match your workflow requirements. For available images and specifications, see [AUTOTITLE](/actions/reference/runners/larger-runners#runner-images). +1. Assign each runner to a runner group and configure concurrency limits to control how many jobs can run at the same time. +1. Select an image type: + + * Use {% data variables.product.github %}-managed images for a maintained, frequently updated environment. + * Use custom images when you need pre-installed dependencies to reduce setup time. See [AUTOTITLE](/actions/how-tos/manage-runners/larger-runners/use-custom-images). + +1. Apply any required customizations, such as environment variables, software installation, or startup scripts. For more examples, see [AUTOTITLE](/actions/how-tos/manage-runners/github-hosted-runners/customize-runners). +1. Optionally, configure private networking if runners must access internal resources. See [AUTOTITLE](/enterprise-cloud@latest/actions/concepts/runners/private-networking). + +### Configure private connectivity options + +If your workflows need access to private resources (for example, internal package registries, private APIs, databases, or on-premises services), choose an approach that fits your network and security requirements. + +#### Configure Azure Private Networking + +Run {% data variables.product.github %}-hosted runners inside an Azure Virtual Network (VNET) for secure access to internal resources. + +1. Create an Azure Virtual Network (VNET) and configure subnets and network security groups for your runners. +1. Enable Azure private networking for your runner group. See [AUTOTITLE](/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#1-add-a-new-network-configuration-for-your-enterprise) +1. Apply network configuration, such as NSGs and firewall rules, to control ingress and egress traffic. +1. Update workflow targeting to use the runner group that is configured for private networking. + +For detailed instructions, see: + +* [AUTOTITLE](/organizations/managing-organization-settings/configuring-private-networking-for-github-hosted-runners-in-your-organization) +* [AUTOTITLE](/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise) + +#### Connect using a WireGuard overlay network + +If Azure private networking is not applicable (for example, because your target network is on-premises or in another cloud), you can use a VPN overlay such as WireGuard to provide network-level access to private resources. + +For detailed instructions and examples, see [AUTOTITLE](/actions/how-tos/manage-runners/github-hosted-runners/connect-to-a-private-network/connect-with-wireguard). + +#### Use OIDC with an API gateway for trusted access to private resources + +If you don’t need the runner to join your private network, you can use OIDC to establish trusted, short-lived access to a service you expose via an API gateway. This approach can reduce the need for long-lived secrets and limits network access to the specific endpoints your workflow needs. + +For detailed instructions and examples, see [AUTOTITLE](/actions/how-tos/manage-runners/github-hosted-runners/connect-to-a-private-network/connect-with-oidc). + +## 6. Update workflows to use the new runners + +After your {% data variables.product.github %}-hosted runners are configured, update your workflow files to target them. + +1. Reuse existing labels if you assigned your new runners to the same runner group names your self-hosted runners used. In this case, workflows will automatically use the new runners without changes. +1. If you created new runner groups or labels, update the runs-on field in your workflow YAML files. For example: + + ```yaml + jobs: + build: + runs-on: [github-larger-runner, linux-x64] + steps: + - name: Checkout code + uses: {% data reusables.actions.action-checkout %} + - name: Build project + run: make build + ``` + +1. Check for hard-coded references to self-hosted labels (such as `self-hosted`, `linux-x64`, or custom labels) and replace them with the appropriate {% data variables.product.github %}-hosted runner labels. +1. Test each updated workflow to ensure it runs correctly on the new runners. Monitor for any issues related to environment differences or missing dependencies. + +## 7. Remove unused self-hosted runners + +After your workflows have been updated and tested on {% data variables.product.github %}-hosted runners, remove any self-hosted runners that are no longer needed. This prevents jobs from accidentally targeting outdated infrastructure. See [AUTOTITLE](/actions/how-tos/manage-runners/self-hosted-runners/remove-runners). + +Before you remove self-hosted runners, verify that you have fully migrated: + +* In {% data variables.product.prodname_actions %} usage metrics, use the **Jobs** tab and filter by runner label (for example, `self-hosted` or your custom labels) to confirm no repositories or jobs are still using self-hosted runners. diff --git a/content/actions/tutorials/publish-packages/publish-docker-images.md b/content/actions/tutorials/publish-packages/publish-docker-images.md index db85a5870ce8..cea322ba0390 100644 --- a/content/actions/tutorials/publish-packages/publish-docker-images.md +++ b/content/actions/tutorials/publish-packages/publish-docker-images.md @@ -191,8 +191,6 @@ jobs: permissions: packages: write contents: read - {% ifversion artifact-attestations %}attestations: write{% endif %} - {% ifversion artifact-attestations %}id-token: write{% endif %} steps: - name: Check out the repo uses: {% data reusables.actions.action-checkout %} @@ -226,18 +224,15 @@ jobs: push: true tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} - -{% ifversion artifact-attestations %} - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v3 - with: - subject-name: {% data reusables.package_registry.container-registry-hostname %}/{% raw %}${{ github.repository }}{% endraw %} - subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} - push-to-registry: true -{% endif -%} ``` The above workflow checks out the {% data variables.product.github %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action. Then the `build-push-action` action builds and pushes the Docker image to Docker Hub and the {% data variables.product.prodname_container_registry %}. -{% ifversion artifact-attestations %}{% data reusables.actions.artifact-attestations-step-explanation %}{% endif %} +{% ifversion artifact-attestations %}> [!NOTE] +> When pushing to multiple registries: +> +> * Image digests may differ between registries, making attestation verification difficult. +> * To maintain a consistent digest and allow a single attestation to verify all copies, push to one registry first and use a tool like [`crane copy`](https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane_copy.md) to replicate the image elsewhere. +> * If you choose to build and push to each registry separately instead, you must generate a distinct attestation for each one to ensure your artifacts remain verifiable. +{% endif %} diff --git a/content/actions/tutorials/publish-packages/publish-nodejs-packages.md b/content/actions/tutorials/publish-packages/publish-nodejs-packages.md index 4bb65dae8fd7..4fc561431797 100644 --- a/content/actions/tutorials/publish-packages/publish-nodejs-packages.md +++ b/content/actions/tutorials/publish-packages/publish-nodejs-packages.md @@ -114,6 +114,7 @@ If you do provide the `repository` key in your `package.json` file, then the rep "type": "git", "url": "https://github.com/octocat/my-other-repo.git" }, +} ``` ### Authenticating to the destination repository diff --git a/content/admin/all-releases.md b/content/admin/all-releases.md index 84adf08b7f67..0c46179962e7 100644 --- a/content/admin/all-releases.md +++ b/content/admin/all-releases.md @@ -58,6 +58,7 @@ If you run analysis in an external CI system, we recommend using the same versio | {% data variables.product.prodname_ghe_server %} version | Recommended {% data variables.product.prodname_codeql_cli %} version | | ------------------------------------------------- | ---------------------- | +| 3.19 | 2.22.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.22.4/)) | | 3.18 | 2.21.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.21.4/)) | | 3.17 | 2.20.7 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.7/)) | | 3.16 | 2.20.3 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.3/)) | @@ -78,6 +79,7 @@ For instances with {% data variables.product.prodname_actions %} enabled, self-h | {% data variables.product.prodname_ghe_server %} version | Minimum Runner version | | ------------------------------------------------- | ---------------------- | +| 3.19 | 2.328.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.328.0)) | | 3.18 | 2.324.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.324.0)) | | 3.17 | 2.322.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.322.0)) | | 3.16 | 2.321.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.321.0)) | diff --git a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server.md b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server.md index a7ae3fc8ffe5..dce8c90d94f2 100644 --- a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server.md +++ b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server.md @@ -12,7 +12,7 @@ topics: - Infrastructure --- ->[!NOTE] {% data variables.product.prodname_enterprise_backup_service %} is currently in {% data variables.release-phases.public_preview %} and is subject to change. During the public preview, the service is available at no additional cost. +>[!NOTE] {% data variables.product.prodname_enterprise_backup_service %} is currently in {% data variables.release-phases.public_preview %} and subject to change. The service is available at no additional cost and will remain free. ## About the {% data variables.product.prodname_enterprise_backup_service %} diff --git a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md index 2d762ff24ebf..e3c2e09b6032 100644 --- a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md +++ b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md @@ -125,7 +125,7 @@ If you're migrating from {% data variables.product.prodname_enterprise_backup_ut Use the `--dry-run` flag to preview changes without applying them. -### Scheduling automated backups +#### Scheduling automated backups Once the service is configured, you can define a backup schedule. @@ -134,3 +134,27 @@ Once the service is configured, you can define a backup schedule. 1. Click **Save** to apply the changes. The first run will be a full backup. Future runs will be incremental. If a new backup attempt starts while a previous one is still running, it may be skipped or fail. In that case, adjust the schedule to avoid overlap. + +{% ifversion ghes > 3.19 %} + +### Configuring backups from a replica node + +For high availability, you can designate a replica node as your backup server. To minimize latency, {% data variables.product.github %} recommends picking a replica node in the same region or datacenter as your primary node. + +> [!IMPORTANT] +> Backups from cache replica nodes or active geo replica nodes are not supported. + +To configure your backup server, run the following commands, replacing `HOSTNAME` with the hostname of the node: + +```shell +ghe-config cluster.HOSTNAME.backup-server true + +ghe-config-apply +``` + +You can now run `ghe-backup` directly on your replica node. + +> [!WARNING] +> Due to the latency between primary and replica nodes, you may lose data when backing up from a replica node. + +{% endif %} diff --git a/content/admin/concepts/enterprise-best-practices/index.md b/content/admin/concepts/enterprise-best-practices/index.md new file mode 100644 index 000000000000..f966c99db68a --- /dev/null +++ b/content/admin/concepts/enterprise-best-practices/index.md @@ -0,0 +1,14 @@ +--- +title: Best practices for enterprises +shortTitle: Best practices +intro: 'Follow best practices to set up your enterprise''s teams for success.' +versions: + ghes: '*' + ghec: '*' +topics: + - Enterprise +children: + - /organize-work + - /use-innersource +contentType: concepts +--- \ No newline at end of file diff --git a/content/admin/concepts/best-practices.md b/content/admin/concepts/enterprise-best-practices/organize-work.md similarity index 72% rename from content/admin/concepts/best-practices.md rename to content/admin/concepts/enterprise-best-practices/organize-work.md index 79a56ca052f4..4134dcd1eb1a 100644 --- a/content/admin/concepts/best-practices.md +++ b/content/admin/concepts/enterprise-best-practices/organize-work.md @@ -1,6 +1,6 @@ --- title: Best practices for organizing work in your enterprise -shortTitle: Best practices +shortTitle: Organize work intro: Promote collaboration and manage resources at scale by following {% data variables.product.company_short %}-recommended practices for managing organizations and teams. versions: ghec: '*' @@ -15,11 +15,18 @@ redirect_from: - /admin/user-management/managing-organizations-in-your-enterprise/best-practices-for-structuring-organizations-in-your-enterprise - /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/best-practices-for-structuring-organizations-in-your-enterprise - /admin/concepts/best-practices-for-enterprises + - /admin/concepts/best-practices allowTitleToDifferFromFilename: true --- {% data reusables.enterprise-onboarding.best-practices %} +## Use innersource practices + +Innersource makes it easy for all employees to discover and reuse work. This allows development teams to learn from each other and avoid duplicating effort to recreate common services. + +For guidance on setting up effective innersource practices, see [AUTOTITLE](/admin/concepts/enterprise-best-practices/use-innersource). + {% ifversion ghec %} ## Next steps diff --git a/content/admin/concepts/enterprise-best-practices/use-innersource.md b/content/admin/concepts/enterprise-best-practices/use-innersource.md new file mode 100644 index 000000000000..9297fe91ecd3 --- /dev/null +++ b/content/admin/concepts/enterprise-best-practices/use-innersource.md @@ -0,0 +1,16 @@ +--- +title: Using innersource in your enterprise +shortTitle: Use innersource +intro: Help dispersed teams to collaborate by setting up open source–style workflows in your enterprise, without compromising on security. +versions: + ghec: '*' + ghes: '*' +contentType: concepts +topics: + - Accounts + - Enterprise + - Fundamentals +allowTitleToDifferFromFilename: true +--- + +{% data reusables.enterprise-onboarding.use-innersource %} diff --git a/content/admin/concepts/enterprise-fundamentals/automations-in-your-enterprise.md b/content/admin/concepts/enterprise-fundamentals/automations-in-your-enterprise.md new file mode 100644 index 000000000000..60c26ebe3cd1 --- /dev/null +++ b/content/admin/concepts/enterprise-fundamentals/automations-in-your-enterprise.md @@ -0,0 +1,135 @@ +--- +title: Automations in your enterprise +shortTitle: Automations +intro: 'Learn how {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} work together to automate processes in your enterprise.' +versions: + feature: enterprise-apps-public-beta +type: overview +topics: + - Enterprise + - Fundamentals +--- + +Automation on {% data variables.product.github %} typically involves multiple components working together. The most important {% data variables.product.github %} native components are: + +* **{% data variables.product.prodname_actions %} workflows**, which provide a runtime for executing automation logic. Out of the box, they work within a single repository, but they can be extended to automate across or even outside of repositories. +* **{% data variables.product.prodname_github_apps %}**, which do not have a runtime. Instead, they provide identity, permissions, and event delivery so your automations, whether external services or workflows, can authenticate and act securely. + +Most enterprise automation use {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together. For example, a workflow running in {% data variables.product.prodname_actions %} may use a {% data variables.product.prodname_github_app %} to obtain a short-lived token that allows it to perform tasks across repositories or organizations. + +This guide explains how {% data variables.product.prodname_github_apps %}, external automations, and {% data variables.product.prodname_actions %} complement each other, and when to use each in your enterprise. + +## {% data variables.product.prodname_github_apps %} + +A {% data variables.product.prodname_github_app %} provides the **identity, permissions, and webhook events** required for automation on or across repositories, organizations, or your enterprise. {% data variables.product.prodname_github_apps %} themselves do **not** execute logic, they enable other systems to do so. + +{% data variables.product.prodname_github_apps %} support enterprise automation by offering: + +* **Granular permissions** to follow least-privilege principles +* **Scoped installations** at the enterprise, organization, or repository level +* **Short-lived tokens** for secure access +* **Distinct identities** with full auditability +* **Delegated administration** through the {% data variables.product.prodname_github_app %} manager role +* **Consistency at scale** when owned by the enterprise account + +### What do {% data variables.product.prodname_github_apps %} enable? + +{% data variables.product.prodname_github_apps %} allow **automations you write elsewhere**—such as external services or workflow steps—to act on {% data variables.product.github %} APIs within the permissions you grant. For example: + +* Receiving webhook events and triggering external services +* Enabling a workflow to act outside its default repository scope +* Integrating {% data variables.product.github %} with third-party systems +* Coordinating changes across many repositories +* Running long-lived bots or services that monitor enterprise-level activity + +{% ifversion enterprise-installed-apps %} + +> [!NOTE] +> Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every API endpoint. See [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-on-your-enterprise#what-enterprise-installed-apps-can-do). + +{% endif %} + +## {% data variables.product.prodname_actions %} + +{% data variables.product.prodname_actions %} provide {% data variables.product.github %}’s built-in **runtime** for executing automation logic inside repositories. Workflows run on hosted or self-hosted runners and are ideal for tasks tied to code changes or repository events. + +Use {% data variables.product.prodname_actions %} for: + +* CI/CD (build, test, deploy) +* Pull request checks and validations +* Repository-level maintenance tasks +* Event-driven workflows responding to pushes, tags, or issue updates +* Scheduled jobs with cron + +### How {% data variables.product.prodname_actions %} uses {% data variables.product.prodname_github_apps %} + +{% data variables.product.prodname_actions %} and {% data variables.product.prodname_github_apps %} are deeply connected: + +* Workflow permissions map directly to {% data variables.product.prodname_github_app %} permissions. +* Workflows can authenticate as a specific {% data variables.product.prodname_github_app %} using `actions/create-github-app-token`. +* {% data variables.product.prodname_github_apps %} can trigger workflows through events such as `repository_dispatch`. + +## External automations and services + +External automations run outside {% data variables.product.github %} on your own infrastructure. These services typically: + +* Receive webhook events from a {% data variables.product.prodname_github_app %} +* Use the {% data variables.product.prodname_github_app %} to request short-lived installation tokens +* Execute long-running or cross-enterprise logic +* Integrate with external business systems + +Examples include: + +* Organization-wide configuration management +* Policy enforcement services +* Multi-repository code or metadata synchronization +* Compliance report generation +* Cross-organization issue or pull request management + +All of these rely on {% data variables.product.prodname_github_apps %} for authentication, identity, and events—**not** for execution. + +## How these components work together + +Most enterprise automation uses a combination of {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} to achieve robust, scalable workflows. + +For example: + +1. An enterprise {% data variables.product.prodname_github_app %} receives a webhook when a new repository is created, and sends the webhook payload to a server where an external service is running. +1. The external service standardizes required settings and provisions resources. +1. The service triggers a {% data variables.product.prodname_actions %} workflow in the repository. +1. The workflow performs CI, deploys templates, or configures scanning. + +Each component handles a different layer of automation. + +## When to use each type of automation + +Use **a {% data variables.product.prodname_github_app %}** when you need: + +* Authentication or permission to act across many repositories +* Integration with external systems +* Webhook-driven automations +* Long-lived or enterprise-wide workflows +* Auditability and identity separation + +Use **external automations** when you need: + +* Logic that runs continuously or outside {% data variables.product.github %} +* Integration with internal systems + +Use **{% data variables.product.prodname_actions %}** when you need: + +* CI/CD pipelines +* Repository-scoped automation +* Automated checks tied to repository events +* Execution of logic using {% data variables.product.github %}’s runner infrastructure + +Use **{% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together** when: + +* A workflow must act beyond the repository’s default permissions +* A {% data variables.product.prodname_github_app %} needs to trigger a workflow +* External logic orchestrates in-repo execution +* Enterprise-wide policies or workflows require both identity and runtime + +## Next steps + +Learn how to design and manage {% data variables.product.prodname_github_apps %} at the enterprise level in [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise). diff --git a/content/admin/concepts/enterprise-fundamentals/index.md b/content/admin/concepts/enterprise-fundamentals/index.md index ee403e87f598..192ea7c4e057 100644 --- a/content/admin/concepts/enterprise-fundamentals/index.md +++ b/content/admin/concepts/enterprise-fundamentals/index.md @@ -11,5 +11,6 @@ children: - /enterprise-accounts - /teams-in-an-enterprise - /roles-in-an-enterprise + - /automations-in-your-enterprise contentType: concepts --- diff --git a/content/admin/concepts/identity-and-access-management/index.md b/content/admin/concepts/identity-and-access-management/index.md index d1d256ee3715..6c07aeaa8e79 100644 --- a/content/admin/concepts/identity-and-access-management/index.md +++ b/content/admin/concepts/identity-and-access-management/index.md @@ -10,6 +10,8 @@ topics: children: - /identity-and-access-management-fundamentals - /enterprise-managed-users + - /setup-user + - /user-offboarding contentType: concepts --- diff --git a/content/admin/concepts/identity-and-access-management/setup-user.md b/content/admin/concepts/identity-and-access-management/setup-user.md new file mode 100644 index 000000000000..f8539d3ed2f8 --- /dev/null +++ b/content/admin/concepts/identity-and-access-management/setup-user.md @@ -0,0 +1,30 @@ +--- +title: Setup user +intro: 'The setup user is used to configure authentication and provisioning for {% data variables.product.prodname_emus %}.' +versions: + ghec: '*' +topics: + - Accounts + - Enterprise + - Fundamentals +--- + +## How should I use the setup user? + +The setup user is **only** intended to be used for: + +* Configuring authentication and provisioning +* SCIM provisioning via its {% data variables.product.pat_generic %} +* Regaining access to your enterprise in the event of an issue with your identity provider, by utilizing the enterprise's SAML recovery codes + +For other enterprise administration tasks, such as creating organizations, use a provisioned managed user account with the appropriate administrative role. + +## How do I sign in as the setup user? + +After we create your enterprise, you will receive an **email** inviting you to choose a password for the setup user. + +When you create the password, you should enable two-factor authentication (2FA) for the account. All subsequent login attempts for the setup user account will require a successful 2FA challenge response. + +If the enterprise account has enabled single sign-on and the setup user has **not** enabled 2FA, they must use an enterprise recovery code to authenticate. To avoid being locked out of your account, after enabling single sign-on, **save your enterprise recovery codes**. See [AUTOTITLE](/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes#downloading-codes-for-an-enterprise-with-enterprise-managed-users). + +{% data reusables.enterprise-accounts.emu-password-reset-session %} diff --git a/content/admin/concepts/identity-and-access-management/user-offboarding.md b/content/admin/concepts/identity-and-access-management/user-offboarding.md new file mode 100644 index 000000000000..8192af5e610f --- /dev/null +++ b/content/admin/concepts/identity-and-access-management/user-offboarding.md @@ -0,0 +1,62 @@ +--- +title: About user offboarding on {% data variables.product.prodname_ghe_cloud %} +shortTitle: User offboarding +intro: 'Manage access with confidence by understanding the recommended approach for offboarding users.' +versions: + ghec: '*' +contentType: concepts +topics: + - Accounts + - Authentication + - Enterprise + - Identity + - SSO +--- + +## How should I offboard users? + +The method for offboarding a user depends on your enterprise type: + +* **Personal accounts**: Remove the user from the enterprise account using the {% data variables.product.github %} UI or API. + * Outside collaborators are an exception to this process. They cannot be removed in the enterprise settings, and must be removed from each repository instead. +* **{% data variables.product.prodname_emus %}**: Suspend the user's account by removing the user from the {% data variables.product.github %} application in your identity provider. + * The user will show as suspended on your enterprise's "People" page. + * It is **not** possible to remove a {% data variables.enterprise.prodname_managed_user %} from the enterprise completely. + +For instructions, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise). + +## What happens when a user is offboarded? + +When you offboard a user by following the instructions linked above: + +* The offboarded user loses access to private and internal resources in your enterprise and organizations. +* The user's {% data variables.product.pat_generic_plural %}, SSH keys, and app authorizations can no longer be used to access your enterprise's and organizations' resources. Access to your resources is restored if the user is added back to the enterprise and relevant organizations. +* The user stops consuming licenses granted from your enterprise, including {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_copilot %} licenses. This change may not be reflected on your bill until the next billing cycle. +* If you use {% data variables.product.prodname_emus %}, the user will no longer be able to sign in to their {% data variables.enterprise.prodname_managed_user %}. +* If you use an enterprise with personal accounts, the user will still be able to sign in to their account and access other resources on {% data variables.product.github %}, even if you have enabled SAML SSO for your enterprise or organizations. This is because SSO only applies to your enterprise- or organization-owned resources. +* The user's commits, issues, pull requests, comments, and so on are retained in organization-owned repositories. However, the user's username is obfuscated if you use {% data variables.product.prodname_emus %}. + +For {% data variables.product.prodname_emus %}, you will find a more exhaustive list of effects of offboarding in [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/deprovisioning-and-reinstating-users). + +## What about removing a user from all organizations? + +Historically, some enterprises' offboarding processes have relied on removing a user from all organizations in the enterprise. However, in many cases, this approach is **not** sufficient for fully offboarding a user. + +### When is a user removed from the enterprise? + +If a user loses access to all organizations in an enterprise, the user is also removed from the enterprise account if **all** of the following things are true: + +* You use an enterprise with **personal accounts**. +* Your enterprise has **disabled** the policy described in [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding). +* The user does **not** have the enterprise owner or enterprise billing manager role. + +### What happens if a user remains in the enterprise? + +In **any** other situation, a user who loses access to all organizations remains in the enterprise. + +* If the user has the enterprise owner or enterprise billing manager role, they remain in the enterprise with this role. +* If the user doesn't have one of those roles, the user becomes an unaffiliated user. + +Users without organization membership cannot access internal repositories in the enterprise. They also do not consume a {% data variables.product.prodname_enterprise %} license, unless they meet another criterion listed in [AUTOTITLE](/billing/reference/github-license-users#organizations-on-github-enterprise-cloud). However, they keep other privileges including enterprise roles and {% data variables.product.prodname_copilot %} licenses granted directly from the enterprise. + +For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles). diff --git a/content/admin/concepts/index.md b/content/admin/concepts/index.md index 4f802bf9c56c..6a84522e8cb1 100644 --- a/content/admin/concepts/index.md +++ b/content/admin/concepts/index.md @@ -11,7 +11,7 @@ children: - /enterprise-fundamentals - /identity-and-access-management - /security-and-compliance - - /best-practices + - /enterprise-best-practices contentType: concepts --- diff --git a/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md b/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md index c06bc3fcebe1..18d9f515573b 100644 --- a/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md +++ b/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md @@ -16,19 +16,27 @@ redirect_from: ## Currently unavailable features -The following features are currently unavailable on {% data variables.enterprise.data_residency_site %}. +The following features are currently unavailable on {% data variables.enterprise.data_residency_site %}, but may be planned for future development. | Feature | Details | More information | | :- | :- | :- | -| {% data variables.product.prodname_copilot_short %} Metrics API | Currently unavailable | [AUTOTITLE](/rest/copilot/copilot-metrics) | -| {% data variables.product.prodname_github_codespaces %} | Currently unavailable. | [AUTOTITLE](/codespaces/quickstart) | -| {% data variables.product.prodname_importer %} (the "Import repository" button on {% data variables.product.prodname_dotcom_the_website %}) | Instead, the **{% data variables.product.prodname_importer_proper_name %}** is available to migrate data. See [AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer). | [AUTOTITLE](/migrations/importing-source-code/using-github-importer/about-github-importer) | -| {% data variables.product.prodname_marketplace %} | Currently, apps from {% data variables.product.prodname_marketplace %} are unavailable. {% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %} may not function as expected. For more information, see [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace). | [AUTOTITLE](/search-github/searching-on-github/searching-github-marketplace)
[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/about-github-connect#github-connect-features) in the {% data variables.product.prodname_ghe_server %} documentation | -| {% data variables.product.prodname_github_models %} | Currently unavailable | [AUTOTITLE](/github-models/about-github-models) | | macOS runners for {% data variables.product.prodname_actions %} | Currently unavailable. | [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners) | | Maven and Gradle support for {% data variables.product.prodname_registry %} | Currently unavailable. | [AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) | -| {% data variables.product.prodname_spark_short %} | Unavailable due to dependency on {% data variables.product.prodname_github_codespaces %} | [AUTOTITLE](/copilot/concepts/spark) | -| Some features currently in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.private_preview %} | Certain features that are in a preview phase on {% data variables.product.prodname_dotcom_the_website %} may not be available on {% data variables.enterprise.data_residency_site %} | | +| Repository traffic metrics | Currently unavailable through both the UI and REST API. | [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository) | +| {% data variables.product.prodname_spark_short %} | Currently unavailable. | [AUTOTITLE](/copilot/concepts/spark) | +| {% data variables.product.prodname_marketplace %} | {% data variables.product.prodname_marketplace %}, as a means of searching for, purchasing, and directly installing apps and actions, is unavailable. Ecosystem apps and actions can still be discovered and installed from their source, but they may require modification to work on {% data variables.enterprise.data_residency_site %}. | [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace) | +| Certain features of {% data variables.product.prodname_github_connect %} | Although you can connect an enterprise on {% data variables.enterprise.data_residency_site %} to a {% data variables.product.prodname_ghe_server %} instance, certain features of {% data variables.product.prodname_github_connect %} are not available, including resolution of actions from {% data variables.product.prodname_dotcom_the_website %}. | [{% data variables.product.prodname_github_connect %}](#github-connect) | +| Some features currently in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.private_preview %} | Certain features that are in a preview phase on {% data variables.product.prodname_dotcom_the_website %} may not be available on {% data variables.enterprise.data_residency_site %} until GA. | | +| Migrations REST API | Currently unavailable. | [AUTOTITLE](/rest/migrations) | + +## Permanently unavailable features + +By design, the following features are permanently unavailable on {% data variables.enterprise.data_residency_site %}. This is generally because they are not intended for large enterprises with strict compliance requirements. + +| Feature | Details | More information | +| :- | :- | :- | +| Features unavailable with {% data variables.product.prodname_emus %} | Because {% data variables.product.prodname_emus %} is the only option for identity management on {% data variables.enterprise.data_residency_site %}, features that are unavailable with {% data variables.product.prodname_emus %} on {% data variables.product.prodname_dotcom_the_website %} are also unavailable on {% data variables.enterprise.data_residency_site %}. Notably, these include gists and public repositories. | [AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts) | +| {% data variables.product.prodname_importer %} (the "Import repository" button on {% data variables.product.prodname_dotcom_the_website %}) | Instead, the **{% data variables.product.prodname_importer_proper_name %}** is available to migrate data. See [AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer). | [AUTOTITLE](/migrations/importing-source-code/using-github-importer/about-github-importer) | ## Features that work differently @@ -39,6 +47,7 @@ The following features are either specific to {% data variables.enterprise.data_ * [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace) * [Retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}](#retirement-of-namespaces-for-actions-accessed-on-githubcom) * [GitHub Connect](#github-connect) +* [{% data variables.product.prodname_github_codespaces %}](#github-codespaces) ### API access @@ -84,3 +93,11 @@ You can use {% data variables.product.prodname_github_connect %} to connect to { * Automatic user license sync requires {% data variables.product.prodname_ghe_server %} version 3.15 or later. To enable {% data variables.product.prodname_github_connect %}, you must configure your {% data variables.product.prodname_ghe_server %} instance to connect to your {% data variables.enterprise.data_residency_site %} subdomain. See [AUTOTITLE](/enterprise-server@latest/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom). + +## Features in {% data variables.release-phases.public_preview %} + +Some features on {% data variables.enterprise.data_residency_site %} are currently in {% data variables.release-phases.public_preview %}. + +### {% data variables.product.prodname_github_codespaces %} + +{% data variables.product.prodname_github_codespaces %} on {% data variables.enterprise.data_residency_site %} are in {% data variables.release-phases.public_preview %}. diff --git a/content/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud.md b/content/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud.md index 16fdf2df2c56..5f6e3072ef71 100644 --- a/content/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud.md +++ b/content/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud.md @@ -71,10 +71,9 @@ Using an **incognito or private browsing window**: > [!NOTE] > If 2FA isn't enabled, you will need to enter your enterprise's single sign-on (SSO) recovery code each time you sign in as the setup user. You can download these codes once SSO is enabled. - {% data reusables.enterprise-accounts.emu-recommend-password-manager %} -{% data reusables.enterprise-accounts.emu-password-reset-session %} +{% data reusables.enterprise-accounts.about-setup-user %} ### Create a {% data variables.product.pat_generic %} diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md index 450544a31088..72618825d25f 100644 --- a/content/admin/data-residency/network-details-for-ghecom.md +++ b/content/admin/data-residency/network-details-for-ghecom.md @@ -12,14 +12,18 @@ redirect_from: To access your enterprise on {% data variables.enterprise.data_residency_site %}, client systems must: -* Trust the following SSH key fingerprints -* Have access to the following hostnames and IP addresses +* Trust {% data variables.product.github %}'s SSH key fingerprints +* Have access to {% data variables.product.github %}'s hostnames and IP addresses ## {% data variables.product.github %}'s SSH key fingerprints -* `SHA256:PYES2CtancLX+w0+VvwWRQclfulUkqj6hpZmcKFAO3w` (RSA) -* `SHA256:TKoEXigNsj5b6XaSOSf20L0y3cuNx41WWM+l4AAK9k4` (ECDSA) -* `SHA256:LqPvjvQugr3MmzVYw9M3gT7won8/lUPZCSvmNydl7vU` (Ed25519) +To find these details, use the `/meta` API endpoint for your instance. For example, using the {% data variables.product.prodname_cli %}: + +```shell +gh api /meta --hostname octocorp.ghe.com +``` + +For more information, see [AUTOTITLE](/rest/meta/meta). ## {% data variables.product.github %}'s hostnames @@ -29,6 +33,7 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %} * `*.githubassets.com` * `*.githubusercontent.com` * `*.blob.core.windows.net` +* `auth.ghe.com` ## {% data variables.product.github %}'s IP addresses @@ -36,8 +41,6 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %} ### The EU -These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the EU. - | Ranges for egress traffic | Ranges for ingress traffic | |--------------------------|---------------------------| | 108.143.221.96/28 | 108.143.197.176/28 | @@ -49,8 +52,6 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent ### Australia -These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in Australia. - | Ranges for egress traffic | Ranges for ingress traffic | |--------------------------|---------------------------| | 20.5.34.240/28 | 4.237.73.192/28 | @@ -59,14 +60,20 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent ### US -These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the US. - | Ranges for egress traffic | Ranges for ingress traffic | |--------------------------|---------------------------| | 20.221.76.128/28 | 74.249.180.192/28 | | 135.233.115.208/28 | 48.214.149.96/28 | | 20.118.27.192/28 | 172.202.123.176/28 | +### Japan + +| Ranges for egress traffic | Ranges for ingress traffic | +|--------------------------|-----------------------------| +| 74.226.88.192/28 | 74.226.88.240/28 | +| 40.81.180.112/28 | 40.81.176.224/28 | +| 4.190.169.192/28 | 4.190.169.240/28 | + ## Supported regions for Azure private networking If you use Azure private networking for {% data variables.product.company_short %}-hosted runners, the supported Azure regions on {% data variables.enterprise.data_residency_site %} differ from those on {% data variables.product.prodname_dotcom_the_website %}. @@ -95,6 +102,14 @@ If you use Azure private networking for {% data variables.product.company_short | arm64 | `centralus`, `eastus2`, `westus3` | | GPU | `centralus`, `eastus2`, `westus3` | +### Supported regions in Japan + +| Runner type | Supported regions | +| ----------- | ----------------- | +| x64 | `japaneast`, `japanwest` | +| arm64 | `japaneast`, `japanwest` | +| GPU | `japaneast` | + ### IP ranges for Azure private networking #### EU @@ -113,17 +128,30 @@ EU region: * 20.240.220.192/28 * 20.240.211.208/28 -#### Austrailia +#### Australia Actions IPs: * 4.147.140.77 * 20.53.114.78 -Austraila region: +Australia region: * 4.237.73.192/28 * 20.5.226.112/28 * 20.248.163.176/28 +#### Japan + +Actions IPs: + +* 20.63.233.164 +* 172.192.153.164 + +Japan region: + +74.226.88.241 +40.81.176.225 +4.190.169.240 + #### Required for all regions * `Storage` service tag @@ -150,45 +178,65 @@ Austraila region: ### Domains for Azure private networking +#### Required for all regions + * `*..ghe.com` * `.ghe.com` * `github.com` * `*.githubusercontent.com` -* `*.blob.core.windows.net` +* `*.blob.core.windows.net` (can be further restricted by region, see below) * `*.web.core.windows.net` +#### EU + +`*.blob.core.windows.net` can be replaced with: +* `prodsdc01resultssa0.blob.core.windows.net` +* `prodsdc01resultssa1.blob.core.windows.net` +* `prodsdc01resultssa2.blob.core.windows.net` +* `prodsdc01resultssa3.blob.core.windows.net` +* `prodweu01resultssa0.blob.core.windows.net` +* `prodweu01resultssa1.blob.core.windows.net` +* `prodweu01resultssa2.blob.core.windows.net` +* `prodweu01resultssa3.blob.core.windows.net` + +#### Australia + +`*.blob.core.windows.net` can be replaced with: +* `prodae01resultssa0.blob.core.windows.net` +* `prodae01resultssa1.blob.core.windows.net` +* `prodae01resultssa2.blob.core.windows.net` +* `prodae01resultssa3.blob.core.windows.net` + +#### Japan + +`*.blob.core.windows.net` can be replaced with: +* `prodjpw01resultssa0.blob.core.windows.net` +* `prodjpw01resultssa1.blob.core.windows.net` +* `prodjpw01resultssa2.blob.core.windows.net` +* `prodjpw01resultssa3.blob.core.windows.net` + +### OAuth callback URL for connecting an Azure subscription for billing + +When you connect or update an Azure subscription for billing, you must allow access to the following URL: + +* `https://github.com/enterprises/oauth_callback` + +This URL is required during the OAuth authentication flow that occurs when: + +* Connecting an Azure subscription to your enterprise for the first time +* Changing or updating an existing Azure subscription connection + +> [!IMPORTANT] +> * The URL must be allowed with all query parameters, for example `https://github.com/enterprises/oauth_callback?code=...` +> * After the Azure subscription is successfully connected and the subscription ID is stored, you can remove this URL from your allowlist +> * To change or update your Azure subscription, you must add the URL back to your allowlist + +The OAuth flow works as follows: + +1. The user starts the connection process on `SUBDOMAIN.ghe.com` +1. Azure redirects to `https://github.com/enterprises/oauth_callback` to complete the OAuth flow +1. The system redirects back to `SUBDOMAIN.ghe.com` to finalize the connection + ## IP ranges for {% data variables.product.prodname_importer_proper_name %} If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations). - -### Required in the EU - -* 4.231.155.80/29 -* 4.225.9.96/29 -* 51.12.152.184/29 -* 20.199.6.80/29 -* 51.12.144.32/29 -* 20.199.1.232/29 -* 51.12.152.240/29 -* 20.19.101.136/29 -* 74.241.131.48/28 -* 51.12.252.16/28 -* 20.240.211.176/28 -* 108.143.221.96/28 -* 20.61.46.32/28 -* 20.224.62.160/28 - -### Required in Australia - -* 20.213.241.72/29 -* 20.11.90.48/29 -* 20.5.34.240/28 -* 20.5.146.128/28 -* 68.218.155.16/28 - -### Required in the US - -* 130.213.245.128/28 -* 20.171.204.144/28 -* 20.171.204.176/28 -* 4.150.167.192/28 diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding.md index 7baede596346..ad0977cf895a 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding.md @@ -14,14 +14,17 @@ type: how_to By default, when a user loses access to all organizations in your enterprise, the user remains in your enterprise as an unaffiliated user. This can happen when you remove a user from organizations explicitly or remove an organization from your enterprise. -Unaffiliated users retain team membership, enterprise roles, and {% data variables.product.prodname_copilot %} licenses granted directly from the enterprise account. +Unaffiliated users retain enterprise-level team membership, enterprise roles, and {% data variables.product.prodname_copilot %} licenses granted directly from the enterprise account. -You can set a policy to instead remove users from the enterprise completely when they are removed from every organization. Removed users will lose all privileges and licenses granted from the enterprise. This is useful if you have an offboarding process that depends on removing users from organizations, for example using team synchronization from an identity provider. +You can set a policy to instead remove users from the enterprise completely when they are removed from every organization. Removed users will lose all privileges and licenses granted from the enterprise. This is useful if your enterprise offboarding process involves removing users from organizations, whether through organization-level SCIM deprovisioning, the GitHub web UI, or a non-SCIM REST API endpoint. For more information, see the link that corresponds to your use case: +- [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations) +- [Revoking the user's membership](/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization#revoking-the-users-membership) +- [Remove organization membership for a user](/rest/orgs/members?apiVersion=2022-11-28#remove-organization-membership-for-a-user) in the REST API documentation. This policy: -* Applies regardless of how users lose their organization membership (through direct removal, a team, or removing an organization). -* Does **not** apply to users with the enterprise owner or enterprise billing manager role. These users remain in the enterprise regardless of their organization membership and the policy setting. +* Applies regardless of how users are removed from an organization. +* Does **not** apply to users with the enterprise owner or enterprise billing manager role. These users remain in the enterprise regardless of their organization membership and the policy setting. For more details on how to remove an enterprise owner or enterprise billing manager from the enterprise, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise#removing-a-member-from-your-enterprise) and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#removing-an-enterprise-administrator-from-your-enterprise-account). ## Setting the policy diff --git a/content/admin/guides.md b/content/admin/guides.md index 71d9467e8881..1d717871908c 100644 --- a/content/admin/guides.md +++ b/content/admin/guides.md @@ -30,6 +30,7 @@ includeGuides: - /admin/concepts/identity-and-access-management/enterprise-managed-users - /admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users - /admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users + - /admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim - /admin/identity-and-access-management/provisioning-user-accounts-with-scim/configuring-scim-provisioning-using-okta - /admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups - /admin/managing-iam/using-cas-for-enterprise-iam/using-cas @@ -40,12 +41,12 @@ includeGuides: - /admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance - /admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance - /admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules - - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance + - /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-code-scanning-for-your-appliance - /admin/configuration/configuring-data-encryption-for-your-enterprise - - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance + - /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependency-review-for-your-appliance - /admin/configuring-settings/configuring-network-settings/configuring-dns-nameservers - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits - - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance + - /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance - /admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise - /admin/configuring-settings/configuring-user-applications-for-your-enterprise/managing-github-mobile-for-your-enterprise diff --git a/content/admin/index.md b/content/admin/index.md index 96fe29cdba14..af3785d184dc 100644 --- a/content/admin/index.md +++ b/content/admin/index.md @@ -79,7 +79,7 @@ featuredLinks: guideCards: - '{% ifversion ghes %}/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server{% endif %}' - '{% ifversion ghes %}/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise{% endif %}' - - '{% ifversion ghes %}/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise{% endif %}' + - '{% ifversion ghes < 3.15 %}/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise{% endif %}' - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise{% endif %}' - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise{% endif %}' - '{% ifversion ghec %}/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise{% endif %}' diff --git a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/configuring-custom-footers.md b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/configuring-custom-footers.md index ab9c712b129a..33ef64d70e8e 100644 --- a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/configuring-custom-footers.md +++ b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/configuring-custom-footers.md @@ -22,9 +22,7 @@ You can configure the web UI for your enterprise to display a custom footer with {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **Profile**. -1. At the top of the page, under the navigation bar, click **Custom footer**. - - ![Screenshot of the "Profile" page for an enterprise account. A tab, labeled "Custom footer", is outlined in dark orange.](/assets/images/enterprise/custom-footer/custom-footer-section.png) +1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **General**. +1. Navigate to **Custom footer**. 1. Under each "Footer Link" heading, type a title and URL. -1. To save the content and display the custom footer, click **Update custom footer**. +1. To save the content and display the custom footer, click **Update footer**. diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties.md index 420cd0eb5ea1..e9e21b3d7b21 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties.md @@ -4,7 +4,7 @@ intro: 'Custom properties allow you to add structured metadata to repositories a permissions: 'Repository custom properties can be managed by organization owners and users with admin permissions to the repository. Organization custom properties can be managed by enterprise owners and users with the "Manage the Enterprise''s custom properties definitions" permission.' versions: ghec: '*' - ghes: '*' + ghes: '>= 3.21' topics: - Enterprise - Organizations diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations.md index b5393390f839..e38a7faa32e6 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations.md @@ -4,7 +4,7 @@ intro: 'With custom properties, you can add metadata to organizations in your en permissions: 'Enterprise owners {% ifversion custom-org-roles %}and users with the "Manage the Enterprise''s custom properties definitions" permission {% endif %}can add and set a custom property schema at the enterprise level.' versions: ghec: '*' - ghes: '*' + ghes: '>= 3.21' topics: - Enterprise - Organizations diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md index 1282bb13413c..50bbe33e876b 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md @@ -14,6 +14,12 @@ redirect_from: You can remove an organization that is owned by your enterprise account, so the organization stands alone. +## Limitations + +If you use {% data variables.product.prodname_emus %} or {% data variables.enterprise.data_residency %}, removing organizations from your enterprise is not possible. + +If you use {% data variables.product.prodname_emus %}, you can instead migrate organizations with the {% data variables.product.prodname_importer_proper_name %}. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products). + ## What happens when an organization is removed? When you remove an organization from your enterprise: diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/troubleshooting-service-hooks.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/troubleshooting-service-hooks.md index b687b901d99b..8e6ef02e8cee 100644 --- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/troubleshooting-service-hooks.md +++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/troubleshooting-service-hooks.md @@ -31,7 +31,7 @@ You can find information for the last response of all service hooks deliveries o ## Viewing past deliveries -Deliveries are stored for 15 days. +Deliveries are stored for {% data variables.webhooks.retention %} days. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_user_management.service-hooks-sidebar-navigation %} diff --git a/content/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles.md b/content/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles.md index eb1f8fc8247e..ad32742c4a3c 100644 --- a/content/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles.md +++ b/content/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles.md @@ -124,12 +124,17 @@ If a user is a member or owner of any organization, they are listed as an **orga ### Unaffiliated users -If a user is not a member of any organization, they are listed as an **unaffiliated user**. These users: +If a user is not a member of any organization, and doesn't have the enterprise owner or billing manager role, the user is listed as an unaffiliated user. -* Do not consume a {% data variables.product.prodname_enterprise %} license. +Unaffiliated users: + +* Do not consume a {% data variables.product.prodname_enterprise %} license, unless they meet another criterion listed in [AUTOTITLE](/billing/reference/github-license-users#organizations-on-github-enterprise-cloud). * Cannot access private or internal repositories. * Can be added as members of enterprise teams. -* Can receive a {% data variables.product.prodname_copilot_short %} license directly from your enterprise. +* Can receive a {% data variables.product.prodname_copilot_short %} license or custom role directly from your enterprise. +* Can remove themselves from the enterprise at any time, unless you use {% data variables.product.prodname_emus %}. + +If you have an enterprise with personal accounts, you can disable this role. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding). {% endif %} diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md index d635e25cf7cb..122e8300ff52 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md @@ -1,7 +1,7 @@ --- title: Removing a member from your enterprise -intro: You can remove an enterprise member from an enterprise. -permissions: Enterprise owners can remove an enterprise member from an enterprise. +intro: Offboard users from an enterprise by following the recommended approach for your enterprise type. +permissions: Enterprise owners or IdP administrators versions: feature: remove-enterprise-members type: how_to @@ -12,23 +12,38 @@ redirect_from: - /admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise --- -## About removal of enterprise members +The recommended offboarding approach for your enterprise depends on whether you use personal accounts or {% data variables.product.prodname_emus %}. To learn more about the effects of offboarding users, see [AUTOTITLE](/admin/concepts/identity-and-access-management/user-offboarding). -If your enterprise does not use {% data variables.product.prodname_emus %}, you can remove an enterprise member from your enterprise on {% data variables.product.prodname_dotcom_the_website %}. When you remove a member from your enterprise, the member is removed from all organizations owned by your enterprise and loses access to any {% data variables.copilot.copilot_business_short %} licenses assigned through those organizations. Removing a member from your enterprise also removes any of the member's administrative roles, such as the owner or billing manager roles. See [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise). +## Removing a member from an enterprise with personal accounts -If the enterprise member you're removing is the last owner of an organization owned by your enterprise, you will become an owner of that organization. - -If your enterprise or any of the organizations owned by your enterprise uses an identity provider (IdP) to manage organization membership, the member may be added back to the organization by the IdP. Make sure to also make any necessary changes in your IdP. +When you remove a member from your enterprise, the member is removed from all organizations owned by your enterprise and loses privileges granted through the enterprise, such as roles or licenses. -If your enterprise does use {% data variables.product.prodname_emus %}, you must remove the enterprise members through your identity provider (IdP) and the SCIM integration instead. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#about-organization-membership-management). - -## Removing a member from your enterprise +If the enterprise member you're removing is the last owner of an organization owned by your enterprise, you will become an owner of that organization. -> [!NOTE] -> If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way. +>[!TIP] For automated offboarding, you can also remove users with the GraphQL API. See [AUTOTITLE](/graphql/reference/mutations#removeenterprisemember). -{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.access-enterprise-personal-accounts %} {% data reusables.enterprise-accounts.people-tab %} 1. To the right of the person you want to remove, select the {% octicon "kebab-horizontal" aria-label="Member settings" %} dropdown menu and click **Remove from enterprise**. ![Screenshot of a user in the list of enterprise members. A dropdown menu, labeled with a kebab icon, is highlighted with an orange outline.](/assets/images/help/business-accounts/remove-member.png) + +1. If your enterprise uses SAML SSO, or if any of your organizations use SAML and SCIM provisioning, **remove the user's access to {% data variables.product.github %} apps on your identity provider**. A user may be assigned access directly or via an IdP group assigned to the app: make sure to remove the user from both. For organizations with SCIM provisioning enabled, this should trigger a SCIM deprovisioning call, which ensures that the user's associated SAML and SCIM identities are fully removed from the organization. + + This is a good practice for security, and it also helps ensure that users cannot rejoin the organization using the SAML endpoint when SAML is configured at the organization level (see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on#adding-members-to-an-organization-using-saml-sso)). + +If the user is still listed as an enterprise member, this may be because the user is a member of a {% data variables.product.prodname_ghe_server %} instance that is linked to your enterprise via {% data variables.product.prodname_github_connect %}. You will need to remove this user from the {% data variables.product.prodname_ghe_server %} settings. + +## Suspending a user with {% data variables.product.prodname_emus %} + +With {% data variables.product.prodname_emus %}, including all enterprises on {% data variables.enterprise.data_residency_site %}, you manage user access from your identity provider (IdP). + +To offboard a user, you will suspend their account rather than removing them from the enterprise completely. + +1. Trigger a deprovisioning call for the user. For more information about the types of deprovisioning and the actions that trigger it for different integrations, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/deprovisioning-and-reinstating-users#triggers-of-soft-deprovisioning). +1. Check if the user's organization membership is managed directly or managed by IdP groups. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users). +1. If the user's organization membership is managed directly, remove the user manually from all organizations. See [AUTOTITLE](/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization). + +## Removing an outside collaborator + +In enterprises that use personal accounts, you cannot remove outside collaborators using the enterprise settings. However, an organization owner can remove an outside collaborator from all repositories in an organization. See [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository). diff --git a/content/admin/managing-code-security/index.md b/content/admin/managing-code-security/index.md index cd0a3494a912..1b4dc4ff87bc 100644 --- a/content/admin/managing-code-security/index.md +++ b/content/admin/managing-code-security/index.md @@ -10,8 +10,6 @@ topics: - Enterprise children: - /managing-github-advanced-security-for-your-enterprise - - /managing-supply-chain-security-for-your-enterprise - - /securing-your-enterprise redirect_from: - /admin/code-security --- diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md index 59b719622f0f..2f9a50cbf329 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/index.md @@ -1,7 +1,7 @@ --- -title: '{% ifversion ghes %}Setting up {% data variables.product.prodname_GHAS %} features on your appliance{% else %}Configuring infrastructure for {% data variables.product.prodname_GHAS %} features{% endif %}' -shortTitle: '{% ifversion ghes %}Set up{% else %}Configure{% endif %} {% data variables.product.prodname_GHAS %}' -intro: 'You can {% ifversion ghes %}set up{% else %}configure{% endif %} {% data variables.product.prodname_AS %}{% ifversion ghas-products %} products{% endif %} to suit your enterprise''s needs.' +title: 'Setting up {% data variables.product.prodname_GHAS %} features on your appliance' +shortTitle: 'Set up {% data variables.product.prodname_GHAS %}' +intro: You can set up {% data variables.product.prodname_AS %} to suit your enterprise's needs. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.ghas-ghec %}' redirect_from: @@ -10,14 +10,9 @@ redirect_from: - /admin/advanced-security - /admin/code-security/managing-github-advanced-security-for-your-enterprise versions: - ghec: '*' - ghes: '*' + ghes: '<= 3.15' topics: - Enterprise children: - - /enabling-github-advanced-security-for-your-enterprise - /managing-github-advanced-security-features-for-your-enterprise - - /configuring-code-scanning-for-your-appliance - - /configuring-dependency-review-for-your-appliance - - /configuring-secret-scanning-for-your-appliance --- diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md b/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md deleted file mode 100644 index ab81395a6bcf..000000000000 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/index.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Managing supply chain security for your enterprise -shortTitle: Supply chain security -intro: 'You can visualize, maintain, and secure the dependencies in your developers'' software supply chain.' -versions: - ghes: '*' -topics: - - Enterprise -children: - - /about-supply-chain-security-for-your-enterprise - - /enabling-the-dependency-graph-for-your-enterprise - - /viewing-the-vulnerability-data-for-your-enterprise - - /configuring-dependabot-to-work-with-limited-internet-access -redirect_from: - - /admin/code-security/managing-supply-chain-security-for-your-enterprise ---- - diff --git a/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md b/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md deleted file mode 100644 index 5e2269fe1e97..000000000000 --- a/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: About security configurations -shortTitle: Security configurations -intro: 'Security configurations are collections of security settings that you can apply across your enterprise.' -versions: - feature: security-configuration-enterprise-level -topics: - - Advanced Security - - Enterprise - - Security ---- - -## About {% data variables.product.prodname_security_configurations %} - -{% data variables.product.prodname_security_configurations_caps %} simplify the rollout of {% data variables.product.company_short %} security products at scale by helping you define collections of security settings and apply them across your enterprise. - -{% data reusables.security-configurations.overview %} - -{% ifversion ghec %} - -When you create a security configuration with {% data variables.product.prodname_AS %} features enabled, your enterprise will incur usage costs when you apply the configuration to repositories if your enterprise account has metered billing. If you have bought volume/subscription licenses for {% data variables.product.prodname_GHAS %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}, you will need enough licenses to cover any additional unique committers. See [AUTOTITLE](/billing/how-tos/products/add-advanced-security). - -{% endif %} - -{% ifversion security-configurations-ghes-only %} - -When creating a security configuration, keep in mind that: - -* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI. -* {% data variables.product.prodname_AS %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} license. -* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance. - -{% endif %} - -{% data reusables.security-configurations.emu-note %} - -{% data reusables.security-configurations.security-features-use-actions %} - -## Preserving default settings for new repositories - -If you had default security settings in place for newly created repositories, {% data variables.product.github %} will preserve these settings by automatically creating a "New repository default settings" security configuration for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December, 2024. - -The "New repository default settings" configuration will automatically get applied to any newly created repositories in your enterprise, if no organization-level defaults are set. diff --git a/content/admin/managing-code-security/securing-your-enterprise/index.md b/content/admin/managing-code-security/securing-your-enterprise/index.md deleted file mode 100644 index 600ed42b44cb..000000000000 --- a/content/admin/managing-code-security/securing-your-enterprise/index.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: Securing your enterprise -shortTitle: Securing your enterprise -intro: '{% ifversion security-configurations-cloud %}Enable the {% data variables.product.prodname_github_security_configuration %} or c{% elsif security-configurations-ghes-only %}C{% endif %}reate and apply {% data variables.product.prodname_custom_security_configurations %} to quickly secure your enterprise.' -product: '{% data reusables.gated-features.ghas-ghec %}' -versions: - feature: security-configuration-enterprise-level -topics: - - Alerts - - Advanced Security - - Dependency graph - - Dependabot - - Repositories -children: - - /about-security-configurations - - /applying-the-github-recommended-security-configuration-to-your-enterprise - - /creating-a-custom-security-configuration-for-your-enterprise - - /applying-a-custom-security-configuration-to-your-enterprise - - /configuring-additional-secret-scanning-settings-for-your-enterprise - - /editing-a-custom-security-configuration - - /deleting-a-custom-security-configuration ---- diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md index 24d15ee7ef72..cf347d1949e5 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md @@ -29,8 +29,6 @@ You can use policies to control how enterprise members use {% data variables.pro To run {% data variables.product.prodname_actions %} workflows, you need to use runners. {% data reusables.actions.about-runners %} If you use {% data variables.product.company_short %}-hosted runners, you will be billed based on consumption after exhausting the minutes included in your plan, whereas self-hosted runners are free. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). -For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners). - If you choose self-hosted runners, you can add runners at the enterprise, organization, or repository levels. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners). {% ifversion custom-org-roles %} diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md index b82ec5ad7b73..9e5ba3352a2c 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md @@ -130,6 +130,4 @@ You can view both usage and performance data for your enterprise under the "Insi For more detailed usage data at a per job or per workflow level, you{% else %}You{% endif %} can use webhooks to subscribe to information about workflow jobs and workflow runs. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks). -Make a plan for how your enterprise can pass the information from these webhooks into a data archiving system. You can consider using "CEDAR.GitHub.Collector", an open source tool that collects and processes webhook data from {% data variables.product.prodname_dotcom %}. For more information, see the [`Microsoft/CEDAR.GitHub.Collector` repository](https://github.com/microsoft/CEDAR.GitHub.Collector/). - -You should also plan how you'll enable your teams to get the data they need from your archiving system. +Make a plan for how your enterprise can pass the information from these webhooks into a data archiving system, and plan how you'll enable your teams to get the data they need from your archiving system. diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md index 8ee9983540a9..65db008724a8 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md @@ -114,7 +114,7 @@ After the initial configuration of SAML SSO, the only setting you can update on 1. Under **Public Certificate**, paste the certificate that you noted while configuring your IdP, to verify SAML responses. > [!NOTE] - > {% data variables.product.github %} does not enforce the expiration of this SAML IdP certificate. This means that even if this certificate expires, your SAML authentication will continue to work. However, if your IdP administrator regenerates the SAML certificate, and you don't update it on the {% data variables.product.github %} side, users will encounter a `digest mismatch` error during SAML authentication attempts due to the certificate mismatch. See [Error: Digest mismatch](/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#error-digest-mismatch). + > {% data variables.product.github %} does not enforce the expiration of this SAML IdP certificate. This means that even if this certificate expires, your SAML authentication will continue to work. However, {% data variables.product.github %}'s recommendation is to update the certificate before it expires. We will accept a SAML response signed with an expired certificate, but we cannot comment on how the certificate expiring will be handled at the identity provider level. If your IdP administrator regenerates the SAML certificate, and you don't update it on the {% data variables.product.github %} side, users will encounter a `digest mismatch` error during SAML authentication attempts due to the certificate mismatch. See [Error: Digest mismatch](/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#error-digest-mismatch). 1. Under the same **Public Certificate** section, select the **Signature Method** and **Digest Method** dropdown menus, then click the hashing algorithm used by your SAML issuer. 1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration**. {% data reusables.saml.test-must-succeed %} 1. Click **Save SAML settings**. diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md index 341c8d09cb09..56959ed5cdb8 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md @@ -189,7 +189,10 @@ To use a partner IdP's application for both authentication and provisioning, rev ### Configuring provisioning for other identity management systems -If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. See [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api). +If you don't use a partner IdP, or if you only use a partner IdP for SAML authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. See [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api). + +> [!NOTE] +> Use of the REST API for SCIM provisioning is not supported with enterprises enabled for OIDC. {% data reusables.emus.mixed-systems-note %} diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md index 7fe30b9bae5e..eb4be09259de 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/index.md @@ -13,6 +13,7 @@ topics: children: - /user-provisioning-with-scim-on-ghes - /configuring-scim-provisioning-for-users + - /migrating-from-ldap-to-saml-with-scim - /configuring-authentication-and-provisioning-with-entra-id - /configuring-authentication-and-provisioning-with-pingfederate - /configuring-scim-provisioning-with-okta diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md index b5fe3aaa964a..daced6d3b310 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md @@ -26,16 +26,15 @@ topics: ## About team management with {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}SCIM{% endif %} -{% data reusables.emus.about-team-management-with-idp %} When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts. +{% data reusables.emus.about-team-management-with-idp %} -When a change to an IdP group or a new team connection results in a user joining a team in an organization they were not already a member of, the user will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means. +The following sections explain how {% data variables.product.github %} uses SCIM provisioning and reconciliation jobs to keep team and organization membership in sync with your IdP. -> [!NOTE] -> Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM. +When {% data variables.product.github %} receives a **Group SCIM API call** from your IdP, it generates an `external_group.scim_api_success` or `external_group.scim_api_failure` event in the enterprise audit log. These events capture detailed information about the call, including the payload and operation performed, and are recorded in the audit log with the **actor** set to the {% ifversion ghes %}built-in/local user{% else %}setup user{% endif %}, the account used to configure SCIM provisioning. -When group membership changes on your IdP, your IdP sends a SCIM request with the changes to {% data variables.product.prodname_dotcom %} according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning. +Once {% data variables.product.github %} stores the group data at the enterprise level, it runs a daily reconciliation job to synchronize team membership with the stored IdP group data. This reconciliation also runs whenever a Group SCIM API call updates group membership, and if an admin links or unlinks a team to a stored group. -{% data variables.product.prodname_dotcom %} also runs a reconciliation job once per day, which synchronizes team membership with IdP group membership that is stored on {% data variables.product.prodname_dotcom %}, based on information previously sent from the IdP via SCIM. If this job finds that a user is a member of an IdP group in the enterprise, but they are not a member of the mapped team or its organization, the job will attempt to add the user to the organization and team. +When a change to an IdP group or a new team connection results in a user joining a team in an organization they were not already a member of, {% data variables.product.github %} automatically adds the user to the organization. When you disconnect a group from a team, {% data variables.product.github %} removes users who became members of the organization via team membership if they do not have membership in the organization by any other means. Teams connected to IdP groups cannot be parents of other teams nor a child of another team. If the team you want to connect to an IdP group is a parent or child team, we recommend creating a new team or removing the nested relationships that make your team a parent team. @@ -43,7 +42,7 @@ To manage repository access for any team in your enterprise, including teams con ## Requirements for connecting IdP groups with teams -Before you can connect an IdP group with a team on {% data variables.product.prodname_dotcom %}, you must assign the group to the {% ifversion ghec %}{% data variables.product.prodname_emu_idp_application %}{% else %}relevant{% endif %} application in your IdP. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users). +Before you can connect an IdP group with a team on {% data variables.product.github %}, you must assign the group to the {% ifversion ghec %}{% data variables.product.prodname_emu_idp_application %}{% else %}relevant{% endif %} application in your IdP. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users). You can connect a team in your enterprise to one IdP group. You can assign the same IdP group to multiple teams in your enterprise. diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim.md new file mode 100644 index 000000000000..43ed0da6d6af --- /dev/null +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim.md @@ -0,0 +1,164 @@ +--- +title: 'Migrating from LDAP to SAML with SCIM' +shortTitle: 'Migrate from LDAP' +intro: 'Learn how to migrate your {% data variables.product.prodname_ghe_server %} instance from LDAP authentication to SAML single sign-on with SCIM provisioning for centralized user management.' +permissions: 'Site administrators can migrate authentication methods on {% data variables.product.prodname_ghe_server %}.' +versions: + ghes: '>=3.17' +type: how_to +topics: + - Accounts + - Authentication + - Enterprise + - Identity + - SSO +--- + +## About migrating from LDAP to SAML and SCIM + +If your {% data variables.product.prodname_ghe_server %} instance currently uses LDAP authentication, you can migrate to SAML single sign-on (SSO) with SCIM provisioning for enhanced user lifecycle management capabilities. This migration allows you to automatically provision, update, and deprovision user accounts from your identity provider (IdP). + +{% data reusables.enterprise.saml-or-ldap %} + +**Prerequisites:** + +* You must be a site administrator on {% data variables.product.prodname_ghe_server %}. +* You must have administrative access to your SAML identity provider. +* Your IdP must support SAML 2.0 and SCIM 2.0 protocols. +* You should complete a backup of your instance before beginning the migration. + +SCIM provisioning requires SAML authentication as a prerequisite, so this migration involves four distinct phases: + +1. **Migrate to SAML authentication**: Replace LDAP with SAML SSO. +1. **Test and verify SAML**: Confirm authentication works and users link correctly. +1. **Enable SCIM provisioning**: Add automated user management capabilities. +1. **Test and verify SCIM**: Confirm provisioning links identities to existing accounts. + +This document assumes familiarity with SAML authentication and SCIM provisioning. For more information on these topics, please see [AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes). + +## 1. Understand LDAP vs SCIM user creation patterns + +Before you begin the migration, it's important to understand the key differences between how LDAP and SCIM handle user management on {% data variables.product.prodname_ghe_server %}. + +| Attribute | LDAP | SCIM | +| --- | --- | --- | +| **Appliance configuration** | You configure the user ID attribute (default `uid`) and other LDAP settings in the management console. This configuration determines how to map between LDAP users and GitHub users. For more information about configuring LDAP, see [AUTOTITLE](/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap#ldap-attributes). | Enable SAML authentication first, then configure SCIM provisioning with an authentication token. | +| **User creation timing** | Just-in-time: Users are created on first sign-in after successful LDAP authentication. | Pre-authentication: Users must be provisioned via SCIM before they can authenticate. | +| **Initial username source** | GitHub username is based on the normalized LDAP identifier configured during setup. | GitHub username is based on the normalized SCIM `userName` value from your IdP. | +| **Username management** | Flexible: Administrators can change GitHub usernames independently of LDAP. Usernames can drift from LDAP identifiers over time while maintaining authentication through LDAP mappings. See [AUTOTITLE](/account-and-profile/reference/username-reference#changing-your-username). | Strict: GitHub usernames always correspond to the normalized SCIM `userName` from your IdP. Username changes on the GitHub side are not allowed. | +| **User attribute control** | Hybrid: Some attributes managed by LDAP, others can be managed on the appliance. | Full IdP control: All user attributes are managed through SCIM updates from your IdP. | +| **Authentication flow** | {% data variables.product.prodname_ghe_server %} authenticates with your LDAP server and looks up the existing LDAP mapping to locate the user. | During SAML SSO, an external identity lookup is performed to locate the provisioned user for authentication. | +| **Key characteristic** | Hybrid system where GitHub user data (especially usernames) can be partially managed on the appliance independently of the LDAP server. | Full identity provider control: The state of GitHub users depends entirely on what the IdP sends through SCIM, and usernames cannot drift from the source system. | + +### Username normalization and compatibility + +{% data variables.product.prodname_ghe_server %} normalizes usernames according to specific rules that apply consistently across LDAP, SAML, and SCIM. Understanding these rules is critical for successful migration. + +For more information about username normalization, see [AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization). + +## 2. Plan your migration + +Before beginning the migration, you need to understand your current setup, prepare your identity provider, and establish backup access methods. The planning phase is critical to ensure a smooth transition. + +### Preparing to map from LDAP to SCIM + +The critical migration challenge is bridging between the LDAP and SCIM user management approaches: + +**LDAP users (existing state)**: + +* Have GitHub usernames that may have changed since initial creation +* Retain authentication ability through LDAP mappings regardless of username changes + +**SCIM users (target state)**: + +* Must be provisioned before authentication +* Must have GitHub usernames that match their normalized SCIM `userName` values +* Can be linked to an external identity with their existing GitHub account during SCIM user provisioning, but only if the normalized SCIM `userName` matches their existing GitHub username + +### Migration mapping requirements + +To successfully link SCIM identities to existing LDAP users, you'll need to capture the current state of the users on your instance: + +1. **Export existing GitHub usernames**: Use the site admin interface, API, or CLI to get a complete list of current GitHub usernames on your instance. For more information about the users API, see [AUTOTITLE](/rest/users/users?apiVersion=2022-11-28#list-users). For more information about the command-line utility to export users, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-user-csv). +1. **Map GitHub usernames to real users in your IdP**: Determine which identities correspond to each GitHub username in your enterprise. +1. **Configure the SCIM `userName` attribute**: Ensure your IdP provisions SCIM users with `userName` values that match the existing GitHub usernames you would like to link. + +**Important**: The target for mapping is always the **current GitHub username** on your instance, not the original LDAP User ID or any other identifier. + +### Key planning considerations + +**Important considerations:** + +* **Downtime required**: This migration requires downtime during a maintenance window to change authentication settings. +* **User impact**: After the migration, users will need to authenticate through your SAML IdP instead of LDAP credentials. +* **Team membership**: LDAP team synchronization will be replaced by SCIM group provisioning if supported by your IdP. LDAP-mapped teams will need to be updated with an appropriate SCIM group where applicable. + +### Capture the state of your LDAP configuration + +Record your current LDAP setup to plan equivalent SAML/SCIM mappings: + +{% data reusables.enterprise_site_admin_settings.access-settings %} +{% data reusables.enterprise_site_admin_settings.management-console %} +{% data reusables.enterprise_management_console.authentication %} +1. Document the following LDAP settings: + * **Domain base** and restricted user groups + * **User ID attribute** (this was used to create GitHub usernames) + * **Profile name, email, and other attribute mappings** + * **Administrators group configuration** + * **Team synchronization settings** +1. Ensure you have saved a list of existing users on your instance that you will be linking to a SCIM identity. + +## 3. Migrate to SAML and SCIM + +Once you've completed planning, you can begin migrating from LDAP to SAML authentication. This involves configuring SAML on both your identity provider and {% data variables.product.prodname_ghe_server %}, then carefully testing the configuration before proceeding to SCIM. + +**Important**: When configuring SAML, enable "Allow creation of accounts with built-in authentication" to reduce the number of steps required when enabling SCIM. + +### Enabling SAML authentication + +For detailed SAML configuration steps, see [AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise). + +After enabling SAML, test the authentication system before proceeding to SCIM. With any IdP account assigned to the SAML application configured against your instance, verify that you are able to successfully perform an SSO login. + +**Do not proceed to SCIM until SAML authentication is working correctly.** + +### Enable SCIM provisioning + +After confirming SAML authentication works correctly, you can enable SCIM for automated user management. SCIM must be configured on both {% data variables.product.prodname_ghe_server %} and your identity provider. + +For detailed steps to enable SCIM, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users). + +#### Test SCIM provisioning + +Test SCIM provisioning to ensure the SCIM provisioned users are linked to existing user accounts correctly. + +For users who already have accounts from the LDAP/SAML migration: + +1. **Assign user to SCIM application** in your IdP. +1. **Verify automatic linking**: Check that SCIM automatically links to the existing account: + * Users retain same username and account data + * No duplicate accounts are created + * SCIM identity shows as linked in the enterprise settings, and site admin interfaces. For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-a-linked-identity). +1. **Review audit logs**: Look for `external_identity.scim_api_success` and `external_identity.provision` events showing successful linking to existing users. + +For new users not previously in your instance: + +1. **Verify user creation**: Check that the user appears in {% data variables.product.prodname_ghe_server %} with correct attributes. +1. **Test authentication**: Confirm the new user can authenticate via SAML. +1. **Test attribute updates**: Update user information in IdP and confirm changes sync. +1. **Test deprovisioning**: Remove user access and confirm they are suspended. + +### Roll out SCIM to all users + +For all remaining users who aren't yet provisioned via SCIM: + +1. **Gradually assign users** to the {% data variables.product.prodname_ghe_server %} application in your IdP. +1. **Monitor linking process**: Watch for successful automatic linking based on username matching. +1. **Track progress**: Use audit logs to monitor `external_identity` events for linking progress. +1. **Address any conflicts**: Resolve username conflicts or mapping issues as they arise. + +## 4. Update team and organization membership + +After your migration, if you previously used LDAP group synchronization to control team memberships, you can replace those team mappings with SCIM groups. If reusing existing an team, you will need to remove all team members prior to linking an IdP group. + +For more information, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups). diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md index f1792b1065de..e4e69224e12a 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md @@ -44,18 +44,33 @@ If {% data variables.product.prodname_dotcom %} is unable to synchronize team me ### Error: "Out of sync due to insufficient licenses" -If your enterprise does not have sufficient licenses and {% data variables.product.prodname_dotcom %} is unable to synchronize team membership with a group on your IdP, you'll see a message that reads "Out of sync due to insufficient licenses". +{% data variables.product.prodname_dotcom %} stores IdP group membership data for {% ifversion ghes %}SCIM-provisioned users{% else %}{% data variables.product.prodname_emus %}{% endif %} at the enterprise level. This data is populated and updated through Group SCIM API calls from your identity provider (IdP). + +For IdP groups that are mapped to teams, {% data variables.product.prodname_dotcom %} runs a **daily reconciliation job** to synchronize team membership with the stored enterprise-level IdP group data. The reconciliation also runs whenever a Group SCIM API call updates group membership, or when an admin links or unlinks a team to a stored group on GitHub. + +If your enterprise does not have enough licenses available, {% data variables.product.prodname_dotcom %} may be unable to complete this synchronization. When this occurs, you’ll see the message: +> "Out of sync due to insufficient licenses" + +As a result, the affected team or organization may be missing members. ![Screenshot of the IdP group page. A warning that a team is out of sync due to insufficient licenses is outlined in dark orange.](/assets/images/help/enterprises/emu-group-team-not-synced-missing-licenses.png) -The team may be missing members because your enterprise does not have sufficient licenses available. {% data variables.product.prodname_dotcom %} is unable to synchronize the team's membership with a group on your IdP, and any unlicensed user cannot be added to an organization. +To investigate this issue, review your enterprise's total available licenses, as well as detailed information about which users are consuming licenses and why. For more information, see [AUTOTITLE](/billing/reference/github-license-users#organizations-on-github-enterprise-cloud) and [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise). + +#### Resolving the issue + +To allow synchronization to complete successfully, make additional enterprise licenses available using one of the following approaches: -1. Review the available licenses for your enterprise. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise). -1. To resolve the problem, choose one of the following solutions. +* **Free up existing licenses** + * Identify which users are consuming licenses and whether they still need access. + * Remove users from organizations or IdP groups as needed, depending on how you manage organization and team membership (see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)): + * If you manage your organization's membership via IdP groups, remove users from the relevant group(s). + * Monitor these enterprise audit log events to track SCIM API calls that update group membership or managed user accounts (see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise): + * `external_group.scim_api_failure` / `external_group.scim_api_success` + * `external_identity.scim_api_failure` / `external_identity.scim_api_success` - * Remove users from the IdP group. - * Deprovision users from your enterprise. - * Purchase additional licenses to allow synchronization to complete. For more information, see [AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing#about-changes-to-your-subscription). +* **Purchase additional licenses** + * If all current users require access, purchase more licenses for your enterprise. For more information, see [AUTOTITLE](/billing/how-tos/manage-plan-and-licenses/manage-user-licenses#enterprises-on-github-enterprise-cloud). {% endif %} diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md index 1e90c192a404..156620a8b665 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md @@ -43,7 +43,9 @@ The following IdPs are partner IdPs. They offer an application that you can use * Okta * PingFederate ({% data variables.release-phases.public_preview %}) -When you use a single partner IdP for both authentication and provisioning, {% data variables.product.company_short %} provides support for the application on the partner IdP and the IdP's integration with {% data variables.product.prodname_dotcom %}. Support for PingFederate is in {% data variables.release-phases.public_preview %}. +When you use a single partner IdP for both authentication and provisioning, {% data variables.product.company_short %} provides support for the application on the partner IdP and the IdP's integration with {% data variables.product.prodname_dotcom %}. The same application must be used for both SAML authentication and SCIM provisioning. Support for PingFederate is in {% data variables.release-phases.public_preview %}. + +We do not have a supported partner application when using Entra ID for Azure Government. ### Other identity management systems diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md b/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md index e60da2f68e65..cc9bd91ff9ea 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/changing-authentication-methods.md @@ -42,3 +42,13 @@ Other issues you should take into consideration include: * **Two-factor authentication:** {% data reusables.enterprise_user_management.external_auth_disables_2fa %} * **Fallback authentication for users with no account on your external authentication provider:** You can invite users to authenticate to {% data variables.location.product_location %} without adding them to your identity provider. For more information, see [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider). + +{% ifversion scim-for-ghes-ga %} + +## Migrating from LDAP to SAML and SCIM + +If you're currently using LDAP and want to enable automated user provisioning and deprovisioning capabilities, you can migrate to SAML authentication with SCIM provisioning. This provides enhanced user lifecycle management while maintaining centralized authentication. + +For detailed migration steps, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim). + +{% endif %} diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md b/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md index 76e829903a34..2a63b0b3adbe 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md @@ -40,21 +40,9 @@ Using an **incognito or private browsing window**: > [!WARNING] > All subsequent login attempts for the setup user account will require a successful 2FA challenge response. - - > [!IMPORTANT] - > If the enterprise account has enabled single sign-on and the setup user hasn’t enabled 2FA, they must use an enterprise recovery code to authenticate. To avoid being locked out of your account, after enabling single sign-on, save your enterprise recovery codes. For more information, see [AUTOTITLE](/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes#downloading-codes-for-an-enterprise-with-enterprise-managed-users) and the related [changelog on {% data variables.product.prodname_blog %}](https://github.blog/changelog/2025-01-17-setup-user-for-emu-enterprises-requires-2fa-or-use-of-a-recovery-code/). - -{% data reusables.enterprise-accounts.emu-password-reset-session %} - {% data reusables.enterprise-accounts.emu-recommend-password-manager %} - > [!NOTE] - > Once single sign-on has been configured on the enterprise, the setup user is only intended to be used going forwards for: - > - > * SCIM provisioning via its {% data variables.product.pat_generic %}. - > * To regain access to your enterprise in the event of an issue with your identity provider by utilizing the enterprise's SAML recovery codes. - > - > For other enterprise administration tasks, you should use a provisioned managed user account with the enterprise owner role. +{% data reusables.enterprise-accounts.about-setup-user %} ## Create a {% data variables.product.pat_generic %} diff --git a/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md index e79154094ec6..116ce5c84ecb 100644 --- a/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md +++ b/content/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md @@ -60,6 +60,7 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.authentication %} + 1. Under "Authentication", select **LDAP**. 1. {% data reusables.enterprise_user_management.built-in-authentication-option %} 1. Add your configuration settings. @@ -104,6 +105,7 @@ You can validate the LDAP server certificate you use with TLS by enabling LDAP c To enable LDAP certificate verification, select **Enable LDAP certificate verification** in your LDAP settings. When this option is selected, the certificate is validated to make sure: + * If the certificate contains at least one Subject Alternative Name (SAN), one of the SANs matches the LDAP hostname. Otherwise, the Common Name (CN) matches the LDAP hostname. * The certificate is not expired. * The certificate is signed by a trusted certificate authority (CA). @@ -185,6 +187,7 @@ You can view the full list of LDAP users who have access to your instance and pr {% data reusables.enterprise_site_admin_settings.sign-in %} {% data reusables.enterprise_site_admin_settings.access-settings %} + 1. In the left sidebar, click **LDAP users**. 1. To search for a user, type a full or partial username and click **Search**. Existing users will be displayed in search results. If a user doesn’t exist, click **Create** to provision the new user account. @@ -203,6 +206,7 @@ Unless [LDAP Sync is enabled](#enabling-ldap-sync), changes to LDAP accounts are {% data reusables.enterprise_site_admin_settings.search-user %} {% data reusables.enterprise_site_admin_settings.click-user %} {% data reusables.enterprise_site_admin_settings.admin-top-tab %} + 1. Under "LDAP," click **Sync now** to manually update the account with data from your LDAP server. You can also [use the API to trigger a manual sync](/rest/enterprise-admin/ldap). @@ -221,4 +225,14 @@ Log events for LDAP appear in systemd journal logs on {% data variables.location The {% data variables.product.prodname_ghe_server %} LDAP authentication timeout setting is 10 seconds. This means that all LDAP queries required for user authentication and group membership queries (when Administrators and Restricted User Groups are configured in the management console) must successfully complete within 10 seconds for an LDAP user who is logging into {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_ghe_server %} does not currently support extending this 10 second LDAP authentication timeout as this can have a negative impact on other services on the appliance and lead to poor performance or unexpected outages. We recommend limiting the network latency between {% data variables.product.prodname_ghe_server %} and LDAP server(s) to help prevent authentication timeouts. -{% data variables.product.prodname_ghe_server %} does not support user LDAP DNs with special characters. If there is an LDAP user with a special character in their LDAP DN, {% data variables.product.prodname_ghe_server %} may not be able to accurately determine the group membership of a user who is authenticating or being synced by LDAP Sync. +{% data variables.product.prodname_ghe_server %} does not support user LDAP DNs with special characters. If there is an LDAP user with a special character in their LDAP DN, {% data variables.product.prodname_ghe_server %} may not be able to accurately determine the group membership of a user who is authenticating or being synced by LDAP Sync. + +{% ifversion scim-for-ghes-ga %} + +## Migrating from LDAP to SAML and SCIM + +If your organization needs automated user provisioning and lifecycle management capabilities beyond what LDAP provides, you can migrate from LDAP authentication to SAML single sign-on with SCIM provisioning. This migration enables centralized user provisioning, deprovisioning, and attribute synchronization from your identity provider. + +For more information, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/migrating-from-ldap-to-saml-with-scim). + +{% endif %} diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md index 909197f39f8d..989289f5d230 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md @@ -73,6 +73,8 @@ For more information about connecting Microsoft Entra ID (previously known as Az For more information about connecting Entra ID to your enterprise, see [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Server](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-ae-tutorial) in Microsoft Docs. +We do not have a supported partner application when using Entra ID for Azure Government. + ## Username considerations with SAML {% data reusables.enterprise_user_management.consider-usernames-for-external-authentication %} For more information, see [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication). diff --git a/content/admin/managing-your-enterprise-account/configuring-user-display-names-for-your-enterprise.md b/content/admin/managing-your-enterprise-account/configuring-user-display-names-for-your-enterprise.md new file mode 100644 index 000000000000..835c7aecce91 --- /dev/null +++ b/content/admin/managing-your-enterprise-account/configuring-user-display-names-for-your-enterprise.md @@ -0,0 +1,54 @@ +--- +title: 'Configuring user display names for your enterprise' +intro: 'You can choose whether the profile name (first and last name) of your enterprise members appear alongside their username across {% data variables.product.github %}.' +versions: + ghec: '*' + ghes: '*' +contentType: how-tos +topics: + - Accounts + - Enterprise +permissions: Enterprise and organization admins can configure whether profile names (first and last name) appear alongside usernames across {% data variables.product.github %}. +shortTitle: Configure user display names +--- + +## About user display names for enterprises + +A user display name controls how enterprise members are shown across {% data variables.product.prodname_enterprise %}. When the feature is enabled, a member’s profile name (first and last name) appears alongside their username in places like repositories, issues, pull requests, and {% data variables.product.prodname_discussions %}. The setting applies to public, private, and internal repositories within your enterprise's organizations. + +When set at the enterprise level, this policy is applied across all organizations within your enterprise. + +Once configured, your chosen display format will be visible throughout these key areas: + +* Pull requests: reviewers, assignees, pull request authors, activities, comments, @-mentions, and commits +* Issues: assignee, comments, activities, @-mentions, and owner +* Discussions: discussion owners, comments, and @-mentions +* Projects: assignee + +By default: + +* {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %} and {% data variables.product.prodname_ghe_server %} show profile names alongside usernames. +* All other enterprise accounts show usernames only. + +## Changing the user display name setting for an enterprise + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.settings-tab %} +1. On the "Manage your enterprise profile" page, go to "Member appearance". +1. Under "Profile name visibility", select one of the following options in the adjacent dropdown list. + * **Enable everywhere** to show profile names alongside usernames across all organizations in your enterprise, including in repositories, issues, pull requests, and discussions. + * **Disable everywhere** to show **usernames only** across all organizations in your enterprise. + * **Let organizations decide** to allow each organization in your enterprise to configure this setting. + +## Changing the user display name setting for an organization + +> [!NOTE] +> The organization-level setting will only be configurable if the enterprise-level policy is set to **Let organizations decide**. + +To manage configure user display name at the organization level: +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +1. On the "General" page, go to "Member appearance". +1. Under "Profile name visibility", select one of the following options in the toggle. + * **On** to show profile names alongside usernames in your organization, including in repositories, issues, pull requests, and discussions. + * **Off** to show **usernames only** across your organization. diff --git a/content/admin/managing-your-enterprise-account/deleting-an-enterprise-account.md b/content/admin/managing-your-enterprise-account/deleting-an-enterprise-account.md index d602499c79bf..a4fd0bcbf967 100644 --- a/content/admin/managing-your-enterprise-account/deleting-an-enterprise-account.md +++ b/content/admin/managing-your-enterprise-account/deleting-an-enterprise-account.md @@ -42,7 +42,7 @@ If you upgraded to an enterprise account from a single organization and then del {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} 1. If you are not trialing {% data variables.product.prodname_ghe_cloud %}, delete your enterprise account: - 1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **Profile**. + 1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **General**. 1. In the "Danger Zone" section, click **Delete this enterprise**. 1. In the text box, type the enterprise slug to confirm the deletion, then click **Delete this enterprise**. 1. If you are trialing {% data variables.product.prodname_ghe_cloud %}, cancel your trial, or delete the expired trial: diff --git a/content/admin/managing-your-enterprise-account/index.md b/content/admin/managing-your-enterprise-account/index.md index 51cb1178acad..22b3cba1ac0b 100644 --- a/content/admin/managing-your-enterprise-account/index.md +++ b/content/admin/managing-your-enterprise-account/index.md @@ -9,6 +9,6 @@ children: - /creating-a-readme-for-an-enterprise - /deleting-an-enterprise-account - /changing-the-url-for-your-enterprise + - /configuring-user-display-names-for-your-enterprise shortTitle: Manage enterprise account --- - diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md index c652ad0983bc..51016f4acfb0 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise.md @@ -38,6 +38,8 @@ If members of your enterprise access {% data variables.location.product_location {% data variables.product.github %} does not display IP addresses in the audit log for `api.request` events that do not have repository context, such as requests triggered by GraphQL or requests to endpoints that reference only a user or organization. +{% data variables.product.github %} does not display IP addresses in the audit log for certain events where the actor recorded in the audit log differs from the person or system that performed the action. {% data variables.product.github %} also does not display IP addresses when a bot or automated system performs the action. + ## Enabling display of IP addresses in the audit log {% data reusables.enterprise-accounts.access-enterprise %} diff --git a/content/admin/monitoring-and-managing-your-instance/index.md b/content/admin/monitoring-and-managing-your-instance/index.md index 0bafdd26d4b8..59d00719c48a 100644 --- a/content/admin/monitoring-and-managing-your-instance/index.md +++ b/content/admin/monitoring-and-managing-your-instance/index.md @@ -15,5 +15,6 @@ children: - /configuring-clustering - /configuring-high-availability - /caching-repositories + - /multiple-data-disks shortTitle: 'Monitor and manage your instance' --- diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md index adb938bec9d1..0a73adc0c44e 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md @@ -43,7 +43,7 @@ Within the pre-built dashboards you can find various sections grouping graphs of {% ifversion ghes-opentelemetry %} -If you have enabled metrics for OpenTelemetry, then additional dashboards are available, see: [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards). +If you have enabled metrics for OpenTelemetry, then additional dashboards are available, see: [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards). {% endif %} diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/about-opentelemetry-metrics.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/about-opentelemetry-metrics.md index 8b898418299c..acdea25190ec 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/about-opentelemetry-metrics.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/about-opentelemetry-metrics.md @@ -15,8 +15,12 @@ shortTitle: OpenTelemetry metrics {% data reusables.enterprise.opentelemetry-migration %} +{% ifversion ghes = 3.18 %} + {% data reusables.enterprise.opentelemetry-preview %} +{% endif %} + ## About OpenTelemetry metrics The OpenTelemetry monitoring stack is based on industry-standard observability tools and includes various components for collecting, processing, and storing metrics. This comprehensive approach provides a complete view of your system's performance and health across all components of your {% data variables.product.prodname_ghe_server %} instance. @@ -31,7 +35,7 @@ OpenTelemetry metrics offer several advantages over the legacy collectd system: * **Extensible**: Support for custom metrics and external monitoring integrations * **Native endpoints**: Direct integration with service `/metrics` endpoints for efficient monitoring -With OpenTelemetry, advanced Grafana dashboards with enhanced visualization and monitoring capabilities are available, see: [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards). +With OpenTelemetry, advanced Grafana dashboards with enhanced visualization and monitoring capabilities are available, see: [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards). ## Key components diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards.md similarity index 78% rename from content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards.md rename to content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards.md index 9a0babb997de..9c96a484b730 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards.md @@ -1,6 +1,8 @@ --- -title: Enabling advanced dashboards of OpenTelemetry metrics +title: Advanced dashboards of OpenTelemetry metrics intro: 'After enabling OpenTelemetry metrics collection on your {% data variables.product.prodname_ghe_server %} instance, you have access to additional dashboards with enhanced visualization and monitoring capabilities.' +redirect_from: + - /enterprise/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards versions: feature: ghes-opentelemetry topics: @@ -10,16 +12,29 @@ topics: - Monitoring - Performance type: how_to -shortTitle: Enable advanced dashboards +shortTitle: Advanced dashboards --- {% data reusables.enterprise.opentelemetry-migration %} +{% ifversion ghes = 3.18 %} + {% data reusables.enterprise.opentelemetry-preview %} +{% endif %} + +## Prerequisites + +* OpenTelemetry metrics are enabled for your {% data variables.product.prodname_ghe_server %} instance + + ## Additional dashboards +{% ifversion ghes < 3.19 %} When OpenTelemetry metrics are enabled, you can turn on advanced Grafana dashboards with enhanced visualization and monitoring capabilities. +{% else %} +When OpenTelemetry metrics are enabled, you will have access to advanced Grafana dashboards with enhanced visualization and monitoring capabilities. +{% endif %} * **Elasticsearch** - Detailed metrics for search performance, indexing operations, and cluster health * **Nomad** - In-depth monitoring of job scheduling, resource allocation, and service orchestration @@ -29,12 +44,15 @@ When OpenTelemetry metrics are enabled, you can turn on advanced Grafana dashboa These dashboards provide more granular insights into your {% data variables.product.prodname_ghe_server %} instance's performance and can help with advanced troubleshooting and capacity planning. -## Prerequisites +{% ifversion ghes < 3.19 %} +## Enabling advanced dashboards + +### Prerequisites -* OpenTelemetry metrics are enabled for your {% data variables.product.prodname_ghe_server %} instance * SSH access to your {% data variables.product.prodname_ghe_server %} instance -## Enabling advanced dashboards +--- + {% data reusables.enterprise_installation.ssh-into-instance %} 1. Run the following command to enable advanced dashboards: @@ -46,3 +64,4 @@ These dashboards provide more granular insights into your {% data variables.prod {% data reusables.enterprise.apply-configuration %} After running these commands, your external Grafana instance will have access to additional pre-configured dashboards. +{% endif %} diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/configuring-opentelemetry-for-your-instance.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/configuring-opentelemetry-for-your-instance.md index a9b75065e6e2..da5ead6627b8 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/configuring-opentelemetry-for-your-instance.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/configuring-opentelemetry-for-your-instance.md @@ -15,8 +15,12 @@ shortTitle: Configure OpenTelemetry {% data reusables.enterprise.opentelemetry-migration %} +{% ifversion ghes = 3.18 %} + {% data reusables.enterprise.opentelemetry-preview %} +{% endif %} + ## Prerequisites * {% data variables.product.prodname_ghe_server %} 3.18 or later @@ -25,6 +29,12 @@ shortTitle: Configure OpenTelemetry ## Enabling OpenTelemetry metrics +{% ifversion ghes > 3.18 %} + +OpenTelemetry metrics are enabled by default for **new installations** of {% data variables.product.prodname_ghe_server %} 3.19 and later. Upgrades to {% data variables.product.prodname_ghe_server %} 3.19 will still have `collectd` metrics enabled by default, but you can choose to switch to OpenTelemetry metrics. + +{% else %} + OpenTelemetry metrics are disabled by default. You can enable them through the {% data variables.enterprise.management_console %} or command line. ### Using the {% data variables.enterprise.management_console %} @@ -47,6 +57,8 @@ OpenTelemetry metrics are disabled by default. You can enable them through the { {% data reusables.enterprise.apply-configuration %} +{% endif %} + ## Performance considerations When configuring OpenTelemetry metrics, consider the following performance factors: @@ -157,5 +169,5 @@ sudo journalctl -u victoriametrics -f ## Next steps -* To enable advanced monitoring dashboards, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/enable-advanced-dashboards) +* To enable advanced monitoring dashboards, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/advanced-dashboards) * To set up external monitoring, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/setting-up-external-monitoring-with-opentelemetry). diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/index.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/index.md index 3f0b7d97fcaa..332ff735c973 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/index.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/index.md @@ -8,11 +8,15 @@ topics: children: - /about-opentelemetry-metrics - /configuring-opentelemetry-for-your-instance - - /enable-advanced-dashboards + - /advanced-dashboards - /setting-up-external-monitoring-with-opentelemetry shortTitle: OpenTelemetry metrics --- {% data reusables.enterprise.opentelemetry-migration %} +{% ifversion ghes = 3.18 %} + {% data reusables.enterprise.opentelemetry-preview %} + +{% endif %} diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/setting-up-external-monitoring-with-opentelemetry.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/setting-up-external-monitoring-with-opentelemetry.md index f1818cef5138..07b2dbab397e 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/setting-up-external-monitoring-with-opentelemetry.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics/setting-up-external-monitoring-with-opentelemetry.md @@ -13,8 +13,12 @@ type: how_to shortTitle: External monitoring OpenTelemetry --- +{% ifversion ghes = 3.18 %} + {% data reusables.enterprise.opentelemetry-preview %} +{% endif %} + ## External monitoring approaches External monitoring with OpenTelemetry allows you to integrate your {% data variables.product.prodname_ghe_server %} instance with existing monitoring infrastructure and tools. {% data variables.product.prodname_ghe_server %} provides two primary approaches for external monitoring: @@ -126,7 +130,7 @@ scrape_configs: scheme: https tls_config: # Set `true` only when testing with self-signed certificates - insecure_skip_verify: false + insecure_skip_verify: false ``` #### Other monitoring tools diff --git a/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks.md b/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks.md new file mode 100644 index 000000000000..b15f3bccd687 --- /dev/null +++ b/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks.md @@ -0,0 +1,222 @@ +--- +title: Configuring multiple data disks +product: '{% data variables.product.prodname_ghe_server %}' +intro: 'You can configure additional data disks and use them to host MySQL and repositories data.' +versions: + ghes: '>= 3.19' +type: overview +topics: + - Enterprise +--- + +> [!NOTE] +> The ability to configure and use multiple data disks is in {% data variables.release-phases.public_preview %} and subject to change. We would love to hear your feedback on the preview. You can share it with your customer success team, or leave a comment in the [community discussion post](https://github.com/orgs/community/discussions/181173). Our preferred option is sharing your feedback with your customer success team. + +## Why introduce more disks to the GHES instance? + +* Improved resource distribution: + * Different services have unique disk requirements. + * MySQL is mostly latency and IOPS sensitive. + * Some resources (such as repositories) don't benefit as much from expensive block storage. +* Maximized VM limits: + * A single disk is often not able to max out the limitations of an instance. + * From a cost perspective, it is usually not feasible or worthwhile to run everything on the most expensive or fastest storage. +* Clearer separation between resource allocation and services: + * Resources can be allocated in a targeted way, preventing critical services from being starved. +* Scaling: + * Customers on both standalone and high-availability topologies can scale out as needed. + +## Constraints + +* Multi-data disks are only supported on Standalone and High Availability (HA) topologies. +* Once multiple data disks are configured in a deployment, this change cannot be undone for that deployment. +* Setting up multi-data disks and migrating data typically requires some downtime. + * You can minimize this by configuring a replica with multi-data disks, replicating data from the primary, and then failing over to the replica. + * If you are adding multi-data disks directly to the primary, expect a much longer downtime. +* During the public preview, multi-data disks should be used only in non-production environments. +* It is not recommended to migrate MySQL and repositories to the same disk. +* Currently, only MySQL and repositories can be migrated to additional disks. + +## Resource recommendations + +If you add disks that are as fast or faster than your current ones, you should see improved performance. Storage devices are typically measured by IOPS (Input/Output Operations Per Second), throughput, and latency. For MySQL, we recommend using a disk with lower latency and higher IOPS than your existing data disk. For repositories, choose a disk with higher IOPS and throughput than your current data disk. + +In high availability setups, it is best to use multi-data disks on both the primary and all replicas. Mixing configurations, where the primary has multi-data disks but the replica does not, is not recommended. + +## Setting up multiple data disks and data paths + +### Prerequisites + +* We recommend taking a recent backup of your data before getting started. +* Create a test environment to try the feature. + * During the public preview, we recommend **only** using the feature in a test environment. + * Once the feature becomes generally available, we recommend testing the feature in a non-production environment before using it in production. + +### Instructions + +1. You can perform fresh installation of GHES or use an existing GHES instance. It should have the data disk configured at `/data/user`. + +1. Once `/data/user` is set up, add additional block storage devices to the instance. + + Currently, `ghe-storage-find` chooses the first block storage for setting up `/data/user` based on the alphabetical order of the block storage path. This happens on the first boot of the GHES appliance. + + To have more control over which disk is used for `/data/user`, it is better to complete the initialization process with only one disk attached initially. + +1. Initialize the multi-disk setup using the new block storage devices. To initialize multi-disk support, run `ghe-storage-multi-disk init`. On every reboot, the `ghe-multi-disk.service` will automatically remount the existing data disks at the correct paths. + + ``` shell copy + /usr/local/share/enterprise/ghe-storage-multi-disk init /dev/nvme2n1 db + ``` + + ``` shell copy + /usr/local/share/enterprise/ghe-storage-multi-disk init /dev/nvme3n1 git + ``` + + Please note that `/dev/nvme2n1` and `/dev/nvme3n1` are example paths only. They might not match the paths on your system. Similarly, `db` and `git` are examples. You may choose different names. + +1. Switch to maintenance mode. + + ``` shell copy + gh es maintenance set --enabled true + ``` + +1. Migrate your desired data paths. + + To migrate MySQL: + + ``` shell copy + /usr/local/share/enterprise/ghe-storage-migrate-mysql db + ``` + + To migrate repositories: + + ``` shell copy + /usr/local/share/enterprise/ghe-storage-migrate-repositories git + ``` + +1. Exit maintenance mode. + + ``` shell copy + gh es maintenance set --enabled false + ``` + +1. Test the instance for a period of time to make sure everything works as expected. +1. **Only after sufficient testing**, remove `/data/user/mysql-backup` and `/data/user/repositories-backup`. + + Keeping these folders during testing allows you to roll back in an emergency. After sufficient testing, you should remove those backup folders to free up space. + +### Guidance for high availability configurations + +The following guidance helps reduce downtime in high availability (HA) topologies. If you are using a standalone topology, we do not have similar additional guidance at this time. + +For HA topologies, the best approach is to stand up a new replica with multiple data disks configured, replicate data from the primary, and then promote the replica to primary. Migrating data to additional disks on the current primary is not recommended, as this process can lead to significant downtime. + +1. Set up a new HA replica with better disks. + + To plan for the data migration, use `du -sh /data/user/mysql` and `du -sh /data/user/repositories` on the primary to calculate disk space requirements for the new replica. + +1. Set up multi-disk on the new HA replica. +1. Allow the HA primary to replicate to the replica. +1. Follow the failover sequence as documented in [AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance). + +While the replication process can take a long time, the advantage is that it runs in the background, so the actual disruption from maintenance mode is dramatically reduced. + +## Example: configuring two additional disks + +This example demonstrates the required commands and outputs for disk initialization and data migration. Specifically, `/data/user/mysql` is migrated to `/data/multi-disk/db/mysql`, and `/data/user/repositories` is migrated to `/data/multi-disk/git/repositories`. + +```shell +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk status +Checking system status... + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk info +Dumping disk status and information... + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk init /dev/nvme2n1 db +Starting initialization sequence for /dev/nvme2n1 at /data/multi-disk/db... + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk init /dev/nvme3n1 git +Starting initialization sequence for /dev/nvme3n1 at /data/multi-disk/git... + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-migrate-mysql db +Start mysql migration to /data/multi-disk/db... +Running checks.. +Error: maintenance mode must be enabled before being able to proceed. +ERROR: Last Command: return 1 LINE: 36 ghe-storage-migrate-mysql +Script exited with exit code: 1 + +admin@ghe-test-primary:~$ ghe-maintenance -s + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-migrate-mysql db +Start repository migration to /data/multi-disk/db... +Success: /data/user/mysql moved to /data/multi-disk/db/mysql +Script exited with exit code: 0 + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-migrate-repositories git +Start repository migration to /data/multi-disk/git... +Success: /data/user/repositories moved to /data/multi-disk/git +Script exited with exit code: 0 + +admin@ghe-test-primary:~$ ghe-maintenance -u + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk status +Checking system status... +/data/user/mysql -> /data/multi-disk/db/mysql is correctly symlinked. +Repositories migration was detected... +/data/user/repositories -> /data/multi-disk/git/repositories is correctly symlinked. + +admin@ghe-test-primary:~$ /usr/local/share/enterprise/ghe-storage-multi-disk info +Dumping disk status and information... +# Multi disk configuration /data/user/multi-disk-config: +DISK_DB="lvm" +DISK_GIT="lvm" +MYSQL_MIGRATION_PATH="/data/multi-disk/db/mysql" +REPOSITORIES_MIGRATION_PATH="/data/multi-disk/git/repositories" + +admin@ghe-test-primary:~$ ls /var/log/multi-disk/ +ghe-storage-init-db.log ghe-storage-init-git.log ghe-storage-migrate-mysql.log ghe-storage-migrate-repositories.log + +``` + +## Hygiene checks + +Both `/usr/local/share/enterprise/ghe-storage-multi-disk status` and `/usr/local/share/enterprise/ghe-storage-multi-disk info` are helpful for checking your setup. + +To view the current multi-disk configuration, use: + +```shell +$ cat /data/user/multi-disk-config +DISK_DB="lvm" +DISK_GIT="lvm" +MYSQL_MIGRATION_PATH="/data/multi-disk/db/mysql" +REPOSITORIES_MIGRATION_PATH="/data/multi-disk/git/repositories" +``` + +To review multi-disk logs, including disk initialization and migration events, run: + +```shell +$ ls -l /var/log/multi-disk/ +total 56 +-rw-r--r-- 1 root root 2398 Mar 3 13:22 ghe-storage-init-db.log +-rw-r--r-- 1 root root 2497 Mar 3 13:23 ghe-storage-init-git.log +-rw-r--r-- 1 root root 2201 Mar 3 13:28 ghe-storage-migrate-mysql.log +-rw-r--r-- 1 root root 37296 Mar 3 13:30 ghe-storage-migrate-repositories.log +``` + +## Commands for managing multiple disks + +These commands make it possible to add multiple disks and migrate specific services or folder paths to those disks. The original folder paths are maintained and kept static. Other services are unaware that anything has changed. The static folder paths are symlinked to the newly migrated paths. + +The commands include: + +* ghe-storage-multi-disk + * `status` + * `init` + * `info` + * `mount` + * `start-services` (only recommended for debugging) + * `stop-services` (only recommended for debugging) +* ghe-storage-migrate-repositories + * Migrates `/data/user/repositories` to any disk path created using `ghe-storage-multi-disk init`. +* ghe-storage-migrate-mysql + * Migrates `/data/user/mysql` to any disk path created using `ghe-storage-multi-disk init`. diff --git a/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/index.md b/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/index.md new file mode 100644 index 000000000000..f96a3755812c --- /dev/null +++ b/content/admin/monitoring-and-managing-your-instance/multiple-data-disks/index.md @@ -0,0 +1,10 @@ +--- +title: Multiple data disks +intro: 'You can configure additional data disks and use them to host MySQL and repositories data.' +versions: + ghes: '>= 3.19' +topics: + - Enterprise +children: + - /configuring-multiple-data-disks +--- diff --git a/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md b/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md index efcaada1ca4d..607bd3342298 100644 --- a/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md +++ b/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md @@ -64,7 +64,7 @@ Other policies are available as blanket restrictions. These give you more contro ## Targeting policies with metadata -You can enable better governance through automated policy enforcement. This is possible with custom properties, allowing you to add structured metadata to your resources. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties). +You can enable better governance through automated policy enforcement. This is possible with custom properties, allowing you to add structured metadata to your resources.{% ifversion ghec or ghes > 3.20 %} See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties).{% endif %} With **repository custom properties**, you can classify repositories by attributes like risk level, team ownership, or compliance requirements. This metadata enables you to automatically apply different governance rules based on repository characteristics. @@ -72,7 +72,7 @@ With **organization custom properties**, you can categorize organizations within Both types of custom properties integrate with rulesets, allowing you to create powerful governance frameworks that automatically enforce the right policies based on metadata rather than manual repository selection. -See [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations). +See [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization){% ifversion ghec or ghes > 3.20 %} and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organizations){% endif %}. ## Monitoring activity @@ -94,7 +94,7 @@ With **{% data variables.product.prodname_secret_scanning %}**, you can scan you To learn more, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). -{% data variables.product.prodname_secret_scanning_caps %} can be enabled at the enterprise, organization, and repository level. See {% ifversion ghes %}[AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance){% elsif ghec %}[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/about-security-configurations){% endif %} for enablement at enterprise level. +{% data variables.product.prodname_secret_scanning_caps %} can be enabled at the enterprise, organization, and repository level. See {% ifversion ghes %}[AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance){% elsif ghec %}[AUTOTITLE](/code-security/concepts/security-at-scale/about-security-configurations){% endif %} for enablement at enterprise level. ### Push protection @@ -122,7 +122,10 @@ You may want to set up an approval process for better control over who in your e Approval processes are available for: * Bypasses of push protection—You can choose who is allowed to bypass push protection, and add a review and approval cycle for pushes containing secrets from all other contributors. For more information about **delegated bypass for push protection**, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% ifversion security-delegated-alert-dismissal %} -* Dismissals of alerts for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning). +* Dismissals of alerts for {% data variables.product.prodname_code_scanning %}{% ifversion dependabot-delegated-alert-dismissal %}, {% data variables.product.prodname_dependabot %},{% endif %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see the following articles: + * [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning){% ifversion dependabot-delegated-alert-dismissal %} + * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %} + * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning) {% endif %} @@ -134,4 +137,4 @@ Many industries have regulations that require regular security assessments and v To get started quickly with {% data variables.product.prodname_code_scanning %}, we recommend you use the default setup. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). -{% data variables.product.prodname_code_scanning_caps %} can be enabled at the enterprise, organization, and repository level. See {% ifversion ghes %}[AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance){% elsif ghec %}[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/about-security-configurations){% endif %} for enablement at enterprise level. +{% data variables.product.prodname_code_scanning_caps %} can be enabled at the enterprise, organization, and repository level. See {% ifversion ghes %}[AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance){% elsif ghec %}[AUTOTITLE](/code-security/concepts/security-at-scale/about-security-configurations){% endif %} for enablement at enterprise level. diff --git a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md index 627611a7201e..133951203df6 100644 --- a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md +++ b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md @@ -114,7 +114,7 @@ You can cancel a trial at any time. Once the trial has expired, you can delete t {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **Profile**. +1. Under **{% octicon "gear" aria-hidden="true" aria-label="gear" %} Settings**, click **General**. 1. At the bottom of the page, in the "Danger zone" section, click **Cancel trial** or **Delete trial**. ## Further reading diff --git a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md index 940bc3857b93..104a6bbe59ae 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md @@ -45,9 +45,9 @@ Organization owners can install {% data variables.product.prodname_github_apps % Enterprise owners can install {% data variables.product.prodname_github_apps %} on their enterprise accounts, if the application requests enterprise permissions and is owned by the enterprise or one of its organizations. {% endif %} -Admins of repositories that are owned by an organization can also install {% data variables.product.prodname_github_apps %} on the organization if they only grant the app access to repositories that they are an admin of and if the app does not request any organization permissions or the "repository administration" permission. Organization owners can prevent outside collaborators who are repository admins from installing {% data variables.product.prodname_github_apps %}. +{% data reusables.apps.repo-admin-install-restriction %} -Organization members who are not organization owners or repository admins can still select the organization during the install process. Instead of installing the app, {% data variables.product.company_short %} will send a notification to the organization owner to request the organization owner to install the app. +Organization members and outside collaborators that cannot install an app on the organization can still select the organization during the install process. Instead of installing the app, {% data variables.product.company_short %} will send a notification to the organization owner to request the organization owner to install the app. The ability to make these requests can be controlled using app access request policies. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests). The "app manager" role does not give a person the ability to install a {% data variables.product.prodname_github_app %} on the organization{% ifversion enterprise-app-manager %} or enterprise{% endif %}. See [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers). diff --git a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md index a236644844dd..10396d00c664 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md @@ -46,7 +46,7 @@ Organization owners can install {% data variables.product.prodname_github_apps % For enterprises that pay by credit card, enterprise owners who are also organization owners can install {% data variables.product.prodname_github_apps %} on organizations within their enterprise. -Admins of repositories that are owned by an organization can also install {% data variables.product.prodname_github_apps %} on the organization if they only grant the app access to repositories that they are an admin of and if the app does not request any organization permissions or the "repository administration" permission. Organization owners can prevent outside collaborators who are repository admins from installing {% data variables.product.prodname_github_apps %}. +{% data reusables.apps.repo-admin-install-restriction %} The "app manager" role does not give a person the ability to install a {% data variables.product.prodname_github_app %} in the organization{% ifversion enterprise-app-manager %} or enterprise{% endif %}. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers). diff --git a/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md b/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md index 201281ae723b..9ff35367ea85 100644 --- a/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md +++ b/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md @@ -32,15 +32,7 @@ After installation, the app will be able to create an installation token for you ## What enterprise-installed apps can do -Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every enterprise API, but several APIs have already been updated to support GitHub Apps. These APIs and GraphQL mutations include: - -* [List and create organizations in your enterprise](/graphql/reference/mutations#createenterpriseorganization) -* [Manage users in your enterprise](/graphql/reference/objects#enterprise) -* Create and manage {% data variables.product.prodname_github_app %} installations in your organizations -* Manage enterprise custom repository properties -* Call the enterprise SCIM APIs - -Check the [changelog](https://github.blog/changelog/) for updates on new APIs and permissions for {% data variables.product.prodname_github_apps %}. +{% data reusables.enterprise-accounts.enterprise-apps-capabilities %} For more information about available permissions and API endpoints, see [AUTOTITLE](/rest/authentication/permissions-required-for-github-apps). diff --git a/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md b/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md index 6fd5a45b2906..e1f61479999f 100644 --- a/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md +++ b/content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md @@ -19,13 +19,7 @@ topics: shortTitle: GitHub's IP addresses --- -You can retrieve a list of the IP addresses for {% data variables.product.prodname_dotcom_the_website %} from the [meta](https://api.github.com/meta) API endpoint. For more information, see [AUTOTITLE](/rest/meta). - -{% ifversion ghec %} - -If you access {% data variables.product.github %} on a subdomain of {% data variables.enterprise.data_residency_site %}, the meta endpoint does not return IP ranges for your subdomain. See [AUTOTITLE](/admin/data-residency/network-details-for-ghecom#githubs-ip-addresses). - -{% endif %} +You can retrieve a list of the IP addresses for your {% data variables.product.github %} environment from the [meta](https://api.github.com/meta) API endpoint. For more information, see [AUTOTITLE](/rest/meta). > [!NOTE] > The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}. @@ -36,7 +30,7 @@ These ranges are in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inte We make changes to our IP addresses from time to time. We do not recommend allowing by IP address, but if you use these IP ranges we strongly encourage regular monitoring of our API. -For applications to function, you must allow TCP ports 22, 80, and 443 via our IP ranges for `github.com`. +For applications to function, you must allow TCP ports 22, 80, and 443 via our IP ranges for `github.com` and `{% data variables.enterprise.data_residency_domain %}`. ## Further reading diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index 0da4f95c8461..9cc6c1285c71 100644 --- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -144,6 +144,7 @@ Below are some example URLs that generate the tokens we see most often: * [GitHub Models access](https://github.com/settings/personal-access-tokens/new?name=GitHub+Models+token&description=Used%20to%20call%20GitHub%20Models%20APIs%20to%20easily%20run%20LLMs%3A%20https%3A%2F%2Fdocs.github.com%2Fgithub-models%2Fquickstart%23step-2-make-an-api-call&user_models=read) * [Update code and open a PR](https://github.com/settings/personal-access-tokens/new?name=Core-loop+token&description=Write%20code%20and%20push%20it%20to%20main%21%20Includes%20permission%20to%20edit%20workflow%20files%20for%20Actions%20-%20remove%20%60workflows%3Awrite%60%20if%20you%20don%27t%20need%20to%20do%20that&contents=write&pull_requests=write&workflows=write) * [Manage Copilot licenses in an organization](https://github.com/settings/personal-access-tokens/new?name=Core-loop+token&description=Enable%20or%20disable%20copilot%20access%20for%20users%20with%20the%20Seat%20Management%20APIs%3A%20https%3A%2F%2Fdocs.github.com%2Frest%2Fcopilot%2Fcopilot-user-management%0ABe%20sure%20to%20select%20an%20organization%20for%20your%20resource%20owner%20below%21&organization_copilot_seat_management=write) +* [Make Copilot requests](https://github.com/settings/personal-access-tokens/new?name=Copilot+requests+token&description=Make%20Copilot%20API%20requests%20on%20behalf%20of%20the%20user%2C%20consuming%20premium%20requests%3A%20https%3A%2F%2Fdocs.github.com%2Fcopilot%2Fconcepts%2Fbilling%2Fcopilot-requests&copilot_requests=write) #### Supported Query Parameters @@ -173,6 +174,7 @@ Account permissions are only used when the current user is set as the resource o | `codespaces_user_secrets` | Codespaces user secrets | `read`, `write` | | `copilot_messages` | Copilot Chat | `read` | | `copilot_editor_context` | Copilot Editor Context | `read` | +| `copilot_requests` | Copilot requests | `write` | | `emails` | Email addresses | `read`, `write` | | `user_events` | Events | `read` | | `followers` | Followers | `read`, `write` | @@ -189,6 +191,12 @@ Account permissions are only used when the current user is set as the resource o | `starring` | Starring | `read`, `write` | | `watching` | Watching | `read`, `write` | +{% ifversion copilot %} + +> [!NOTE] +> The `copilot_requests` permission enables making {% data variables.product.prodname_copilot_short %} requests for the given user, which count towards the user's premium request allowance or are charged to overage billing if the allowance is exceeded. For more information about {% data variables.product.prodname_copilot_short %} requests and billing, see [AUTOTITLE](/copilot/concepts/billing/copilot-requests). + +{% endif %} ##### Repository Permissions Repository permissions work for both user and organization resource owners. diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md index df82a8e5e0ed..25a1bfec7649 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md @@ -20,7 +20,13 @@ shortTitle: Configure 2FA recovery --- In addition to securely storing your two-factor authentication (2FA) recovery codes, we strongly recommend configuring two or more authentication methods to avoid losing access to your account. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key). -## Downloading your two-factor authentication recovery codes +As well as configuring authentication methods, we'd also strongly suggest setting up some 2FA recovery methods which may be helpful if you were ever to lose your authentication methods. Recovery methods available to be configured include: the account's recovery codes file, SSH key(s), {% data variables.product.pat_generic_caps_plural %} (PATs) and verified device(s). + +## About the recovery codes file + +The recovery codes file includes one-time codes for account recovery if you can’t access your two-factor authentication method. You should download and store these codes securely. + +### Downloading your two-factor authentication recovery codes {% data reusables.two_fa.about-recovery-codes %} You can also download your recovery codes at any point after enabling two-factor authentication. @@ -36,7 +42,7 @@ If you generate new recovery codes or disable and re-enable 2FA, the recovery co * To save a hard copy of your recovery codes, click **Print**. * To copy your recovery codes for storage in a password manager, click **Copy**. -## Generating a new set of recovery codes +### Generating a new set of recovery codes Once you use a recovery code to regain access to your account, it cannot be reused. If you've used all 16 recovery codes, you can generate another list of codes. Generating a new set of recovery codes will invalidate any codes you previously generated. @@ -45,7 +51,7 @@ Once you use a recovery code to regain access to your account, it cannot be reus {% data reusables.two_fa.show-recovery-codes %} 1. Under "Generate new recovery codes", click **Generate new recovery codes**. -## Configuring backups for your time-based one-time password (TOTP) app +### Configuring backups for your time-based one-time password (TOTP) app Most TOTP apps support backups. If you lose access to your authentication device, you can use your TOTP app backup to access your authentication method and account credentials on a different authentication device, ensuring continued access to your 2FA-enabled account. @@ -55,6 +61,20 @@ The process of configuring backups is different for each TOTP app. For some exam * [Google Authenticator](https://security.googleblog.com/2023/04/google-authenticator-now-supports.html) * [Microsoft Authenticator](https://support.microsoft.com/en-us/account-billing/back-up-and-recover-account-credentials-in-the-authenticator-app-bb939936-7a8d-4e88-bc43-49bc1a700a40) +## SSH keys + +SSH keys can be configured and used for account recovery if ever required. To set up 1 or more SSH keys that can be used to recover access to your 2FA-enabled account, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). + +> [!NOTE] +> Be sure to choose 'authentication' as the key's type during this process. + +## {% data variables.product.pat_generic_caps_plural %} + +{% data variables.product.pat_generic_caps_plural %} (PATs) can be configured and used for recovery if ever needed. To set up 1 or more PATs that can be used to recover access, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic). + +> [!NOTE] +> Be sure to choose 'repo' when choosing the 'scopes' available during this process. + ## Further reading * [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication) diff --git a/content/billing/concepts/budgets-and-alerts.md b/content/billing/concepts/budgets-and-alerts.md index 5664eae946e7..16280c6cffd1 100644 --- a/content/billing/concepts/budgets-and-alerts.md +++ b/content/billing/concepts/budgets-and-alerts.md @@ -38,6 +38,10 @@ You can enable alerts for budgets to receive emails when usage reaches 75%, 90%, When you first create a budget, be aware that the budget applies only to metered usage from the date of its creation onwards. Any use made before you created the budget is not included in the calculations. This means that you may exceed your budget in the first billing cycle after you create your budget, even if you select the option stop usage when the limit is reached. +## Budget limitation + +The maximum number of budgets per account is 10,000. + ## Set up a budget To get started with budgets, see [AUTOTITLE](/billing/tutorials/set-up-budgets). diff --git a/content/billing/concepts/cost-centers.md b/content/billing/concepts/cost-centers.md index 53fba15e2df9..e50bb7979463 100644 --- a/content/billing/concepts/cost-centers.md +++ b/content/billing/concepts/cost-centers.md @@ -32,7 +32,7 @@ For more details, see [AUTOTITLE](/billing/reference/cost-center-allocation). ## Cost center limitations * The maximum number of active cost centers per enterprise is 250. -* The maximum number of resources per cost center is 10,000. +* The maximum number of resources per cost center is 25,000. * A maximum of 50 resources can be added to or removed from a cost center at a time. * Azure subscriptions can only be added to or removed from cost centers through the UI. * Outside collaborators can only be added to cost centers via the cost center API. For more information, see [AUTOTITLE](/billing/tutorials/control-costs-at-scale#add-resources-to-the-cost-center). diff --git a/content/billing/concepts/index.md b/content/billing/concepts/index.md index cd5ac6c8d09f..e8103fa887f7 100644 --- a/content/billing/concepts/index.md +++ b/content/billing/concepts/index.md @@ -20,4 +20,3 @@ children: - /third-party-payments contentType: concepts --- - diff --git a/content/billing/concepts/product-billing/git-lfs.md b/content/billing/concepts/product-billing/git-lfs.md index f270f2f87ac4..dbc952206a88 100644 --- a/content/billing/concepts/product-billing/git-lfs.md +++ b/content/billing/concepts/product-billing/git-lfs.md @@ -51,7 +51,10 @@ contentType: concepts ## How use of {% data variables.large_files.product_name_short %} is measured -Each {% data variables.product.github %} account receives a quota of free bandwidth and storage for {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}). Any usage beyond the included amounts is billed to your account. Bandwidth resets every month, while storage usage does not. +Each {% data variables.product.github %} account receives a quota of free bandwidth and storage for {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}). Any usage beyond the included amounts is billed to your account. + +* **Bandwidth:** Your free quota resets at the start of each billing cycle. +* **Storage:** Charges accrue continuously throughout the month based on hourly usage. Your accrued storage total resets to zero at the begining of each billing cycle. Working in a public or private repository with {% data variables.large_files.product_name_short %}: @@ -86,7 +89,7 @@ The following amounts of storage and bandwidth for downloads are included in you | {% data variables.product.prodname_pro %} | {% data variables.large_files.included_bandwidth_free_pro %} | {% data variables.large_files.included_storage_free_pro %} | | {% data variables.product.prodname_free_team %} for organizations | {% data variables.large_files.included_bandwidth_free_pro %} | {% data variables.large_files.included_storage_free_pro %} | | {% data variables.product.prodname_team %} | {% data variables.large_files.included_bandwidth_team_enterprise %} | {% data variables.large_files.included_storage_team_enterprise %} | -| {% data variables.product.prodname_ghe_cloud %} | {% data variables.large_files.included_bandwidth_team_enterprise %} | {% data variables.large_files.included_storage_team_enterprise %} | +|{% data variables.product.prodname_ghe_cloud %} | {% data variables.large_files.included_bandwidth_team_enterprise %} | {% data variables.large_files.included_storage_team_enterprise %} | ## Using more than your included quota diff --git a/content/billing/concepts/product-billing/github-actions.md b/content/billing/concepts/product-billing/github-actions.md index 60a2079f7b52..b32451888bf0 100644 --- a/content/billing/concepts/product-billing/github-actions.md +++ b/content/billing/concepts/product-billing/github-actions.md @@ -27,14 +27,59 @@ contentType: concepts {% data variables.product.prodname_actions %} usage is **free** for **self-hosted runners** and for **public repositories** that use standard {% data variables.product.github %}-hosted runners. See [AUTOTITLE](/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories). -For **private repositories**, each {% data variables.product.github %} account receives a quota of free minutes, artifact storage, and cache storage for use with {% data variables.product.github %}-hosted runners, depending on the account's plan. Any usage beyond the included amounts is billed to your account. Minutes reset every month, while artifact and cache storage usage do not. +For **private repositories**, each {% data variables.product.github %} account receives a quota of free minutes, artifact storage, and cache storage for use with {% data variables.product.github %}-hosted runners, depending on the account's plan. Any usage beyond the included amounts is billed to your account. + +* **Minutes:** Your free minutes reset to the full amount at the start of each billing cycle. Minutes usage is charged to the repository owner, not the person who triggered the workflow runs. +* **Storage:** Storage charges accumulate throughout the month based on hourly usage. Your accrued storage charges reset to zero at the start of each billing cycle. > [!TIP] -> Anyone with write access to a repository can run actions without using minutes for their personal account. +> Anyone with write access to a repository can run actions. Any costs of running the actions are billed to the repository owner. + +## How storage billing works + +{% data variables.product.prodname_actions %} storage billing operates on an **hourly accrual model**: + +* **Continuous billing:** Storage charges accrue every hour based on your actual usage throughout the month +* **Monthly total:** Your bill reflects the total storage used throughout the month, measured in GB-Hours +* **Included amount:** The free storage allowance for your plan (for example, 50 GB on the Enterprise plan) is converted to an hourly rate for billing calculations +* **Shared storage:** Actions artifacts, Actions caches, and {% data variables.product.prodname_registry %} storage all share the same pooled allowance. For more information, see [AUTOTITLE](/billing/concepts/product-billing/github-packages). + +### Understanding current vs. accrued storage + +It's important to understand the difference between what you see on {% data variables.product.github %} and what appears on your bill: + +* **Current storage:** The amount of storage you have right now (visible in repository settings and the **Billing Overview** page) +* **Accrued storage:** The cumulative total of storage used throughout the billing cycle (determines your bill) + +**When you delete artifacts:** +* Current storage decreases immediately +* Future hourly charges stop accumulating +* Storage already accrued during the current billing cycle remains in your total and will appear on your bill + +**Example (30-day billing cycle):** If you store 10 GB of artifacts for 10 days, then delete everything on day 11: +* Days 1-10: Accruing 240 GB-Hours per day (10 GB × 24 hours) +* Day 11: Delete artifacts → current storage drops to 0 GB +* Days 11-30: Accruing 0 GB-Hours (no storage) +* Your bill: Shows 2,400 GB-Hours total (10 days × 240 GB-Hours/day) + +Deleting artifacts reduces your current storage and prevents future charges, but does not remove charges already recorded for the time the storage existed. + +### Storage measurement units + +{% data variables.product.prodname_actions %} measures storage in **binary gigabytes (GB)**, where: +* 1 GB = 2^30 bytes = 1,073,741,824 bytes +* This is also known as a gibibyte (GiB) +* 1 GB = 1,024 megabytes (MB) + +**Billing calculations use GB-Hours:** +* 1 GB-Hour = 1 GB of storage for 1 hour +* Example: Storing 3 GB for 10 days = 720 GB-Hours (3 GB × 10 days × 24 hours) + +Your monthly bill converts GB-Hours to GB-Months by dividing by the hours in the month (usually 720 hours for a 30-day month). ### Examples of how usage is measured -* If you run a workflow on a standard Linux runner and it takes 10 minutes to complete, you'll use 10 minutes of the repository owner's allowance. If the workflow generates a 10 MB artifact, then you'll also use 10 MB of the repository owner's artifact storage allowance. +* If you run a workflow on a Linux runner and it takes 10 minutes to complete, you'll use 10 minutes of the repository owner's allowance. If the workflow generates a 10 MB artifact, then you'll also use 10 MB of the repository owner's artifact storage allowance. * If you run a workflow that normally takes 10 minutes and it fails after 5 minutes because a dependency isn't available, you'll use 5 minutes of the repository owner's allowance. If you fix the problem and re-run the workflow successfully, in total you'll use 15 minutes of the repository owner's allowance. * If you run a workflow that generates many log files and a long job summary, these files do not count towards the repository owner's artifact storage allowance. * Cache storage usage is measured by the peak usage for each hour. Included usage is 10 GB per repository. For a given hour, if a repository has a peak cache usage of 15 GB, then the repository owner will be charged for the 5 GB of usage above the 10 GB included for that hour. The repository owner will only be charged if the repository cache storage limit has been configured higher than the included usage. @@ -46,53 +91,50 @@ The following amounts of time for standard runners, artifact storage, and cache {% data reusables.billing.actions-included-quotas %} -> [!NOTE] -> Included minutes cannot be used for larger runners. These runners will always be charged for, even when used by public repositories. - The use of standard {% data variables.product.github %}-hosted runners is free: - * In public repositories * For {% data variables.product.prodname_pages %} * For {% data variables.product.prodname_dependabot %} * For the agentic features ({% data variables.release-phases.public_preview %}) in {% data variables.copilot.copilot_code-review %} +> [!NOTE] +> +> * Larger runners are always charged for, even when used by public repositories or when you have quota available from your plan. +> * The storage amounts shown are **shared** with {% data variables.product.prodname_registry %}. This means your total storage across Actions artifacts, Actions caches, and Packages cannot exceed the included amount for your plan. + ## Using more than your included quota -If your account does not have a valid payment method on file, usage is blocked once you use up your quota. +If your account does not have a valid payment method on file, usage is blocked once you use up your quota. Usage of larger runners is always blocked until you set up a payment method. ## Paying for additional {% data variables.product.prodname_actions %} use You pay for any additional use above your quota using the payment method set up for your {% data variables.product.github %} account. See [AUTOTITLE](/billing/how-tos/set-up-payment/manage-payment-info). -Storage is billed based on hourly usage of artifacts and caches throughout the month. Minutes are calculated based on the total processing time used on each runner type during the month. +For {% data variables.product.github %}-hosted runners, storage is billed based on hourly usage of artifacts and caches throughout the month. Minutes are calculated based on the total processing time used by each runner type during the month. -* To estimate costs for paid {% data variables.product.prodname_actions %} usage, use the {% data variables.product.github %} [pricing calculator](https://github.com/pricing/calculator?feature=actions). -* To view your current minutes, artifact, and cache storage, see [AUTOTITLE](/billing/managing-billing-for-your-products/viewing-your-product-usage). +* To estimate costs for paid usage, use the {% data variables.product.github %} [pricing calculator](https://github.com/pricing/calculator?feature=actions). +* To view your current costs, see [AUTOTITLE](/billing/managing-billing-for-your-products/viewing-your-product-usage). > [!NOTE] -> The billing dashboard may show your Actions usage as a dollar amount ("spend") rather than raw minutes. This amount already reflects any applicable minute multipliers. +> The billing dashboard may show your Actions usage as a dollar amount ("spend") rather than raw minutes. This amount already reflects any applicable minute costs. -### Minute multipliers +### Baseline minute costs -Each type of runner has a minute multiplier that is determined by the operating system and processing power. For example, jobs that run on Windows and macOS runners hosted by {% data variables.product.github %} consume minutes at 2 and 10 times the rate that jobs on Linux runners consume. +Each type of runner hosted by {% data variables.product.github %} has a cost per-minute that is determined by the operating system and processing power. -| Operating system | Minute multiplier | -| ---------------- | :---------------: | -| Linux | 1 | -| Windows | 2 | -| macOS | 10 | +For example, jobs that run on Windows and macOS runners hosted by {% data variables.product.github %} cost more to run than jobs on Linux runners. -For full details of minute multipliers for {% data variables.product.github %}-hosted runners, see [AUTOTITLE](/billing/reference/actions-minute-multipliers). +{% data reusables.billing.actions-standard-runner-prices %} -### Example minutes cost calculation +For full details of minute costs for different types of runners, see [AUTOTITLE](/billing/reference/actions-runner-pricing). -For example, if your organization uses {% data variables.product.prodname_team %}, using 5,000 minutes beyond the included quota would have a total actions minutes cost of $56 USD, with the use of both Linux and Windows runners. +### Example minutes cost calculation for {% data variables.product.github %}-hosted runners -* 5,000 (3,000 Linux and 2,000 Windows) minutes = $56 USD ($24 USD + $32 USD). - * 3,000 Linux minutes at $0.008 USD per minute = $24 USD. - * 2,000 Windows minutes at $0.016 USD per minute = $32 USD. +For example, if your organization uses {% data variables.product.prodname_team %}, using 5,000 minutes beyond the included quota on {% data variables.product.github %}-hosted runners would have a total actions minutes cost of $38 USD currently, if you used baseline Linux and Windows runners. -This example assumes that the baseline runner was used for each operating system. +* 5,000 (3,000 Linux and 2,000 Windows) minutes = $38 USD ($18 USD + $20 USD). + * 3,000 Linux minutes at $0.006 USD per minute = $18 USD. + * 2,000 Windows minutes at $0.010 USD per minute = $20 USD. ### Example artifact storage cost calculation diff --git a/content/billing/concepts/product-billing/github-advanced-security.md b/content/billing/concepts/product-billing/github-advanced-security.md index 15a537177abe..7c43d481e215 100644 --- a/content/billing/concepts/product-billing/github-advanced-security.md +++ b/content/billing/concepts/product-billing/github-advanced-security.md @@ -53,7 +53,7 @@ Each **active committer** to at least one repository with an {% data variables.p * **Active committers** are committers who contributed to at least one repository and have a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} license with your organization or enterprise. That is, they are also a member, an enterprise-managed user, an external collaborator, or have a pending invitation to join your organization or enterprise. * **Unique committers** is the number of active committers who contributed only to one repository, or only to repositories in one organization. You can free up this number of licenses by disabling {% data variables.product.prodname_GH_cs_or_sp %} for that repository or organization. -> [!NOTE] When a repository is migrated to GitHub, GitHub Advanced Security only consumes licenses for commits and pushes made after migration, rather than considering all historic contributions from before the migration. +> [!NOTE] When a repository is migrated to {% data variables.product.github %} using {% data variables.product.prodname_importer_proper_name %}, {% data variables.product.prodname_GHAS %} only consumes licenses for commits and pushes made _after_ migration. Historic contributions from _before_ the migration are not considered. For more information, see [AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer). {% ifversion security-configurations %}You can see the active and unique committers to an organization on the Global settings page for {% data variables.product.UI_advanced_security %}. Under "{% data variables.product.prodname_secret_protection %} repositories" and "{% data variables.product.prodname_code_security %} repositories", summaries and repository-level details are reported. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization).{% endif %} diff --git a/content/billing/concepts/product-billing/github-copilot-licenses.md b/content/billing/concepts/product-billing/github-copilot-licenses.md index 21d8bc691652..401115bd1b36 100644 --- a/content/billing/concepts/product-billing/github-copilot-licenses.md +++ b/content/billing/concepts/product-billing/github-copilot-licenses.md @@ -47,6 +47,7 @@ There are several ways to use {% data variables.product.prodname_copilot_short % * You must choose a monthly or yearly billing cycle and provide a payment method. * If you do not cancel before the end of the trial, it automatically converts to a paid plan. * You can cancel any time during the 30 days. If you cancel, you will not be charged and will keep access until the trial ends. +* Free trials are limited to three per payment method. Additional trials will continue as paid subscriptions. ### Educational and open source benefits diff --git a/content/billing/concepts/product-billing/github-packages.md b/content/billing/concepts/product-billing/github-packages.md index 9e5ae6a15f73..bc8a39e616ca 100644 --- a/content/billing/concepts/product-billing/github-packages.md +++ b/content/billing/concepts/product-billing/github-packages.md @@ -25,7 +25,10 @@ contentType: concepts {% data variables.product.prodname_registry %} usage is **free** for **public packages**. In addition, data transferred in from any source is free. -For **private** repositories, each {% data variables.product.github %} account receives a quota of storage and data transfer for use with {% data variables.product.prodname_registry %}, depending on the account's plan. Any usage beyond the included amounts is billed to your account. Data transfer resets every month, while storage usage does not. +For **private** repositories, each {% data variables.product.github %} account receives a quota of storage and data transfer for use with {% data variables.product.prodname_registry %}, depending on the account's plan. Any usage beyond the included amounts is billed to your account. + +* **Data transfer** Your free quota resets at the start of each billing cycle. +* **Storage:** Charges accrue continuously throughout the month based on your hourly usage. At the start of each billing cycle, your accrued storage total resets to zero and begins accumulating again. Working in a private repository with packages: @@ -57,8 +60,10 @@ Plan | Storage | Data transfer (per month) {% endrowheaders %} +The storage amounts shown are **shared** with {% data variables.product.prodname_actions %}. This means your total storage across Packages, Actions artifacts, and Actions caches cannot exceed the included amount for your plan. + > [!NOTE] -> **Billing for container image storage:** Container image storage and bandwidth for the {% data variables.product.prodname_container_registry %} is currently free. If you use {% data variables.product.prodname_container_registry %}, you'll be informed at least one month in advance of any change to this policy. For more information about the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-container-registry). +> * **Billing for container image storage:** Container image storage and bandwidth for the {% data variables.product.prodname_container_registry %} is currently free. If you use {% data variables.product.prodname_container_registry %}, you'll be informed at least one month in advance of any change to this policy. For more information about the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-container-registry). ### Package downloads by {% data variables.product.prodname_actions %} diff --git a/content/billing/get-started/billing-manager-onboard.md b/content/billing/get-started/billing-manager-onboard.md new file mode 100644 index 000000000000..f27516e13192 --- /dev/null +++ b/content/billing/get-started/billing-manager-onboard.md @@ -0,0 +1,72 @@ +--- +title: Billing manager onboarding +shortTitle: Billing manager onboard +intro: 'A quick overview of your role and how you can work with organization and enterprise owners to control and track costs in {% data variables.product.github %}.' +versions: + fpt: '*' + ghec: '*' +topics: + - Billing + - Enterprise + - Organizations +contentType: get-started +audience: + - driver +--- + + + +## Introduction to the billing manager role + +Organization and enterprise owners can share the work of managing budgets and reporting on costs by inviting members to become billing managers. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization). + +When you accept an invitation or a notification to become a billing manager, you gain access to the billing and licensing pages for an organization or enterprise account. From these pages you can view usage, set budgets to control costs, and download reports on how budgets were spent. + +This article will guide you through the essential concepts and tasks you should focus on as a new billing manager, presented in a logical order to help you get oriented and become effective in your role. + +## 1. Understand how {% data variables.product.github %} charges for use + +First, you need to understand how billing works on {% data variables.product.github %} and familiarize yourself with your organization's current costs and payment structure. + +* Read about billing concepts to understand the terminology, what you pay for, and when. See [AUTOTITLE](/billing/get-started/how-billing-works). +* Get an overview of the billing functionality and discover how to access billing information. See [AUTOTITLE](/billing/get-started/introduction-to-billing). +* Explore your current usage and discover what your organization or enterprise is paying for and which features drive costs. See [AUTOTITLE](/billing/how-tos/products/view-productlicense-use). + +## 2. Monitor usage and spending + +Now that you understand the basics, you can start monitoring usage and tracking spending to identify trends and potential issues. + +* Use billing reports to track monthly spending, identify trends, and spot anomalies that could signal unexpected usage or costs. See [AUTOTITLE](/billing/how-tos/manage-plan-and-licenses/view-enterprise-usage) and [AUTOTITLE](/billing/how-tos/manage-plan-and-licenses/manage-user-licenses). +* Share billing reports and budget status with organization owners, enterprise owners, or your finance team, to keep everyone aware of usage patterns and cost drivers. + +## 3. Control costs by setting budgets and alerts + +With insight into your spending patterns, you can take proactive steps to manage costs and prevent budget overruns. + +* Learn how budgets and alerts allow you to track and control spending. See [AUTOTITLE](/billing/concepts/budgets-and-alerts). +* Set up budgets and alerts to proactively address potential overspending before it becomes a problem. See [AUTOTITLE](/billing/tutorials/set-up-budgets). +* Adjust budgets and thresholds as your organization grows or usage patterns change. + +## 4. Attribute costs (enterprise only) + +If you manage an enterprise account, you can use cost centers to organize and track spending across different teams and business units. + +* Organize spend with cost centers to help you see which teams, projects, or business units are responsible for portions of your {% data variables.product.github %} bill. See [AUTOTITLE](/billing/tutorials/use-cost-centers). +* Attribute parts of the bill to specific teams to increase visibility and accountability. +* Compare groups and identify opportunities for optimization. + +## 5. Collaborate and communicate + +As a billing manager, you'll need to work closely with other stakeholders to share insights and support informed decision-making about costs. + +* Report status and recommendations to finance, technical leads, and decision makers. +* Use the data and alerts from {% data variables.product.github %} to inform budget discussions, contract negotiations, and investment in new features. +* Ensure smooth onboarding for new billing managers by sharing helpful resources. + +## Next steps + +Now that you understand how billing works on {% data variables.product.github %}, you can look at tutorials to learn how to perform specific tasks. + +* To estimate your spending and make informed decisions towards optimal budgeting, see [AUTOTITLE](/billing/tutorials/estimate-spending). +* To find which teams or members drive most of your usage and who's using what, see [AUTOTITLE](/billing/tutorials/gather-insights). diff --git a/content/billing/get-started/index.md b/content/billing/get-started/index.md index 9aa6869b8ba7..d782bf8d44f2 100644 --- a/content/billing/get-started/index.md +++ b/content/billing/get-started/index.md @@ -17,6 +17,6 @@ topics: children: - /how-billing-works - /introduction-to-billing + - /billing-manager-onboard contentType: get-started --- - diff --git a/content/billing/how-tos/index.md b/content/billing/how-tos/index.md index d50f3156300c..d5993f36b042 100644 --- a/content/billing/how-tos/index.md +++ b/content/billing/how-tos/index.md @@ -11,6 +11,7 @@ topics: children: - /set-up-payment - /manage-plan-and-licenses + - /set-up-budgets - /products - /manage-server-licenses - /pay-third-parties diff --git a/content/billing/how-tos/manage-plan-and-licenses/view-enterprise-usage.md b/content/billing/how-tos/manage-plan-and-licenses/view-enterprise-usage.md index 1690daa42872..337b1e280b60 100644 --- a/content/billing/how-tos/manage-plan-and-licenses/view-enterprise-usage.md +++ b/content/billing/how-tos/manage-plan-and-licenses/view-enterprise-usage.md @@ -86,8 +86,8 @@ If your {% data variables.product.github %} license includes {% data variables.v * Under "User licenses", view your total licenses, number of consumed licenses, and your subscription expiration date. * To view details for license usage or download a JSON file with license details, click **View users** or **Export license usage**. -* Review your current {% data variables.product.prodname_enterprise %} license, as well as consumed and available user licenses. -* If you have purchased {% data variables.product.prodname_AS %}, you can review your total licenses used as well as a per-organization breakdown of active committers. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise). +* Review your current {% data variables.product.prodname_enterprise %} license, as well as consumed and available user licenses.{% ifversion ghes < 3.15 %} +* If you have purchased {% data variables.product.prodname_AS %}, you can review your total licenses used as well as a per-organization breakdown of active committers. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise).{% endif %} ## Reporting license information using the REST API diff --git a/content/billing/how-tos/manage-server-licenses/download-your-license.md b/content/billing/how-tos/manage-server-licenses/download-your-license.md index 45fe22d044c5..b050e8418810 100644 --- a/content/billing/how-tos/manage-server-licenses/download-your-license.md +++ b/content/billing/how-tos/manage-server-licenses/download-your-license.md @@ -40,9 +40,9 @@ After you purchase or upgrade a license for {% data variables.product.prodname_e There are two possible ways to download a license file for {% data variables.product.prodname_ghe_server %}. -1. If you are using a trial of {% data variables.product.prodname_ghe_server %}, if you do not have an enterprise account on {% data variables.product.prodname_ghe_cloud %}, or if you are not sure, you may be able to download your license file from the [{% data variables.product.prodname_enterprise %} website](https://enterprise.github.com/download). +1. If you are using a trial of {% data variables.product.prodname_ghe_server %}, if you do not have an enterprise account on {% data variables.product.prodname_ghe_cloud %}, if you have {% data variables.enterprise.data_residency_site %} with volume license billing, or if you are not sure, you may be able to download your license file from the [{% data variables.product.prodname_enterprise %} website](https://enterprise.github.com/download). -1. If you are an existing {% data variables.product.prodname_enterprise %} customer with an enterprise account on {% data variables.product.prodname_ghe_cloud %}, you can download your license file from {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} using the following instructions. +1. If you are an existing {% data variables.product.prodname_enterprise %} customer with an enterprise account on {% data variables.product.prodname_ghe_cloud %}, or if you have {% data variables.enterprise.data_residency_site %} with metered license billing, you can download your license file from {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} using the following instructions. If you have any questions about downloading your license, contact {% data variables.contact.contact_enterprise_sales %}. For more information about enterprise accounts, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts){% ifversion ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% elsif ghec %}.{% endif %} diff --git a/content/billing/tutorials/estimate-spending.md b/content/billing/how-tos/products/estimate-spending.md similarity index 91% rename from content/billing/tutorials/estimate-spending.md rename to content/billing/how-tos/products/estimate-spending.md index 39892e8c77b2..bd26270d401a 100644 --- a/content/billing/tutorials/estimate-spending.md +++ b/content/billing/how-tos/products/estimate-spending.md @@ -1,6 +1,8 @@ --- -title: Estimating spending -intro: Use the new billing platform to understand where your spending is trending based on the usage across products. +title: Viewing and estimating your spending +shortTitle: View and estimate spending +allowTitleToDifferFromFilename: true +intro: 'View current usage and spending trends across paid {% data variables.product.github %} products, so you can estimate costs and make informed budgeting decisions.' versions: feature: enhanced-billing-platform redirect_from: @@ -8,21 +10,21 @@ redirect_from: - /billing/using-the-new-billing-platform/estimating-spending-for-your-enterprise - /billing/using-the-new-billing-platform/estimating-spending - /billing/managing-your-billing/estimating-spending + - /billing/tutorials/estimate-spending topics: - Billing - Enterprise - Team permissions: '{% data reusables.permissions.enhanced-billing-platform %}' product: '{% data reusables.billing.enhanced-billing-platform-product %}' -shortTitle: Estimate spending -contentType: tutorials +contentType: how-tos --- The new billing platform provides a high-level view of your spending trends based on the usage across products. You can use this information to estimate your spending and make informed decisions about your budget. {% ifversion fpt %} -## Viewing your spending for your personal account +## Viewing spending for your personal account {% data reusables.user-settings.access_settings %} 1. In the "Access" section of the sidebar, click **{% octicon "credit-card" aria-hidden="true" aria-label="credit-card" %} Billing & Licensing**. @@ -41,7 +43,7 @@ At the top of the page, under "Next payment due", you can see the date of your n {% endif %} -## Viewing your spending for your {% data variables.enterprise.enterprise_or_org %} +## Viewing spending for your {% data variables.enterprise.enterprise_or_org %} The "Overview" page provides a high-level view of your spending and budgets. diff --git a/content/billing/how-tos/products/index.md b/content/billing/how-tos/products/index.md index b25806e3de3c..2716a0b94d57 100644 --- a/content/billing/how-tos/products/index.md +++ b/content/billing/how-tos/products/index.md @@ -26,8 +26,10 @@ children: - /view-productlicense-use - /download-license-use - /buy-advanced-security + - /estimate-spending - /use-cost-centers - /manage-ghas-licenses - /view-ghas-committers contentType: how-tos --- + diff --git a/content/billing/tutorials/set-up-budgets.md b/content/billing/how-tos/set-up-budgets.md similarity index 96% rename from content/billing/tutorials/set-up-budgets.md rename to content/billing/how-tos/set-up-budgets.md index 2522688bd8ec..0e35e75aa98b 100644 --- a/content/billing/tutorials/set-up-budgets.md +++ b/content/billing/how-tos/set-up-budgets.md @@ -19,6 +19,7 @@ redirect_from: - /billing/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages - /billing/managing-billing-for-your-products/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages - /billing/managing-your-billing/using-budgets-control-spending + - /billing/tutorials/set-up-budgets topics: - Billing - Enterprise @@ -27,14 +28,14 @@ topics: - User account permissions: '{% data reusables.permissions.enhanced-billing-platform %}' shortTitle: Set up budgets -contentType: tutorials +contentType: how-tos --- Budgets help you track and control spending on different products. To learn more, see [AUTOTITLE](/billing/concepts/budgets-and-alerts). -## Deciding on the type and scope for a budget +## Plan your budget type and scope -When deciding on the type and scope for a budget, remember that the use of metered products is applied towards **all applicable** budgets. If any applicable budget with "Stop usage when budget limit is reached" enabled is exhausted, additional usage is blocked. +Before you create a budget, it’s important to understand how budget types and scopes interact. Usage of metered products can count toward multiple applicable budgets at the same time, and if any budget with **Stop usage when budget limit is reached** enabled is exhausted, additional usage is blocked. ![Screenshot of budgets for "octo-org": "Actions" budget is $50 and "Actions Linux 96-core" budget is $100. All the "Actions" budget has been used.](/assets/images/help/billing/org-budget-example.png) diff --git a/content/billing/reference/actions-runner-pricing.md b/content/billing/reference/actions-runner-pricing.md index f89a247b2ca1..c6adba7c0ae5 100644 --- a/content/billing/reference/actions-runner-pricing.md +++ b/content/billing/reference/actions-runner-pricing.md @@ -16,58 +16,51 @@ redirect_from: {% data variables.product.github %} rounds the minutes and partial minutes each job uses up to the nearest whole minute. -## Standard runners - -| Operating system | Per-minute rate (USD) | -| ------------------------------------ | --------------------- | -| Linux 1-core | $0.002 | -| Linux 2-core | $0.008 | -| Windows 2-core | $0.016 | -| macOS 3-core or 4-core (M1 or Intel) | $0.08 | +{% data reusables.billing.actions-standard-runner-prices %} ## x64-powered {% data variables.actions.hosted_runners %} -| Operating system | Per-minute rate (USD) | -| --------------------- | --------------------- | -| Linux Advanced 2-core | $0.008 | -| Linux 4-core | $0.016 | -| Linux 8-core | $0.032 | -| Linux 16-core | $0.064 | -| Linux 32-core | $0.128 | -| Linux 64-core | $0.256 | -| Linux 96-core | $0.384 | -| Windows 4-core | $0.032 | -| Windows 8-core | $0.064 | -| Windows 16-core | $0.128 | -| Windows 32-core | $0.256 | -| Windows 64-core | $0.512 | -| Windows 96-core | $0.768 | -| macOS 12-core | $0.12 | +| Operating system | Billing SKU | Per-minute rate (USD) | +| --------------------- | -------------------------- | --------------------- | +| Linux Advanced 2-core | `linux_2_core_advanced` | $0.006 | +| Linux 4-core | `linux_4_core` | $0.012 | +| Linux 8-core | `linux_8_core` | $0.022 | +| Linux 16-core | `linux_16_core` | $0.042 | +| Linux 32-core | `linux_32_core` | $0.082 | +| Linux 64-core | `linux_64_core` | $0.162 | +| Linux 96-core | `linux_96_core` | $0.252 | +| Windows 4-core | `windows_4_core` | $0.022 | +| Windows 8-core | `windows_8_core` | $0.042 | +| Windows 16-core | `windows_16_core` | $0.082 | +| Windows 32-core | `windows_32_core` | $0.162 | +| Windows 64-core | `windows_64_core` | $0.322 | +| Windows 96-core | `windows_96_core` | $0.552 | +| macOS 12-core | `macos_l` | $0.077 | ## arm64-powered {% data variables.actions.hosted_runners %} -| Operating system | Per-minute rate (USD) | -| ----------------- | --------------------- | -| Linux 2-core | $0.005 | -| Linux 4-core | $0.01 | -| Linux 8-core | $0.02 | -| Linux 16-core | $0.04 | -| Linux 32-core | $0.08 | -| Linux 64-core | $0.16 | -| Windows 2-core | $0.01 | -| Windows 4-core | $0.02 | -| Windows 8-core | $0.04 | -| Windows 16-core | $0.08 | -| Windows 32-core | $0.16 | -| Windows 64-core | $0.32 | -| macOS 6-core (M1) | $0.16 | +| Operating system | Billing SKU | Per-minute rate (USD) | +| --------------------- | --------------------- | --------------------- | +| Linux 2-core | `linux_2_core_arm` | $0.005 | +| Linux 4-core | `linux_4_core_arm` | $0.008 | +| Linux 8-core | `linux_8_core_arm` | $0.014 | +| Linux 16-core | `linux_16_core_arm` | $0.026 | +| Linux 32-core | `linux_32_core_arm` | $0.050 | +| Linux 64-core | `linux_64_core_arm` | $0.098 | +| Windows 2-core | `windows_2_core_arm` | $0.008 | +| Windows 4-core | `windows_4_core_arm` | $0.014 | +| Windows 8-core | `windows_8_core_arm` | $0.026 | +| Windows 16-core | `windows_16_core_arm` | $0.050 | +| Windows 32-core | `windows_32_core_arm` | $0.098 | +| Windows 64-core | `windows_64_core_arm` | $0.194 | +| macOS 5-core (M2 Pro) | `macos_xl` | $0.102 | ## GPU-powered {% data variables.actions.hosted_runners %} -| Operating system | Per-minute rate (USD) | -| ---------------- | --------------------- | -| Linux 4-core | $0.07 | -| Windows 4-core | $0.14 | +| Operating system | Billing SKU | Per-minute rate (USD) | +| ------------------ | ---------------------| ----------------------| +| Linux 4-core | `linux_4_core_gpu` | $0.052 | +| Windows 4-core | `windows_4_core_gpu` | $0.102 | ## Points to note about rates for runners diff --git a/content/billing/reference/cost-center-allocation.md b/content/billing/reference/cost-center-allocation.md index 243f6e225592..9e41e955204a 100644 --- a/content/billing/reference/cost-center-allocation.md +++ b/content/billing/reference/cost-center-allocation.md @@ -29,33 +29,24 @@ This article contains reference information for how spending is assigned to cost | Git Large File Storage | The repository or organization where Git LFS is used. | | {% data variables.product.prodname_registry %} | The repository or organization that owns the package. | | {% data variables.product.prodname_prus_caps %} | The user who triggered the use of the {% data variables.product.prodname_pru %} (priority), or the organization they belong to. | -| {% data variables.product.prodname_GH_cs_and_sp %} | A user who uses a license. | +| {% data variables.product.prodname_GHAS %} | A user who uses a license (priority), or the organization that is billed for the license. | ## Details for license-based products To ensure your cost centers reflect spending as intended, it's important to understand how the cost of licenses is allocated to cost centers, and how changes are reflected in your bill. -### {% data variables.product.prodname_GH_cs_and_sp %} - -| User associated with a cost center | License usage charged | -|--|--| -| Direct assignment | To the cost center the user is assigned to | -| By organization membership only | To the enterprise | - -### {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_copilot %} - -Cost center allocation is slightly different for {% data variables.product.prodname_enterprise %} licenses and {% data variables.product.prodname_copilot %} licenses and usage. - -| User associated with a cost center | {% data variables.product.prodname_copilot_short %} license granted | License and product costs charged | +| User associated with a cost center | License granted | License and product costs charged | |--|--|--| -| Direct assignment | By any organization | To the cost center the user is assigned to | -| By organization membership only | By an organization assigned to a cost center | To the **cost center** the organization belongs to. If the organization does not belong to a cost center, to the **enterprise** | +| Direct assignment | By any organization | To the **cost center** the user is assigned to. | +| By organization membership only | By an organization assigned to a cost center | To the **cost center** the organization belongs to. If the organization does not belong to a cost center, to the **enterprise**. | Users who belong to multiple organizations in an enterprise or who receive a {% data variables.product.prodname_copilot_short %} license from multiple organizations: -* **{% data variables.product.prodname_enterprise %}** license usage is allocated to the oldest organization and charges are allocated to the cost center containing that organization. +* **{% data variables.product.prodname_enterprise %}** and **{% data variables.product.prodname_GHAS %}** license usage is allocated to the oldest organization and charges are allocated to the cost center containing that organization. * **{% data variables.product.prodname_copilot_short %}** license and product usage is allocated to one of the organizations and charges are allocated to the cost center containing that organization. +To confirm which organization is charged for a given user's license, you can request a detailed usage report. See [AUTOTITLE](/billing/reference/billing-reports#detailed-usage-report). + See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise#about-seat-assignment-for-copilot-in-your-enterprise). ## Understanding cost center usage and attribution diff --git a/content/billing/reference/index.md b/content/billing/reference/index.md index 63c969028970..37858423da95 100644 --- a/content/billing/reference/index.md +++ b/content/billing/reference/index.md @@ -23,6 +23,6 @@ children: - /product-usage-included - /roles-for-visual-studio - /supported-payment-methods + - /previous-billing-platform-endpoints contentType: reference --- - diff --git a/content/billing/reference/previous-billing-platform-endpoints.md b/content/billing/reference/previous-billing-platform-endpoints.md new file mode 100644 index 000000000000..39109a86dcd7 --- /dev/null +++ b/content/billing/reference/previous-billing-platform-endpoints.md @@ -0,0 +1,105 @@ +--- +title: Migrating from the endpoints used for the previous billing platform +shortTitle: Previous billing platform endpoints +intro: 'If your organization previously used the billing platform that predated metered billing, this article explains how to migrate existing usage reporting to the current billing usage endpoints.' +versions: + fpt: '*' + ghec: '*' +topics: + - Enterprise + - Billing + - REST +permissions: 'Enterprise owners, organization owners, and billing managers' +product: '{% data reusables.billing.enhanced-billing-platform-product %}' +contentType: reference +--- + + + + +After you transition to metered billing, the endpoints you used to get data from the previous billing platform will no longer return accurate usage information. + +You will need to upgrade all calls using the previous `/ACCOUNT-TYPE/NAME/settings/billing/PRODUCT` REST API endpoints to use the equivalent `/ACCOUNT-TYPE/NAME/settings/billing/usage` endpoint. + +## Changes in authentication + +If you used a {% data variables.product.pat_v2 %} to authenticate with the previous endpoints, you will need create a {% data variables.product.pat_v1 %} to authenticate with the new endpoint. + +In addition, you may want to use the new query parameters to specify a time period or cost center. + +## Calculating {% data variables.product.prodname_actions %} information from the new response data + +Example of the previous response + +```json +{"total_minutes_used": 305, "total_paid_minutes_used": 0, "included_minutes": 3000, "minutes_used_breakdown": { "UBUNTU": 205, "MACOS": 10, "WINDOWS": 90 } } +``` + +Example of the new response + +```json +{ "usageItems": [ { "date": "2023-08-01", "product": "Actions", "sku": "Actions Linux", "quantity": 100, "unitType": "minutes", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example"} ] } +``` + +To get the same values from the new response data: + +{% rowheaders %} + +| Previous property | Calculate from new API response | +|------ |----------- | +| `total_minutes_used` |
  1. Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  2. Sum `quantity`
| +| `total_paid_minutes_used`| This is now represented as a $ amount via `netAmount`.
  1. Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  2. Sum `netAmount`
| +| `included_minutes` | This is now represented as a $ amount via `discountAmount`.
  1. Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  2. Sum `discountAmount`
| +| `minutes_used_breakdown` |
  1. Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  2. Sum `quantity` grouped by `sku`
| + +{% endrowheaders %} + +## Calculating {% data variables.product.prodname_registry %} information from the new response data + +Example of the previous response + +```json +{ "total_gigabytes_bandwidth_used": 50, "total_paid_gigabytes_bandwidth_used": 40, "included_gigabytes_bandwidth": 10 } +``` + +Example of the new response + +```json +{ "usageItems": [ { "date": "2023-08-01", "product": "Packages", "sku": "Packages data transfer", "quantity": 100, "unitType": "gigabytes", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example" } ] } +``` + +{% rowheaders %} + +| Previous property | Calculate from new API response | +|------ |----------- | +| `total_gigabytes_bandwidth_used` |
  1. Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  2. Sum `quantity`
| +| `total_paid_gigabytes_bandwidth_used`| This is now represented as a $ amount via `netAmount`.
  1. Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  2. Sum `netAmount`
| +| `included_gigabytes_bandwidth` | This is now represented as a $ amount via `discountAmount`.
  1. Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  2. Sum `discountAmount`
| + +{% endrowheaders %} + +## Calculating shared storage information from the new response data + +Example of the previous response + +```json +{ "days_left_in_billing_cycle": 20, "estimated_paid_storage_for_month": 15, "estimated_storage_for_month": 40 } +``` + +Example of the new response + +```json +{ "usageItems": [ { "date": "2023-08-01", "product": "Packages", "sku": "Packages storage", "quantity": 100, "unitType": "GigabyteHours", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example" } ] } +``` + +{% rowheaders %} + +| Previous property | Calculate from new API response | +|------ |----------- | +| `days_left_in_billing_cycle` | Not available. This information can be inferred by subtracting the current day of the month from the number of days in the current month. | +| `estimated_paid_storage_for_month`| This is now represented as a $ amount via `netAmount`.

Prerequisite: pass the `month` and `year` query parameters.

For Actions storage
  1. Filter results by `"product": "Actions"` and `"unitType": "GigabyteHours"`
  2. Sum `netAmount`
For Packages storage
  1. Filter results by `"product": "Packages"` and `"unitType": "GigabyteHours"`
  2. Sum `netAmount`
| +| `estimated_storage_for_month` | Prerequisite: pass the `month` and `year` query parameters.

For Actions storage
  1. Filter results by `"product": "Actions"` and `"unitType": "GigabyteHours"`
  2. Sum `quantity`
For Packages storage
  1. Filter results by `"product": "Packages"` and `"unitType": "GigabyteHours"`
  2. Sum `quantity`
| + +{% endrowheaders %} + + diff --git a/content/billing/tutorials/automate-usage-reporting.md b/content/billing/tutorials/automate-usage-reporting.md index 71c43af245bc..9aaf87fe285c 100644 --- a/content/billing/tutorials/automate-usage-reporting.md +++ b/content/billing/tutorials/automate-usage-reporting.md @@ -17,140 +17,170 @@ product: '{% data reusables.billing.enhanced-billing-platform-product %}' contentType: tutorials --- -You can automatically pull data from {% data variables.product.github %} to populate the business systems you use to monitor costs and usage using the REST API. If you haven't used the {% data variables.product.github %} REST API before, see [AUTOTITLE](/rest/using-the-rest-api). +After you transition to metered billing, you may want to automatically track usage and costs for paid {% data variables.product.github %} features in your internal reporting systems. For example, you might want to monitor spend over time, reconcile invoices, or feed usage data into finance or BI tools. -## Overview of endpoints +In this tutorial, you’ll learn how to use the REST API to retrieve billing usage data, filter it by time period or cost center, and automate recurring reports at the user, organization, or enterprise level. You’ll also learn how to interpret key fields in the response so you can turn raw usage data into meaningful cost insights. -You need to use different endpoints to gather data depending on your account type and the information level you want. +## Prerequisites -{% rowheaders %} +Before you begin this tutorial, make sure that: -| Account | Report | Access | Endpoint | More information | -|---------|--------|--------|----------|------------------| -| Users | Usage data for all paid products | Account holder | `/users/{username}/settings/billing/usage` | [AUTOTITLE](/rest/billing/enhanced-billing?apiVersion=2022-11-28#get-billing-usage-report-for-a-user) | -| Organizations | Premium request consumption, with details of quota and billed usage | Organization owners and billing managers | `/organizations/{org}/settings/billing/premium_request/usage` | [AUTOTITLE](/rest/billing/enhanced-billing?apiVersion=2022-11-28#get-billing-premium-request-usage-report-for-an-organization) | -| Organizations | Usage data for all paid products | Organization owners and billing managers | `/organizations/{org}/settings/billing/usage` | [AUTOTITLE](/rest/billing/enhanced-billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-organization) | -| Enterprises | Premium request consumption, with details of quota and billed usage | Enterprise owners and billing managers | `/enterprises/{enterprise}/settings/billing/premium_request/usage` | [AUTOTITLE](/rest/enterprise-admin/billing?apiVersion=2022-11-28#get-billing-premium-request-usage-report-for-an-enterprise) | -| Enterprises | Usage data for all paid products | Enterprise owners and billing managers | `/enterprises/{enterprise}/settings/billing/usage` | [AUTOTITLE](/rest/enterprise-admin/billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-enterprise) | +* You have access to billing data at the level you want to report on: + * User-level reports: account holder + * Organization-level reports: organization owner or billing manager + * Enterprise-level reports: enterprise administrator or billing manager -{% endrowheaders %} +* You’re familiar with making authenticated requests to the REST API. For an introduction, see [AUTOTITLE](/rest/using-the-rest-api). +* You authenticate using a {% data variables.product.pat_v1 %}. The billing usage endpoints do not support {% data variables.product.pat_v2_plural %}. -## Getting premium request consumption +Depending on your reporting needs, you may also want access to an internal system (such as a spreadsheet, database, or BI tool) where you can store and analyze the usage data retrieved from the API. -1. Authenticate with {% data variables.product.github %} with one of the following methods: - * **{% data variables.product.prodname_cli %}:** use the `gh auth login` command to authenticate, see [AUTOTITLE](/github-cli/github-cli/quickstart). - * **Create a {% data variables.product.pat_v1 %}:** and pass the token to in your API call, see [Creating a {% data variables.product.pat_v1 %}](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic). +## Step 1: Decide what level to report on -1. Call the required `premium_request/usage` endpoint, specifying the enterprise, organization, or user that you want data for. +Decide which account level you want to report on. This determines **which REST API endpoint you’ll call** and what your report will include. -## Getting usage data for all paid products +Choose the reporting level that best matches your goal: -1. Authenticate with {% data variables.product.github %} with one of the following methods: - * **{% data variables.product.prodname_cli %}:** use the `gh auth login` command to authenticate, see [AUTOTITLE](/github-cli/github-cli/quickstart). - * **Create a {% data variables.product.pat_v1 %}:** and pass the token to in your API call, see [Creating a {% data variables.product.pat_v1 %}](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic). +| Reporting level | When to use it | +| ----------------- | ---------------- | +| **User** | You want a report for a single account, for example to understand personal usage and costs. | +| **Organization** | You want to track usage and costs for a specific organization, for example for team-level monitoring or chargeback. | +| **Enterprise** | You want a centralized view across multiple organizations, for example for finance reporting or cost center reporting. | -1. Call the required `usage` endpoint, specifying the enterprise, organization, or user that you want data for. +Once you’ve chosen a reporting level, you’ll use the corresponding endpoint in the next step to retrieve usage data and build an automated report. -1. By default, data for all products for the current year is reported. For enterprises, only data that is not associated with a cost center is reported. +## Step 2: Retrieve usage data for paid products - You can request more specific data using query parameters. - * Specify time period by setting one or more of the following parameters: `year`, `month`, `day`, and `hour`. - * Specify a cost center to report on by identifier using the `cost_center_id` query parameter (enterprise endpoint only). +After you’ve decided which level to report on, use the REST API to retrieve usage data for paid {% data variables.product.github %} products. For all endpoints, see [AUTOTITLE](/rest/billing/usage). -For more detailed information and an example calls and responses, see: -* [Get billing usage report for an enterprise](/rest/enterprise-admin/billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-enterprise) -* [Get billing usage report for an organization](/rest/billing/enhanced-billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-organization) -* [Get billing usage report for a user](/rest/billing/enhanced-billing?apiVersion=2022-11-28#get-billing-usage-report-for-a-user) +{% data variables.product.github %} provides two types of billing usage data: - - +* **Usage summaries** – aggregated usage and cost data for all paid products. +* **Premium request usage** – detailed usage and billing data for premium requests, including quotas and overage usage. -## Migrating from the endpoints used for the previous billing platform +In most reporting scenarios, you’ll start with a **usage summary** to understand overall usage and spend, and then use premium request usage data when you need deeper insight into premium request consumption. -After you transition to metered billing, the endpoints you used to get data from the previous billing platform will no longer return accurate usage information. +### Retrieve a usage summary -* Upgrade all calls of the form: `/ACCOUNT-TYPE/NAME/settings/billing/PRODUCT` -* To use the equivalent: `/ACCOUNT-TYPE/NAME/settings/billing/usage` endpoint +Use the usage summary endpoint that corresponds to the reporting level you chose in Step 1. -### Changes in authentication +For example, to retrieve a usage summary for an enterprise, make a request to: -If you used a {% data variables.product.pat_v2 %} to authenticate with the previous endpoints, you will need create a {% data variables.product.pat_v1 %} to authenticate with the new endpoint. +`/enterprises/{enterprise}/settings/billing/usage/summary` -In addition, you may want to use the new query parameters to specify a time period or cost center. +You must authenticate your request to this endpoint. -### Calculating {% data variables.product.prodname_actions %} information from the new response data +**Example using curl** -Example of the previous response - -```json -{"total_minutes_used": 305, "total_paid_minutes_used": 0, "included_minutes": 3000, "minutes_used_breakdown": { "UBUNTU": 205, "MACOS": 10, "WINDOWS": 90 } } +```bash +curl -L \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/enterprises/ENTERPRISE/settings/billing/usage/summary ``` -Example of the new response +Replace `ENTERPRISE` with the enterprise slug and set the `GITHUB_TOKEN` environment variable to a {% data variables.product.pat_generic %} with the required billing permissions. + +**Example using the {% data variables.product.prodname_cli %}** -```json -{ "usageItems": [ { "date": "2023-08-01", "product": "Actions", "sku": "Actions Linux", "quantity": 100, "unitType": "minutes", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example"} ] } +```bash +gh api \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /enterprises/ENTERPRISE/settings/billing/usage/summary ``` -To get the same values from the new response data: +This endpoint returns aggregated usage data for all paid products for the current year by default. Each entry includes information such as the product, unit type, quantity used, and billed amount. -{% rowheaders %} +You can use the same approach to retrieve usage summaries for an organization or user by calling the equivalent endpoint for that account level. -| Previous property | Calculate from new API response | -|------ |----------- | -| `total_minutes_used` |
  • Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  • Sum `quantity`
| -| `total_paid_minutes_used`| This is now represented as a $ amount via `netAmount`.
  • Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  • Sum `netAmount`
| -| `included_minutes` | This is now represented as a $ amount via `discountAmount`.
  • Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  • Sum `discountAmount`
| -| `minutes_used_breakdown` |
  • Filter results by `"product": "Actions"` and `"unitType": "minutes"`
  • Sum `quantity` grouped by `sku`
| +### Retrieve premium request usage -{% endrowheaders %} +If you need to report specifically on premium request consumption, use the `premium_request/usage` endpoint for the same account level. This endpoint provides additional details such as included usage, billed overages, and remaining quota. -### Calculating {% data variables.product.prodname_registry %} information from the new response data +In the next step, you’ll learn how to filter usage data by time period or cost center so you can generate more targeted reports. -Example of the previous response +## Step 3: Filter usage data by time period or cost center -```json -{ "total_gigabytes_bandwidth_used": 50, "total_paid_gigabytes_bandwidth_used": 40, "included_gigabytes_bandwidth": 10 } -``` +By default, usage summary endpoints return data for the **current year**. To generate more targeted reports or analyze trends over time, you can filter usage data using query parameters. + +### Filter by time period + +You can limit the usage data returned by specifying one or more of the following query parameters: + +* `year` +* `month` +* `day` +* `hour` -Example of the new response +For example, to retrieve usage data for a specific month, include the `year` and `month` parameters in your request: -```json -{ "usageItems": [ { "date": "2023-08-01", "product": "Packages", "sku": "Packages data transfer", "quantity": 100, "unitType": "gigabytes", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example" } ] } + ```http +GET /enterprises/{enterprise}/settings/billing/usage/summary?year=2024&month=12 ``` -{% rowheaders %} +Filtering by time period is useful when you want to: -| Previous property | Calculate from new API response | -|------ |----------- | -| `total_gigabytes_bandwidth_used` |
  • Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  • Sum `quantity`
| -| `total_paid_gigabytes_bandwidth_used`| This is now represented as a $ amount via `netAmount`.
  • Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  • Sum `netAmount`
| -| `included_gigabytes_bandwidth` | This is now represented as a $ amount via `discountAmount`.
  • Filter results by `"product": "Packages"` and `"unitType": "gigabytes"`
  • Sum `discountAmount`
| +* Generate monthly or daily usage reports +* Compare usage before and after a change, such as enabling a new feature +* Reconcile usage with invoices for a specific billing period -{% endrowheaders %} +### Filter by cost center (enterprise only) -### Calculating shared storage information from the new response data +If you’re retrieving enterprise-level usage data, you can also filter results by cost center using the `cost_center_id` query parameter. -Example of the previous response +Filtering by cost center allows you to: -```json -{ "days_left_in_billing_cycle": 20, "estimated_paid_storage_for_month": 15, "estimated_storage_for_month": 40 } -``` +* Attribute usage and costs to specific teams or business units +* Generate cost center–specific reports for finance or leadership stakeholders -Example of the new response +Cost center filtering is available only for enterprise usage summary endpoints. -```json -{ "usageItems": [ { "date": "2023-08-01", "product": "Packages", "sku": "Packages storage", "quantity": 100, "unitType": "GigabyteHours", "pricePerUnit": 0.008, "grossAmount": 0.8, "discountAmount": 0, "netAmount": 0.8, "organizationName": "GitHub", "repositoryName": "github/example" } ] } -``` +In the next step, you’ll learn how to automate these API calls to generate recurring usage reports. + +## Step 4: Automate recurring usage reports + +Once you’ve identified the usage data you want to collect and how to filter it, you can automate your reporting by running the same API requests on a recurring schedule. + +Common automation patterns include: + +* Running scheduled API requests (for example, daily or monthly) to collect usage data +* Storing the results in an internal system such as a database, spreadsheet, or BI tool +* Using the data to monitor trends, detect changes in usage, or support cost reviews + +When automating reports, consistency matters. Use the same reporting level, filters, and time ranges each time so that usage trends are comparable over time. + +For example, you might: + +* Run a monthly enterprise-level usage summary to track overall spend +* Generate cost center–specific reports for internal chargeback or showback +* Monitor usage growth after enabling new paid features + +In the next step, you’ll learn how to interpret the usage and cost fields returned by the API so you can turn raw data into meaningful insights. + +## Step 5: Interpret usage and cost fields in the API response + +The usage summary response includes both **usage** and **cost** information. Understanding how these fields relate to each other helps you interpret spend, included usage, and billed overages. + +Each usage item includes: + +* A **quantity**, which represents the amount of usage for a specific product and unit type +* A **netAmount**, which represents the billed cost for that usage +* A **discountAmount**, which represents usage covered by included quotas or discounts + +In general: + +* Use **quantity** to understand how much of a product was consumed +* Use **netAmount** to understand what was billed +* Use **discountAmount** to understand how much usage was included or discounted + +For example, a high quantity with a low netAmount may indicate that most usage was covered by included quotas, while a rising netAmount over time may indicate increased paid usage. + +Different products report usage using different unit types (such as minutes, gigabytes, or requests). To calculate product-specific metrics or reproduce values from the previous billing platform, you may need to filter usage items by product and unit type and aggregate the results. Detailed examples are available in the reference documentation linked in the next step. -{% rowheaders %} +## Step 6: Calculate product-specific usage metrics -| Previous property | Calculate from new API response | -|------ |----------- | -| `days_left_in_billing_cycle` | Not available. This information can be inferred by subtracting the current day of the month from the number of days in the current month. | -| `estimated_paid_storage_for_month`| This is now represented as a $ amount via `netAmount`.

Prerequisite: pass the `month` and `year` query parameters.

For Actions storage
  • Filter results by `"product": "Actions"` and `"unitType": "GigabyteHours"`
  • Sum `netAmount`
For Packages storage
  • Filter results by `"product": "Packages"` and `"unitType": "GigabyteHours"`
  • Sum `netAmount`
| -| `estimated_storage_for_month` | Prerequisite: pass the `month` and `year` query parameters.

For Actions storage
  • Filter results by `"product": "Actions"` and `"unitType": "GigabyteHours"`
  • Sum `quantity`
For Packages storage
  • Filter results by `"product": "Packages"` and `"unitType": "GigabyteHours"`
  • Sum `quantity`
| +In some cases, you may need to calculate product-specific usage metrics from the usage summary response. This is most relevant if you want to generate custom reports for a specific product or reproduce values used in legacy reporting. -{% endrowheaders %} +To calculate these metrics, you typically filter usage items by `product` and `unitType`, then aggregate fields such as `quantity`, `netAmount`, and `discountAmount`. - +For detailed examples and product-specific calculations, see [AUTOTITLE](/billing/reference/previous-billing-platform-endpoints). diff --git a/content/billing/tutorials/index.md b/content/billing/tutorials/index.md index d13fda4a1758..5258361ed4c1 100644 --- a/content/billing/tutorials/index.md +++ b/content/billing/tutorials/index.md @@ -10,10 +10,11 @@ topics: - Billing children: - /automate-usage-reporting - - /set-up-budgets + - /soft-budgets - /control-costs-at-scale - - /estimate-spending - /gather-insights contentType: tutorials +redirect_from: + - /billing/tutorials/estimate-actions-costs --- diff --git a/content/billing/tutorials/soft-budgets.md b/content/billing/tutorials/soft-budgets.md new file mode 100644 index 000000000000..33041c8f501a --- /dev/null +++ b/content/billing/tutorials/soft-budgets.md @@ -0,0 +1,49 @@ +--- +title: 'Start monitoring costs with soft budgets' +intro: 'Set soft budgets to monitor spending without blocking access to paid features while you build an understanding of your costs.' +shortTitle: 'Monitor costs with soft budgets' +versions: + fpt: '*' + ghec: '*' +topics: + - Enterprise + - Billing +permissions: 'Enterprise owners and billing managers' +contentType: tutorials +audience: + - driver +allowTitleToDifferFromFilename: true +--- + +## About soft budgets + +Soft budgets set spending targets without enforcing limits. When spending exceeds the budget, billing managers and enterprise owners receive email notifications, but usage continues uninterrupted. + +Soft budgets are especially useful when: + +* You’re new to managing costs across multiple products or SKUs +* You want visibility before enforcing restrictions +* You expect usage to fluctuate while teams adopt new features + +If you need to strictly control or cap spending for specific products, a hard budget may be more appropriate. + +## 1. Estimate your budget needs + +Before setting a soft budget, make a rough estimate of your expected costs. This doesn’t need to be precise—the goal is to establish a baseline you can refine over time. Consider the following steps: + +1. Review your current usage of licenses and metered products. See [AUTOTITLE](/billing/tutorials/gather-insights) and [AUTOTITLE](/billing/how-tos/products/view-productlicense-use). +1. Identify any upcoming projects or initiatives that may increase your usage. +1. Calculate the estimated costs based on your usage patterns and any anticipated changes. +1. Decide on a budget amount that provides some flexibility above your estimated costs to accommodate unexpected usage spikes. + +## 2. Set a soft budget + +To set a budget for your enterprise or organization, see [AUTOTITLE](/billing/tutorials/set-up-budgets#creating-a-budget). + +When creating the budget, leave **Stop usage when budget limit is reached** unchecked. This choice makes the budget “soft”: you’ll receive alerts when the limit is exceeded, but usage won’t be blocked. + +## 3. Review and adjust your budget + +After setting a soft budget, it's important to regularly monitor your spending to ensure it aligns with your budget goals. You can view your budgets at the top of the "Budgets and alerts" page. + +After a billing cycle, review your budget alerts and adjust the budget amount if needed. As you gain confidence in your spending patterns, you can decide whether any products require stricter controls. If so, edit the budget and enable the **Stop usage when budget limit is reached** option to convert it to a hard budget. diff --git a/content/code-security/code-quality/concepts/index.md b/content/code-security/code-quality/concepts/index.md deleted file mode 100644 index e5f79fa0cff0..000000000000 --- a/content/code-security/code-quality/concepts/index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Concepts for GitHub Code Quality -shortTitle: Concepts -allowTitleToDifferFromFilename: true -intro: 'Discover how {% data variables.product.prodname_code_quality %} works, its core features, and key terms.' -versions: - feature: code-quality -topics: - - Code Quality -children: - - /about-code-quality -contentType: concepts ---- \ No newline at end of file diff --git a/content/code-security/code-quality/get-started/index.md b/content/code-security/code-quality/get-started/index.md deleted file mode 100644 index 50aef24023d2..000000000000 --- a/content/code-security/code-quality/get-started/index.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Get started with GitHub Code Quality -shortTitle: Get started -intro: 'Try out {% data variables.product.prodname_code_quality %} for your repository.' -versions: - feature: code-quality -topics: - - Code Quality -children: - - /quickstart -contentType: get-started ---- diff --git a/content/code-security/code-quality/how-tos/index.md b/content/code-security/code-quality/how-tos/index.md deleted file mode 100644 index b90704a761e1..000000000000 --- a/content/code-security/code-quality/how-tos/index.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: How-to guides for GitHub Code Quality -shortTitle: How-to guides -intro: 'Learn how to use {% data variables.product.prodname_code_quality %} with these detailed guides.' -versions: - feature: code-quality -topics: - - Code Quality -contentType: how-tos -children: - - /enable-code-quality - - /interpret-results - - /set-pr-thresholds - - /unblock-your-pr - - /allow-in-enterprise ---- diff --git a/content/code-security/code-quality/index.md b/content/code-security/code-quality/index.md deleted file mode 100644 index 072501794b5d..000000000000 --- a/content/code-security/code-quality/index.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: GitHub Code Quality documentation -shortTitle: GitHub Code Quality -intro: '{% data variables.product.prodname_code_quality %} helps you catch and fix code health risks, maintain high standards, and track code quality within your {% data variables.product.github %} workflow.' -versions: - feature: code-quality -topics: - - Code Quality -children: - - /get-started - - /concepts - - /how-tos - - /reference - - /tutorials - - /responsible-use ---- diff --git a/content/code-security/code-quality/reference/index.md b/content/code-security/code-quality/reference/index.md deleted file mode 100644 index 643f83e7bcfe..000000000000 --- a/content/code-security/code-quality/reference/index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Reference for GitHub Code Quality -shortTitle: Reference -intro: 'Reference documentation for {% data variables.product.prodname_code_quality %}.' -versions: - feature: code-quality -topics: - - Code Quality -contentType: reference -children: - - metrics-and-ratings - - codeql-detection ---- diff --git a/content/code-security/code-quality/responsible-use/index.md b/content/code-security/code-quality/responsible-use/index.md deleted file mode 100644 index 1ead734e7dad..000000000000 --- a/content/code-security/code-quality/responsible-use/index.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Responsible use of GitHub Code Quality -shortTitle: Responsible use -intro: 'Use {% data variables.product.prodname_code_quality %} responsibly by understanding its purposes, capabilities, and limitations.' -versions: - feature: code-quality -topics: - - Code Quality -children: - - code-quality -contentType: rai ---- \ No newline at end of file diff --git a/content/code-security/code-quality/tutorials/index.md b/content/code-security/code-quality/tutorials/index.md deleted file mode 100644 index 0c3955d5f7c1..000000000000 --- a/content/code-security/code-quality/tutorials/index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Tutorials for GitHub Code Quality -shortTitle: Tutorials -intro: 'Build skills and knowledge about {% data variables.product.prodname_code_quality %} through examples.' -versions: - feature: code-quality -topics: - - Code Quality -contentType: tutorials -children: - - /fix-findings-in-prs - - /improve-your-codebase - - /improve-recent-merges ---- diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/index.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/index.md deleted file mode 100644 index 9f5c7c757dcd..000000000000 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Creating an advanced setup for {% data variables.product.prodname_code_scanning %} -shortTitle: 'Create advanced setup' -intro: 'For more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you can secure your code with advanced setup for {% data variables.product.prodname_code_scanning %}.' -product: '{% data reusables.gated-features.code-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning -children: - - /configuring-advanced-setup-for-code-scanning - - /customizing-your-advanced-setup-for-code-scanning - - /codeql-code-scanning-for-compiled-languages - - /configuring-advanced-setup-for-code-scanning-with-codeql-at-scale - - /recommended-hardware-resources-for-running-codeql - - /running-codeql-code-scanning-in-a-container ---- diff --git a/content/code-security/code-scanning/enabling-code-scanning/index.md b/content/code-security/code-scanning/enabling-code-scanning/index.md deleted file mode 100644 index cb3b69415318..000000000000 --- a/content/code-security/code-scanning/enabling-code-scanning/index.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Enabling code scanning -shortTitle: Enable code scanning -intro: 'You can quickly and easily secure your code with default setup for {% data variables.product.prodname_code_scanning %}.' -product: '{% data reusables.gated-features.code-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /configuring-default-setup-for-code-scanning - - /evaluating-default-setup-for-code-scanning - - /configuring-default-setup-for-code-scanning-at-scale ---- diff --git a/content/code-security/code-scanning/index.md b/content/code-security/code-scanning/index.md deleted file mode 100644 index 32ea98bbb454..000000000000 --- a/content/code-security/code-scanning/index.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Finding security vulnerabilities and errors in your code with code scanning -shortTitle: Code scanning -allowTitleToDifferFromFilename: true -intro: 'Keep your code secure by using {% data variables.product.prodname_code_scanning %} to identify and fix potential security vulnerabilities and other errors in your code.' -product: '{% data reusables.gated-features.code-scanning %}' -redirect_from: - - /github/managing-security-vulnerabilities/finding-security-vulnerabilities-in-your-projects-code - - /github/finding-security-vulnerabilities-and-errors-in-your-code - - /code-security/secure-coding -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /introduction-to-code-scanning - - /enabling-code-scanning - - /creating-an-advanced-setup-for-code-scanning - - /managing-code-scanning-alerts - - /managing-your-code-scanning-configuration - - /integrating-with-code-scanning - - /troubleshooting-code-scanning - - /troubleshooting-sarif-uploads ---- diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/index.md b/content/code-security/code-scanning/introduction-to-code-scanning/index.md deleted file mode 100644 index 18fa779c08eb..000000000000 --- a/content/code-security/code-scanning/introduction-to-code-scanning/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Introduction to code scanning -shortTitle: Introduction -intro: 'Learn what {% data variables.product.prodname_code_scanning %} is, how it helps you secure your code, and what {% data variables.product.prodname_code_scanning %} tools are available.' -product: '{% data reusables.gated-features.code-scanning %}' -redirect_from: - - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors - - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /about-code-scanning - - /about-code-scanning-with-codeql ---- diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/index.md b/content/code-security/code-scanning/managing-code-scanning-alerts/index.md deleted file mode 100644 index 301fdb8042e2..000000000000 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/index.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Managing code scanning alerts -shortTitle: Manage alerts -intro: 'Learn how to triage, track, and resolve {% data variables.product.prodname_code_scanning %} alerts.' -product: '{% data reusables.gated-features.code-scanning %}' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Code Security - - Code scanning - - CodeQL -redirect_from: - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists - - /code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists -children: - - /about-code-scanning-alerts - - /responsible-use-autofix-code-scanning - - /disabling-autofix-for-code-scanning - - /assessing-code-scanning-alerts-for-your-repository - - /resolving-code-scanning-alerts - - /best-practices-for-participating-in-a-security-campaign - - /fixing-alerts-in-security-campaign - - /triaging-code-scanning-alerts-in-pull-requests ---- diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/actions-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/actions-built-in-queries.md deleted file mode 100644 index 9abbffece2b1..000000000000 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/actions-built-in-queries.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Actions queries for CodeQL analysis -shortTitle: Actions CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in {% data variables.product.prodname_actions %} workflow files when you select the `default` or the `security-extended` query suite.' -product: '{% data reusables.gated-features.codeql %}' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghes: '>3.17' - ghec: '*' -type: reference -topics: - - Code scanning - - CodeQL ---- - -{% data variables.product.prodname_codeql %} includes many queries for analyzing {% data variables.product.prodname_actions %} workflows. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} - -## Built-in queries for {% data variables.product.prodname_actions %} analysis - -{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %} - -{% data reusables.code-scanning.codeql-query-tables.actions %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md deleted file mode 100644 index 427ff2877f8e..000000000000 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: CodeQL query suites -shortTitle: CodeQL query suites -intro: 'You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.' -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -redirect_from: - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/built-in-codeql-query-suites - - /code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites -type: reference -topics: - - Code scanning - - CodeQL ---- - -## About {% data variables.product.prodname_codeql %} query suites - -With {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can select a specific group of {% data variables.product.prodname_codeql %} queries, called a {% data variables.product.prodname_codeql %} query suite, to run against your code. The following built-in query suites are available through {% data variables.product.prodname_dotcom %}: - -* `default` query suite. -* `security-extended` query suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}. - -Currently, both the `default` query suite and the `security-extended` query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). For more information on configuring default setup at scale and recommending a query suite, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale). - -To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information on advanced setups and creating a query suite, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql) and [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites). - -## Built-in {% data variables.product.prodname_codeql %} query suites - -The built-in {% data variables.product.prodname_codeql %} query suites, `default` and `security-extended`, are created and maintained by {% data variables.product.prodname_dotcom %}. Both of these query suites are available for every {% data variables.product.prodname_codeql %}-supported language. For more information on {% data variables.product.prodname_codeql %}-supported languages, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql). - -### `default` query suite - -* The `default` query suite is the group of queries run by default in {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_dotcom %}. -* The queries in the `default` query suite are highly precise and return few false positive {% data variables.product.prodname_code_scanning %} results. Relative to the `security-extended` query suite, the `default` suite returns fewer low-confidence {% data variables.product.prodname_code_scanning %} results. -* This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}. - -### `security-extended` query suite - -* The `security-extended` query suite consists of all the queries in the `default` query suite, plus additional queries with slightly lower precision and severity. -* Relative to the `default` query suite, the `security-extended` suite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results. -* This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}. - -## Query lists for the default query suites - -For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where {% data variables.copilot.copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %} - -{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %} - -## Further reading - -* [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites) diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/github-actions-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/github-actions-built-in-queries.md deleted file mode 100644 index aade64bda13b..000000000000 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/github-actions-built-in-queries.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: GitHub Actions queries for CodeQL analysis -shortTitle: GitHub Actions queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze workflows used by {% data variables.product.prodname_actions %} when you select the `default` or the `security-extended` query suite.' -product: '{% data reusables.gated-features.codeql %}' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: reference -topics: - - Code scanning - - CodeQL ---- - -{% data variables.product.prodname_codeql %} includes many queries for analyzing workflows used by {% data variables.product.prodname_actions %}. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} - -## Built-in queries for workflow analysis - -{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %} - -{% data reusables.code-scanning.codeql-query-tables.actions %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/index.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/index.md deleted file mode 100644 index cb69333ce2f2..000000000000 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/index.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Managing your code scanning configuration -shortTitle: Manage code scanning -intro: 'You can manage your existing {% data variables.product.prodname_code_scanning %} configuration with the help of metrics and logging outputs generated by your analysis.' -product: '{% data reusables.gated-features.code-scanning %}' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /about-the-tool-status-page - - /editing-your-configuration-of-default-setup - - /set-code-scanning-merge-protection - - /enabling-delegated-alert-dismissal-for-code-scanning - - /codeql-query-suites - - /configuring-larger-runners-for-default-setup - - /viewing-code-scanning-logs - - /actions-built-in-queries - - /c-cpp-built-in-queries - - /csharp-built-in-queries - - /github-actions-built-in-queries - - /go-built-in-queries - - /java-kotlin-built-in-queries - - /javascript-typescript-built-in-queries - - /python-built-in-queries - - /ruby-built-in-queries - - /rust-built-in-queries - - /swift-built-in-queries ---- diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md deleted file mode 100644 index 7dab7afdb78c..000000000000 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Set code scanning merge protection -shortTitle: Set merge protection -intro: 'You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.' -permissions: '{% data reusables.permissions.security-org-enable %}' -product: '{% data reusables.gated-features.code-scanning %}' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -type: how_to -topics: - - Code scanning - - CodeQL ---- - -## About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection - -> [!NOTE] -> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks). -> * Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup. -> * All the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#specifying-the-location-for-source-files). - -You can use rulesets to prevent pull requests from being merged when one of the following conditions is met: - -{% data reusables.code-scanning.merge-protection-rulesets-conditions %} - -Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged. - -Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. For more information about how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). - -For more information about {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts). - -You can set merge protection with rulesets at the repository {% ifversion ghec or ghes %}or organization levels{% else %}level{% endif %}, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets. - -For more information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets). - -## Creating a merge protection ruleset for a repository - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.repo-rulesets-settings %} -1. Click **New ruleset**. -1. To create a ruleset targeting branches, click **New branch ruleset**. -{% data reusables.repositories.rulesets-general-step %} -{% data reusables.repositories.rulesets-require-code-scanning-results %} - -For more information about managing rulesets in a repository, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/). - -{% ifversion ghec or ghes %} - -## Creating a merge protection ruleset for all repositories in an organization - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.organizations.access-ruleset-settings %} -1. Click **New ruleset**. -1. To create a ruleset targeting branches, click **New branch ruleset**. -{% data reusables.repositories.rulesets-general-step %} -{% data reusables.repositories.rulesets-require-code-scanning-results %} - -For more information about managing rulesets for repositories in an organization, see [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization). - -{% endif %} - -## Creating a merge protection ruleset with the REST API - -You can use the REST API to create a ruleset with the `code_scanning` rule, which allows you to define specific tools and set alert thresholds. For more information, see [AUTOTITLE](/rest/repos/rules?apiVersion=2022-11-28#create-a-repository-ruleset). diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough.md b/content/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough.md deleted file mode 100644 index 45d2c4d745f8..000000000000 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Logs are not detailed enough -shortTitle: Logs not detailed enough -intro: 'If you''d like to increase the level of detail in your logs, try these steps.' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghes: '*' - ghec: '*' -redirect_from: - - /code-security/code-scanning/troubleshooting-code-scanning/logs-are-not-detailed-enough ---- - -If your logs are not detailed enough, there are several steps you can take to make them more useful. - -## Enable step debug logging - -You can enable step debug logging in {% data variables.product.prodname_actions %} to increase the verbosity of a job's logs during and after a job's execution. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). - -## Creating {% data variables.product.prodname_codeql %} debugging artifacts - -> [!WARNING] -> {% data variables.product.prodname_codeql %} debugging artifacts contain a copy of the source code being analyzed by {% data variables.product.prodname_codeql %}, therefore we suggest sharing these bundles only with people who are authorized to access that source code. - -You can obtain artifacts to help you debug {% data variables.product.prodname_codeql %}. -The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), extracted source code files, and any SARIF file(s) produced by the workflow. For more information about downloading {% data variables.product.prodname_codeql %} artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts). - -These artifacts will help you debug problems with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. If you contact GitHub support, they might ask for this data. - -### Creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs with debug logging enabled - -You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see [AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs). - -You need to ensure that you select **Enable debug logging**. This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download `debug-artifacts` to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs. - -### Creating {% data variables.product.prodname_codeql %} debugging artifacts using a workflow flag - -You can create {% data variables.product.prodname_codeql %} debugging artifacts by using a flag in your workflow. For this, you need to modify the `init` step of your {% data variables.code-scanning.codeql_workflow %} file and set `debug: true`. - -```yaml -- name: Initialize CodeQL - uses: {% data reusables.actions.action-codeql-action-init %} - with: - debug: true -``` diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/index.md b/content/code-security/code-scanning/troubleshooting-sarif-uploads/index.md deleted file mode 100644 index 1c0149b8e2a6..000000000000 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Troubleshooting SARIF uploads -intro: 'Learn how to resolve problems uploading SARIF files of {% data variables.product.prodname_code_scanning %} results to {% data variables.product.prodname_dotcom %}.' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - Integration -children: - - /ghas-required - - /default-setup-enabled - - /missing-token - - /sarif-invalid - - /file-too-large - - /results-exceed-limit -redirect_from: - - /code-security/code-scanning/troubleshooting-sarif ---- diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/index.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/index.md deleted file mode 100644 index 93dd23013097..000000000000 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/index.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Getting started with the CodeQL CLI -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to locally develop, test and run {% data variables.product.prodname_codeql %} queries on software projects.' -shortTitle: Getting started -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /about-the-codeql-cli - - /setting-up-the-codeql-cli - - /preparing-your-code-for-codeql-analysis - - /analyzing-your-code-with-codeql-queries - - /uploading-codeql-analysis-results-to-github - - /customizing-analysis-with-codeql-packs -redirect_from: - - /code-security/codeql-cli/using-the-codeql-cli ---- diff --git a/content/code-security/codeql-cli/index.md b/content/code-security/codeql-cli/index.md deleted file mode 100644 index 5838d18c1dd8..000000000000 --- a/content/code-security/codeql-cli/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Use the CodeQL CLI to secure your code -shortTitle: CodeQL CLI -allowTitleToDifferFromFilename: true -intro: 'Use {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_codeql %} analyses locally.' -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /getting-started-with-the-codeql-cli - - /using-the-advanced-functionality-of-the-codeql-cli - - /codeql-cli-manual ---- diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/index.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/index.md deleted file mode 100644 index 9abdd52bd070..000000000000 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/index.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Using the advanced functionality of the CodeQL CLI -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to locally develop, test and run {% data variables.product.prodname_codeql %} queries on software projects.' -product: '{% data reusables.gated-features.codeql %}' -shortTitle: Advanced functionality -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /advanced-setup-of-the-codeql-cli - - /about-codeql-workspaces - - /using-custom-queries-with-the-codeql-cli - - /creating-codeql-query-suites - - /testing-custom-queries - - /testing-query-help-files - - /creating-and-working-with-codeql-packs - - /publishing-and-using-codeql-packs - - /specifying-command-options-in-a-codeql-configuration-file - - /query-reference-files - - /sarif-output - - /csv-output - - /extractor-options - - /exit-codes - - /creating-database-bundle-for-troubleshooting -redirect_from: - - /code-security/codeql-cli/codeql-cli-reference ---- diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries.md deleted file mode 100644 index 4e388ae43285..000000000000 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Exploring data flow with path queries -shortTitle: Explore data flow -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Code Security - - Code scanning - - CodeQL -type: reference -intro: 'You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.' -redirect_from: - - /code-security/codeql-for-vs-code/exploring-data-flow-with-path-queries ---- - -## About path queries - -A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries. - -You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation. - -Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see [Next steps](#next-steps). - -## Running path queries in {% data variables.product.prodname_vscode_shortname %} locally - -1. Open a path query in {% data variables.product.prodname_vscode_shortname %}. -1. Right-click in the window with the query open, and select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}. -1. Once the query has finished running, you can see the results in the "Results" view (under `alerts` in the dropdown menu). Each query result describes the flow of information between a source and a sink. -1. Expand the result to see the individual steps that the data follows. -1. Click each step to jump to it in the source code and investigate the problem further. - -## Next steps - -{% ifversion codeql-vs-code-mrva %} - -When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis). - -{% endif %} - -For information about how to use the correct format and metadata for your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis. diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/index.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/index.md deleted file mode 100644 index 10ae6348e145..000000000000 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/index.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Getting started with the {% data variables.product.prodname_codeql %} for Visual Studio Code extension -shortTitle: Getting started -intro: 'The {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} makes it easy to run a query to find problems in codebases.' -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /about-codeql-for-vs-code - - /installing-codeql-for-vs-code - - /managing-codeql-databases - - /running-codeql-queries - - /exploring-data-flow-with-path-queries - - /running-codeql-queries-at-scale-with-multi-repository-variant-analysis -redirect_from: - - /code-security/codeql-for-vs-code/setting-up-codeql-in-visual-studio-code ---- diff --git a/content/code-security/codeql-for-vs-code/index.md b/content/code-security/codeql-for-vs-code/index.md deleted file mode 100644 index eabad0d0f0d4..000000000000 --- a/content/code-security/codeql-for-vs-code/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Use CodeQL inside Visual Studio Code -shortTitle: CodeQL for VS Code -allowTitleToDifferFromFilename: true -intro: 'Use the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension to write, run, and test {% data variables.product.prodname_codeql %} queries inside {% data variables.product.prodname_vscode %}.' -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /getting-started-with-codeql-for-vs-code - - /using-the-advanced-functionality-of-the-codeql-for-vs-code-extension - - /troubleshooting-codeql-for-vs-code ---- diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/index.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/index.md deleted file mode 100644 index 83b89930ee8c..000000000000 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/index.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Using the advanced functionality of the {% data variables.product.prodname_codeql %} for VS Code extension -shortTitle: Advanced functionality -intro: 'The {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} adds rich language support for {% data variables.product.prodname_codeql %} and supports writing queries to find problems in codebases.' -product: '{% data reusables.gated-features.codeql %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Code Security - - Code scanning - - CodeQL -children: - - /using-the-codeql-model-editor - - /creating-a-custom-query - - /managing-codeql-packs - - /exploring-the-structure-of-your-source-code - - /testing-codeql-queries-in-vs-code - - /customizing-settings - - /setting-up-a-codeql-workspace - - /configuring-access-to-the-codeql-cli - - /telemetry-in-codeql-for-visual-studio-code ---- diff --git a/content/code-security/code-quality/concepts/about-code-quality.md b/content/code-security/concepts/about-code-quality.md similarity index 93% rename from content/code-security/code-quality/concepts/about-code-quality.md rename to content/code-security/concepts/about-code-quality.md index 6d9b4bcd87b3..0e22b6e47814 100644 --- a/content/code-security/code-quality/concepts/about-code-quality.md +++ b/content/code-security/concepts/about-code-quality.md @@ -1,13 +1,18 @@ --- title: About GitHub Code Quality -shortTitle: About Code Quality -intro: 'Use {% data variables.product.prodname_code_quality %} to flag code quality issues in pull requests and repository scans, apply {% data variables.product.prodname_copilot_short %}-powered autofixes, and enforce standards with rulesets.' +shortTitle: GitHub Code Quality +allowTitleToDifferFromFilename: true +intro: Use {% data variables.product.prodname_code_quality %} to flag code quality issues in pull requests and repository scans, apply {% data variables.product.prodname_copilot_short %}-powered autofixes, and enforce standards with rulesets. product: '{% data reusables.gated-features.code-quality-availability %}' versions: feature: code-quality topics: - Code Quality contentType: concepts +redirect_from: + - /code-security/code-quality/concepts/about-code-quality + - /code-security/code-quality/concepts + - /code-security/code-quality --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md similarity index 98% rename from content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md rename to content/code-security/concepts/code-scanning/about-code-scanning-alerts.md index d42823b1d5da..84498e140b82 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md +++ b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md @@ -1,5 +1,6 @@ --- title: About code scanning alerts +shortTitle: Code scanning alerts intro: Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights. permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.code-scanning %}' @@ -9,11 +10,12 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts -type: overview + - /code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts topics: - Code Security - Code scanning - CodeQL +contentType: concepts --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/content/code-security/concepts/code-scanning/about-code-scanning.md similarity index 84% rename from content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md rename to content/code-security/concepts/code-scanning/about-code-scanning.md index bb7427c590eb..96cd5cbc74da 100644 --- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md +++ b/content/code-security/concepts/code-scanning/about-code-scanning.md @@ -1,6 +1,7 @@ --- title: About code scanning -intro: 'You can use {% data variables.product.prodname_code_scanning %} to find security vulnerabilities and errors in the code for your project on {% data variables.product.prodname_dotcom %}.' +shortTitle: Introduction +intro: You can use {% data variables.product.prodname_code_scanning %} to find security vulnerabilities and errors in the code for your project on {% data variables.product.prodname_dotcom %}. product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /github/managing-security-vulnerabilities/about-automated-code-scanning @@ -9,14 +10,15 @@ redirect_from: - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning + - /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Code scanning +contentType: concepts --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} @@ -34,20 +36,16 @@ If {% data variables.product.prodname_code_scanning %} finds a potential vulnera {% endif %} To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see -[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert). For information about API endpoints, see [AUTOTITLE](/rest/code-scanning). - -To get started with {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). +[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert). For information about API endpoints, see [AUTOTITLE](/rest/code-scanning/code-scanning). {% ifversion fpt or ghec %} -## About billing for {% data variables.product.prodname_code_scanning %} - -{% data variables.product.prodname_code_scanning_caps %} uses {% data variables.product.prodname_actions %}, and each run of a {% data variables.product.prodname_code_scanning %} workflow consumes minutes for {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). - -To use {% data variables.product.prodname_code_scanning %} on a private repository, you will also need a license for {% data variables.product.prodname_GH_code_security %}. {% data reusables.advanced-security.ghas-trial %} +{% data variables.product.prodname_code_scanning_caps %} uses {% data variables.product.prodname_actions %}, with each workflow run consuming {% data variables.product.prodname_actions %} minutes. If you want to use {% data variables.product.prodname_code_scanning %} on private repositories, you need a {% data variables.product.prodname_GH_code_security %} license. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). {% data reusables.advanced-security.ghas-trial %} {% endif %} +To get started with {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). + ## About tools for {% data variables.product.prodname_code_scanning %} You can configure {% data variables.product.prodname_code_scanning %} to use the {% data variables.product.prodname_codeql %} product maintained by {% data variables.product.company_short %} or a third-party {% data variables.product.prodname_code_scanning %} tool. diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning.md b/content/code-security/concepts/code-scanning/about-integration-with-code-scanning.md similarity index 84% rename from content/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning.md rename to content/code-security/concepts/code-scanning/about-integration-with-code-scanning.md index 897f4ceeccd8..7e3d8246dba3 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning.md +++ b/content/code-security/concepts/code-scanning/about-integration-with-code-scanning.md @@ -1,23 +1,24 @@ --- title: About integration with code scanning -shortTitle: About integration -intro: 'You can perform {% data variables.product.prodname_code_scanning %} externally and then display the results in {% data variables.product.prodname_dotcom %}, or configure webhooks that listen to {% data variables.product.prodname_code_scanning %} activity in your repository.' +shortTitle: Integration with code scanning +intro: You can perform {% data variables.product.prodname_code_scanning %} externally and then display the results in {% data variables.product.prodname_dotcom %}, or configure webhooks that listen to {% data variables.product.prodname_code_scanning %} activity in your repository. product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/about-integration-with-code-scanning - /code-security/secure-coding/about-integration-with-code-scanning - /code-security/secure-coding/integrating-with-code-scanning/about-integration-with-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning/about-integration-with-code-scanning + - /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Code scanning - Webhooks - Integration +contentType: concepts --- ## About integration with code scanning diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md b/content/code-security/concepts/code-scanning/codeql/about-code-scanning-with-codeql.md similarity index 94% rename from content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md rename to content/code-security/concepts/code-scanning/codeql/about-code-scanning-with-codeql.md index 715d80e42d21..7fd63e0d0ad5 100644 --- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md +++ b/content/code-security/concepts/code-scanning/codeql/about-code-scanning-with-codeql.md @@ -1,20 +1,21 @@ --- title: About code scanning with CodeQL -shortTitle: About CodeQL code scanning -intro: 'You can use {% data variables.product.prodname_codeql %} to identify vulnerabilities and errors in your code. The results are shown as {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.prodname_dotcom %}.' +shortTitle: CodeQL code scanning +intro: You can use {% data variables.product.prodname_codeql %} to identify vulnerabilities and errors in your code. The results are shown as {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.prodname_dotcom %}. product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql + - /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Code scanning - CodeQL +contentType: concepts --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md b/content/code-security/concepts/code-scanning/codeql/about-codeql-for-vs-code.md similarity index 92% rename from content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md rename to content/code-security/concepts/code-scanning/codeql/about-codeql-for-vs-code.md index aa5f947f004d..c805c19c4ef7 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md +++ b/content/code-security/concepts/code-scanning/codeql/about-codeql-for-vs-code.md @@ -1,6 +1,6 @@ --- title: About CodeQL for VS Code -shortTitle: About the extension +shortTitle: CodeQL for VS Code versions: fpt: '*' ghec: '*' @@ -10,10 +10,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can write, run, and test {% data variables.product.prodname_codeql %} queries inside {% data variables.product.prodname_vscode %} with the {% data variables.product.prodname_codeql %} extension.' +intro: You can write, run, and test {% data variables.product.prodname_codeql %} queries inside {% data variables.product.prodname_vscode %} with the {% data variables.product.prodname_codeql %} extension. redirect_from: - /code-security/codeql-for-vs-code/about-codeql-for-visual-studio-code + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code +contentType: concepts --- ## About {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces.md b/content/code-security/concepts/code-scanning/codeql/about-codeql-workspaces.md similarity index 98% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces.md rename to content/code-security/concepts/code-scanning/codeql/about-codeql-workspaces.md index bcc3465277bd..e31017373b11 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces.md +++ b/content/code-security/concepts/code-scanning/codeql/about-codeql-workspaces.md @@ -1,5 +1,6 @@ --- title: About CodeQL workspaces +shortTitle: CodeQL workspaces intro: '{% data variables.product.prodname_codeql %} workspaces allow you to develop and maintain a group of {% data variables.product.prodname_codeql %} packs that depend on each other.' product: '{% data reusables.gated-features.codeql %}' versions: @@ -13,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/about-codeql-workspaces - /code-security/codeql-cli/codeql-cli-reference/about-codeql-workspaces + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/about-codeql-workspaces +contentType: concepts --- ## About {% data variables.product.prodname_codeql %} workspaces diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli.md b/content/code-security/concepts/code-scanning/codeql/about-the-codeql-cli.md similarity index 95% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli.md rename to content/code-security/concepts/code-scanning/codeql/about-the-codeql-cli.md index 0ea0c8df55f5..e11ce95aed6b 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli.md +++ b/content/code-security/concepts/code-scanning/codeql/about-the-codeql-cli.md @@ -1,6 +1,7 @@ --- title: About the CodeQL CLI -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}.' +shortTitle: CodeQL CLI +intro: You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -22,6 +23,8 @@ redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-code-scanning-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli +contentType: concepts --- Software developers and security researchers can secure their code diff --git a/content/code-security/concepts/code-scanning/codeql/codeql-query-packs.md b/content/code-security/concepts/code-scanning/codeql/codeql-query-packs.md new file mode 100644 index 000000000000..0ea853f50743 --- /dev/null +++ b/content/code-security/concepts/code-scanning/codeql/codeql-query-packs.md @@ -0,0 +1,50 @@ +--- +title: CodeQL query packs +intro: You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup. +product: '{% data reusables.gated-features.codeql %}' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code scanning + - CodeQL +contentType: concepts +--- + +{% data reusables.code-scanning.codeql-cli-version-ghes %} + +## About {% data variables.product.prodname_codeql %} packs + +{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. {% data variables.product.prodname_codeql %} packs contain queries, library files, query suites, and metadata. You can customize your {% data variables.product.prodname_codeql %} analysis by downloading packs created by others and running them on your codebase. + +The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. + +## Types of {% data variables.product.prodname_codeql %} packs + +There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs. + +* Query packs contain a set of pre-compiled queries that can be evaluated on a {% data variables.product.prodname_codeql %} database. Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. + +* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. + +* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack). + +## Where to find query packs + +The standard {% data variables.product.prodname_codeql %} packs for all supported languages are published in the [{% data variables.product.prodname_container_registry %}](https://github.com/orgs/codeql/packages). If you installed the {% data variables.product.prodname_codeql_cli %} in the standard way, using the {% data variables.product.prodname_codeql_cli %} bundle, the core query packs are already downloaded and available to you. They are: + + * `codeql/cpp-queries` + * `codeql/csharp-queries` + * `codeql/go-queries` + * `codeql/java-queries` + * `codeql/javascript-queries` + * `codeql/python-queries` + * `codeql/ruby-queries` + * `codeql/swift-queries` + +For more information about compatibility between published query packs and different {% data variables.product.prodname_codeql %} releases, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility). + +You can also use the {% data variables.product.prodname_codeql_cli %} to create your own {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. + +You can publish {% data variables.product.prodname_codeql %} packs that you have created, using the {% data variables.product.prodname_codeql_cli %}. For more information on publishing and downloading {% data variables.product.prodname_codeql %} packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs). diff --git a/content/code-security/concepts/code-scanning/codeql/codeql-query-suites.md b/content/code-security/concepts/code-scanning/codeql/codeql-query-suites.md new file mode 100644 index 000000000000..8d15e99addbd --- /dev/null +++ b/content/code-security/concepts/code-scanning/codeql/codeql-query-suites.md @@ -0,0 +1,54 @@ +--- +title: CodeQL query suites +shortTitle: CodeQL query suites +intro: You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup. +product: '{% data reusables.gated-features.codeql %}' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +redirect_from: + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/built-in-codeql-query-suites + - /code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites + - /code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites +topics: + - Code scanning + - CodeQL +contentType: concepts +--- + +## What are query suites? + +Query suites allow you to pass multiple queries to {% data variables.product.prodname_codeql %} without having to specify the path to each query file individually. They provide a way of selecting queries based on their filename, metadata properties, or location on disk or in a {% data variables.product.prodname_codeql %} pack. + +You should use query suites for the queries that you want to frequently use in your {% data variables.product.prodname_codeql %} analyses. You can use a built-in query suite available through {% data variables.product.github %}, or you can create your own. + +## Built-in {% data variables.product.prodname_codeql %} query suites + +The built-in {% data variables.product.prodname_codeql %} query suites, `default` and `security-extended`, are created and maintained by {% data variables.product.prodname_dotcom %}. Both of these query suites are available with default setup for every {% data variables.product.prodname_codeql %}-supported language. + +Organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale). + +For a complete list of queries included in each query suite for every language, see [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries). + +### `default` query suite + +* The `default` query suite is the group of queries run by default in {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_dotcom %}. +* The queries in the `default` query suite are highly precise and return few false positive {% data variables.product.prodname_code_scanning %} results. Relative to the `security-extended` query suite, the `default` suite returns fewer low-confidence {% data variables.product.prodname_code_scanning %} results. +* This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}. + +### `security-extended` query suite + +* The `security-extended` query suite consists of all the queries in the `default` query suite, plus additional queries with slightly lower precision and severity. +* Relative to the `default` query suite, the `security-extended` suite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results. +* This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}. + +## Custom query suites + +To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). + +Query suite definitions are stored in YAML files with the extension `.qls`. A suite definition is a sequence of instructions, where each instruction is a YAML mapping with (usually) a single key. The instructions are executed in the order they appear in the query suite definition. After all the instructions in the suite definition have been executed, the result is a set of selected queries. For more information, see [AUTOTITLE](/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites). + +## Further reading + +* [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites) diff --git a/content/code-security/concepts/code-scanning/codeql/index.md b/content/code-security/concepts/code-scanning/codeql/index.md new file mode 100644 index 000000000000..008a3575d495 --- /dev/null +++ b/content/code-security/concepts/code-scanning/codeql/index.md @@ -0,0 +1,20 @@ +--- +title: Concepts for CodeQL +shortTitle: CodeQL +intro: Understand the core concepts behind {% data variables.product.prodname_codeql %} and how it helps you find vulnerabilities and errors in your code. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code scanning +contentType: concepts +children: + - /about-code-scanning-with-codeql + - /codeql-query-suites + - /about-the-codeql-cli + - /about-codeql-for-vs-code + - /about-codeql-workspaces + - /query-reference-files + - /codeql-query-packs +--- diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files.md b/content/code-security/concepts/code-scanning/codeql/query-reference-files.md similarity index 95% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files.md rename to content/code-security/concepts/code-scanning/codeql/query-reference-files.md index 74b51325aaeb..7a10739f5b56 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files.md +++ b/content/code-security/concepts/code-scanning/codeql/query-reference-files.md @@ -13,6 +13,8 @@ topics: redirect_from: - /code-security/codeql-cli/query-reference-files - /code-security/codeql-cli/codeql-cli-reference/query-reference-files + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/query-reference-files +contentType: concepts --- ## About query reference files diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md new file mode 100644 index 000000000000..53caf7afba9c --- /dev/null +++ b/content/code-security/concepts/code-scanning/index.md @@ -0,0 +1,23 @@ +--- +title: Concepts for code scanning +shortTitle: Code scanning +intro: Learn core concepts for {% data variables.product.github %}'s code scanning features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +redirect_from: + - /code-security/code-scanning/introduction-to-code-scanning +topics: + - Code Security + - Code scanning +contentType: concepts +children: + - /about-code-scanning + - /about-code-scanning-alerts + - /setup-types + - /about-integration-with-code-scanning + - /sarif-files + - /merge-protection + - /codeql +--- diff --git a/content/code-security/concepts/code-scanning/merge-protection.md b/content/code-security/concepts/code-scanning/merge-protection.md new file mode 100644 index 000000000000..e78a9f051c82 --- /dev/null +++ b/content/code-security/concepts/code-scanning/merge-protection.md @@ -0,0 +1,46 @@ +--- +title: Code scanning merge protection +shortTitle: Merge protection +intro: Code scanning rules prevent pull requests with potential vulnerabilities from being merged. +topics: + - Code Security + - Code scanning +product: 'Rulesets are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}. {% data reusables.gated-features.more-info %}' +permissions: 'Repository administrators and organization owners' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: concepts +--- + +## Rulesets for {% data variables.product.prodname_code_scanning %} merge protection + +A ruleset is a named list of rules that control how people can interact with branches and tags in your repositories. You can add {% data variables.product.prodname_code_scanning %} rules to rulesets to prevent pull requests from being merged when any of the following conditions are met: + +{% data reusables.code-scanning.merge-protection-rulesets-conditions %} + +Typically, you should use {% data variables.product.prodname_code_scanning %} merge protection on long-lived feature branches, where you want to guarantee code has been analyzed before pull requests can be merged. + +Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. To learn how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). + +> [!NOTE] +> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks). + +## Availability + +You can set {% data variables.product.prodname_code_scanning %} merge protection with rulesets: +* At the repository level +* At the organization level ({% data variables.product.prodname_enterprise %} plans only) + +## Exceptions and limitations + +Merge protection with rulesets will **not apply** to: +* Merge queue groups +* {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup + +Additionally, all the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations). + +## Next steps + +To configure a ruleset that requires {% data variables.product.prodname_code_scanning %} results, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection). diff --git a/content/code-security/concepts/code-scanning/sarif-files.md b/content/code-security/concepts/code-scanning/sarif-files.md new file mode 100644 index 000000000000..fca271bbb5ef --- /dev/null +++ b/content/code-security/concepts/code-scanning/sarif-files.md @@ -0,0 +1,31 @@ +--- +title: About SARIF files for code scanning +shortTitle: SARIF files +intro: SARIF files convert third-party analyses into alerts on {% data variables.product.github %}. +topics: + - Code Security + - Code scanning +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: concepts +--- + +>[!NOTE] If you use default setup for {% data variables.product.prodname_code_scanning %}, or an advanced setup that involves using {% data variables.product.prodname_actions %} to run the {% data variables.product.prodname_codeql %} action, then you don't need to interact with SARIF files. Scan results are uploaded and parsed as {% data variables.product.prodname_code_scanning %} alerts automatically. + +SARIF stands for _Static Analysis Results Interchange Format_. This is a JSON-based standard for storing results from static analysis tools. + +If you use a **third-party analysis tool or CI/CD system** to scan code for vulnerabilities, you can generate a SARIF file and upload it to {% data variables.product.github %}. {% data variables.product.github %} will parse the SARIF file and show alerts using the results in your repository as a part of the {% data variables.product.prodname_code_scanning %} experience. + +{% data variables.product.github %} uses properties in the SARIF file to display alerts. For example, the `shortDescription` and `fullDescription` appear at the top of a {% data variables.product.prodname_code_scanning %} alert. The `location` allows {% data variables.product.github %} to show annotations in your code file. + +This article explains how SARIF files are used on {% data variables.product.github %}. If you're new to SARIF and want to learn more, see Microsoft's [`SARIF tutorials`](https://github.com/microsoft/sarif-tutorials) repository. + +## Version requirements + +{% data variables.product.prodname_code_scanning_caps %} supports a subset of the [SARIF 2.1.0](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html) JSON schema. Ensure that SARIF files from third-party tools use this version. + +## Upload methods + +You can upload a SARIF file using {% data variables.product.prodname_actions %}, the {% data variables.product.prodname_code_scanning %} API, or the {% data variables.product.prodname_codeql_cli %}. The best upload method depends on how you generate the SARIF file. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github). diff --git a/content/code-security/concepts/code-scanning/setup-types.md b/content/code-security/concepts/code-scanning/setup-types.md new file mode 100644 index 000000000000..531f1335dc14 --- /dev/null +++ b/content/code-security/concepts/code-scanning/setup-types.md @@ -0,0 +1,90 @@ +--- +title: About setup types for code scanning +shortTitle: Setup types +intro: Depending on your needs, {% data variables.product.github %} offers a default or advanced setup for {% data variables.product.prodname_code_scanning %}. +topics: + - Code Security + - Code scanning +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: concepts +--- + +## About default setup + +Default setup for {% data variables.product.prodname_code_scanning %} is the quickest, easiest, most low-maintenance way to enable {% data variables.product.prodname_code_scanning %} for your repository. Based on the code in your repository, default setup will automatically create a custom {% data variables.product.prodname_code_scanning %} configuration. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in your repository will be scanned using {% data variables.product.prodname_codeql %}: + +* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches). +* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks. +* On a weekly schedule. + +### Supported languages + +{% data reusables.code-scanning.default-setup-pre-enablement-explanation %} + +If the code in a repository changes to include any {% data variables.product.prodname_codeql %}-supported languages, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage. + +## Customization of default setup + +After running an initial analysis of your code with default setup, you can make changes to your configuration to better meet your needs. + +If you need more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you should instead configure advanced setup. + +### Configuration options + +For existing configurations of default setup, you can edit: + +* Which languages default setup will analyze. +* The query suite run during analysis. For more information on the available query suites, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites). +* The threat models ({% data variables.release-phases.public_preview %}) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the {% data variables.release-phases.public_preview %}, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see [Including local sources of tainted data in default setup](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup). + +If your codebase depends on a library or framework that is not recognized by the standard libraries included with {% data variables.product.prodname_codeql %}, you can also extend the {% data variables.product.prodname_codeql %} coverage in default setup using {% data variables.product.prodname_codeql %} model packs. For more information, see [Extending CodeQL coverage with CodeQL model packs in default setup](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup). + +### Available runners + +You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages on self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. + +You can assign self-hosted runners for default setup by giving the runners {% ifversion code-scanning-default-setup-customize-labels %}the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}the `code-scanning` label.{% endif %} + +{% ifversion code-scanning-default-setup-customize-labels %} + +Unless you have a specific use case, we recommend that you only assign runners with the default `code-scanning` label. However, you may want to use custom labels to: + +* Assign more powerful self-hosted runners to critical repositories for faster {% data variables.product.prodname_code_scanning %} analysis. +* Run your {% data variables.product.prodname_code_scanning %} analyses on a particular platform (for example, macOS). +* Have granular control over the workload for your {% data variables.product.prodname_dotcom %}-hosted runners and self-hosted runners. + +{% endif %} + +## About advanced setup + +Advanced setup for {% data variables.product.prodname_code_scanning %} is helpful when you need to customize your {% data variables.product.prodname_code_scanning %}. You can set up {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_actions %} or an external continuous integration or continuous delivery/deployment (CI/CD) system. + +{% data reusables.code-scanning.about-multiple-configurations-link %} + +### With {% data variables.product.prodname_actions %} + +By creating and editing a {% data variables.product.prodname_actions %} workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use. + +{% ifversion ghes %} +Your site administrator can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions). +{% endif %} + +### With a third-party CI/CD system + +As an alternative to running {% data variables.product.prodname_code_scanning %} within {% data variables.product.github %} using {% data variables.product.prodname_actions %}, you can analyze code in an external CI/CD system, then upload the results to {% data variables.product.github %}. + +The {% data variables.product.prodname_codeql_cli %} is a standalone, command-line tool that you can use to analyze code. You can add the {% data variables.product.prodname_codeql_cli %} to your third-party system, or use another third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli) and [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning). + +Alerts for {% data variables.product.prodname_code_scanning %} that you generate externally are displayed in the same way as those for {% data variables.product.prodname_code_scanning %} that you generate within {% data variables.product.github %}. + +## Next steps + +You can enable default setup for a single repository, multiple repositories, or all repositories in an organization at the same time. + +* For a single repository, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning). +* For bulk enablement, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale). + +To configure advanced setup instead, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning). diff --git a/content/code-security/concepts/index.md b/content/code-security/concepts/index.md new file mode 100644 index 000000000000..edd87776204a --- /dev/null +++ b/content/code-security/concepts/index.md @@ -0,0 +1,24 @@ +--- +title: Concepts for security and code quality +shortTitle: Concepts +intro: Learn core concepts for {% data variables.product.github %}'s security and code quality features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: concepts +children: + - /secret-security + - /code-scanning + - /about-code-quality + - supply-chain-security + - /vulnerability-reporting-and-management + - /security-at-scale diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md b/content/code-security/concepts/secret-security/about-alerts.md similarity index 95% rename from content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md rename to content/code-security/concepts/secret-security/about-alerts.md index 71804d1c4919..fa0666477c11 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md +++ b/content/code-security/concepts/secret-security/about-alerts.md @@ -1,20 +1,22 @@ --- title: About secret scanning alerts -intro: 'Learn about the different types of {% data variables.secret-scanning.alerts %}.' +intro: Learn about the different types of {% data variables.secret-scanning.alerts %}. permissions: '{% data reusables.permissions.secret-scanning-alerts %}' product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Secret scanning - Secret Protection - Alerts - Repositories -shortTitle: About alerts +shortTitle: Secret scanning alerts allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts +contentType: concepts --- ## About types of alerts diff --git a/content/code-security/concepts/secret-security/about-bypass-requests-for-push-protection.md b/content/code-security/concepts/secret-security/about-bypass-requests-for-push-protection.md new file mode 100644 index 000000000000..02609d14e1e4 --- /dev/null +++ b/content/code-security/concepts/secret-security/about-bypass-requests-for-push-protection.md @@ -0,0 +1,68 @@ +--- +title: About bypass requests for push protection +intro: 'Learn how bypass requests work when push protection blocks commits containing secrets.' +permissions: '{% data reusables.permissions.delegated-bypass-list %}' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Secret scanning + - Secret Protection + - Alerts + - Repositories +shortTitle: Bypass requests +contentType: concepts +--- + +## About bypass requests for push protection + +When push protection blocks a commit containing a secret, contributors may need to bypass the block to complete their push. If delegated bypass for push protection is enabled, contributors without bypass privileges must submit a bypass request and wait for approval from designated reviewers. This allows organizations to maintain security oversight while enabling legitimate exceptions when needed. For more information, see [AUTOTITLE](/code-security/concepts/secret-security/about-delegated-bypass-for-push-protection). + +If delegated bypass for push protection is not enabled, contributors can bypass push protection at their own discretion. + +When enabling delegated bypass for push protection, organization owners or repository administrators decide which {% ifversion push-protection-bypass-fine-grained-permissions %}individuals, {% endif %}roles or teams can review (approve or deny) requests to bypass push protection. + +If you are a designated reviewer, you must review bypass requests and either approve or deny them based on the request details and your organization's security policies. + +## How bypass requests work + +When a contributor without bypass privileges requests to push a commit containing a secret, a bypass requests is sent to the reviewers. The designated group of reviewers: + +* Receives an email notification containing a link to the request +* Reviews the request in the "Bypass requests" page of the repository{% ifversion security-overview-delegated-bypass-requests %}, or in the organization's security overview{% endif %}. +* Has **7 days** to either approve or deny the request before the request expires + +### Information available to reviewers + +{% data variables.product.github %} displays the following information for each request: + +* Name of the user who attempted the push +* Repository where the push was attempted +* Commit hash of the push +* Timestamp of the push{% ifversion push-protection-delegated-bypass-enhancements %} +* File path and branch information (branch information is only available for pushes to single branches){% endif %} + +### Outcomes + +The contributor is notified by email of the decision and must take the required action: + +* **If the request is approved**: The contributor can push the commit containing the secret to the repository. +* **If the request is denied**: The contributor must remove the secret from the commit before successfully pushing the commit to the repository. + +## Automatic bypass request reviews + +You can use {% data variables.product.prodname_github_apps %} with fine-grained permissions to programmatically review and approve push protection bypass requests. This enables you to enforce consistent security policies, integrate with external security tools, or reduce manual review burden. + +{% ifversion ghes %} + +>[!NOTE] +> For {% data variables.product.prodname_ghe_server %}, the use of {% data variables.product.prodname_github_apps %} to review bypass requests is available from version 3.19. + +{% endif %} + +> For more information about permissions, see [Organization permissions for "Organization bypass requests for secret scanning"](/enterprise-cloud@latest/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#organization-permissions-for-organization-bypass-requests-for-secret-scanning). + +## Next steps + +* To learn how to manage bypass requests for push protection as a reviewer, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/manage-bypass-requests/managing-requests-to-bypass-push-protection). diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md b/content/code-security/concepts/secret-security/about-delegated-bypass-for-push-protection.md similarity index 79% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md rename to content/code-security/concepts/secret-security/about-delegated-bypass-for-push-protection.md index ed96fac24dd6..2f997bb99bb1 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md +++ b/content/code-security/concepts/secret-security/about-delegated-bypass-for-push-protection.md @@ -6,19 +6,22 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Secret scanning - Secret Protection - Alerts - Repositories -shortTitle: About delegated bypass +shortTitle: Delegated bypass +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection +contentType: concepts --- -## About delegated bypass for push protection - {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} +## About delegated bypass for push protection + When push protection is enabled for a repository, users with write access can bypass push protection and push a secret if they provide a reason and the bypass is approved. With delegated bypass for push protection, you can: @@ -30,7 +33,7 @@ With delegated bypass for push protection, you can: To set up delegated bypass, organization owners or repository administrators create a list of users with bypass privileges. This designated list of users can then: * Bypass push protection, by specifying a reason for bypassing the block. -* Manage (approve or deny) bypass requests coming from all other contributors. These requests are located in the "Push protection bypass" page in the **Security** tab of the repository. +* Manage (approve or deny) bypass requests coming from all other contributors. These requests are located in the "Push protection bypass" page in the **Security** tab of the repository, and will expire after 7 days. For more information about bypass requests, see [AUTOTITLE](/code-security/concepts/secret-security/about-bypass-requests-for-push-protection). The following types of users can always bypass push protection without having to request bypass privileges: * Organization owners diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/concepts/secret-security/about-push-protection.md similarity index 95% rename from content/code-security/secret-scanning/introduction/about-push-protection.md rename to content/code-security/concepts/secret-security/about-push-protection.md index 923f97fbb630..5e2b86f23b02 100644 --- a/content/code-security/secret-scanning/introduction/about-push-protection.md +++ b/content/code-security/concepts/secret-security/about-push-protection.md @@ -1,6 +1,6 @@ --- title: About push protection -intro: 'Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.{% ifversion secret-scanning-push-protection-for-users %} Push protection can be applied at the repository, organization, and user account level{% else %} You can apply push protection at repository or organization level{% endif %}.' +intro: Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.{% ifversion secret-scanning-push-protection-for-users %} Push protection can be applied at the repository, organization, and user account level{% else %} You can apply push protection at repository or organization level{% endif %}. product: '{% data reusables.gated-features.push-protection-for-repos %}' versions: fpt: '*' @@ -10,13 +10,14 @@ redirect_from: - /early-access/code-security/secret-scanning/protecting-pushes-with-secret-scanning - /code-security/secret-scanning/protecting-pushes-with-secret-scanning - /code-security/secret-scanning/push-protection-for-repositories-and-organizations -type: overview + - /code-security/secret-scanning/introduction/about-push-protection topics: - Secret scanning - Secret Protection - Alerts - Repositories shortTitle: Push protection +contentType: concepts --- ## About push protection diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md b/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md similarity index 81% rename from content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md rename to content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md index d69f24a76854..b526b75ce4a7 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md +++ b/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md @@ -1,15 +1,17 @@ --- title: About secret scanning for partners -intro: 'When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems.' +intro: When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems. product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}' versions: fpt: '*' ghec: '*' -type: overview topics: - Secret scanning - Secret Protection shortTitle: Secret scanning for partners +redirect_from: + - /code-security/secret-scanning/introduction/about-secret-scanning-for-partners +contentType: concepts --- ## About {% data variables.secret-scanning.partner_alerts %} diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/concepts/secret-security/about-secret-scanning.md similarity index 99% rename from content/code-security/secret-scanning/introduction/about-secret-scanning.md rename to content/code-security/concepts/secret-security/about-secret-scanning.md index 2bbc52e356d1..524ded0d9457 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md +++ b/content/code-security/concepts/secret-security/about-secret-scanning.md @@ -12,15 +12,16 @@ redirect_from: - /github/administering-a-repository/about-secret-scanning - /code-security/secret-security/about-secret-scanning - /code-security/secret-scanning/about-secret-scanning + - /code-security/secret-scanning/introduction/about-secret-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Secret scanning - Secret Protection shortTitle: Secret scanning +contentType: concepts --- ## About {% data variables.product.prodname_secret_scanning %} @@ -124,7 +125,6 @@ Define your own patterns for secrets used by your organization that {% data vari * [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository) * [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection) -* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection) * [AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization) * [AUTOTITLE](/code-security/getting-started/securing-your-repository) * [AUTOTITLE](/authentication/keeping-your-account-and-data-secure) diff --git a/content/code-security/concepts/secret-security/about-secret-security-with-github.md b/content/code-security/concepts/secret-security/about-secret-security-with-github.md new file mode 100644 index 000000000000..a741c63bebc1 --- /dev/null +++ b/content/code-security/concepts/secret-security/about-secret-security-with-github.md @@ -0,0 +1,69 @@ +--- +title: About secret security with GitHub +shortTitle: Secret protection tools +intro: Learn how {% data variables.product.github %}'s security tools can help you identify, remediate, and prevent secret leaks. +product: '{% data reusables.gated-features.secret-protection %}' +permissions: Organizations on {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} +contentType: concepts +versions: + feature: secret-risk-assessment +topics: + - Code Security + - Secret scanning + - Secret Protection + - Organizations + - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-security-with-github +--- + +{% data variables.product.github %} provides tools to help you understand and address your organization's exposure to leaked secrets: + +- **Secret risk assessment**: A free, on-demand scan that reveals your organization's current exposure to leaked secrets. +- **{% data variables.product.prodname_GH_secret_protection %}**: A comprehensive suite of features that detects existing secrets and prevents new leaks across your repositories. + +## Secret risk assessment + +The secret risk assessment provides organization owners and security managers with a free point-in-time scan of their organization's repositories to identify leaked secrets like API keys, tokens, and passwords. + +{% data variables.secret-scanning.secret-risk-assessment-cta-product %} + +### What the assessment shows + +The assessment report includes: + +- **Total secrets detected**: The aggregate count of exposed secrets in your organization. +- **Public leaks**: Secrets found in public repositories that are accessible to anyone. +- **Preventable leaks**: Secrets that could have been blocked with push protection enabled. +- **Secret categories**: The distribution of secret types (such as AWS keys, {% data variables.product.github %} tokens, or generic passwords). + +### Why assess your risk + +Regular assessment helps prevent: +* Unauthorized access to your systems and data +* Service disruptions from compromised credentials +* Regulatory compliance issues +* Financial loss from resource misuse +* Reputational damage from security incidents + +## {% data variables.product.prodname_GH_secret_protection %} + +{% data variables.product.prodname_GH_secret_protection %} is a {% data variables.product.prodname_GH_advanced_security %} product containing a suite of features designed to prevent, detect, and assist in remediating secret leaks in your organization. + +While the {% data variables.product.prodname_secret_risk_assessment %} provides a point-in-time view of your organization's current secret exposure, {% data variables.product.prodname_GH_secret_protection %}: + +* **Implements continuous monitoring** and expands scanned surfaces beyond code to include pull requests, issues, wikis, and discussions +* **Prevents secret leaks** by blocking commits containing secrets before they are saved to {% data variables.product.github %} +* **Creates actionable alerts** that can be grouped into campaigns and assigned to team members for remediation +* **Meets your specific needs** by scanning for patterns unique to your organization and unstructured secrets like passwords +* **Supports governance at scale** with settings dictating who can bypass protections and dismiss alerts +* **Surfaces key analytics** through a view dedicated to your organization's secret security + +Through these features, {% data variables.product.prodname_GH_secret_protection %} provides complete coverage for your organization, reducing the risk of costly secret leaks and high-effort remediation processes. + +For more information about the specific features of {% data variables.product.prodname_GH_secret_protection %}, see [AUTOTITLE](/code-security/getting-started/github-security-features#available-with-github-secret-protection). + +## Next steps + +Now that you know how {% data variables.product.github %} can help keep your secrets safe, you should assess your organization's current exposure to leaked secrets. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk). diff --git a/content/code-security/concepts/secret-security/github-secret-types.md b/content/code-security/concepts/secret-security/github-secret-types.md new file mode 100644 index 000000000000..673f21d55885 --- /dev/null +++ b/content/code-security/concepts/secret-security/github-secret-types.md @@ -0,0 +1,29 @@ +--- +title: GitHub secret types +intro: Learn about the different types of secrets used by {% data variables.product.github %}. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret scanning + - Secret Protection + - Dependabot + - Actions + - Codespaces +contentType: concepts +--- + +{% data variables.product.github %} secrets are used to securely store sensitive information like API keys, tokens, and passwords in repositories. + +When you store the sensitive information as a {% data variables.product.github %} secret, you remove the need to hardcode the credential or key, and prevent exposure of it in your code or logs. The secret can then be used to authenticate services, manage credentials, and securely pass sensitive data in workflows. + +There are {% ifversion fpt or ghec %}three {% else %}two {% endif %}types of secrets used by {% data variables.product.github %}: + +* {% data variables.product.prodname_dependabot %} secrets +* Actions secrets{% ifversion fpt or ghec %} +* {% data variables.product.prodname_codespaces %} secrets{% endif %} + +Depending on the {% data variables.product.github %} secret type, you can create and manage secrets under your repository, organization, or personal account security settings page. + +For information on the usage, scope, permissions, and limitations of each secret type, see [AUTOTITLE](/code-security/reference/secret-security/understanding-github-secret-types). diff --git a/content/code-security/concepts/secret-security/index.md b/content/code-security/concepts/secret-security/index.md new file mode 100644 index 000000000000..c787ea7932b2 --- /dev/null +++ b/content/code-security/concepts/secret-security/index.md @@ -0,0 +1,27 @@ +--- +title: Concepts for secret security +shortTitle: Secret security +intro: Learn core concepts for {% data variables.product.github %}'s secret security features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: concepts +children: + - /about-secret-scanning + - /about-push-protection + - /about-secret-security-with-github + - /about-alerts + - /about-delegated-bypass-for-push-protection + - /about-bypass-requests-for-push-protection + - /about-secret-scanning-for-partners + - /github-secret-types + - /push-protection-from-the-command-line + - /working-with-push-protection-and-the-github-mcp-server + - /working-with-push-protection-from-the-rest-api +redirect_from: + - /code-security/secret-scanning/introduction +--- diff --git a/content/code-security/concepts/secret-security/push-protection-from-the-command-line.md b/content/code-security/concepts/secret-security/push-protection-from-the-command-line.md new file mode 100644 index 000000000000..b236334068c3 --- /dev/null +++ b/content/code-security/concepts/secret-security/push-protection-from-the-command-line.md @@ -0,0 +1,31 @@ +--- +title: Push protection from the command line +shortTitle: Command line protection +intro: Understand how {% data variables.product.github %} uses push protection to prevent secret leaks from the command line. +permissions: '{% data reusables.permissions.push-protection-resolve-block %}' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret scanning + - Secret Protection + - Alerts + - Repositories +contentType: concepts +--- + +Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets. + +When you attempt to push a supported secret from the command line to a repository secured by push protection, {% data variables.product.prodname_dotcom %} will block the push. + +You should either: + +* **Remove** the secret from your branch. For more information, see [Resolving a blocked push](/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line#resolving-a-blocked-push). +* **Follow a provided URL** to see what options are available to you to allow the push. For more information, see [Bypassing push protection](/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line#bypassing-push-protection) and [Requesting bypass privileges](/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line#requesting-bypass-privileges). + +Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret. + +If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository). + +{% data reusables.secret-scanning.push-protection-multiple-branch-note %} diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server.md b/content/code-security/concepts/secret-security/working-with-push-protection-and-the-github-mcp-server.md similarity index 79% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server.md rename to content/code-security/concepts/secret-security/working-with-push-protection-and-the-github-mcp-server.md index 0f857fe6f5db..f66820d1030a 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server.md +++ b/content/code-security/concepts/secret-security/working-with-push-protection-and-the-github-mcp-server.md @@ -1,18 +1,20 @@ --- title: Working with push protection and the GitHub MCP server shortTitle: Push protection and the GitHub MCP server -intro: 'Learn how you are protected from leaking secrets during interactions with the {% data variables.product.github %} MCP server, and how to bypass a push protection block if you need to.' -product: 'Public repositories on {% data variables.product.prodname_dotcom_the_website %}' +intro: Learn how you are protected from leaking secrets during interactions with the {% data variables.product.github %} MCP server, and how to bypass a push protection block if you need to. +product: Public repositories on {% data variables.product.prodname_dotcom_the_website %} permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: feature: copilot -type: how_to topics: - Secret scanning - Secret Protection - Alerts - Repositories - Copilot +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server +contentType: concepts --- ## About push protection and the {% data variables.product.github %} MCP server diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md b/content/code-security/concepts/secret-security/working-with-push-protection-from-the-rest-api.md similarity index 80% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md rename to content/code-security/concepts/secret-security/working-with-push-protection-from-the-rest-api.md index 7f765bef0931..b22021be8bd4 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md +++ b/content/code-security/concepts/secret-security/working-with-push-protection-from-the-rest-api.md @@ -1,16 +1,18 @@ --- title: Working with push protection from the REST API shortTitle: Push protection from the REST API -intro: 'Learn your options for unblocking your push to {% data variables.product.prodname_dotcom %} using the REST API if {% data variables.product.prodname_secret_scanning %} detects a secret in the content of your API request.' +intro: Learn your options for unblocking your push to {% data variables.product.prodname_dotcom %} using the REST API if {% data variables.product.prodname_secret_scanning %} detects a secret in the content of your API request. permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: feature: secret-scanning-push-protection-content-endpoints -type: how_to topics: - Secret scanning - Secret Protection - Alerts - Repositories +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api +contentType: concepts --- ## About push protection from the REST API diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md b/content/code-security/concepts/security-at-scale/about-enabling-security-features-at-scale.md similarity index 72% rename from content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md rename to content/code-security/concepts/security-at-scale/about-enabling-security-features-at-scale.md index adab203f4061..5e19e99c81cc 100644 --- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md +++ b/content/code-security/concepts/security-at-scale/about-enabling-security-features-at-scale.md @@ -1,7 +1,7 @@ --- title: About enabling security features at scale -shortTitle: About organization security -intro: 'You can quickly secure your organization at scale with {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}.' +shortTitle: Organization security +intro: You can quickly secure your organization at scale with {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}. versions: feature: security-configurations topics: @@ -9,6 +9,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale +contentType: concepts --- ## About securing your organization @@ -37,29 +40,19 @@ For more information on purchasing {% data variables.product.prodname_GH_cs_or_s There are two types of {% data variables.product.prodname_security_configuration %}: -* **The {% data variables.product.prodname_github_security_configuration %}**. This configuration is a collection of enablement settings created and managed by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to adequately secure any repository, and can easily be applied to all repositories in your organization. -* **{% data variables.product.prodname_custom_security_configurations_caps %}**. These are configurations you can create and edit yourself, allowing you to choose different enablement settings for groups of repositories with specific security needs. +* **The {% data variables.product.prodname_github_security_configuration %}**, which is a collection of enablement settings created and managed by subject matter experts at {% data variables.product.company_short %} +* **{% data variables.product.prodname_custom_security_configurations_caps %}**, which are configurations you can create and edit yourself, allowing you to meet your specific security needs -{% endif %} - -{% ifversion security-configurations-ghes-only %} +For more detailed information on {% data variables.product.prodname_security_configurations %}, see [AUTOTITLE](/code-security/concepts/security-at-scale/security-configurations). -You can customize {% data variables.product.prodname_security_configurations %}, allowing you to choose different enablement settings for groups of repositories with specific security needs. +{% elsif security-configurations-ghes-only %} -You will only ever see enablement settings for features that have been installed on your {% data variables.product.prodname_ghe_server %} instance by an enterprise administrator. +{% data reusables.security-configurations.custom-configuration-intro-ghes %} To learn how to create {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). {% endif %} -{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %} - -Each repository can only have one {% data variables.product.prodname_security_configuration %} applied to it. {% ifversion security-configurations-cloud %}To find out how you should get started with {% data variables.product.prodname_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories).{% endif %} - -{% ifversion security-configurations-api %} -You can also create and manage security configurations using the REST API. For more information, see [AUTOTITLE](/rest/code-security/configurations). -{% endif %} - ## About {% data variables.product.prodname_global_settings %} While {% data variables.product.prodname_security_configurations %} determine repository-level security settings, {% data variables.product.prodname_global_settings %} determine your organization-level security settings, which are then inherited by all repositories. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization{% ifversion ghes < 3.16 %}, as well as grant a team permission to manage security alerts and settings across your organization{% endif %}. diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns.md b/content/code-security/concepts/security-at-scale/about-security-campaigns.md similarity index 76% rename from content/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns.md rename to content/code-security/concepts/security-at-scale/about-security-campaigns.md index 41bbbff92289..cbb16ab8d2e2 100644 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns.md +++ b/content/code-security/concepts/security-at-scale/about-security-campaigns.md @@ -1,10 +1,9 @@ --- -title: 'About security campaigns' -shortTitle: 'About security campaigns' -intro: 'You can fix security alerts at scale by creating security campaigns and collaborating with developers to burn down your security backlog.' +title: About security campaigns +shortTitle: Security campaigns +intro: You can fix security alerts at scale by creating security campaigns and collaborating with developers to burn down your security backlog. product: '{% data reusables.gated-features.security-campaigns %}' allowTitleToDifferFromFilename: true -type: overview audience: - driver contentType: concepts @@ -15,6 +14,8 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns --- Once you have identified security alerts the next step is to identify the most urgent alerts and get them fixed. Security campaigns are a way to group alerts and share them with developers, so you can collaborate to remediate vulnerabilities in the code{% ifversion security-campaigns-secrets %} and any exposed secrets{% endif %}. @@ -37,6 +38,9 @@ A security campaign has many benefits over other ways of encouraging developers * Developers can see the alerts you've highlighted for remediation without leaving their normal workflows. * Each campaign has a named point of contact for questions, reviews, and collaboration. {% ifversion security-campaigns-autofix %} * For {% data variables.product.prodname_code_scanning %} alerts, {% data variables.copilot.copilot_autofix %} is automatically triggered to suggest a resolution. {% endif %} +{%- ifversion code-secret-alert-assignees %} +* For both {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, you can assign alerts in a campaign to users with write access{% ifversion copilot %} or to {% data variables.copilot.copilot_coding_agent %} to automatically generate pull requests with fixes{% endif %}. +{%- endif %} You can use one of the templates to select a group of closely related alerts for a campaign. This allows developers to build on the knowledge gained by resolving one alert and use it to fix several more, providing them with an incentive to fix multiple alerts. @@ -68,15 +72,30 @@ The creation workflow is the same for all campaigns, but you will notice a few d {% ifversion code-secret-alert-assignees %} -## Assigning alerts{% ifversion security-campaigns-assign-to-cca %} to users and {% data variables.copilot.copilot_coding_agent %}{% endif %} +## About assigning alerts{% ifversion security-campaigns-assign-to-cca %} to users and {% data variables.copilot.copilot_coding_agent %}{% endif %} + +{% ifversion code-secret-alert-assignees-ga %}{% elsif ghes = 3.20 %} >[!NOTE] > The option to assign {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %} alerts is currently in public preview and is subject to change. +{% endif %} + You can assign a {% data variables.product.prodname_code_scanning %} or {% data variables.product.prodname_secret_scanning %} alert to any user who has **write** access for the repository. If the assignee for a {% data variables.product.prodname_secret_scanning %} alert **cannot view the alert list**, their permissions are temporarily raised for that alert. Any additional permissions are revoked when they are unassigned from the alert. +{% ifversion code-secret-alert-assignees-ga %} + +{% data variables.product.github %} notifies users: + +* When they are assigned to an alert +* When that alert is dismissed + +For {% data variables.product.prodname_code_scanning %}, you can also perform some of these operations programmatically using the REST API, such as assigning or unassigning users to alerts, and filtering alerts by assignee. For more information, see [AUTOTITLE](/rest/reference/code-scanning) in the REST API documentation. Additionally, webhooks are available to notify you when an alert is assigned or an assignment is removed. + +{% endif %} + {% ifversion security-campaigns-assign-to-cca %} If an autofix has been generated for alerts in a security campaign, you can select those alerts and assign them to {% data variables.copilot.copilot_coding_agent %}. {% data variables.product.prodname_copilot_short %} will create a pull request and add you as a requested reviewer. See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign#assigning-alerts-to-copilot-coding-agent). diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/concepts/security-at-scale/about-security-overview.md similarity index 67% rename from content/code-security/security-overview/about-security-overview.md rename to content/code-security/concepts/security-at-scale/about-security-overview.md index 425c5034f324..b884eb39f4ff 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/concepts/security-at-scale/about-security-overview.md @@ -1,6 +1,7 @@ --- title: About security overview -intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.' +shortTitle: Security overview +intro: You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview. product: | {% data reusables.gated-features.security-overview-general %}{% ifversion secret-risk-assessment %} @@ -8,11 +9,12 @@ product: | redirect_from: - /code-security/security-overview/exploring-security-alerts - /code-security/security-overview/about-the-security-overview + - /code-security/security-overview/about-security-overview + - /code-security/security-overview versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Security overview - Code Security @@ -23,6 +25,7 @@ topics: - Organizations - Secret scanning - Teams +contentType: concepts --- {% ifversion fpt %} @@ -70,7 +73,7 @@ There are dedicated views for each type of security alert. You can limit your an The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, the team can use the "Overview" dashboard view to track your organization's security landscape and progression. {% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).{% endif %} -You can find security overview on the **Security** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see [Permission to view data in security overview](#permission-to-view-data-in-security-overview). +You can find security overview on the **Security** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. Security overview has multiple views that provide different ways to explore enablement and alert data. @@ -94,53 +97,23 @@ You can find security overview on the **Security** tab for your enterprise. Each As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data. -For information about permissions, see [Permission to view data in security overview](#permission-to-view-data-in-security-overview). +## Access to data in security overview -## Permission to view data in security overview +What you can see in security overview depends on your role and permissions in the organization or enterprise. -### Organization-level overview +In general: -If you are an **owner or security manager** for an organization, you can see data for all the repositories in the organization in all views. +* **Organization owners and security managers** can view security data across all repositories in their organization. +* **Organization members** can view data only for repositories where they have access to security alerts. +* **Enterprise owners** can view aggregated security data in the enterprise-level security overview for organizations where they are an organization owner or security manager. To see repository-level details, they must have the appropriate role within the organization. -If you are an **organization or team member**, you can view security overview for the organization and see data for repositories where you have an appropriate level of access. +Security overview displays data only for repositories you have permission to view, and some views or actions may be limited based on your role. -{% ifversion secret-risk-assessment %} - -> [!TIP] The Assessments view, which is not shown in the table below, is only available to organization owners and security managers. - -{% endif %} - -{% rowheaders %} - -| Organization or team member with | Overview dashboard view | Risk and alerts views | Coverage view | -|--------------------|-------------|---------------------|---------| -| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories{% ifversion pre-security-configurations %}, and enable and disable security features{% endif %} | -| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access | -| `read` or `triage` access for one or more repositories | No access | No access | No access | -| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access | -| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories | View allowed alert data for all repositories in all views | No access | - -{% endrowheaders %} - -> [!NOTE] -> To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories. - -For more information about access to security alerts and related views, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security). - -### Enterprise-level overview - -> [!NOTE] -> If you are an **enterprise owner**, you will need to join an organization as an organization owner to view data for the organization's repositories in both the organization-level and enterprise-level overview.{% ifversion secret-scanning-user-owned-repos %} {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}{% endif %} For more information, see [AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise). - -In the enterprise-level security overview, you can see data for all organizations where you are an **organization owner or security manager**. - -{% ifversion ghec %} -If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can view data from user-owned repositories in security overview and filter by repository owner type. For more information on {% data variables.enterprise.prodname_managed_users %}, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users). -{% endif %} +For detailed, role-by-role permission information, including which views are available and how repository access affects visibility, see [AUTOTITLE](/code-security/reference/permissions/security-overview-permissions). ## Further reading -* [AUTOTITLE](/code-security/getting-started/securing-your-repository){% ifversion security-configurations %} -* [AUTOTITLE](/code-security/securing-your-organization){% else %} -* [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization){% endif %} +* [AUTOTITLE](/code-security/getting-started/securing-your-repository){% ifversion fpt or ghec %} +* [AUTOTITLE](/code-security/securing-your-organization){% elsif ghes %} +* [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage){% endif %} * [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale) diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md b/content/code-security/concepts/security-at-scale/about-supply-chain-security-for-your-enterprise.md similarity index 89% rename from content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md rename to content/code-security/concepts/security-at-scale/about-supply-chain-security-for-your-enterprise.md index d0d39008a3c2..e5b19841d439 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md +++ b/content/code-security/concepts/security-at-scale/about-supply-chain-security-for-your-enterprise.md @@ -1,17 +1,18 @@ --- title: About supply chain security for your enterprise intro: You can enable features that help your developers understand and update the dependencies their code relies on. -shortTitle: About supply chain security +shortTitle: Supply chain security permissions: '' versions: ghes: '*' -type: how_to topics: - Enterprise - Security - Dependency graph redirect_from: - /admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise + - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise +contentType: concepts --- You can allow users to identify their projects' dependencies by enabling the dependency graph for {% data variables.product.prodname_ghe_server %}. For more information, see [Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise). diff --git a/content/code-security/getting-started/auditing-security-alerts.md b/content/code-security/concepts/security-at-scale/auditing-security-alerts.md similarity index 95% rename from content/code-security/getting-started/auditing-security-alerts.md rename to content/code-security/concepts/security-at-scale/auditing-security-alerts.md index 828b49091621..68757be5180a 100644 --- a/content/code-security/getting-started/auditing-security-alerts.md +++ b/content/code-security/concepts/security-at-scale/auditing-security-alerts.md @@ -5,7 +5,6 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Repositories - Dependencies @@ -14,6 +13,9 @@ topics: - Code Security - Secret Protection shortTitle: Audit security alerts +redirect_from: + - /code-security/getting-started/auditing-security-alerts +contentType: concepts --- ## About security tools for auditors @@ -68,7 +70,7 @@ You can use the API to list and interact with security alerts, for example, gett You can list all {% data variables.product.prodname_dependabot %} alerts for a repository, organization, or enterprise, or use path parameters to list only alerts that meet a specific set of criteria. For example, you might only want to list {% data variables.product.prodname_dependabot %} alerts for Maven that were dismissed. Alternatively, you can get full details for an alert or update the alert. -For more information, see [{% data variables.product.prodname_dependabot %} alerts](/rest/dependabot/alerts#about-dependabot-alerts). +For more information, see [AUTOTITLE](/rest/dependabot/alerts#about-dependabot-alerts). ### {% data variables.product.prodname_secret_scanning_caps %} alerts API @@ -76,13 +78,13 @@ You can list all {% data variables.product.prodname_secret_scanning %} alerts fo To see which {% data variables.product.prodname_secret_scanning %} alerts were the result of a push protection bypass, filter the results for `"push_protection_bypassed": true`. -For more information, see [{% data variables.product.prodname_secret_scanning_caps %}](/rest/secret-scanning). +For more information, see [AUTOTITLE](/rest/secret-scanning). ### {% data variables.product.prodname_code_scanning_caps %} alerts API You can list all {% data variables.product.prodname_code_scanning %} alerts for a repository, organization, or enterprise, or use path parameters to list only alerts that meet a specific set of criteria. Alternatively, you can get full details for an alert or update the alert. -For more information, see [{% data variables.product.prodname_code_scanning_caps %}](/rest/code-scanning). +For more information, see [AUTOTITLE](/rest/code-scanning/code-scanning). ## Further reading diff --git a/content/code-security/concepts/security-at-scale/index.md b/content/code-security/concepts/security-at-scale/index.md new file mode 100644 index 000000000000..bf47d01ead33 --- /dev/null +++ b/content/code-security/concepts/security-at-scale/index.md @@ -0,0 +1,29 @@ +--- +title: Concepts for security at scale +shortTitle: Security at scale +intro: Learn about the concepts behind managing code security at scale in your organization or enterprise. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Secret Protection + - Organizations + - Security + - Advanced Security + - Enterprise +contentType: concepts +children: + - /about-enabling-security-features-at-scale + - /security-configurations + - /about-security-overview + - /about-security-campaigns + - /auditing-security-alerts + - /about-supply-chain-security-for-your-enterprise +redirect_from: + - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise + - /admin/code-security/managing-supply-chain-security-for-your-enterprise + - /admin/managing-code-security/securing-your-enterprise + - /code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale +--- diff --git a/content/code-security/concepts/security-at-scale/security-configurations.md b/content/code-security/concepts/security-at-scale/security-configurations.md new file mode 100644 index 000000000000..2a44b01d7eb6 --- /dev/null +++ b/content/code-security/concepts/security-at-scale/security-configurations.md @@ -0,0 +1,112 @@ +--- +title: Security configurations +intro: '{% data variables.product.prodname_security_configurations_caps %} are collections of security settings that you can apply to repositories at scale.' +permissions: 'Organization owners, {% ifversion security-configuration-enterprise-level %}enterprise owners, {% endif %}security managers, and organization members with the **admin** role' +versions: + feature: security-configurations +topics: + - Code Security + - Secret Protection + - Organizations + - Security +redirect_from: + - /code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories + - /code-security/concepts/security-at-scale/choosing-a-security-configuration-for-your-repositories + - /admin/managing-code-security/securing-your-enterprise/about-security-configurations + - /code-security/concepts/security-at-scale/about-security-configurations +contentType: concepts +--- + +{% ifversion security-configurations-cloud %} + +{% data reusables.security-configurations.define-security-configurations %} + +There are two types of {% data variables.product.prodname_security_configuration %}: + +* [The {% data variables.product.prodname_github_security_configuration %}](#the-github-recommended-security-configuration) +* [{% data variables.product.prodname_custom_security_configurations_caps %}](#custom-security-configurations) + +Each repository can only have one {% data variables.product.prodname_security_configuration %} applied to it. + +{% ifversion security-configurations-api %} +You can create and manage security configurations using the REST API. For more information, see [AUTOTITLE](/rest/code-security/configurations). +{% endif %} + +{% ifversion ghec %} + +> [!NOTE] If your enterprise uses {% data variables.product.prodname_emus %}, please note that enterprise-level {% data variables.product.prodname_security_configurations %} are not automatically rolled out to user namespace repositories. There are some additional {% data variables.product.prodname_secret_scanning %} settings that can be applied to user namespace repositories within the enteprise, but you cannot apply enterprise-level {% data variables.product.prodname_security_configurations %} to this type of user-owner repository. + +{% endif %} + +## The {% data variables.product.prodname_github_security_configuration %} + +The {% data variables.product.prodname_github_security_configuration %} offers a number of benefits: + +* It is created and managed by {% data variables.product.company_short %}'s subject matter experts. +* It is the quickest {% data variables.product.prodname_security_configuration %} to apply to all repositories in your organization. +* It is designed to effectively secure both low- and high-impact repositories. + +_We recommend that organizations and enterprises initially apply the {% data variables.product.prodname_github_security_configuration %}_. + +The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses. + +## {% data variables.product.prodname_custom_security_configurations_caps %} + +If you are familiar with {% data variables.product.company_short %}'s security products, and you have specific security needs that the {% data variables.product.prodname_github_security_configuration %} can't meet, you can create and apply {% data variables.product.prodname_custom_security_configurations %}. With {% data variables.product.prodname_custom_security_configurations %}, you can: + +* Edit the enablement settings for different security features +* Create several configurations for repositories to reflect their different levels of visibility, risk tolerance, and impact + +You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration. If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories. + +{% elsif security-configurations-ghes-only %} + +## {% data variables.product.prodname_security_configurations_caps %} on {% data variables.product.prodname_ghe_server %} + +{% data reusables.security-configurations.define-security-configurations %} {% data reusables.security-configurations.custom-configuration-intro-ghes %} + +## Feature availability + +Feature availability in {% data variables.product.prodname_security_configurations %} is determined as follows: + +* You will only see features in the UI if they were installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance. +* {% data variables.product.prodname_AS %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} license. +* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance. + +{% endif %} + +## Enforcement of {% data variables.product.prodname_security_configurations %} + +When you apply a {% data variables.product.prodname_security_configuration %}, you can choose to enforce it, meaning users cannot change the enablement status of features included in the configuration. + +If a user in your organization {% ifversion security-configuration-enterprise-level %}or enterprise {% endif %}attempts to change the enablement status of a feature in an enforced configuration using the REST API, the API call will appear to succeed, but no enablement statuses will change. + +Some situations can break the enforcement of {% data variables.product.prodname_security_configurations %} for a repository. For example, the enablement of {% data variables.product.prodname_code_scanning %} will not apply to a repository if: +* {% data variables.product.prodname_actions %} is initially enabled on the repository, but is then disabled in the repository. +* {% data variables.product.prodname_actions %} is not available for the repository.{% ifversion ghes %} +* Self-hosted runners with the label `code-scanning` are not available.{% endif %} +* The languages excluded from {% data variables.product.prodname_code_scanning %} default setup are changed at the repository level. + +{% ifversion security-configuration-enterprise-level %} + +## Preservation of default settings for new repositories + +If you had default security settings in place for newly created repositories, {% data variables.product.github %} will preserve these settings by automatically creating a "New repository default settings" {% data variables.product.prodname_security_configuration %} for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December 2024. + +The configuration will be automatically applied to any newly created repositories in your enterprise that do not belong to an organization with its own default settings. + +{% endif %} + +## Next steps + +{% ifversion security-configurations-cloud %} + +To start securing repositories in your organization with the {% data variables.product.prodname_github_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization). + +Alternatively, to start securing repositories in your organization with {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). + +{% elsif security-configurations-ghes-only %} + +To learn how to create {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). + +{% endif %} diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md b/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md new file mode 100644 index 000000000000..d90838a1a7a6 --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md @@ -0,0 +1,99 @@ +--- +title: About Dependabot alerts +intro: '{% data variables.product.prodname_dependabot_alerts %} help you find and fix vulnerable dependencies before they become security risks.' +product: '{% data reusables.gated-features.dependabot-alerts %}' +redirect_from: + - /articles/about-security-alerts-for-vulnerable-dependencies + - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies + - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +shortTitle: Dependabot alerts +contentType: concepts +--- + +Software often relies on packages from various sources, creating dependency relationships that can unknowingly introduce security vulnerabilities. When your code depends on packages with known security vulnerabilities, you become a target for attackers seeking to exploit your system—potentially gaining access to your code, data, customers, or contributors. {% data variables.product.prodname_dependabot_alerts %} notify you about vulnerable dependencies so you can upgrade to secure versions and protect your project. + +## When {% data variables.product.prodname_dependabot %} sends alerts + +{% data variables.product.prodname_dependabot %} scans your repository's default branch and sends alerts when: + +{% ifversion fpt or ghec %} +* A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}{% else %} +* New advisory data is synchronized to {% data variables.product.prodname_dotcom %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} +* Your dependency graph changes—for example, when you push commits that update packages or versions + +For supported ecosystems, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). + +## Understanding alerts + +When {% data variables.product.github %} detects a vulnerable dependency, a {% data variables.product.prodname_dependabot %} alert appears on the repository's **Security** tab and dependency graph. Each alert includes: + +* A link to the affected file +* Details about the vulnerability and its severity +* Information about a fixed version (when available) + +For information about viewing and managing alerts, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts). + +## Enabling alerts + +Repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for their repositories{% ifversion fpt or ghec %} and organizations{% endif %}. When enabled, {% data variables.product.github %} immediately generates the dependency graph and creates alerts for any vulnerable dependencies it identifies. {% ifversion fpt or ghec %} Repository administrators can grant access to additional people or teams.{% endif %} + +{% data reusables.repositories.enable-security-alerts %} + +See [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). + +## Notifications for alerts + +By default, {% data variables.product.github %} sends email notifications about new alerts to people who both: + +* Have write, maintain, or admin permissions to a repository +* Are watching the repository and have enabled notifications for security alerts or for all activity on the repository + +{% ifversion fpt or ghec %} +You can override the default behavior by choosing the type of notifications you want to receive, or switching notifications off altogether in the settings page for your user notifications at [https://github.com/settings/notifications](https://github.com/settings/notifications). +{% endif %} + +Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it. + +If you are concerned about receiving too many notifications, we recommend leveraging {% data variables.dependabot.auto_triage_rules %} to auto-dismiss low-risk alerts. Rules are applied before alert notifications are sent, so alerts that are auto-dismissed upon creation do not send notifications. See [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). + +Alternatively, you can opt into the weekly email digest, or even completely turn off notifications while keeping {% data variables.product.prodname_dependabot_alerts %} enabled. + +## Limitations + +{% data variables.product.prodname_dependabot_alerts %} have some limitations: + +* Alerts can't catch every security issue. Always review your dependencies and keep manifest and lock files up to date for accurate detection. +* New vulnerabilities may take time to appear in the {% data variables.product.prodname_advisory_database %} and trigger alerts. +* Only advisories reviewed by {% data variables.product.github %} trigger alerts. +* {% data variables.product.prodname_dependabot %} doesn't scan archived repositories. +* {% data variables.product.prodname_dependabot %} doesn't generate alerts for malware. +* {% data reusables.dependabot.dependabot-alert-actions-semver %} + +{% ifversion fpt or ghec %}{% data variables.product.github %} never publicly discloses vulnerabilities for any repository. {% endif %} + +{% ifversion copilot-chat-ghas-alerts %} + +## Asking {% data variables.copilot.copilot_chat %} about alerts + +With a {% data variables.copilot.copilot_enterprise %} license, you can ask {% data variables.copilot.copilot_chat_short %} questions about {% data variables.product.prodname_dependabot_alerts %} in your organization's repositories. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features). + +{% endif %} + +## Further reading + +* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) +* [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) +* [AUTOTITLE](/code-security/getting-started/auditing-security-alerts) diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md b/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md similarity index 96% rename from content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md rename to content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md index d71ae8559afb..a4df89b333ab 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md @@ -6,17 +6,19 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Dependabot - Alerts - Vulnerabilities - Repositories - Dependencies -shortTitle: About auto-triage rules +shortTitle: Dependabot auto-triage rules redirect_from: - /code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts - /code-security/dependabot/dependabot-alert-rules/about-dependabot-alert-rules + - /code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules + - /code-security/dependabot/dependabot-auto-triage-rules +contentType: concepts --- ## About {% data variables.dependabot.auto_triage_rules %} diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md b/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md new file mode 100644 index 000000000000..83dd1ed9ca0a --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md @@ -0,0 +1,54 @@ +--- +title: About Dependabot on GitHub Actions runners +intro: '{% data variables.product.prodname_dotcom %} automatically runs the jobs that generate {% data variables.product.prodname_dependabot %} pull requests on {% data variables.product.prodname_actions %} if you have {% data variables.product.prodname_actions %} enabled for the repository. When {% data variables.product.prodname_dependabot %} is enabled, these jobs will run by bypassing Actions policy checks and disablement at the repository or organization level.' +shortTitle: Dependabot on Actions +product: '{% data reusables.gated-features.dependabot-on-actions %}' +versions: + feature: dependabot-on-actions-opt-in +topics: + - Dependabot + - Security updates + - Version updates + - Actions + - Dependencies + - Repositories +redirect_from: + - /code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners +contentType: concepts +--- + +## About {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners + +> [!IMPORTANT] +> If {% data variables.product.prodname_dependabot %} is enabled for a repository, it will always run on {% data variables.product.prodname_actions %}, **bypassing both Actions policy checks and disablement at the repository or organization level**. This ensures that security and version update workflows always run when Dependabot is enabled. + +Using {% data variables.product.prodname_actions %} runners allows you to more easily identify {% data variables.product.prodname_dependabot %} job errors and manually detect and troubleshoot failed runs. You can also integrate {% data variables.product.prodname_dependabot %} into your CI/CD pipelines by using {% data variables.product.prodname_actions %} APIs and webhooks to detect {% data variables.product.prodname_dependabot %} job status such as failed runs, and perform downstream processing. For more information, see [AUTOTITLE](/rest/actions) and [AUTOTITLE](/webhooks/webhook-events-and-payloads). + +New repositories that you create in your user account or in your organization will automatically be configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} using standard {% data variables.product.github %}-hosted runners if any of the following is true: +* {% data variables.product.prodname_dependabot %} is installed and enabled, and {% data variables.product.prodname_actions %} is enabled and in use. +* The "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners" setting for your organization is enabled. + +Future releases of {% data variables.product.github %} will remove the ability to disable running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. + +> [!NOTE] Enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} may increase the number of concurrent jobs run in your account. If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. + +## Runner options + +You can run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} using: +* **Standard {% data variables.product.prodname_dotcom %}-hosted runners.** These are the default runners used by {% data variables.product.github %} to execute {% data variables.product.prodname_actions %} jobs. +* **{% data variables.actions.hosted_runners_caps %}.** These are {% data variables.product.prodname_dotcom %}-hosted runners with advanced features like more RAM, CPU, and disk space. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners). +* **Self-hosted runners.** These runners grant you greater control over {% data variables.product.prodname_dependabot %} access to your private registries and internal network resources. Be aware that for security reasons, {% data variables.product.prodname_dependabot_updates %} on self-hosted runners will not run on public repositories. For more information on assigning a `dependabot` label on self-hosted runners, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners). + +Running {% data variables.product.prodname_dependabot %} on standard {% data variables.product.prodname_dotcom %}-hosted or self-hosted runners **does not** count towards your included {% data variables.product.prodname_actions %} minutes. For {% data variables.product.prodname_dependabot %} on {% data variables.actions.hosted_runners %}, {% data variables.product.prodname_dotcom %} will bill your organization at the regular rate. See [AUTOTITLE](/billing/reference/actions-minute-multipliers). + +{% data reusables.dependabot.vnet-arc-note %} + +## Access and permissions + +If you are transitioning to using {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners and you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses. For example, if you currently limit access to your private resources to the IP addresses that {% data variables.product.prodname_dependabot %} uses, you should update your allowlist to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses sourced from the meta API endpoint. For more information, see [AUTOTITLE](/rest/meta). + +{% data reusables.dependabot.dependabot-on-actions-enterprise-policy-condition %} + +## Next steps + +To enable {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-github-hosted-runners) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners). diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-pull-requests.md b/content/code-security/concepts/supply-chain-security/about-dependabot-pull-requests.md new file mode 100644 index 000000000000..1b539d1883cc --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-pull-requests.md @@ -0,0 +1,42 @@ +--- +title: About Dependabot pull requests +intro: 'Understand the frequency and customization options of pull requests for version and security updates.' +shortTitle: Dependabot pull requests +versions: + fpt: '*' + ghec: '*' + ghes: '*' +contentType: concepts +--- + +## Pull requests for security updates + +If you've enabled security updates, pull requests for security updates are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency. + +Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository. + +When you merge a pull request that contains a security update, the corresponding {% data variables.product.prodname_dependabot %} alert is marked as resolved for your repository. For more information about {% data variables.product.prodname_dependabot %} pull requests, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates). + +{% data reusables.dependabot.automated-tests-note %} + +### Customizing pull requests for security updates + +You can customize how {% data variables.product.prodname_dependabot %} raises pull requests for security updates, so that they best fit your project's security priorities and processes. For example: +* **Optimize {% data variables.product.prodname_dependabot %} pull requests to prioritize meaningful updates** by grouping multiple updates into a single pull request. +* Apply custom labels to **integrate {% data variables.product.prodname_dependabot %}'s pull requests** into your existing workflows. + +Similar to version updates, customization options for security updates are defined in the `dependabot.yml` file. If you have already customized the `dependabot.yml` for version updates, then many of the configuration options that you have defined could automatically apply to security updates, too. However, there are a couple of important points to note: +* {% data variables.product.prodname_dependabot_security_updates %} are **always triggered by a security advisory**, rather than running according to the `schedule` you have set in the `dependabot.yml` for version updates. +* {% data variables.product.prodname_dependabot %} raises pull requests for security updates against the **default branch only**. If your configuration sets a value for `target-branch`, then the customization for that package ecosystem will only apply to version updates by default. + +For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs). + +## Pull requests for version updates + +For version updates, you specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly. + +{% data reusables.dependabot.initial-updates %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates). + +## Commands for {% data variables.product.prodname_dependabot %} pull requests + +{% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request (for example: to merge, squash, reopen, close, or rebase the pull request) under the "{% data variables.product.prodname_dependabot %} commands and options" section. The aim is to make it as easy as possible for you to triage these automatically generated pull requests. For more information, see [AUTOTITLE](/code-security/reference/supply-chain-security/dependabot-pull-request-comment-commands). diff --git a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/content/code-security/concepts/supply-chain-security/about-dependabot-security-updates.md similarity index 86% rename from content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md rename to content/code-security/concepts/supply-chain-security/about-dependabot-security-updates.md index 641be85859d0..9755c2a11e49 100644 --- a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-security-updates.md @@ -8,11 +8,11 @@ redirect_from: - /github/managing-security-vulnerabilities/about-dependabot-security-updates - /code-security/supply-chain-security/about-dependabot-security-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Dependabot - Security updates @@ -20,6 +20,7 @@ topics: - Repositories - Dependencies - Pull requests +contentType: concepts --- @@ -28,11 +29,15 @@ topics: ## About {% data variables.product.prodname_dependabot_security_updates %} -{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. You typically add a `dependabot.yml` file to your repository to enable {% data variables.product.prodname_dependabot_security_updates %}. You then configure options in this file to tell {% data variables.product.prodname_dependabot %} how to maintain your repository. +{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. + +If you enable {% data variables.product.prodname_dependabot_security_updates %}, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). + +You can add a `dependabot.yml` configuration file to your repository to customize {% data variables.product.prodname_dependabot %} behavior, including update schedules, pull request settings, and which dependencies to monitor. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file). You then configure options in this file to tell {% data variables.product.prodname_dependabot %} how to secure the dependencies your repository relies on. {% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %} -If you enable {% data variables.product.prodname_dependabot_security_updates %}, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). + > [!NOTE] > There is no interaction between the settings specified in the `dependabot.yml` file and {% data variables.product.prodname_dependabot %} security alerts, other than the fact that alerts will be closed when related pull requests generated by {% data variables.product.prodname_dependabot %} for security updates are merged. @@ -60,14 +65,6 @@ If you enable _{% data variables.product.prodname_dependabot_security_updates %} {% data reusables.dependabot.dependabot-actions-support %} -## About pull requests for security updates - -Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository. - -When you merge a pull request that contains a security update, the corresponding {% data variables.product.prodname_dependabot %} alert is marked as resolved for your repository. For more information about {% data variables.product.prodname_dependabot %} pull requests, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates). - -{% data reusables.dependabot.automated-tests-note %} - ## About grouped security updates To further reduce the number of pull requests you may be seeing, you can enable grouped security updates to group sets of dependencies together (per package ecosystem). {% data variables.product.prodname_dependabot %} then raises a single pull request to update as many vulnerable dependencies as possible in the group to secure versions at the same time. diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md b/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md new file mode 100644 index 000000000000..6426aa641a70 --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md @@ -0,0 +1,71 @@ +--- +title: About Dependabot version updates +intro: You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions. +product: '{% data reusables.gated-features.dependabot-version-updates %}' +redirect_from: + - /github/administering-a-repository/about-dependabot + - /github/administering-a-repository/about-github-dependabot + - /github/administering-a-repository/about-github-dependabot-version-updates + - /github/administering-a-repository/about-dependabot-version-updates + - /code-security/supply-chain-security/about-dependabot-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically + - /administering-a-repository/keeping-your-dependencies-updated-automatically +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Dependabot version updates +contentType: concepts +--- + +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## About {% data variables.product.prodname_dependabot_version_updates %} + +{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. + +{% data reusables.dependabot.pull-request-security-vs-version-updates %} + +You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file into your repository. + +{% data reusables.dependabot.dependabot-tos %} + +## Updates for packages + +The `dependabot.yml` configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. {% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %} + +The `dependabot.yml` file can also be configured to tell {% data variables.product.prodname_dependabot %} how to maintain your dependencies. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file). + +For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. + +When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates). + +If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates). + +## Updates for actions + +Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's _workflow.yml_ file and reusable workflows used inside workflows are kept up to date. + +For each action in the file, {% data variables.product.prodname_dependabot %} checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, {% data variables.product.prodname_dependabot %} will send you a pull request that updates the reference in the workflow file to the latest version. + +{% data variables.product.prodname_dependabot %} also checks workflow files for uses of reusable workflows, and updates the Git reference for these called reusable workflows. + +To enable this feature, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot). + +## About automatic deactivation of {% data variables.product.prodname_dependabot_updates %} + +{% data reusables.dependabot.automatic-deactivation-link %} + +## About notifications for {% data variables.product.prodname_dependabot %} version updates + +You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox). diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/concepts/supply-chain-security/about-dependency-review.md similarity index 96% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md rename to content/code-security/concepts/supply-chain-security/about-dependency-review.md index e850217b2203..8759beed9469 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/content/code-security/concepts/supply-chain-security/about-dependency-review.md @@ -1,13 +1,12 @@ --- title: About dependency review -intro: 'Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.' +intro: Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies. product: '{% data reusables.gated-features.dependency-review %}' shortTitle: Dependency review versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Dependency review @@ -16,6 +15,8 @@ topics: - Pull requests redirect_from: - /code-security/supply-chain-security/about-dependency-review + - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review +contentType: concepts --- ## About dependency review diff --git a/content/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts.md b/content/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts.md new file mode 100644 index 000000000000..67093e35880d --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts.md @@ -0,0 +1,80 @@ +--- +title: About metrics for Dependabot alerts +intro: Use metrics to track and prioritize {% data variables.product.prodname_dependabot_alerts %} across your organization. +versions: + feature: dependabot-metrics +product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' +permissions: '{% data reusables.permissions.security-overview-dependabot-metrics %}' +topics: + - Security overview + - Code Security + - Dependabot + - Organizations + - Alerts + - Vulnerabilities +shortTitle: Dependabot alert metrics +contentType: concepts +--- + +Metrics for {% data variables.product.prodname_dependabot_alerts %} help you understand the security posture of your organization's dependencies and track progress in resolving vulnerabilities. You can use these metrics to prioritize remediation efforts and focus on the most critical security issues. + +Metrics for {% data variables.product.prodname_dependabot_alerts %} are available on your organization's security overview. + +## Who can view metrics + +You can see {% data variables.product.prodname_dependabot %} metrics if you have one of the permissions mentioned in the "Who can use this feature?" box at the top of the article. + +## Ways the data can help you + +The available metrics combine severity, exploitability, and patch availability to help you: + +* **Prioritize alerts**: Focus on the most critical vulnerabilities that need immediate attention based on severity, exploitability scores, and patch availability. +* **Track remediation progress**: Monitor how quickly your organization resolves vulnerabilities and identify trends over time. +* **Identify high-risk dependencies**: Quickly spot packages that pose the greatest security risk across your repositories. +* **Make data-driven decisions**: Allocate resources effectively by understanding which repositories and vulnerabilities require the most attention. + +These metrics help both application security managers measure the effectiveness of their vulnerability management programs and developers identify which vulnerabilities they can fix immediately. + +## Alert prioritization + +The metrics dashboard shows the number of **open {% data variables.product.prodname_dependabot_alerts %}**. You can use filters such as availability of patches, severity, and EPSS score to narrow down the list of alerts to those matching specific criteria. {% data reusables.security-overview.dependabot-filters-link %} + +For more information about how AppSec managers can best use these metrics to optimize alert fixing, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics). + +Key metrics for prioritization include: + +* **Severity**: The impact level of a vulnerability (critical, high, medium, or low) +* **Exploitability**: How easily a vulnerability can be exploited in practice, including EPSS scores +* **Dependency relationship**: Whether the vulnerable dependency is direct or transitive (indirect) +* **Dependency scope**: Whether the vulnerability affects runtime dependencies, development dependencies, or both +* **Actual usage**: Whether the vulnerable code is actually used in your application +* **Patch availability**: Whether a fix is available for the vulnerability + +## Alert resolution tracking + +You can monitor how your organization resolves {% data variables.product.prodname_dependabot_alerts %} over time. Alert resolution metrics show the number of alerts: + +* Fixed by {% data variables.product.prodname_dependabot %} +* Manually dismissed +* Auto-dismissed + +This tile also displays the percent increase in the number of alerts closed in the last 30 days, providing visibility into remediation performance and helping you identify trends in vulnerability remediation. + +## Highest-risk packages + +The "Most vulnerabilities" tile shows the dependency that has the most vulnerabilities in your organization, along with a link to the related alerts across all your repositories. This helps you quickly identify which dependencies pose the greatest risk. + +## Repository-level metrics + +The repository breakdown table shows a summary of open alerts by repository, including: + +* The total number of alerts per repository +* Severity distribution (critical, high, medium, low) +* Exploitability information (for example, EPSS > 1%) + +This table can be sorted by each column, helping you identify which repositories are most at risk and prioritize remediation efforts accordingly. + +## Further reading + +* [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-dependabot-alerts) +* [AUTOTITLE](/code-security/tutorials/manage-security-alerts/prioritizing-dependabot-alerts-using-metrics) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md similarity index 86% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md rename to content/code-security/concepts/supply-chain-security/about-supply-chain-security.md index 4d2990608701..c4b44fa491f5 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md +++ b/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md @@ -1,14 +1,14 @@ --- title: About supply chain security intro: '{% data variables.product.github %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies, and patching them.' -shortTitle: Supply chain security +shortTitle: Supply chain features redirect_from: - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies + - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Dependency review @@ -17,6 +17,7 @@ topics: - Dependencies - Pull requests - Repositories +contentType: concepts --- ## About supply chain security at GitHub @@ -38,10 +39,14 @@ The supply chain features on {% data variables.product.github %} are: * **{% data variables.product.prodname_dependabot_updates %}** * **{% data variables.product.prodname_dependabot_security_updates %}** * **{% data variables.product.prodname_dependabot_version_updates %}** +{%- ifversion fpt or ghec %} +* **Immutable releases** +* **Artifact attestations** +{%- endif %} The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. Your repository’s dependency graph tracks and displays its dependencies and some of their properties, like vulnerability information. -Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. +The following supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. * Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests. * {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of advisories published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. @@ -135,6 +140,20 @@ There are two types of {% data variables.product.prodname_dependabot_updates %}: For more information about {% data variables.product.prodname_dependabot_updates %}, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). +### What are immutable releases? + +Repositories can enable immutable releases to prevent the assets and associated Git tag of a release from being changed after publication. This reduces the risk of supply chain attacks by preventing attackers from injecting vulnerabilities into releases you consume. It also means projects that rely on specific releases are less likely to break. + +Creating an immutable release automatically generates an attestation for the release. You can use this attestation to make sure the release and its artifacts match the published information. + +### What are artifact attestations? + +Software providers can generate attestations for software built with {% data variables.product.prodname_actions %}. Attestations are cryptographically signed claims that establish the build's provenance (the source code and workflow run used to build it) or associated software bill of materials (SBOM). + +You can increase supply chain security by verifying attestations for your dependencies. Although attestations do not guarantee security, they give you information about where and how software was built, so you can be more confident that your dependencies haven't been tampered with. You can gate deployments using a tool like the Kubernetes admissions controller to prevent unattested builds from being deployed. + +When you use {% data variables.product.prodname_actions %} to generate attestations for your organization's own builds, the built artifacts are automatically uploaded to the {% data variables.product.virtual_registry %}. This platform allows you to view the storage and deployment records of all linked artifacts, so you can find the source code and workflow run used to build an artifact or filter security alerts based on deployment context. + ## Feature availability {% ifversion fpt or ghec %} @@ -144,17 +163,19 @@ Public repositories: * **Dependency review:** Enabled by default and cannot be disabled. * **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account) or [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization). +* **Artifact attestations:** Available in all public repositories, but you must explicitly generate attestations in your build workflows. See [AUTOTITLE](/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). Private repositories: * **Dependency graph:** Not enabled by default. The feature can be enabled by repository administrators. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph). * **Dependency review:** Available in private repositories owned by organizations that use {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GHAS_or_code_security %}. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph). - * **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account) or [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization). +* **Artifact attestations:** Only available in private repositories on {% data variables.product.prodname_ghe_cloud %}. Any repository type: * **{% data variables.product.prodname_dependabot_security_updates %}:** Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). * **{% data variables.product.prodname_dependabot_version_updates %}:** Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates). +* **Immutable releases*:** Not enabled by default. You can enable release immutability for a repository or organization. See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/preventing-changes-to-your-releases). {% endif %} {% ifversion ghes %} diff --git a/content/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md b/content/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md new file mode 100644 index 000000000000..95c7bf7fb99b --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md @@ -0,0 +1,78 @@ +--- +title: About the dependabot.yml file +intro: 'The `dependabot.yml` controls automated dependency updates in your repository.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Vulnerabilities + - Repositories + - Dependencies +shortTitle: dependabot.yml file +contentType: concepts +--- + +The `dependabot.yml` file is an optional configuration file that gives you fine-grained control over how {% data variables.product.prodname_dependabot %} monitors and updates dependencies (mainly _version updates_ but also _security updates_) in your repository. + +Without a `dependabot.yml` file, {% data variables.product.prodname_dependabot %} can still create security updates for vulnerable dependencies if you've enabled {% data variables.product.prodname_dependabot_security_updates %} in your repository settings. However, you won't receive automated version updates or have control over update schedules and other configuration options. + +The `dependabot.yml` file uses YAML syntax. If you're new to YAML and want to learn more, see [Learn YAML in five minutes](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes). + +> [!NOTE] +> {% data variables.product.prodname_dependabot_alerts %} are configured in the repository or organization "Settings" tab and not in the `dependabot.yml` file, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). + +## What the `dependabot.yml` file does + +The `dependabot.yml` file controls how {% data variables.product.prodname_dependabot %} performs updates on your dependencies. With this file, you can: + +### For version updates + +* Enable automated version updates +* Specify which package ecosystems and directories to monitor +* Set update schedules +* Customize pull request labels, assignees, reviewers, and commit messages +* Control which dependencies to update or ignore +* Configure authentication for private registries + +### For security updates + +* Customize security update pull requests with labels, assignees, and reviewers +* Define target branches for security updates +* Configure private registry authentication +* Set limits on open pull requests + +## Where to store the `dependabot.yml` file + +You must store this file in the `.github` directory of your repository in the default branch (typically `main`). The path is: `.github/dependabot.yml`. + +## How the `dependabot.yml` file works + +When you add or update the `dependabot.yml` file in your repository, {% data variables.product.prodname_dependabot %} reads the configuration and begins monitoring the specified package ecosystems according to your defined schedules. When {% data variables.product.prodname_dependabot %} finds available updates, it creates pull requests with the dependency changes, following any customization rules you've specified in the configuration. + +The configuration file requires the following keys for each package ecosystem to monitor. + +- **`version`**: Top-level field that specifies the Dependabot configuration syntax version. +- **`updates`**: Top-level section where you define each package ecosystem to monitor for updates. +- **`package-ecosystem`**: Defined under `updates`, specifies which package manager to update (such as npm, pip, or Docker). +- **`directories` or `directory`**: Defined under each `package-ecosystem` entry, specifies the location of manifest or dependency definition files. +- **`schedule.interval`**: Defined under each `package-ecosystem` entry, sets how often to check for version updates (`daily`, `weekly`, or `monthly`). + +## Basic example + +Here's a minimal `dependabot.yml` file that monitors npm dependencies daily: + +```yaml copy +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" +``` + +## Next step + +* Configure your repository so that Dependabot automatically updates the packages you use, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/content/code-security/concepts/supply-chain-security/about-the-dependency-graph.md similarity index 79% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md rename to content/code-security/concepts/supply-chain-security/about-the-dependency-graph.md index cd928cdf98f6..e76622ce5fb6 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/content/code-security/concepts/supply-chain-security/about-the-dependency-graph.md @@ -5,16 +5,17 @@ product: '{% data reusables.gated-features.dependency-graph %}' redirect_from: - /github/visualizing-repository-data-with-graphs/about-the-dependency-graph - /code-security/supply-chain-security/about-the-dependency-graph + - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Dependency graph - Dependencies - Repositories shortTitle: Dependency graph +contentType: concepts --- @@ -59,11 +60,25 @@ For more information on how {% data variables.product.github %} helps you unders {% ifversion fpt or ghec %} -## Dependents included +## Dependents and "used by" data -For public repositories, only public repositories that depend on it or on packages that it publishes are reported. This information is not reported for private repositories.{% endif %} +For public repositories, the dependency graph lists dependents. These are other public repositories that depend on the repository or on packages that it publishes. This information is not reported for private repositories. -## Using the dependency graph +{% data reusables.dependency-graph.used-by %} Clicking any item in this section takes you to the **Dependents** tab of the dependency graph. + +Your repository will have a "Used by" section if: +* The dependency graph is enabled for the repository. +* Your repository contains a package that is published on a supported package ecosystem. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). +* Within the ecosystem, your package has a link to a _public_ repository where the source is stored. +* More than 100 repositories depend on your package. + +![Screenshot of the "Used by" section for a repository showing the summary of "13.4m" with details of 8 avatars and "+13,435,819."](/assets/images/help/repository/used-by-section.png) + +The "Used by" section represents a single package from the repository. If you have admin permissions to a repository that contains multiple packages, you can choose which package the "Used by" section represents. See [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/change-used-by-data). + +{% endif %} + +## What you can do with the dependency graph You can use the dependency graph to: diff --git a/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md b/content/code-security/concepts/supply-chain-security/best-practices-for-maintaining-dependencies.md similarity index 96% rename from content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md rename to content/code-security/concepts/supply-chain-security/best-practices-for-maintaining-dependencies.md index 8283cef2a3d9..b01fe39fe2d6 100644 --- a/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md +++ b/content/code-security/concepts/supply-chain-security/best-practices-for-maintaining-dependencies.md @@ -1,12 +1,11 @@ --- title: Best practices for maintaining dependencies -intro: 'Guidance and recommendations for maintaining the dependencies you use, including {% data variables.product.github %}''s security products that can help.' +intro: Guidance and recommendations for maintaining the dependencies you use, including {% data variables.product.github %}'s security products that can help. allowTitleToDifferFromFilename: true versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Security updates @@ -14,7 +13,10 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: Dependency management best practices +shortTitle: Dependency best practices +redirect_from: + - /code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies +contentType: concepts --- ## Best practices for maintaining dependencies diff --git a/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md b/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md new file mode 100644 index 000000000000..5ac07cb9c9cd --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md @@ -0,0 +1,55 @@ +--- +title: Dependabot job logs +intro: '{% data variables.product.github %} logs every update job run by {% data variables.product.prodname_dependabot %}, giving you visibility into version updates, security patches, and automated rebases across your dependencies.' +shortTitle: Dependabot job logs +versions: + fpt: '*' + ghec: '*' + ghes: '*' +contentType: concepts +topics: + - Dependabot + - Troubleshooting + - Dependencies + - Security updates +--- + + +> [!NOTE] +> Job logs are only available for repositories with {% data variables.product.prodname_dependabot_version_updates %} enabled. + +Whenever a {% data variables.product.prodname_dependabot %} job runs, the details of the job are captured in the job logs list, which is accessible from the dependency graph. + +## What job logs contain + +For each manifest file in your repository, {% data variables.product.prodname_dependabot %} maintains a list of recent job runs. Every log entry includes: + +* **Job type**: The kind of update {% data variables.product.prodname_dependabot %} performed (_version_ update, _security_ update, or _rebase_ update) +* **Job ID**: A unique identifier for the run +* **Timestamp**: When the job executed +* **Associated pull requests**: Links to any pull requests created or updated by the job +* **Error messages**: Brief diagnostic information when jobs fail + +If you need to troubleshoot further, you can click **view logs** to access the full log files for a specific run. + +## Job types + +You will see the following job types recorded in the log list: + +**Version update**: {% data variables.product.prodname_dependabot %} checked your manifest files for outdated dependencies and opened or updated pull requests to bring them current. These runs happen on the schedule defined in your `dependabot.yml` configuration file. + +**Security update**: {% data variables.product.prodname_dependabot %} detected a security vulnerability in one of your dependencies and opened a pull request to upgrade to a patched version. These updates happen automatically when {% data variables.product.github %} identifies new security advisories. + +**Rebase update**: {% data variables.product.prodname_dependabot %} automatically rebased an existing pull request to resolve a merge conflict with your target branch. This can apply to pull requests for either {% data variables.product.prodname_dependabot_version_updates %} or {% data variables.product.prodname_dependabot_security_updates %}. + +## Debugging with job logs + +Job logs give you two levels of detail for troubleshooting: + +**Log list entries** show a quick summary of each job, including short error messages that often point directly to the problem, like authentication failures, unreachable registries, or incompatible version constraints. + +**Full log files** provide complete output from the {% data variables.product.prodname_dependabot %} job, including every dependency checked, version resolution details, and the full stack trace for any errors. Access these when you need to investigate complex failures or understand exactly what {% data variables.product.prodname_dependabot %} attempted. + +## Next steps + +Now that you know what {% data variables.product.prodname_dependabot %} job logs are, you may want to find out how to access them. See [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs). diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases.md b/content/code-security/concepts/supply-chain-security/immutable-releases.md similarity index 90% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases.md rename to content/code-security/concepts/supply-chain-security/immutable-releases.md index 9237a2f5bff0..69926d385f8c 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases.md +++ b/content/code-security/concepts/supply-chain-security/immutable-releases.md @@ -1,14 +1,16 @@ --- title: Immutable releases -intro: 'Learn about immutable releases and how they can help you maintain the integrity of your software supply chain.' +intro: Learn about immutable releases and how they can help you maintain the integrity of your software supply chain. versions: fpt: '*' ghec: '*' -type: overview topics: - Code Security - Vulnerabilities - Dependencies +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases +contentType: concepts --- **Immutable releases** are releases where the assets and associated Git tag cannot be changed after publication. The use of this type of release increases security by blocking supply chain attacks. Attackers cannot: diff --git a/content/code-security/concepts/supply-chain-security/index.md b/content/code-security/concepts/supply-chain-security/index.md new file mode 100644 index 000000000000..ff6ed1e6d2dc --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/index.md @@ -0,0 +1,27 @@ +--- +title: Supply chain security +intro: '{% data variables.product.github %}''s security features help you keep track of your projects'' dependencies and built artifacts.' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: concepts +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain +children: + - about-supply-chain-security + - best-practices-for-maintaining-dependencies + - about-the-dependency-graph + - about-dependency-review + - about-dependabot-alerts + - about-metrics-for-dependabot-alerts + - about-dependabot-security-updates + - about-dependabot-version-updates + - about-dependabot-pull-requests + - about-the-dependabot-yml-file + - about-dependabot-auto-triage-rules + - about-dependabot-on-github-actions-runners + - dependabot-job-logs + - immutable-releases + - linked-artifacts +--- diff --git a/content/code-security/concepts/supply-chain-security/linked-artifacts.md b/content/code-security/concepts/supply-chain-security/linked-artifacts.md new file mode 100644 index 000000000000..809512a9c695 --- /dev/null +++ b/content/code-security/concepts/supply-chain-security/linked-artifacts.md @@ -0,0 +1,73 @@ +--- +title: About linked artifacts +intro: "The {% data variables.product.virtual_registry %} helps you audit and prioritize your organization's builds on {% data variables.product.github %}, regardless of where the artifacts are stored." +versions: + feature: virtual-registry +shortTitle: 'Linked artifacts' +topics: + - Vulnerabilities + - Dependencies +contentType: concepts +--- + +The {% data variables.product.virtual_registry %} provides a unified view of software artifacts that your organization builds with {% data variables.product.prodname_actions %}, such as container images, packages, or builds of your production code. + +The page shows you how an artifact was built, where it is stored or running, and which compliance and security metadata is associated with the artifact. + +Teams in your organization can use the {% data variables.product.virtual_registry %} to: + +* Prioritize alerts from {% data variables.product.prodname_GHAS %} features based on whether the detected vulnerabilities are running in production or exposed to the internet +* Quickly connect artifacts to build details, storage locations, and owning teams +* Meet compliance by exporting auditable proof of your artifacts' provenance and integrity + +## Which artifacts appear on the {% data variables.product.virtual_registry %}? + +The {% data variables.product.virtual_registry %} is unique to each organization. It contains metadata for artifacts that have been built with {% data variables.product.prodname_actions %} in your organization's repositories. It does **not** display artifacts your organization consumes from elsewhere, such as open source dependencies. + +Artifact records are uploaded by your organization using either a public API or an integration with an external registry. The {% data variables.product.virtual_registry %} does not store the artifact files themselves. It just provides an authoritative source for the metadata associated with each artifact. + +Because an artifact does not need to be stored on {% data variables.product.github %} to appear in the {% data variables.product.virtual_registry %}, you can use the {% data variables.product.virtual_registry %} alongside your preferred package registry, such as JFrog Artifactory or {% data variables.product.prodname_registry %}. + +## Which metadata is included? + +The {% data variables.product.virtual_registry %} combines data from two different types of record: storage records and deployment records. These records are uploaded using different API endpoints or integrations. + +### Storage records + +Storage records include the repository containing the artifact's source code, the registry where the artifact is stored, and any attestations proving the artifact's integrity and provenance. You can use this data to quickly find an artifact's owning team and build details. + +![Screenshot of an artifact page. Highlighted fields: storage registry, artifact repository, source repository.](/assets/images/help/security/virtual-registry-storage-record.png) + +The _artifact repository_ is not mandatory. It refers to the concept of a repository in certain external package registries: a place where multiple packages can be grouped. By contrast, the _source repository_ refers to the {% data variables.product.github %} repository where the artifact is built. The source repository is mandatory, and is detected automatically if the artifact has a build provenance attestation. + +For more information about attestations and SLSA levels, see [AUTOTITLE](/actions/concepts/security/artifact-attestations). + +### Deployment records + +Deployment records include the environment where the artifact is deployed and any runtime risks (such as "sensitive data" or "internet exposed") associated with the artifact. You can use this data to filter security alerts based on the level of threat posed to your organization and consumers. + +![Screenshot of an artifact page. Highlighted fields: the "Deployments" list, including tags for "Prod", "sensitive data", and "pacific-east".](/assets/images/help/security/virtual-registry-deployment-record.png) + +>[!NOTE] Deployment records do **not** include deployment activity from a repository's deployments dashboard, which comes from a different source. See [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-deployment-activity-for-your-repository). + +## How does the {% data variables.product.virtual_registry %} fit into my processes? + +This example workflow shows how the {% data variables.product.virtual_registry %} integrates with other {% data variables.product.github %} features and external systems. + +1. A developer commits code to a {% data variables.product.github %} repository where the code for a software package is defined. +1. A {% data variables.product.prodname_actions %} workflow in the repository automatically: + + 1. Builds the package. + 1. Pushes the package to your chosen registry, such as {% data variables.product.prodname_registry %} or JFrog Artifactory. + 1. Creates a cryptographically signed provenance attestation, linking the package to the repository, commit, and workflow used to build the package. + 1. Deploys the package to a staging or production environment. Your deployment system may be gated to ensure that only attested artifacts can be deployed to production, for example using the Kubernetes Admissions Controller. + +1. Metadata for the package, such as its linked repository, attestations, and deployment history, is uploaded to the {% data variables.product.virtual_registry %}. +1. Using the data from the {% data variables.product.virtual_registry %}, a security lead triages code scanning and Dependabot alerts, and creates a campaign to address alerts that affect production environments or have a specific runtime risk. +1. When an audit is required, a member of the compliance team exports SBOMs, provenance details, and deployment records for all your organization's linked artifacts from a single source. + +## Next steps + +To add records to your organization's {% data variables.product.virtual_registry %}, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts). + +To view the {% data variables.product.virtual_registry %} for your organization, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/view-linked-artifacts). diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md similarity index 82% rename from content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md rename to content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md index e81845badbaa..f00d5106e530 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md @@ -6,10 +6,11 @@ redirect_from: - /code-security/repository-security-advisories/about-coordinated-disclosure-of-security-vulnerabilities - /code-security/security-advisories/repository-security-advisories/about-coordinated-disclosure-of-security-vulnerabilities - /code-security/security-advisories/guidance-on-reporting-and-writing/about-coordinated-disclosure-of-security-vulnerabilities + - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities versions: fpt: '*' ghec: '*' -type: overview +contentType: concepts topics: - Security advisories - Vulnerabilities @@ -79,7 +80,22 @@ The process for reporting and disclosing vulnerabilities for projects on {% data {% data reusables.security-advisory.private-vulnerability-reporting-enable %} - Private vulnerability reporting provides an easy way for vulnerability reporters to privately disclose security risks to repository maintainers, within {% data variables.product.prodname_dotcom %}, and in a way that immediately notifies the repository maintainers of the issue. For more information for security researchers and repository maintainers, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities), respectively. +Private vulnerability reporting provides a secure, structured way for security researchers to privately disclose security risks to repository maintainers directly within {% data variables.product.prodname_dotcom %}. When a vulnerability is reported, repository maintainers are immediately notified, allowing them to review and respond without the risk of premature public disclosure. + +Without clear guidance on how to contact maintainers, security researchers may feel forced to disclose vulnerabilities publicly, such as by posting on social media, opening public issues, or contacting maintainers through informal channels, which can expose users to unnecessary risk. Private vulnerability reporting helps avoid these situations by offering a dedicated, private reporting workflow. + +For security researchers, the benefits of using private vulnerability reporting are: + +* A clear, structured way to contact maintainers +* A smoother process for disclosing and discussing vulnerability details +* The ability to discuss vulnerability details privately with the repository maintainer +* Reduced risk of vulnerability details being in the public eye before a fix is available + +For maintainers, the benefits of using private vulnerability reporting are: + +{% data reusables.security-advisory.private-vulnerability-reporting-benefits %} + +For more information for security researchers and repository maintainers, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities), respectively. > [!NOTE] > If the repository containing the vulnerability doesn't have private vulnerability reporting enabled, both security researchers and repository maintainers need to follow the instructions described in the [Standard process](#standard-process) section above. diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-global-security-advisories.md similarity index 83% rename from content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md rename to content/code-security/concepts/vulnerability-reporting-and-management/about-global-security-advisories.md index ca1bd0286f7b..f8eb2afc3773 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-global-security-advisories.md @@ -1,11 +1,12 @@ --- title: About global security advisories -intro: 'Global security advisories live in the {% data variables.product.prodname_advisory_database %}, a collection of CVEs and {% data variables.product.company_short %}-originated advisories affecting the open source world. You can contribute to improving global security advisories.' +shortTitle: Global security advisories +intro: Global security advisories live in the {% data variables.product.prodname_advisory_database %}, a collection of CVEs and {% data variables.product.company_short %}-originated advisories affecting the open source world. You can contribute to improving global security advisories. versions: fpt: '*' ghec: '*' ghes: '*' -type: overview +contentType: concepts topics: - Security advisories - Alerts @@ -13,6 +14,7 @@ topics: - CVEs redirect_from: - /code-security/security-advisories/global-security-advisories/about-global-security-advisories + - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories --- ## About global security advisories diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-repository-security-advisories.md similarity index 93% rename from content/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories.md rename to content/code-security/concepts/vulnerability-reporting-and-management/about-repository-security-advisories.md index 2a841ae8058c..4cc4b288de64 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-repository-security-advisories.md @@ -1,7 +1,7 @@ --- title: About repository security advisories -intro: 'You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.' -shortTitle: About repository security advisories +intro: You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository. +shortTitle: Repository security advisories redirect_from: - /articles/about-maintainer-security-advisories - /github/managing-security-vulnerabilities/about-maintainer-security-advisories @@ -9,10 +9,11 @@ redirect_from: - /code-security/security-advisories/about-github-security-advisories - /code-security/repository-security-advisories/about-github-security-advisories-for-repositories - /code-security/security-advisories/repository-security-advisories/about-repository-security-advisories + - /code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories versions: fpt: '*' ghec: '*' -type: overview +contentType: concepts product: '{% data reusables.gated-features.private-vulnerability-reporting %}' topics: - Security advisories diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md similarity index 86% rename from content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md rename to content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md index f0bc22d06690..9bb8dd6fc6d2 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md @@ -5,7 +5,8 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview +contentType: concepts +shortTitle: GitHub Advisory database topics: - Security advisories - Alerts @@ -13,6 +14,7 @@ topics: - CVEs redirect_from: - /code-security/security-advisories/global-security-advisories/about-the-github-advisory-database + - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database --- ## About the {% data variables.product.prodname_advisory_database %} @@ -21,7 +23,7 @@ redirect_from: Security advisories are published as JSON files in the Open Source Vulnerability (OSV) format. For more information about the OSV format, see [Open Source Vulnerability format](https://ossf.github.io/osv-schema/). -## About types of security advisories +## Types of security advisories Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects or for malicious open source software. @@ -66,11 +68,11 @@ If you enable {% data variables.product.prodname_dependabot_alerts %} for your r Our malware advisories are mostly about substitution attacks. During this type of attack, an attacker publishes a package to the public registry with the same name as a dependency that users rely on from a third party or private registry, with the hope that the malicious version is consumed. {% data variables.product.prodname_dependabot %} doesn’t look at project configurations to determine if the packages are coming from a private registry, so we aren't sure if you're using the malicious version or a non-malicious version. Users who have their dependencies appropriately scoped should not be affected by malware. -## About information in security advisories +## Information in security advisories In this section, you can find more detailed information about specific data attributes of the {% data variables.product.prodname_advisory_database %}. -### About GHSA IDs +### GHSA IDs Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources. @@ -87,7 +89,7 @@ You can validate a GHSA ID using a regular expression. /GHSA(-[23456789cfghjmpqrvwx]{4}){3}/ ``` -### About CVSS levels +### CVSS levels {% ifversion cvss-4 %} The {% data variables.product.prodname_advisory_database %} supports both CVSS version 3.1 and CVSS version 4.0.{% endif %} @@ -103,7 +105,7 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels {% data reusables.repositories.github-security-lab %} -### About EPSS scores +### EPSS scores The Exploit Prediction Scoring System, or EPSS, is a system devised by the global Forum of Incident Response and Security Teams (FIRST) for quantifying the likelihood of vulnerability exploit. The model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. For more information about FIRST, see https://www.first.org/. @@ -122,6 +124,13 @@ FIRST also provides additional information around the distribution of their EPSS At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. For more information about community contributions, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database). +## Community contributions + +A **community contribution** is a pull request submitted to the [github/advisory-database](https://github.com/github/advisory-database?ref_product=security-advisories&ref_type=engagement&ref_style=text) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additional affected ecosystems, the severity level, or the description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted. + +{% ifversion security-advisories-credit-types %} +If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %} + ## Further reading * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/about-your-exposure-to-vulnerable-dependencies.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md similarity index 94% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/about-your-exposure-to-vulnerable-dependencies.md rename to content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md index 4333e57f5c62..0589e3eb39c7 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/about-your-exposure-to-vulnerable-dependencies.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md @@ -1,7 +1,7 @@ --- title: About exposure to vulnerabilities in your code and in dependencies shortTitle: Vulnerability exposure -intro: 'Understanding your organization’s exposure to vulnerabilities in first-party code and in all dependencies is essential for enabling you to efficiently assess, prioritize, and remediate vulnerabilities, reducing the likelihood of security breaches.' +intro: Understanding your organization’s exposure to vulnerabilities in first-party code and in all dependencies is essential for enabling you to efficiently assess, prioritize, and remediate vulnerabilities, reducing the likelihood of security breaches. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.ghas-billing %}' versions: @@ -14,6 +14,7 @@ topics: - Security redirect_from: - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilites/about-your-exposure-to-vulnerable-dependencies + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/about-your-exposure-to-vulnerable-dependencies --- ## About exposure to vulnerable code @@ -38,7 +39,7 @@ Regularly assessing your exposure to vulnerabilities is good practice to help id * **{% data variables.product.prodname_dependabot %}** automatically monitors your project’s dependencies for vulnerabilities and outdated packages. When it detects a security issue or a new version, it creates pull requests to update the affected dependencies, helping you quickly address security risks and keep your software up to date. This reduces manual effort and helps ensure your project remains secure. See [AUTOTITLE](/code-security/getting-started/dependabot-quickstart-guide). -{% data variables.product.github %} provides a comprehensive set of {% data variables.product.prodname_dependabot %} metrics to help you monitor, prioritize, and remediate these risks across all repositories in your organization. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-dependabot-alerts). +{% data variables.product.github %} provides a comprehensive set of {% data variables.product.prodname_dependabot %} metrics to help you monitor, prioritize, and remediate these risks across all repositories in your organization. See [AUTOTITLE](/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts). ## Key tasks for AppSec managers diff --git a/content/code-security/concepts/vulnerability-reporting-and-management/index.md b/content/code-security/concepts/vulnerability-reporting-and-management/index.md new file mode 100644 index 000000000000..569b4054157a --- /dev/null +++ b/content/code-security/concepts/vulnerability-reporting-and-management/index.md @@ -0,0 +1,18 @@ +--- +title: Concepts for vulnerability reporting and management +shortTitle: Vulnerability reporting +intro: Learn core concepts relating to vulnerability reporting and management on {% data variables.product.github %}. +versions: + fpt: '*' + ghec: '*' +topics: + - Security advisories + - Vulnerabilities +contentType: concepts +children: + - /about-the-github-advisory-database + - /about-repository-security-advisories + - /about-global-security-advisories + - /about-coordinated-disclosure-of-security-vulnerabilities + - /about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies +--- diff --git a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md deleted file mode 100644 index af2783255d32..000000000000 --- a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: About Dependabot alerts -intro: '{% data variables.product.github %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect that your repository uses a vulnerable dependency.' -product: '{% data reusables.gated-features.dependabot-alerts %}' -redirect_from: - - /articles/about-security-alerts-for-vulnerable-dependencies - - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies - - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies - - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: overview -topics: - - Dependabot - - Alerts - - Vulnerabilities - - Repositories - - Dependencies -shortTitle: Dependabot alerts ---- - - -{% data variables.product.prodname_dependabot_alerts %} tell you when your code depends on a package that is insecure. Often, software is built using open-source code packages from a large variety of sources. The complex relationships between these dependencies, and the ease with which malicious actors can insert malware into upstream code, mean that you may unknowingly be using dependencies that have security flaws, also known as vulnerabilities. - -If your code depends on a package with a security vulnerability, this can cause a range of problems for your project or the people who use it. Using a vulnerable package makes you a soft target for malicious users looking to exploit your system. For example, they may seek to get access to your code and data from your customers or contributors. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative. - -{% data reusables.dependabot.no-dependabot-alerts-for-malware %} - -{% data reusables.dependabot.quickstart-link %} - -## Detection of insecure dependencies - -{% data variables.product.prodname_dependabot %} performs a scan of the default branch of your repository to detect insecure dependencies, and sends {% data variables.product.prodname_dependabot_alerts %} when: - -{% ifversion fpt or ghec %} -* A new advisory is added to the {% data variables.product.prodname_advisory_database %}. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database).{% else %} - -* New advisory data is synchronized to {% data variables.product.prodname_dotcom %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} - - > [!NOTE] - > Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}. - -* The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% ifversion fpt or ghec %}, or when the code of one of the dependencies changes{% endif %}. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). - -> [!NOTE] -> {% data variables.product.prodname_dependabot %} doesn't scan archived repositories. - -{% data reusables.repositories.dependency-review %} - -As {% data variables.product.prodname_dependabot_alerts %} rely on the dependency graph, the ecosystems that are supported by {% data variables.product.prodname_dependabot_alerts %} are the same as those supported by the dependency graph. For a list of these ecosystems, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). - -> [!NOTE] -> It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for insecure dependencies that you use. You may also get alerts for dependencies that you no longer use. - -{% data reusables.dependabot.dependabot-alert-actions-semver %} - -## Configuration of {% data variables.product.prodname_dependabot_alerts %} - -{% data reusables.repositories.enable-security-alerts %} - -{% ifversion fpt or ghec %}Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %} for their repositories. You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). - -For information about access requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization#access-requirements-for-security-features). - -{% data variables.product.github %} starts generating the dependency graph immediately and generates alerts for any insecure dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories). -{% endif %} - -When {% data variables.product.github %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. - -{% data variables.product.github %} may also notify the maintainers of affected repositories about new alerts according to their notification preferences. When {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository, only for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts). - -{% data reusables.dependabot.dependabot-alert-create-PR %} - -{% data reusables.dependabot.dependabot-alert-rules %} - -> [!WARNING] -> {% data variables.product.github %}'s security features do not claim to catch all vulnerabilities. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary. - -## Access to {% data variables.product.prodname_dependabot_alerts %} - -You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's **Security** tab or{% endif %} in the repository's dependency graph. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts). - -By default, we notify people with write, maintain, or admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.github %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working with repositories that you own or have admin permissions for. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). -{% endif %} - -{% data reusables.notifications.vulnerable-dependency-notification-enable %} -{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts). - -You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular advisory in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %} - -{% ifversion copilot-chat-ghas-alerts %} - -## Asking {% data variables.copilot.copilot_chat %} about {% data variables.product.prodname_dependabot_alerts %} - -With a {% data variables.copilot.copilot_enterprise %} license, you can ask {% data variables.copilot.copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_dependabot_alerts %}, in repositories in your organization. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features). - -{% endif %} - -## Further reading - -* [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) -* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) -* [AUTOTITLE](/code-security/getting-started/auditing-security-alerts) -{% ifversion fpt or ghec %}- [AUTOTITLE](/get-started/privacy-on-github){% endif %} diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md deleted file mode 100644 index 203db90b7791..000000000000 --- a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Configuring notifications for Dependabot alerts -shortTitle: Configure notifications -intro: 'Optimize how you receive notifications about {% data variables.product.prodname_dependabot_alerts %}.' -redirect_from: - - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Dependabot - - Alerts - - Notifications - - Vulnerabilities - - Dependencies - - Repositories ---- - -## About notifications for {% data variables.product.prodname_dependabot_alerts %} - -When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository. {% data variables.product.github %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% ifversion fpt or ghec %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories, and needs to be enabled on private repositories. By default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email. You can override the default overall behavior by choosing the type of notifications you want to receive, or switching notifications off altogether in the settings page for your user notifications at [https://github.com/settings/notifications](https://github.com/settings/notifications). -{% endif %} - -{% data reusables.dependabot.no-dependabot-alerts-for-malware %} - -Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it. - -{% ifversion fpt or ghec %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether {% data variables.product.prodname_dependabot_alerts %} will be enabled or disabled for newly-created repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added). -{% endif %} - -{% ifversion ghes %} -By default, if your enterprise owner has configured email for notifications on your enterprise, you will receive {% data variables.product.prodname_dependabot_alerts %} by email. - -Enterprise owners can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). -{% endif %} - -## Configuring notifications for {% data variables.product.prodname_dependabot_alerts %} - -When a new {% data variables.product.prodname_dependabot %} alert is detected, {% data variables.product.github %} notifies all users with access to {% data variables.product.prodname_dependabot_alerts %} for the repository according to their notification preferences. You will receive alerts if you are watching the repository, have enabled notifications for security alerts or for all the activity on the repository, and are not ignoring the repository. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository). - -You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#choosing-your-notification-settings). - -{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} -{% data reusables.notifications.vulnerable-dependency-notification-options %} - -{% ifversion update-notification-settings-22 %} -![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu with frequency options is outlined in orange.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %} -![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %} - -> [!NOTE] -> You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#dependabot-custom-filters). - -{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#filtering-email-notifications). - -## How to reduce the noise from notifications for {% data variables.product.prodname_dependabot_alerts %} - -If you are concerned about receiving too many notifications for {% data variables.product.prodname_dependabot_alerts %}, we recommend leveraging {% data variables.dependabot.auto_triage_rules %} to auto-dismiss low-risk alerts. Rules are applied before alert notifications are sent, so alerts that are auto-dismissed upon creation do not send notifications. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). - -Alternatively, you can opt into the weekly email digest, or even completely turn off notifications while keeping {% data variables.product.prodname_dependabot_alerts %} enabled. You can still navigate to see your {% data variables.product.prodname_dependabot_alerts %} in your repository's **Security** tab. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts). - -## Further reading - -* [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications) -* [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#supported-is-queries) diff --git a/content/code-security/dependabot/dependabot-alerts/index.md b/content/code-security/dependabot/dependabot-alerts/index.md deleted file mode 100644 index 3386f9ef4444..000000000000 --- a/content/code-security/dependabot/dependabot-alerts/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts -shortTitle: Dependabot alerts -intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilities are detected in dependencies that your project uses.' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Dependabot - - Alerts - - Vulnerabilities - - Repositories - - Dependencies -children: - - /about-dependabot-alerts - - /configuring-dependabot-alerts - - /viewing-and-updating-dependabot-alerts - - /configuring-notifications-for-dependabot-alerts ---- diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/index.md b/content/code-security/dependabot/dependabot-auto-triage-rules/index.md deleted file mode 100644 index 8a7200672013..000000000000 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Prioritizing Dependabot alerts with Dependabot auto-triage rules -shortTitle: Dependabot auto-triage rules -intro: 'You can use {% data variables.dependabot.auto_triage_rules %} to prioritize {% data variables.product.prodname_dependabot_alerts %}.' -allowTitleToDifferFromFilename: true -versions: - feature: dependabot-auto-triage-rules -topics: - - Dependabot - - Alerts - - Vulnerabilities - - Repositories - - Dependencies -children: - - /about-dependabot-auto-triage-rules - - /using-github-preset-rules-to-prioritize-dependabot-alerts - - /customizing-auto-triage-rules-to-prioritize-dependabot-alerts - - /managing-automatically-dismissed-alerts -redirect_from: - - /code-security/dependabot/dependabot-alert-rules ---- diff --git a/content/code-security/dependabot/dependabot-security-updates/index.md b/content/code-security/dependabot/dependabot-security-updates/index.md deleted file mode 100644 index 3877a1c866f8..000000000000 --- a/content/code-security/dependabot/dependabot-security-updates/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates -intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Repositories - - Dependabot - - Security updates - - Dependencies - - Pull requests -shortTitle: Dependabot security updates -children: - - /about-dependabot-security-updates - - /configuring-dependabot-security-updates - - /customizing-dependabot-security-prs ---- diff --git a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md deleted file mode 100644 index 32dc812632ee..000000000000 --- a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: About Dependabot version updates -intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions.' -product: '{% data reusables.gated-features.dependabot-version-updates %}' -redirect_from: - - /github/administering-a-repository/about-dependabot - - /github/administering-a-repository/about-github-dependabot - - /github/administering-a-repository/about-github-dependabot-version-updates - - /github/administering-a-repository/about-dependabot-version-updates - - /code-security/supply-chain-security/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates -versions: - fpt: '*' - ghec: '*' - ghes: '*' -type: overview -topics: - - Dependabot - - Version updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Dependabot version updates ---- - -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot_version_updates %} - -{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. - -{% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %} - -You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. - -When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates). - -If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates). - -{% data reusables.dependabot.pull-request-security-vs-version-updates %} - -{% data reusables.dependabot.dependabot-updates-signed-commits %} - -{% data reusables.dependabot.dependabot-updates-prs-and-actions %} - -{% data reusables.dependabot.dependabot-tos %} - -## Frequency of {% data variables.product.prodname_dependabot %} pull requests - -You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly. - -{% data reusables.dependabot.initial-updates %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates). - -If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency. - -{% data reusables.dependabot.version-updates-skip-scheduled-runs %} - -## About automatic deactivation of {% data variables.product.prodname_dependabot_updates %} - -{% data reusables.dependabot.automatic-deactivation-link %} - -## About notifications for {% data variables.product.prodname_dependabot %} version updates - -You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox). diff --git a/content/code-security/dependabot/dependabot-version-updates/index.md b/content/code-security/dependabot/dependabot-version-updates/index.md deleted file mode 100644 index 366ec0da3382..000000000000 --- a/content/code-security/dependabot/dependabot-version-updates/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Keeping your dependencies updated automatically with Dependabot version updates -intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.' -allowTitleToDifferFromFilename: true -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically - - /github/administering-a-repository/customizing-dependency-updates - - /code-security/supply-chain-security/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /about-dependabot-version-updates - - /configuring-dependabot-version-updates - - /optimizing-pr-creation-version-updates - - /customizing-dependabot-prs - - /controlling-dependencies-updated -shortTitle: Dependabot version updates ---- diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md deleted file mode 100644 index 31e4a7abaf60..000000000000 --- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Ecosystems supported by Dependabot -intro: '{% data variables.product.prodname_dependabot %} supports a wide range of ecosystems to help keep your code secure' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Dependabot - - Dependencies - - Alerts - - Vulnerabilities - - Repositories -shortTitle: Dependabot ecosystems -children: - - /supported-ecosystems-and-repositories - - /optimizing-java-packages-dependabot ---- diff --git a/content/code-security/dependabot/index.md b/content/code-security/dependabot/index.md deleted file mode 100644 index 16246ea41cea..000000000000 --- a/content/code-security/dependabot/index.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Keeping your supply chain secure with Dependabot -shortTitle: Dependabot -intro: 'Monitor vulnerabilities in dependencies used in your project and keep your dependencies up-to-date with {% data variables.product.prodname_dependabot %}.' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Dependabot - - Alerts - - Vulnerabilities - - Repositories - - Dependencies -children: - - /ecosystems-supported-by-dependabot - - /dependabot-alerts - - /dependabot-auto-triage-rules - - /dependabot-security-updates - - /dependabot-version-updates - - /working-with-dependabot - - /maintain-dependencies - - /troubleshooting-dependabot ---- diff --git a/content/code-security/dependabot/maintain-dependencies/index.md b/content/code-security/dependabot/maintain-dependencies/index.md deleted file mode 100644 index 7d4d9152d503..000000000000 --- a/content/code-security/dependabot/maintain-dependencies/index.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Maintaining dependencies at scale -shortTitle: Maintain dependencies at scale -intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically update your dependencies for your repositories and organizations.' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Dependabot - - Organizations - - Security - - Dependencies -children: - - /best-practices-for-maintaining-dependencies - - /managing-dependabot-on-self-hosted-runners - - /removing-dependabot-access-to-public-registries ---- diff --git a/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md b/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md deleted file mode 100644 index 795d81441a81..000000000000 --- a/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Managing Dependabot on self-hosted runners -intro: 'You can configure self-hosted runners that {% data variables.product.prodname_dependabot %} uses to access your private registries and internal network resources.' -shortTitle: Manage Dependabot on self-hosted runners -permissions: '{% data reusables.permissions.dependabot-actions %}' -versions: - feature: dependabot-on-actions-self-hosted -type: how_to -topics: - - Dependabot - - Security updates - - Version updates - - Actions - - Dependencies - - Repositories -redirect_from: - - /code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners ---- - -## About {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} self-hosted runners - -You can help users of your organization and repositories to create and maintain secure code by setting up {% data variables.product.prodname_dependabot %} security and version updates. With {% data variables.product.prodname_dependabot_updates %}, developers can configure repositories so that their dependencies are updated and kept secure automatically. Running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} allows for better performance, and increased visibility and control of {% data variables.product.prodname_dependabot %} jobs. - -{% data reusables.dependabot.vnet-arc-note %} - -To have greater control over {% data variables.product.prodname_dependabot %} access to your private registries and internal network resources, you can configure {% data variables.product.prodname_dependabot %} to run on {% data variables.product.prodname_actions %} self-hosted runners. - -For security reasons, when running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} self-hosted runners, {% data variables.product.prodname_dependabot_updates %} will not be run on public repositories. - -For more information about configuring {% data variables.product.prodname_dependabot %} access to private registries when using {% data variables.product.company_short %}-hosted runners, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot). For information about which ecosystems are supported as private registries, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries). - -## Prerequisites - -You must have {% data variables.product.prodname_dependabot %} installed and enabled, and {% data variables.product.prodname_actions %} enabled and in use. The "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} Runners" setting for your organization should also be enabled. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners). - -Your organization may have configured a policy to restrict actions and self-hosted runners from running in specific repositories, which in turn will not allow {% data variables.product.prodname_dependabot %} to run on {% data variables.product.prodname_actions %} self-hosted runners. In this case, the organization or repository level setting to enable "{% data variables.product.prodname_dependabot %} on self-hosted runners" will not be visible in the web UI. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization). - -{% data reusables.dependabot.dependabot-on-actions-enterprise-policy-condition %} - -## Configuring self-hosted runners for {% data variables.product.prodname_dependabot_updates %} - -After you configure your organization or repository to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}, and before you enable {% data variables.product.prodname_dependabot %} on self-hosted runners, you need to configure self-hosted runners for {% data variables.product.prodname_dependabot_updates %}. - -### System requirements for {% data variables.product.prodname_dependabot %} runners - -{% data reusables.dependabot.dependabot-runners-system-requirements %} - -### Network requirements for {% data variables.product.prodname_dependabot %} runners - -{% data reusables.dependabot.dependabot-runners-network-requirements %} - -### Certificate configuration for {% data variables.product.prodname_dependabot %} runners - -If {% data variables.product.prodname_dependabot %} needs to interact with registries that use self-signed certificates, those certificates must also be installed on the self-hosted runners that run {% data variables.product.prodname_dependabot %} jobs. This security hardens the connection. You must also configure Node.js to use the certificate, because most actions are written in JavaScript and run using Node.js, which does not use the operating system certificate store. - -### Adding self-hosted runners for {% data variables.product.prodname_dependabot %} updates - -1. Provision self-hosted runners, at the repository or organization level. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners). - -1. Set up the self-hosted runners with the requirements described above. For example, on a VM running Ubuntu 20.04 you would: - * Install Docker and ensure that the runner users have access to Docker. For more information, see the Docker documentation. - * [Install Docker Engine on Ubuntu](https://docs.docker.com/engine/install/ubuntu/) - * Recommended approach: [Run the Docker daemon as a non-root user (Rootless mode)](https://docs.docker.com/engine/security/rootless/) - * Alternative approach: [Manage Docker as a non-root user](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user) - * Verify that the runners have access to the public internet and can only access the internal networks that {% data variables.product.prodname_dependabot %} needs. - * Install any self-signed certificates for registries that {% data variables.product.prodname_dependabot %} will need to interact with. - -1. Assign a `dependabot` label to each runner you want {% data variables.product.prodname_dependabot %} to use. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners#assigning-a-label-to-a-self-hosted-runner). -1. Optionally, enable workflows triggered by {% data variables.product.prodname_dependabot %} to use more than read-only permissions and to have access to any secrets that are normally available. For more information, see [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions#restrictions-when-dependabot-triggers-events). - -## Enabling self-hosted runners for {% data variables.product.prodname_dependabot_updates %} - -Once you have configured self-hosted runners for {% data variables.product.prodname_dependabot_updates %}, you can enable or disable {% data variables.product.prodname_dependabot_updates %} on self-hosted runners at the organization or repository level. - -Note, disabling and re-enabling the "{% data variables.product.prodname_dependabot %} on self-hosted runners" settings will not trigger a new {% data variables.product.prodname_dependabot %} run. - -### Enabling or disabling for your repository - -You can manage {% data variables.product.prodname_dependabot %} on self-hosted runners for your {% ifversion ghec %}private or internal{% else %}private{% endif %} repository. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Dependabot", to the right of "{% data variables.product.prodname_dependabot %} on self-hosted runners", click **Enable** to enable the feature or **Disable** to disable it. - -### Enabling or disabling for your organization - -You can enable {% data variables.product.prodname_dependabot %} on self-hosted runners for all existing {% ifversion ghec %}private or internal{% else %}private{% endif %} repositories in an organization. Only repositories already configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} will be updated to run {% data variables.product.prodname_dependabot %} on self-hosted runners the next time a {% data variables.product.prodname_dependabot %} job is triggered. - -> [!NOTE] You need to enable self-hosted runners for your organization if you use {% data variables.actions.hosted_runners %}. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-dependabot-on-larger-runners). - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.security-configurations.display-global-settings %} -1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on self-hosted runners" to enable the feature or deselect to disable it. This action enables or disables the feature for all new repositories in the organization. - -For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization). diff --git a/content/code-security/dependabot/troubleshooting-dependabot/index.md b/content/code-security/dependabot/troubleshooting-dependabot/index.md deleted file mode 100644 index 3ca1c139c11d..000000000000 --- a/content/code-security/dependabot/troubleshooting-dependabot/index.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Troubleshooting Dependabot -intro: 'If you have problems with {% data variables.product.prodname_dependabot %}, you can use tips in these articles to help resolve issues.' -allowTitleToDifferFromFilename: true -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Dependabot - - Dependencies - - Alerts - - Vulnerabilities - - Repositories -shortTitle: Troubleshoot Dependabot -children: - - /listing-dependencies-configured-for-version-updates - - /viewing-dependabot-job-logs - - /dependabot-updates-stopped - - /troubleshooting-dependabot-errors - - /troubleshooting-dependabot-on-github-actions - - /troubleshooting-the-detection-of-vulnerable-dependencies ---- diff --git a/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md b/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md deleted file mode 100644 index 746f75288cd6..000000000000 --- a/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Viewing Dependabot job logs -intro: 'To support debugging of {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.github %} provides logs of all {% data variables.product.prodname_dependabot %} jobs.' -shortTitle: Viewing Dependabot logs -permissions: '{% data reusables.permissions.dependabot-various-tasks %}' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -type: how_to -topics: - - Dependabot - - Troubleshooting - - Errors - - Security updates - - Dependencies -redirect_from: - - /code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs ---- - -## About {% data variables.product.prodname_dependabot %} job logs - -Job logs are only available if {% data variables.product.prodname_dependabot_version_updates %} are enabled for the repository. - -Whenever a {% data variables.product.prodname_dependabot %} job runs, the details of the job are captured in the job logs list, which is accessible from the dependency graph. - -For each manifest file, the job logs record the most recent runs of {% data variables.product.prodname_dependabot %}, with each log entry displaying the job type, job ID, timestamp, and, where necessary, a link to the pull request(s) associated with the job. - -You may find that the log entry contains a short error message, which can be useful for debugging issues with a particular pull request or run. If you need to troubleshoot further, you can click **view logs** to access the full log files for a specific run. - -You will see the following job types recorded in the log list: -* **Version update** - refers to a {% data variables.product.prodname_dependabot_version_updates %} run. -* **Security update** - refers to a {% data variables.product.prodname_dependabot_security_updates %} run. -* **Rebase update** - refers to a run where {% data variables.product.prodname_dependabot %} has automatically rebased the pull request to resolve a conflict with the target branch. This update could apply to a pull request from a {% data variables.product.prodname_dependabot_version_updates %} job, or a {% data variables.product.prodname_dependabot_security_updates %} job. - -## Viewing {% data variables.product.prodname_dependabot %} job logs - -The {% data variables.product.prodname_dependabot %} job logs list is accessible from the dependency graph tab in your repository. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.accessing-repository-graphs %} -{% data reusables.repositories.click-dependency-graph %} -{% data reusables.dependabot.click-dependabot-tab %} -1. To the right of the name of manifest file that you're interested in, click **Recent update jobs**. -1. Optionally, to see the full logs files for a particular job, click **view logs**. - - ![Screenshot of a Dependabot job log entry for the Gemfile package manager. A button, called "View logs", is highlighted in a dark orange outline.](/assets/images/help/dependabot/dependabot-job-logs.png) diff --git a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md deleted file mode 100644 index 5c586c01d6d8..000000000000 --- a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: About Dependabot on GitHub Actions runners -intro: '{% data variables.product.prodname_dotcom %} automatically runs the jobs that generate {% data variables.product.prodname_dependabot %} pull requests on {% data variables.product.prodname_actions %} if you have {% data variables.product.prodname_actions %} enabled for the repository. When {% data variables.product.prodname_dependabot %} is enabled, these jobs will run by bypassing Actions policy checks and disablement at the repository or organization level.' -shortTitle: About Dependabot on Actions -product: '{% data reusables.gated-features.dependabot-on-actions %}' -versions: - feature: dependabot-on-actions-opt-in -type: how_to -topics: - - Dependabot - - Security updates - - Version updates - - Actions - - Dependencies - - Repositories ---- - -## About {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners - -> [!IMPORTANT] -> If {% data variables.product.prodname_dependabot %} is enabled for a repository, it will always run on {% data variables.product.prodname_actions %}, **bypassing both Actions policy checks and disablement at the repository or organization level**. This ensures that security and version update workflows always run when Dependabot is enabled. - -Using {% data variables.product.prodname_actions %} runners allows you to more easily identify {% data variables.product.prodname_dependabot %} job errors and manually detect and troubleshoot failed runs. You can also integrate {% data variables.product.prodname_dependabot %} into your CI/CD pipelines by using {% data variables.product.prodname_actions %} APIs and webhooks to detect {% data variables.product.prodname_dependabot %} job status such as failed runs, and perform downstream processing. For more information, see [AUTOTITLE](/rest/actions) and [AUTOTITLE](/webhooks/webhook-events-and-payloads). - -> [!NOTE] -> Running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_dotcom %}-hosted and self-hosted runners **does not** count towards your included {% data variables.product.prodname_actions %} minutes. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). - -You can run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} using: -* {% data variables.product.prodname_dotcom %}-hosted runners -* {% data variables.actions.hosted_runners_caps %}. These runners are {% data variables.product.prodname_dotcom %}-hosted, with advanced features, such as more RAM, CPU, and disk space. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners). -* Self-hosted runners. For more information on assigning a `dependabot` label on self-hosted runners, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners). - -{% data reusables.dependabot.vnet-arc-note %} - -Enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} may increase the number of concurrent jobs run in your account. If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. - -If you are transitioning to using {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners and you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses. For example, if you currently limit access to your private resources to the IP addresses that {% data variables.product.prodname_dependabot %} uses, you should update your allowlist to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses sourced from the meta API endpoint. For more information, see [AUTOTITLE](/rest/meta). - -{% data reusables.dependabot.dependabot-on-actions-enterprise-policy-condition %} - -> [!NOTE] -> {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} relies on the `ubuntu-latest` label to select the appropriate runner. To ensure {% data variables.product.prodname_dependabot %} runs on {% data variables.product.github %}-hosted runners, you should not use the label `ubuntu-latest` for self-hosted runners. - -## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.product.github %}-hosted runners - -This section only applies to standard {% data variables.product.github %}-hosted runners, not larger runners. - -New repositories that you create in your user account or in your organization will automatically be configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} if any of the following is true: -* {% data variables.product.prodname_dependabot %} is installed and enabled, and {% data variables.product.prodname_actions %} is enabled and in use. -* The "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners" setting for your organization is enabled. - -For existing repositories, you can opt in to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} as follows. - -Future releases of {% data variables.product.github %} will remove the ability to disable running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. - -If you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses prior to enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners. You can update your IP allow list to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses (instead of the {% data variables.product.prodname_dependabot %} IP addresses), sourced from the [meta](/rest/meta) REST API endpoint. - ->[!WARNING] You should not rely on the {% data variables.product.prodname_actions %} IP addresses for authentication to private registries. These {% data variables.product.prodname_actions %} addresses are not only used by {% data variables.product.prodname_dotcom %}, and should not be trusted for authentication. Instead, use a self-hosted runner to ensure greater control over your network access. For more information, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners). - -Note, disabling and re-enabling the "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners" settings will not trigger a new {% data variables.product.prodname_dependabot %} run. - -### Enabling or disabling for your repository - -You can manage {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} for your public{% ifversion ghec %}, private or internal{% else %} or private{% endif %} repository. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Dependabot", to the right of "{% data variables.product.prodname_dependabot %} on Actions runners", click **Enable** to enable the feature or **Disable** to disable it. - -### Enabling or disabling for your organization - -You can enable {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} for all existing repositories in an organization. - -Only repositories with the following configuration will be updated to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} the next time a {% data variables.product.prodname_dependabot %} job is triggered. - - * {% data variables.product.prodname_dependabot %} is enabled in the repository. - * {% data variables.product.prodname_actions %} is enabled in the repository. - -If a repository in your organization has {% data variables.product.prodname_dependabot %} enabled but {% data variables.product.prodname_actions %} disabled, {% data variables.product.prodname_dependabot %} will not run on {% data variables.product.prodname_actions %}, but will continue to run using the built-in {% data variables.product.prodname_dependabot %} application. - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.security-configurations.display-global-settings %} -1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on Actions runners" to enable the feature or deselect to disable it. - -For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#enabling-dependency-updates-on-github-actions-runners). - -## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.actions.hosted_runners %} - -If you run into {% data variables.product.prodname_dependabot %} timeouts and out-of-memory errors, you may want to use {% data variables.actions.hosted_runners %}, as you can configure these runners to have more resources. - -> [!NOTE] You can only enable {% data variables.actions.hosted_runners %} for {% data variables.product.prodname_dependabot %} _at the organization level_. {% data variables.product.prodname_dotcom %} will bill your organization at the regular Actions runner pricing. See [AUTOTITLE](/billing/reference/actions-minute-multipliers). - -1. Add a {% data variables.actions.hosted_runner %} to your organization and ensure the name specified is `dependabot`. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization). -1. Opt in the organization to self-hosted runners. For more information, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners#enabling-or-disabling-for-your-organization). This step is required, as it ensures that future {% data variables.product.prodname_dependabot %} jobs will run on the larger {% data variables.product.prodname_dotcom %}-hosted runner that has the `dependabot` name. - -## Managing {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners - -When a {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} job is run, you can review the workflow run history directly from the Dependabot job logs. For more information, see [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs). - -You can also navigate to a {% data variables.product.prodname_dependabot %} workflow run from the **Actions** tab in a repository. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history). - -To re-run a {% data variables.product.prodname_dependabot_version_updates %} or {% data variables.product.prodname_dependabot_security_updates %} job, use the appropriate procedure below. You cannot re-run a {% data variables.product.prodname_dependabot %} job on {% data variables.product.prodname_actions %} as you would for other {% data variables.product.prodname_actions %} workflows and jobs, that is, by using the **Actions** tab in a repository. You cannot view usage data for {% data variables.product.prodname_dependabot_updates %} workflows and jobs in your organization's {% data variables.product.prodname_actions %} usage metrics. - -### Re-running a {% data variables.product.prodname_dependabot_version_updates %} job - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.accessing-repository-graphs %} -{% data reusables.repositories.click-dependency-graph %} -{% data reusables.dependabot.click-dependabot-tab %} -1. To the right of the name of manifest file that you're interested in, click **Recent update jobs**. -1. To the right of the affected manifest file, click **Check for updates** to re-run a {% data variables.product.prodname_dependabot_version_updates %} job and check for new updates to dependencies for that ecosystem. - -### Re-running a {% data variables.product.prodname_dependabot_security_updates %} job - -{% data reusables.repositories.navigate-to-repo %} -1. Under your repository name, click **{% octicon "shield-lock" aria-hidden="true" aria-label="shield-lock" %} Security**. -1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_dependabot %}**. -1. Under "{% data variables.product.prodname_dependabot %}", click the alert you want to view. -1. In the section displaying the error details for the alert, click **Try again** to re-run the {% data variables.product.prodname_dependabot_security_updates %} job. - -## Further reading - -* [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions) diff --git a/content/code-security/dependabot/working-with-dependabot/index.md b/content/code-security/dependabot/working-with-dependabot/index.md deleted file mode 100644 index d2439e60ec4b..000000000000 --- a/content/code-security/dependabot/working-with-dependabot/index.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Working with Dependabot -shortTitle: Work with Dependabot -intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Security updates - - Dependencies - - Pull requests -children: - - /managing-pull-requests-for-dependency-updates - - /about-dependabot-on-github-actions-runners - - /automating-dependabot-with-github-actions - - /keeping-your-actions-up-to-date-with-dependabot - - /configuring-access-to-private-registries-for-dependabot - - /guidance-for-the-configuration-of-private-registries-for-dependabot - - /configuring-multi-ecosystem-updates - - /dependabot-options-reference - - /setting-dependabot-to-run-on-self-hosted-runners-using-arc - - /setting-dependabot-to-run-on-github-hosted-runners-using-vnet ---- diff --git a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md deleted file mode 100644 index 554411483842..000000000000 --- a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Adding a security policy to your repository -intro: You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository. -redirect_from: - - /articles/adding-a-security-policy-to-your-repository - - /github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository - - /github/code-security/security-advisories/adding-a-security-policy-to-your-repository -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Security policies - - Vulnerabilities - - Repositories - - Health -shortTitle: Add a security policy ---- - -## About security policies - -To give people instructions for reporting security vulnerabilities in your project, you can add a `SECURITY.md` file to your repository's root, `docs`, or `.github` folder. Adding this file to this part(s) of your repository automatically creates a row with a description where people can review it. When someone creates an issue in your repository, they will see a link to your project's security policy. - -You can create a default security policy for your organization or personal account. For more information, see [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file). - -> [!TIP] -> To help people find your security policy, you can link to your `SECURITY.md` file from other places in your repository, such as your `README` file. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes). - -{% ifversion fpt or ghec %} -After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github). For more information about repository security advisories, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories). - -{% data reusables.repositories.github-security-lab %} -{% endif %} -{% ifversion ghes %} - -By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel. -{% endif %} - -For an example of a real `SECURITY.md` file, see [https://github.com/electron/electron/blob/main/SECURITY.md](https://github.com/electron/electron/blob/main/SECURITY.md). - -## Adding a security policy to your repository - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" aria-label="law" %} Policy**. -1. Click **Start setup**. -1. In the new `SECURITY.md` file, add information about supported versions of your project and how to report a vulnerability. -{% data reusables.files.write_commit_message %} -{% data reusables.files.choose-commit-email %} -{% data reusables.files.choose_commit_branch %} -{% data reusables.files.propose_file_change %} - -## Further reading - -* [AUTOTITLE](/code-security/getting-started/securing-your-repository) -* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions){% ifversion fpt or ghec %} -* [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %} diff --git a/content/code-security/getting-started/github-security-features.md b/content/code-security/getting-started/github-security-features.md index d48b6f6fc8ba..c78c310da9b8 100644 --- a/content/code-security/getting-started/github-security-features.md +++ b/content/code-security/getting-started/github-security-features.md @@ -5,7 +5,7 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: overview +contentType: get-started topics: - Repositories - Dependencies @@ -124,7 +124,7 @@ Push protection for users automatically protects you from accidentally committin ## Available with {% data variables.product.prodname_GH_secret_protection %} -For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_secret_protection %}**. +For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_secret_protection %}**. {% data variables.product.prodname_GH_secret_protection %} includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection. @@ -179,7 +179,7 @@ Security overview allows you to review the overall security landscape of your or ## Available with {% data variables.product.prodname_GH_code_security %} -For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_code_security %}**. +For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_code_security %}**. {% data variables.product.prodname_GH_code_security %} includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review. diff --git a/content/code-security/getting-started/index.md b/content/code-security/getting-started/index.md index d7d750b463fa..134020900d50 100644 --- a/content/code-security/getting-started/index.md +++ b/content/code-security/getting-started/index.md @@ -2,7 +2,7 @@ title: Getting started with secure coding shortTitle: Getting started allowTitleToDifferFromFilename: true -intro: 'Introduction to secure coding with {% data variables.product.github %}.' +intro: Introduction to secure coding with {% data variables.product.github %}. versions: fpt: '*' ghes: '*' @@ -13,11 +13,6 @@ topics: - Vulnerabilities children: - /github-security-features - - /dependabot-quickstart-guide - /quickstart-for-securing-your-repository - /quickstart-for-securing-your-organization - - /adding-a-security-policy-to-your-repository - - /auditing-security-alerts - - /best-practices-for-preventing-data-leaks-in-your-organization - - /understanding-github-secret-types --- diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md index 875f0ccd503a..e76d595804c8 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md @@ -6,7 +6,7 @@ redirect_from: - /code-security/getting-started/securing-your-organization versions: feature: pre-security-configurations -type: how_to +contentType: get-started topics: - Organizations - Dependencies diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index 63ffd226810a..c70f36187ae5 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -10,7 +10,7 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: get-started topics: - Repositories - Dependencies diff --git a/content/code-security/how-tos/index.md b/content/code-security/how-tos/index.md new file mode 100644 index 000000000000..9bca368d048f --- /dev/null +++ b/content/code-security/how-tos/index.md @@ -0,0 +1,27 @@ +--- +title: How-tos for security and code quality +shortTitle: How-tos +intro: Learn how to use {% data variables.product.github %}'s security and code quality features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: how-tos +children: + - /secure-at-scale + - /secure-your-secrets + - /scan-code-for-vulnerabilities + - secure-your-supply-chain + - manage-security-alerts + - /maintain-quality-code + - /report-and-fix-vulnerabilities + - /view-and-interpret-data +--- diff --git a/content/code-security/code-quality/how-tos/enable-code-quality.md b/content/code-security/how-tos/maintain-quality-code/enable-code-quality.md similarity index 92% rename from content/code-security/code-quality/how-tos/enable-code-quality.md rename to content/code-security/how-tos/maintain-quality-code/enable-code-quality.md index 5ccb73a0a132..e109d1bd3d49 100644 --- a/content/code-security/code-quality/how-tos/enable-code-quality.md +++ b/content/code-security/how-tos/maintain-quality-code/enable-code-quality.md @@ -1,7 +1,7 @@ --- title: Enabling {% data variables.product.prodname_code_quality %} shortTitle: Enable Code Quality -intro: 'Use {% data variables.product.prodname_code_quality_short %} to automatically catch, fix, and report on code quality issues in pull requests and on your default branch.' +intro: Use {% data variables.product.prodname_code_quality_short %} to automatically catch, fix, and report on code quality issues in pull requests and on your default branch. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -9,6 +9,8 @@ permissions: '{% data reusables.permissions.code-quality-repo-enable %}' topics: - Code Quality contentType: how-tos +redirect_from: + - /code-security/code-quality/how-tos/enable-code-quality --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/how-tos/maintain-quality-code/index.md b/content/code-security/how-tos/maintain-quality-code/index.md new file mode 100644 index 000000000000..bc9edf9f5fcf --- /dev/null +++ b/content/code-security/how-tos/maintain-quality-code/index.md @@ -0,0 +1,16 @@ +--- +title: Maintain quality code +intro: Learn how to use {% data variables.product.github %}'s code security and code quality features to maintain high-quality code in your repositories. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /enable-code-quality + - /interpret-results + - /set-pr-thresholds + - /unblock-your-pr +redirect_from: + - /code-security/code-quality/how-tos +--- diff --git a/content/code-security/code-quality/how-tos/interpret-results.md b/content/code-security/how-tos/maintain-quality-code/interpret-results.md similarity index 95% rename from content/code-security/code-quality/how-tos/interpret-results.md rename to content/code-security/how-tos/maintain-quality-code/interpret-results.md index 23869a52345b..9b83534135d2 100644 --- a/content/code-security/code-quality/how-tos/interpret-results.md +++ b/content/code-security/how-tos/maintain-quality-code/interpret-results.md @@ -2,7 +2,7 @@ title: Interpreting the code quality results for your repository shortTitle: Interpret results allowTitleToDifferFromFilename: true -intro: 'View {% data variables.product.prodname_code_quality %} findings for your default branch.' +intro: View {% data variables.product.prodname_code_quality %} findings for your default branch. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -10,6 +10,8 @@ permissions: '{% data reusables.permissions.code-quality-see-repo-findings %}' topics: - Code Quality contentType: how-tos +redirect_from: + - /code-security/code-quality/how-tos/interpret-results --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/code-quality/how-tos/set-pr-thresholds.md b/content/code-security/how-tos/maintain-quality-code/set-pr-thresholds.md similarity index 94% rename from content/code-security/code-quality/how-tos/set-pr-thresholds.md rename to content/code-security/how-tos/maintain-quality-code/set-pr-thresholds.md index 2e7340721ef5..ffae463e077e 100644 --- a/content/code-security/code-quality/how-tos/set-pr-thresholds.md +++ b/content/code-security/how-tos/maintain-quality-code/set-pr-thresholds.md @@ -1,7 +1,7 @@ --- title: Setting code quality thresholds for pull requests shortTitle: Set PR thresholds -intro: 'Create a {% data variables.product.prodname_code_quality_short %} gate for pull requests to increase the quality of code merged into your repository.' +intro: Create a {% data variables.product.prodname_code_quality_short %} gate for pull requests to increase the quality of code merged into your repository. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -9,6 +9,8 @@ permissions: '{% data reusables.permissions.code-quality-repo-enable %}' topics: - Code Quality contentType: how-tos +redirect_from: + - /code-security/code-quality/how-tos/set-pr-thresholds --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/code-quality/how-tos/unblock-your-pr.md b/content/code-security/how-tos/maintain-quality-code/unblock-your-pr.md similarity index 95% rename from content/code-security/code-quality/how-tos/unblock-your-pr.md rename to content/code-security/how-tos/maintain-quality-code/unblock-your-pr.md index a51a951aaf97..ccbe109bcc35 100644 --- a/content/code-security/code-quality/how-tos/unblock-your-pr.md +++ b/content/code-security/how-tos/maintain-quality-code/unblock-your-pr.md @@ -1,13 +1,15 @@ --- title: Resolving a block on your pull request shortTitle: Unblock your PR -intro: 'Identify and resolve a code quality block on your pull request so you can merge your changes.' +intro: Identify and resolve a code quality block on your pull request so you can merge your changes. versions: feature: code-quality permissions: '{% data reusables.permissions.code-quality-see-repo-findings %}' topics: - Code Quality contentType: how-tos +redirect_from: + - /code-security/code-quality/how-tos/unblock-your-pr --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/how-tos/manage-security-alerts/index.md b/content/code-security/how-tos/manage-security-alerts/index.md new file mode 100644 index 000000000000..526a97c5ca07 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/index.md @@ -0,0 +1,23 @@ +--- +title: Managing security alerts +shortTitle: Manage security alerts +intro: Manage alerts generated by security features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +children: + - remediate-alerts-at-scale + - manage-secret-scanning-alerts + - manage-code-scanning-alerts + - manage-dependabot-alerts +--- diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md similarity index 98% rename from content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md rename to content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md index c4e0881a92ae..e0d8a003b040 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md @@ -7,12 +7,14 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Code Security - Code scanning - Alerts - Repositories +redirect_from: + - /code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository --- Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests). diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/disabling-autofix-for-code-scanning.md similarity index 97% rename from content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md rename to content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/disabling-autofix-for-code-scanning.md index 779b0e4f1498..7db6f7f67fb6 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/disabling-autofix-for-code-scanning.md @@ -6,12 +6,14 @@ intro: You can block availability of {% data variables.copilot.copilot_autofix % product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}' versions: feature: code-scanning-autofix -type: how_to +contentType: how-tos topics: - Code Security - Code scanning - CodeQL - AI +redirect_from: + - /code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning --- ## About disabling {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md similarity index 76% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md rename to content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md index d60a6e0e9e46..e1431663bb6f 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md @@ -1,16 +1,18 @@ --- title: Enabling delegated alert dismissal for code scanning -intro: 'You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_code_scanning %}.' +intro: You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_code_scanning %}. permissions: '{% data reusables.permissions.delegated-alert-dismissal %}' versions: feature: security-delegated-alert-dismissal -type: how_to +contentType: how-tos topics: - Code scanning - Advanced Security - Alerts - Repositories shortTitle: Enable delegated alert dismissal +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning --- ## About enabling delegated alert dismissal @@ -31,7 +33,7 @@ shortTitle: Enable delegated alert dismissal You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization. -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +{% data reusables.security-configurations.custom-security-configurations-org %} 1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning_caps %}", set "Prevent direct alert dismissals" to **Enabled**. 1. Click **Save configuration**. 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration). @@ -40,9 +42,13 @@ You must configure delegated dismissal for your organization using a custom secu You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise. -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). +{% data reusables.security-configurations.custom-security-configurations-enterprise %} 1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**. 1. Click **Save configuration**. 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise). To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). + +## Next steps + +Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_code_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/index.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/index.md new file mode 100644 index 000000000000..e40b56cb56b5 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/index.md @@ -0,0 +1,23 @@ +--- +title: Manage code scanning alerts +shortTitle: Code scanning alerts +intro: Discover how to assess, manage, and resolve {% data variables.product.prodname_code_scanning %} alerts to keep your code secure. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Code scanning + - Alerts + - Repositories +redirect_from: + - /code-security/code-scanning/managing-code-scanning-alerts +children: + - assessing-code-scanning-alerts-for-your-repository + - triaging-code-scanning-alerts-in-pull-requests + - resolving-code-scanning-alerts + - enabling-delegated-alert-dismissal-for-code-scanning + - disabling-autofix-for-code-scanning +--- diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md similarity index 98% rename from content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md rename to content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md index d637bb3fe3d1..53bffe071e7f 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md @@ -1,7 +1,7 @@ --- title: Resolving code scanning alerts shortTitle: Resolve alerts -intro: 'From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project''s code.' +intro: From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code. permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' versions: fpt: '*' @@ -16,7 +16,8 @@ redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository - /code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository -type: how_to + - /code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts +contentType: how-tos topics: - Code Security - Code scanning diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md similarity index 97% rename from content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md rename to content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md index c2ed50790408..599763816e85 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md @@ -1,7 +1,7 @@ --- title: Triaging code scanning alerts in pull requests shortTitle: Triage alerts in pull requests -intro: 'When {% data variables.product.prodname_code_scanning %} identifies a problem in a pull request, you can review the highlighted code and resolve the alert.' +intro: When {% data variables.product.prodname_code_scanning %} identifies a problem in a pull request, you can review the highlighted code and resolve the alert. permissions: '{% data reusables.permissions.code-scanning-pr-alerts %}' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests @@ -9,11 +9,12 @@ redirect_from: - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests + - /code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Code Security - Code scanning @@ -34,7 +35,7 @@ If the lines of code changed in the pull request generate {% data variables.prod * The **Files changed** tab of the pull request > [!NOTE] -> {% data variables.product.prodname_code_scanning_caps %} displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#specifying-the-location-for-source-files). +> {% data variables.product.prodname_code_scanning_caps %} displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations). {% ifversion code-scanning-autofix %} @@ -127,7 +128,7 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr When {% data variables.copilot.copilot_autofix_short %} is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_code_scanning %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning). > [!NOTE] -> * {% data variables.copilot.copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.copilot.copilot_autofix_short %}, see the query tables linked from [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites). +> * {% data variables.copilot.copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.copilot.copilot_autofix_short %}, see the query tables linked from [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries). > * When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.copilot.copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code. > * On alerts generated from queries that are not supported by {% data variables.copilot.copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support. > * {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts won't be able to generate a fix for every alert in every situation. The feature operates on a best-effort basis and is not guaranteed to succeed 100% of the time. For information about the limitations of automatically generated fixes, see [Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal.md b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal.md new file mode 100644 index 000000000000..837e10cf17f6 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal.md @@ -0,0 +1,53 @@ +--- +title: Enabling delegated alert dismissal for Dependabot +intro: Increase your governance over your {% data variables.product.prodname_dependabot_alerts %} with delegated alert dismissal. +permissions: '{% data reusables.permissions.delegated-alert-dismissal %}' +shortTitle: Enable delegated alert dismissal +versions: + feature: dependabot-delegated-alert-dismissal +contentType: how-tos +topics: + - Dependabot + - Code Security + - Security updates + - Alerts + - Dependencies +redirect_from: + - /code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal +--- + +## About enabling delegated alert dismissal + +{% data reusables.security.delegated-alert-dismissal-intro %} + +## Configuring delegated dismissal for a repository + +>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %} +{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %} +1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Prevent direct alert dismissals", click **Enable**. + +## Configuring delegated dismissal for an organization + +You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization. + +1. Start creating or editing a custom security configuration. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**. +1. Click **Save configuration**. +1. Apply the security configuration to repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration). + +## Configuring delegated dismissal for an enterprise + +You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise. + +1. Start creating or editing a custom security configuration. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). +1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**. +1. Click **Save configuration**. +1. Apply the security configuration to repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise). + +## Next steps + +Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_dependabot %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/index.md b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/index.md new file mode 100644 index 000000000000..c5b1e1564bf4 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/index.md @@ -0,0 +1,20 @@ +--- +title: Manage Dependabot alerts +shortTitle: Dependabot alerts +intro: Learn how to view, manage, and resolve {% data variables.product.prodname_dependabot_alerts %} to keep your dependencies secure. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Dependabot + - Security updates + - Alerts + - Repositories +children: + - viewing-and-updating-dependabot-alerts + - managing-automatically-dismissed-alerts + - enable-delegated-alert-dismissal +--- diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/managing-automatically-dismissed-alerts.md similarity index 88% rename from content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md rename to content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/managing-automatically-dismissed-alerts.md index a35632b03915..1245b36fb9cc 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/managing-automatically-dismissed-alerts.md @@ -1,13 +1,13 @@ --- title: Managing alerts that have been automatically dismissed by a Dependabot auto-triage rule -intro: 'You can filter to see which alerts have been auto-dismissed by a rule, and you can reopen dismissed alerts.' +intro: You can filter to see which alerts have been auto-dismissed by a rule, and you can reopen dismissed alerts. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-auto-triage-rules %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Dependabot - Alerts @@ -17,6 +17,7 @@ topics: shortTitle: Manage auto-dismissed alerts redirect_from: - /code-security/dependabot/dependabot-alert-rules/managing-automatically-dismissed-alerts + - /code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts --- ## Managing automatically dismissed alerts diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts.md similarity index 55% rename from content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md rename to content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts.md index 774d464fec09..8e2ff09b316d 100644 --- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -1,18 +1,19 @@ --- title: Viewing and updating Dependabot alerts -intro: 'If {% data variables.product.github %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.' +intro: If {% data variables.product.github %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert. redirect_from: - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts permissions: '{% data reusables.permissions.dependabot-alerts %}' shortTitle: View Dependabot alerts versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Dependabot - Security updates @@ -26,81 +27,68 @@ topics: Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}. You can filter alerts by package, ecosystem, or manifest. You can sort the list of alerts, and you can click into specific alerts for more details. You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). -You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates). - ## About updates for vulnerable dependencies in your repository -{% data variables.product.github %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that the default branch of your codebase is using dependencies with known security risks. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.github %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability. - -{% data reusables.dependabot.no-dependabot-alerts-for-malware %} - Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot_alerts %} tab filtered for that package. -You can filter and sort {% data variables.product.prodname_dependabot_alerts %} using a variety of filters and sort options available on the user interface. For more information, see [Prioritizing {% data variables.product.prodname_dependabot_alerts %}](#prioritizing-dependabot-alerts) below. +You can filter and sort {% data variables.product.prodname_dependabot_alerts %} using a variety of filters and sort options available on the user interface. For more information, see [Viewing and prioritizing {% data variables.product.prodname_dependabot_alerts %}](#viewing-and-prioritizing-dependabot-alerts) below. You can also audit actions taken in response to {% data variables.product.prodname_dependabot %} alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts). -## Prioritizing {% data variables.product.prodname_dependabot_alerts %} +## Viewing and prioritizing {% data variables.product.prodname_dependabot_alerts %} -{% data variables.product.company_short %} helps you prioritize fixing {% data variables.product.prodname_dependabot_alerts %}. By default, {% data variables.product.prodname_dependabot_alerts %} are sorted by importance. The "Most important" sort order helps you prioritize which {% data variables.product.prodname_dependabot_alerts %} to focus on first. Alerts are ranked based on their potential impact, actionability, and relevance. Our prioritization calculation is constantly being improved and includes factors like CVSS score, dependency scope, and whether vulnerable function calls are found for the alert. -You can also use {% data variables.dependabot.auto_triage_rules %} to prioritize {% data variables.product.prodname_dependabot_alerts %}. For more information, see “[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules).” +You can view, sort, and filter {% data variables.product.prodname_dependabot_alerts %} to focus on the alerts that matter most. -{% data reusables.dependabot.dependabot-alerts-filters %} +By default, alerts are sorted by **Most important**, which helps you prioritize fixes based on factors such as potential impact, actionability, and relevance. This prioritization is continuously improved and considers signals like CVSS score, dependency scope, and whether vulnerable function calls are detected. -In addition to the filters available via the search bar, you can sort and filter {% data variables.product.prodname_dependabot_alerts %} using the dropdown menus at the top of the alert list. Alternatively, to filter by label, click a label assigned to an alert to automatically apply that filter to the alert list. +{% data reusables.dependabot.where-to-view-dependabot-alerts %} -The search bar also allows for full text searching of alerts and related security advisories. You can search for part of a security advisory name or description to return the alerts in your repository that relate to that security advisory. For example, searching for `yaml.load() API could execute arbitrary code` will return {% data variables.product.prodname_dependabot_alerts %} linked to [PyYAML insecurely deserializes YAML strings leading to arbitrary code execution](https://github.com/advisories/GHSA-rprw-h62v-c2w7) as the search string appears in the advisory description. +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +{% data reusables.repositories.sidebar-dependabot-alerts %} -![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab.](/assets/images/help/graphs/dependabot-alerts-filters-checkbox.png) +1. Optionally, refine the list of alerts: + * Use the dropdown menus at the top of the list to sort or filter alerts. -You can also use the REST API to get a list of {% data variables.product.prodname_dependabot_alerts %} sorted using your filter of choice, for your repository, organization, or enterprise. For more information about API endpoints, see [AUTOTITLE](/rest/dependabot/alerts). + ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab.](/assets/images/help/graphs/dependabot-alerts-filters-checkbox.png) -## Supported ecosystems and manifests for dependency scope + * Type directly in the search bar to filter alerts, including full-text search across alert details and related security advisories. + * Click a label on an alert to automatically filter the list by that label. + * To identify alerts that affect development dependencies, filter by the `scope:development` filter or look for alerts labeled "Development". This can help you prioritize alerts that affect production dependencies first. -{% data reusables.dependabot.dependabot-alerts-dependency-scope %} + ![Screenshot showing the "Development" label assigned to an alert in the list of alerts.](/assets/images/help/repository/dependabot-alerts-development-label.png) -Alerts for packages listed as development dependencies are marked with the `Development` label on the {% data variables.product.prodname_dependabot_alerts %} page and are also available for filtering via the `scope` filter. +1. Click an alert to view its details. Alerts for development-scoped dependencies include a "Development" label in the "Tags" section on the alert details page. -![Screenshot showing the "Development" label assigned to an alert in the list of alerts. The label is highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-development-label.png) + ![Screenshot showing the "Tags" section in the alert details page.](/assets/images/help/repository/dependabot-alerts-tags-section.png) -The alert details page of alerts on development-scoped packages shows a "Tags" section containing a `Development` label. +1. Optionally, to suggest an improvement to the related security advisory, on the right-hand side of the alert details page, click **Suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}**. See [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database). -![Screenshot showing the "Tags" section in the alert details page. The label is highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-tags-section.png) +### Tips for prioritizing alerts -## Viewing {% data variables.product.prodname_dependabot_alerts %} +* Use the **Most important** sort order to focus on alerts with the highest potential impact. +* Prioritize alerts that affect production dependencies over development dependencies. +* Use {% data variables.dependabot.auto_triage_rules %} to automatically prioritize or manage alerts. See [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules). -{% data reusables.dependabot.where-to-view-dependabot-alerts %} You can sort and filter {% data variables.product.prodname_dependabot_alerts %} by selecting a filter from the dropdown menu. +For more information about supported ecosystems and manifest files for dependency scope, see [AUTOTITLE](/code-security/reference/supply-chain-security/supported-ecosystems-and-manifests-for-dependency-scope). -To view summaries of alerts for all or a subset of repositories owned by your organization, use security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-organizations). +For a complete list of available filters, see [AUTOTITLE](/code-security/reference/supply-chain-security/dependabot-alerts-filters). -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} -1. Optionally, to filter alerts, select a filter in a dropdown menu then click the filter that you would like to apply. You can also type filters into the search bar. Alternatively, to filter by label, click a label assigned to an alert to automatically apply that filter to the alert list. For more information about filtering and sorting alerts, see [Prioritizing {% data variables.product.prodname_dependabot_alerts %}](#prioritizing-dependabot-alerts). - - ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab.](/assets/images/help/graphs/dependabot-alerts-filters-checkbox.png) -1. Click the alert that you would like to view. -1. Optionally, to suggest an improvement to the related security advisory, on the right-hand side of the alert details page, click **Suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}**. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database). - - ![Screenshot of the right sidebar of a {% data variables.product.prodname_dependabot %} alert. A link, titled "Suggest improvements for this advisory...", is outlined in orange.](/assets/images/help/dependabot/dependabot-improve-security-advisory.png) +To retrieve alerts programmatically, see the [AUTOTITLE](/rest/dependabot/alerts). ## Reviewing and fixing alerts -It’s important to ensure that all of your dependencies are clean of any security weaknesses. When {% data variables.product.prodname_dependabot %} discovers vulnerabilities in your dependencies, you should assess your project’s level of exposure and determine what remediation steps to take to secure your application. - -If a patched version of the dependency is available, you can generate a {% data variables.product.prodname_dependabot %} pull request to update this dependency directly from a {% data variables.product.prodname_dependabot %} alert. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, the pull request may be linked in the {% data variables.product.prodname_dependabot %} alert. - -In cases where a patched version is not available, or you can’t update to the secure version, {% data variables.product.prodname_dependabot %} shares additional information to help you determine next steps. When you click through to view a {% data variables.product.prodname_dependabot %} alert, you can see the full details of the security advisory for the dependency including the affected functions. You can then check whether your code calls the impacted functions. This information can help you further assess your risk level, and determine workarounds or if you’re able to accept the risk represented by the security advisory. - {% ifversion copilot-chat-ghas-alerts %} With a {% data variables.copilot.copilot_enterprise %} license, you can also ask {% data variables.copilot.copilot_chat %} for help to better understand {% data variables.product.prodname_dependabot_alerts %} in repositories in your organization. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features). {% endif %} +You can review the details of a {% data variables.product.prodname_dependabot %} alert to understand the vulnerability and how to fix it. + ### Fixing vulnerable dependencies -1. View the details for an alert. For more information, see [Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts) (above). +1. View the details for an alert. For more information, see [Viewing and prioritizing {% data variables.product.prodname_dependabot_alerts %}](#viewing-and-prioritizing-dependabot-alerts) (above). 1. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, there may be a link to a pull request that will fix the dependency. Alternatively, you can click **Create {% data variables.product.prodname_dependabot %} security update** at the top of the alert details page to create a pull request. ![Screenshot of a {% data variables.product.prodname_dependabot %} alert with the "Create {% data variables.product.prodname_dependabot %} security update" button highlighted with a dark orange outline.](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png) @@ -117,7 +105,7 @@ With a {% data variables.copilot.copilot_enterprise %} license, you can also ask If you schedule extensive work to upgrade a dependency, or decide that an alert does not need to be fixed, you can dismiss the alert. Dismissing alerts that you have already assessed makes it easier to triage new alerts as they appear. -1. View the details for an alert. For more information, see [Viewing vulnerable dependencies](#viewing-dependabot-alerts) (above). +1. [Viewing and prioritizing {% data variables.product.prodname_dependabot_alerts %}](#viewing-and-prioritizing-dependabot-alerts) (above). 1. Select the "Dismiss" dropdown, and click a reason for dismissing the alert. Unfixed dismissed alerts can be reopened later. 1. Optionally, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting. You can retrieve or set a comment by using the GraphQL API. The comment is contained in the `dismissComment` field. For more information, see [AUTOTITLE](/graphql/reference/objects#repositoryvulnerabilityalert) in the GraphQL API documentation. @@ -127,7 +115,7 @@ If you schedule extensive work to upgrade a dependency, or decide that an alert ### Dismissing multiple alerts at once -1. View the open {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts). +1. View the open {% data variables.product.prodname_dependabot_alerts %}. 1. Optionally, filter the list of alerts by selecting a dropdown menu, then clicking the filter that you would like to apply. You can also type filters into the search bar. 1. To the left of each alert title, select the alerts that you want to dismiss. ![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} view. Two alerts are selected and these check boxes are highlighted with an orange outline.](/assets/images/help/graphs/select-multiple-alerts.png) @@ -154,7 +142,7 @@ You can view all open alerts, and you can reopen alerts that have been previousl ### Reopening multiple alerts at once -1. View the closed {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-and-updating-closed-alerts) (above). +1. View the closed {% data variables.product.prodname_dependabot_alerts %}. 1. To the left of each alert title, select the alerts that you want to reopen by clicking the checkbox adjacent to each alert. 1. Optionally, at the top of the list of alerts, select all closed alerts on the page. ![Screenshot of alerts in the "Closed" tab. The "Select all" checkbox is highlighted with a dark orange outline.](/assets/images/help/graphs/select-all-closed-alerts.png) diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md similarity index 80% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md rename to content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md index f973dc63f203..eda4b2aac61c 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md @@ -1,16 +1,18 @@ --- title: Enabling delegated alert dismissal for secret scanning -intro: 'You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_secret_scanning %}.' +intro: You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_secret_scanning %}. permissions: '{% data reusables.permissions.delegated-alert-dismissal %}' versions: feature: security-delegated-alert-dismissal -type: how_to +contentType: how-tos topics: - Secret scanning - Advanced Security - Alerts - Repositories shortTitle: Delegated alert dismissal +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning --- ## About enabling delegated alert dismissal @@ -30,7 +32,7 @@ shortTitle: Delegated alert dismissal You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization. -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +{% data reusables.security-configurations.custom-security-configurations-org %} 1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**. 1. Click **Save configuration**. 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration). @@ -45,9 +47,13 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu ## Configuring delegated dismissal for an enterprise -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). +{% data reusables.security-configurations.custom-security-configurations-enterprise %} 1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_protection %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**. 1. Click **Save configuration**. 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise). {% endif %} + +## Next steps + +Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_secret_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/index.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/index.md new file mode 100644 index 000000000000..c56cf76960df --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/index.md @@ -0,0 +1,22 @@ +--- +title: Manage secret scanning alerts +shortTitle: Secret scanning alerts +intro: Discover how to monitor, manage, and resolve {% data variables.secret-scanning.alerts %} to keep your sensitive information secure. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Secret scanning + - Secret Protection + - Alerts + - Repositories +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning +children: + - monitoring-alerts + - viewing-alerts + - resolving-alerts + - enabling-delegated-alert-dismissal-for-secret-scanning +--- diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md similarity index 69% rename from content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md rename to content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md index 57a9d2748d01..f47c9176604d 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md @@ -1,12 +1,12 @@ --- title: Monitoring alerts from secret scanning -intro: 'Learn how and when {% data variables.product.github %} will notify you about a secret scanning alert.' +intro: You can configure how {% data variables.product.prodname_secret_scanning %} notifies you about {% data variables.product.prodname_secret_scanning %} alerts, and audit how your team responds to these alerts. permissions: '{% data reusables.permissions.secret-scanning-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection @@ -14,8 +14,14 @@ topics: - Repositories shortTitle: Monitor alerts allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts --- +When {% data variables.product.prodname_secret_scanning %} detects a potential secret leak in your repository, staying informed about these alerts is crucial for maintaining your code's security. {% data variables.product.github %} provides multiple notification channels to ensure you and your team are promptly alerted when secrets are found. You can customize how and when you receive these notifications based on your role and preferences. + +You can also audit responses to {% data variables.product.prodname_secret_scanning %} alerts to track how your team manages security issues and maintain compliance with your organization's security policies. + ## Configuring notifications for {% data variables.secret-scanning.alerts %} In addition to displaying an alert in the **Security** tab of the repository, {% data variables.product.github %} can also send email notifications for alerts. These notifications are different for incremental scans and historical scans. @@ -30,7 +36,7 @@ In addition to displaying an alert in the **Security** tab of the repository, {% ![Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.](/assets/images/help/repository/repository-watch-dropdown.png) 1. In the dropdown menu, click **All Activity**. Alternatively, to only subscribe to security alerts, click **Custom**, then click **Security alerts**. -1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications). +1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications?ref_product=secret-scanning&ref_type=engagement&ref_style=text). 1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown. 1. Select "Email" as a notification option, then click **Save**. diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/resolving-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/resolving-alerts.md new file mode 100644 index 000000000000..9afb40bc03c9 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/resolving-alerts.md @@ -0,0 +1,67 @@ +--- +title: Resolving alerts from secret scanning +intro: After reviewing the details of a secret scanning alert, you should fix and then close the alert. +permissions: Repository owners, organization owners, security managers, users assigned to {% data variables.secret-scanning.alerts %}, commit authors, and users with the **admin** role +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Secret scanning + - Secret Protection + - Alerts + - Repositories +shortTitle: Resolve alerts +allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts +--- + +## Fixing alerts + +Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.github %} recommends the following actions for compromised secrets: + +1. Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghec %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity) and [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %} +1. For secrets detected in private repositories, report the leaked secret to {% data variables.product.github %}, who will treat it like any publicly leaked secret and revoke it. **Applies to active or unconfirmed {% data variables.product.github %} {% data variables.product.pat_generic %}s only**. See [Reporting a leaked secret in a private repository](#reporting-a-leaked-secret-in-a-private-repository). {% endif %} +1. Review and update any services that use the old token. For {% data variables.product.github %} {% data variables.product.pat_generic %}s, delete the compromised token and create a new token. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). +1. Depending on the secret provider, check your security logs for any unauthorized activity. + +{% ifversion secret-scanning-report-secret-github-pat %} + +### Reporting a leaked secret in a private repository + +> [!NOTE] +> {% data reusables.secret-scanning.report-secret-pat-beta-note %} The feature is currently only available for {% data variables.product.github %} {% data variables.product.pat_generic %}s (v1 and v2). + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. +1. From the alert list, click the alert you want to view. +1. In the alert view for the leaked secret, click **Report leak**. + + > [!NOTE] In order to prevent breaking workflows, consider first rotating the secret before continuing, as disclosing it could lead to the secret being revoked. If possible, you should also reach out to the token owner to let them know about the leak and coordinate a remediation plan. + +1. Review the information in the dialog box, then click **I understand the consequence, report this secret**. + +{% endif %} + +## Closing alerts + +> [!NOTE] +>{% data variables.product.prodname_secret_scanning_caps %} doesn't automatically close alerts when the corresponding token has been removed from the repository. You must manually close these alerts in the alert list on {% data variables.product.prodname_dotcom %}. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. +1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view. +1. To dismiss an alert, select the "Close as" dropdown menu and click a reason for resolving an alert. + + ![Screenshot of a {% data variables.product.prodname_secret_scanning %} alert. A dropdown menu, titled "Close as", is expanded and highlighted in a dark orange outline.](/assets/images/help/repository/secret-scanning-dismiss-alert-web-ui-link-partner-documentation.png) + +1. Optionally, in the "Comment" field, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting. +1. Click **Close alert**. + +## Next steps + +* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts) diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md similarity index 96% rename from content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md rename to content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md index 45b3e9fe3c9a..edcbea0d2dd8 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md @@ -1,12 +1,12 @@ --- title: Viewing and filtering alerts from secret scanning -intro: 'Learn how to find and filter {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}{% data variables.secret-scanning.user_alerts %} alerts{% endif %} for your repository.' +intro: Learn how to find and filter {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}{% data variables.secret-scanning.user_alerts %} alerts{% endif %} for your repository. permissions: '{% data reusables.permissions.secret-scanning-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection @@ -14,6 +14,8 @@ topics: - Repositories shortTitle: View alerts allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts --- ## About the {% data variables.product.prodname_secret_scanning %} alerts page diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md similarity index 96% rename from content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns.md rename to content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md index 4027f9fc7a7b..d54d9b3d6022 100644 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md @@ -1,11 +1,10 @@ --- title: Creating and managing security campaigns -shortTitle: Create security campaigns -intro: 'You can manage security campaigns directly from the security overview for your organization.' +shortTitle: Create security campaign +intro: You can manage security campaigns directly from the security overview for your organization. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.security-org-enable %}' product: '{% data reusables.gated-features.security-campaigns %}' -type: how_to audience: - driver contentType: how-tos @@ -18,6 +17,7 @@ topics: - Security redirect_from: - /code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns + - /code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns --- {% data reusables.security.secrets-campaign-preview %} @@ -89,7 +89,7 @@ For more information about filtering alerts, see [AUTOTITLE](/code-security/secu In addition to the core filters, you will usually want to add a filter to limit results to a specific rule name, severity, or tag. -* `is:open autofilter:true {% ifversion security-campaigns-autofix %}autofix:supported {% endif %}rule:java/log-injection` to show only alerts for log injection in Java code. See [Query lists for the default query suites](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites). +* `is:open autofilter:true {% ifversion security-campaigns-autofix %}autofix:supported {% endif %}rule:java/log-injection` to show only alerts for log injection in Java code. See [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries). * `is:open autofilter:true {% ifversion security-campaigns-autofix %}autofix:supported {% endif %}tag:external/cwe/cwe-117` to show only alerts for "CWE 117: Improper Output Neutralization for Logs". This includes log injection in Java and other languages. * `is:open autofilter:true {% ifversion security-campaigns-autofix %}autofix:supported {% endif %}severity:critical` to show only alerts with a security severity of critical. diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md similarity index 99% rename from content/code-security/security-overview/filtering-alerts-in-security-overview.md rename to content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md index 6fa7d4de4554..b5dc4fca9ed7 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md @@ -8,7 +8,7 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security overview - Code Security @@ -16,9 +16,10 @@ topics: - Alerts - Organizations - Teams -shortTitle: Filter security overview +shortTitle: Filter security alerts redirect_from: - /code-security/security-overview/filtering-alerts-in-the-security-overview + - /code-security/security-overview/filtering-alerts-in-security-overview --- ## About filtering security overview diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md similarity index 96% rename from content/code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign.md rename to content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md index 812590741d23..6244b038988c 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md @@ -1,11 +1,11 @@ --- title: Fixing alerts in a security campaign shortTitle: Fix alerts in campaign -intro: 'Learn how to find and fix alerts in a security campaign.' +intro: Learn how to find and fix alerts in a security campaign. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.security-campaigns %}' -type: how_to +contentType: how-tos versions: feature: security-campaigns topics: @@ -13,6 +13,8 @@ topics: - Code scanning - Alerts - Repositories +redirect_from: + - /code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign --- ## Viewing alerts in a security campaign diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/index.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/index.md new file mode 100644 index 000000000000..f02da370e66e --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/index.md @@ -0,0 +1,26 @@ +--- +title: Remediate alerts at scale +shortTitle: Remediate at scale +intro: Learn how to remediate large volumes of alerts using clear processes and effective prioritization. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Secret scanning + - Secret Protection + - Code Security + - Code scanning + - Dependabot + - Alerts + - Repositories + - Security updates + - Dependencies +children: + - filtering-alerts-in-security-overview + - creating-managing-security-campaigns + - tracking-security-campaigns + - fixing-alerts-in-security-campaign + - review-alert-dismissal-requests +--- diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/review-alert-dismissal-requests.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/review-alert-dismissal-requests.md new file mode 100644 index 000000000000..48e0bd8a02b0 --- /dev/null +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/review-alert-dismissal-requests.md @@ -0,0 +1,45 @@ +--- +title: Reviewing alert dismissal requests +shortTitle: Review alert dismissal requests +intro: Triage and resolve security alerts in your organization or enterprise by regularly reviewing alert dismissal requests. +permissions: '{% data reusables.permissions.security-overview %}' +product: Organizations or enterprises with {% data variables.product.prodname_GHAS_cs_or_sp %} +topics: + - Security overview + - Organizations + - Teams + - Secret scanning + - Code scanning + - Dependabot + - Alerts +versions: + feature: security-delegated-alert-dismissal +redirect_from: + - /code-security/security-overview/review-alert-dismissal-requests +contentType: how-tos +--- + +## Prerequisites + +To receive and manage alert dismissal requests, you need to enable delegated alert dismissal. For an introduction to delegated alert dismissal and enablement instructions for specific features, see: +* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) +* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning){% ifversion dependabot-delegated-alert-dismissal %} +* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %} + +## Reviewing requests for an organization + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.security-overview %} +{% data reusables.security-overview.choose-alert-dismissal-request-view %} +1. Optionally, to filter requests by source repository, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests. +{% data reusables.security-overview.review-an-alert-dismissal-request %} + +## Reviewing requests across your enterprise + +> [!NOTE] To review an alert dismissal request at the enterprise level, you must be an organization owner or security manager for the source organization, or be granted the necessary permissions through a custom role. + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.code-scanning.click-code-security-enterprise %} +{% data reusables.security-overview.choose-alert-dismissal-request-view %} +1. Optionally, to filter requests by source organization, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests. +{% data reusables.security-overview.review-an-alert-dismissal-request %} diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/tracking-security-campaigns.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md similarity index 92% rename from content/code-security/securing-your-organization/fixing-security-alerts-at-scale/tracking-security-campaigns.md rename to content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md index 2caf0ed6f666..914762fd3174 100644 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/tracking-security-campaigns.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md @@ -1,11 +1,10 @@ --- title: Tracking security campaigns -shortTitle: Track security campaigns -intro: 'You can monitor the progress of all your organization''s security campaigns, and track the status of individual campaigns.' +shortTitle: Track security campaign +intro: You can monitor the progress of all your organization's security campaigns, and track the status of individual campaigns. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.security-org-enable %}' product: '{% data reusables.gated-features.security-campaigns %}' -type: how_to audience: - driver contentType: how-tos @@ -16,6 +15,8 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/fixing-security-alerts-at-scale/tracking-security-campaigns --- {% data reusables.security.secrets-campaign-preview %} diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/adding-a-security-policy-to-your-repository.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/adding-a-security-policy-to-your-repository.md new file mode 100644 index 000000000000..e6ba034338e3 --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/adding-a-security-policy-to-your-repository.md @@ -0,0 +1,38 @@ +--- +title: Adding a security policy to your repository +intro: You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository. +redirect_from: + - /articles/adding-a-security-policy-to-your-repository + - /github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository + - /github/code-security/security-advisories/adding-a-security-policy-to-your-repository + - /code-security/getting-started/adding-a-security-policy-to-your-repository +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Security policies + - Vulnerabilities + - Repositories + - Health + - Security advisories +shortTitle: Add a security policy +--- + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" aria-label="law" %} Policy**. +1. Click **Start setup**. +1. In the new `SECURITY.md` file, add information about supported versions of your project and how to report a vulnerability. +{% data reusables.files.write_commit_message %} +{% data reusables.files.choose-commit-email %} +{% data reusables.files.choose_commit_branch %} +{% data reusables.files.propose_file_change %} + +## Further reading + +* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file) +* [AUTOTITLE](/code-security/getting-started/securing-your-repository) +* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions){% ifversion fpt or ghec %} +* [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %} diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository.md similarity index 79% rename from content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository.md index 1dd579e59199..4d44d9bcf5e1 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository.md @@ -5,23 +5,17 @@ permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities shortTitle: Configure for a repository redirect_from: - /code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository + - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository --- -## About privately reporting a security vulnerability - -Security researchers often feel responsible for alerting users to a vulnerability that could be exploited. If there are no clear instructions about contacting maintainers of the repository containing the vulnerability, security researchers may have no other choice but to post about the vulnerability on social media, send direct messages to the maintainer, or even create public issues. This situation can potentially lead to a public disclosure of the vulnerability details. - -{% data reusables.security-advisory.private-vulnerability-reporting-overview %} - -For maintainers, the benefits of using private vulnerability reporting are: -{% data reusables.security-advisory.private-vulnerability-reporting-benefits %} +Enabling private vulnerability reporting gives security researchers a secure, structured way to disclose vulnerabilities directly in your repository. Once enabled, researchers can submit reports through without resorting to public disclosure or informal channels. For background on private vulnerability reporting and how it fits into coordinated disclosure, see [AUTOTITLE](/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities). The instructions in this article refer to enablement at repository level. For information about enabling the feature at organization level, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization). @@ -52,7 +46,7 @@ Notifications depend on the user's notification preferences. You will receive an ![Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.](/assets/images/help/repository/repository-watch-dropdown.png) 1. In the dropdown menu, click **All Activity**. -1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications). +1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications?ref_product=security-advisories&ref_type=engagement&ref_style=text). 1. On your notification settings page, under "Subscriptions," then under "Watching," select the **Notify me** dropdown. 1. Select "Email" as a notification option, then click **Save**. diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/index.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/index.md new file mode 100644 index 000000000000..faa70865c3e0 --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/index.md @@ -0,0 +1,18 @@ +--- +title: How-tos for reporting and fixing vulnerabilities +shortTitle: Configure vulnerability reporting +intro: Learn how to establish security policies and enable private channels for reporting vulnerabilities in your repository. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Security policies + - Vulnerabilities + - Repositories + - Health +contentType: how-tos +children: + - adding-a-security-policy-to-your-repository + - configuring-private-vulnerability-reporting-for-a-repository +--- diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/adding-a-collaborator-to-a-repository-security-advisory.md similarity index 94% rename from content/code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/adding-a-collaborator-to-a-repository-security-advisory.md index f81d5bf69795..b6c55c1a6f22 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/adding-a-collaborator-to-a-repository-security-advisory.md @@ -9,10 +9,11 @@ redirect_from: - /code-security/security-advisories/adding-a-collaborator-to-a-security-advisory - /code-security/repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/browsing-security-advisories-in-the-github-advisory-database.md similarity index 92% rename from content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/browsing-security-advisories-in-the-github-advisory-database.md index 9bce49eb360f..837dc1dd3db1 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/browsing-security-advisories-in-the-github-advisory-database.md @@ -1,6 +1,6 @@ --- title: Browsing security advisories in the GitHub Advisory Database -intro: 'You can browse the {% data variables.product.prodname_advisory_database %} to find CVEs and {% data variables.product.prodname_dotcom %}-originated advisories affecting the open source world.' +intro: You can browse the {% data variables.product.prodname_advisory_database %} to find CVEs and {% data variables.product.prodname_dotcom %}-originated advisories affecting the open source world. shortTitle: Browse Advisory Database permissions: '{% data reusables.permissions.global-security-advisories-browse %}' redirect_from: @@ -10,11 +10,14 @@ redirect_from: - /code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database - /code-security/security-advisories/global-security-advisories/browsing-security-advisories-in-the-github-advisory-database + - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database + - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database + - /code-security/security-advisories/global-security-advisories versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Alerts @@ -28,7 +31,7 @@ topics: You can access any advisory in the {% data variables.product.prodname_advisory_database %}. -1. Navigate to https://github.com/advisories. +1. Navigate to [https://github.com/advisories](https://github.com/advisories?ref_product=security-advisories&ref_type=engagement&ref_style=text). 1. Optionally, to filter the list of advisories, use the search field or the drop-down menus at the top of the list. > [!NOTE] @@ -78,7 +81,7 @@ A `GHSA-ID` qualifier is a unique ID that we at {% data variables.product.prodna For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability or malware. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#access-to-dependabot-alerts). -1. Navigate to https://github.com/advisories. +1. Navigate to [https://github.com/advisories](https://github.com/advisories?ref_product=security-advisories&ref_type=engagement&ref_style=text). 1. Click an advisory. 1. At the top of the advisory page, click **Dependabot alerts**. ![Screenshot of a "global security advisory". The "Dependabot alerts" button is highlighted with an orange outline.](/assets/images/help/security/advisory-database-dependabot-alerts.png) diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/creating-a-repository-security-advisory.md similarity index 97% rename from content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/creating-a-repository-security-advisory.md index e89807bd8caa..f5ef5dc905e0 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/creating-a-repository-security-advisory.md @@ -9,14 +9,15 @@ redirect_from: - /code-security/security-advisories/creating-a-security-advisory - /code-security/repository-security-advisories/creating-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities -shortTitle: Create repository advisories +shortTitle: Create repository advisory --- {% data reusables.security-advisory.security-researcher-cannot-create-advisory %} diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/deleting-a-repository-security-advisory.md similarity index 76% rename from content/code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/deleting-a-repository-security-advisory.md index 2c7ccc8c00b7..782c5b228f50 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/deleting-a-repository-security-advisory.md @@ -1,17 +1,18 @@ --- title: Deleting a repository security advisory intro: You can delete a repository security advisory that you've published by contacting Support. -permissions: 'Repository owners, organization owners, security managers, and users with the **admin** role can contact {% data variables.contact.github_support %} to delete a published security advisory.' +permissions: Repository owners, organization owners, security managers, and users with the **admin** role can contact {% data variables.contact.github_support %} to delete a published security advisory. redirect_from: - /github/managing-security-vulnerabilities/withdrawing-a-security-advisory - /code-security/security-advisories/withdrawing-a-security-advisory - /code-security/repository-security-advisories/withdrawing-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/withdrawing-a-repository-security-advisory - /code-security/security-advisories/working-with-repository-security-advisories/withdrawing-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-a-repository-security-advisory.md similarity index 95% rename from content/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-a-repository-security-advisory.md index 48a3560ebff0..d00b8809193c 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-a-repository-security-advisory.md @@ -7,10 +7,11 @@ redirect_from: - /code-security/security-advisories/editing-a-security-advisory - /code-security/repository-security-advisories/editing-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md similarity index 62% rename from content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md index 38fdb5532046..c2c36ac464fc 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md @@ -1,17 +1,18 @@ --- title: Editing security advisories in the GitHub Advisory Database -intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %} by making a community contribution.' +intro: Improve advisories published in the {% data variables.product.prodname_advisory_database %} by making community contributions. permissions: '{% data reusables.permissions.global-security-advisories-edit %}' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database - /code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database - /code-security/security-advisories/global-security-advisories/editing-security-advisories-in-the-github-advisory-database + - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Alerts @@ -21,19 +22,13 @@ topics: shortTitle: Edit Advisory Database --- -## Editing advisories in the {% data variables.product.prodname_advisory_database %} - -The advisories in the {% data variables.product.prodname_advisory_database %} are global security advisories. For more information about global security advisories, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories). - -Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %} by making a **community contribution**. A **community contribution** is a pull request submitted to the [github/advisory-database](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted. +{% ifversion ghes %} -{% ifversion security-advisories-credit-types %} -If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %} +## Editing advisories in the {% data variables.product.prodname_advisory_database %} -{% ifversion fpt or ghec %} -Only repository owners and administrators can edit repository-level security advisories. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory).{% endif %} +{% endif %} -1. Navigate to https://github.com/advisories. +1. Navigate to [https://github.com/advisories](https://github.com/advisories?ref_product=security-advisories&ref_type=engagement&ref_style=text). 1. Select the security advisory you would like to contribute to. 1. On the right-hand side of the page, click the **Suggest improvements for this vulnerability** link. 1. In the "Improve security advisory" form, make the desired improvements. You can edit or add any detail.{% ifversion fpt or ghec %} For information about correctly specifying information on the form, including affected versions, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories).{% endif %} diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/index.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/index.md new file mode 100644 index 000000000000..e584273a209e --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/index.md @@ -0,0 +1,27 @@ +--- +title: How-tos for fixing vulnerabilities +shortTitle: Fix vulnerabilities +intro: Learn how to manage, create, edit, and publish security advisories for your repositories, collaborate on private reports, and navigate or update advisories within the {% data variables.product.prodname_advisory_database %}. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Vulnerabilities + - Repositories + - Health +contentType: how-tos +redirect_from: + - /code-security/security-advisories/working-with-repository-security-advisories + - /code-security/security-advisories +children: + - managing-privately-reported-security-vulnerabilities + - creating-a-repository-security-advisory + - publishing-a-repository-security-advisory + - adding-a-collaborator-to-a-repository-security-advisory + - removing-a-collaborator-from-a-repository-security-advisory + - editing-a-repository-security-advisory + - deleting-a-repository-security-advisory + - browsing-security-advisories-in-the-github-advisory-database + - editing-security-advisories-in-the-github-advisory-database +--- diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities.md similarity index 95% rename from content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities.md index 2c4e6be1f0c1..031338f2123c 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities.md @@ -5,13 +5,14 @@ permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities shortTitle: Manage vulnerability reports redirect_from: - /code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities + - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities --- {% data reusables.security-advisory.private-vulnerability-reporting-enable %} diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/publishing-a-repository-security-advisory.md similarity index 97% rename from content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/publishing-a-repository-security-advisory.md index 6311f9f22c05..488bba242dd9 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/publishing-a-repository-security-advisory.md @@ -9,16 +9,17 @@ redirect_from: - /code-security/security-advisories/publishing-a-security-advisory - /code-security/repository-security-advisories/publishing-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/publishing-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities - CVEs - Repositories -shortTitle: Publish repository advisories +shortTitle: Publish repository advisory --- diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/removing-a-collaborator-from-a-repository-security-advisory.md similarity index 92% rename from content/code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/removing-a-collaborator-from-a-repository-security-advisory.md index c381755e2db8..09af6d291729 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/removing-a-collaborator-from-a-repository-security-advisory.md @@ -7,10 +7,11 @@ redirect_from: - /code-security/security-advisories/removing-a-collaborator-from-a-security-advisory - /code-security/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory - /code-security/security-advisories/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory + - /code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/index.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/index.md new file mode 100644 index 000000000000..38a120bdc97d --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/index.md @@ -0,0 +1,22 @@ +--- +title: How-tos for reporting and fixing vulnerabilities +shortTitle: Report and fix vulnerabilities +intro: Learn how to report and fix vulnerabilities on {% data variables.product.github %}. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: how-tos +children: + - configure-vulnerability-reporting + - report-a-vulnerability + - fix-reported-vulnerabilities +--- diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/evaluating-the-security-settings-of-a-repository.md similarity index 96% rename from content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md rename to content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/evaluating-the-security-settings-of-a-repository.md index 3c4eb05329de..cbc6f5353e32 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/evaluating-the-security-settings-of-a-repository.md @@ -5,13 +5,14 @@ permissions: '{% data reusables.permissions.repository-security-advisory-evaluat versions: fpt: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Security advisories - Vulnerabilities shortTitle: Evaluate repository security redirect_from: - /code-security/security-advisories/repository-security-advisories/evaluating-the-security-settings-of-a-repository + - /code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository --- ## About evaluating a repository's security settings diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/index.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/index.md new file mode 100644 index 000000000000..8e5bcde3a2d7 --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/index.md @@ -0,0 +1,16 @@ +--- +title: How-tos for reporting vulnerabilities +shortTitle: Report and evaluate +intro: Learn how to report vulnerabilities and evaluate the security settings of a repository on {% data variables.product.github %}. +versions: + fpt: '*' + ghes: '*' +topics: + - Vulnerabilities + - Repositories + - Health +contentType: how-tos +children: + - privately-reporting-a-security-vulnerability + - evaluating-the-security-settings-of-a-repository +--- diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability.md new file mode 100644 index 000000000000..6f7a17d77546 --- /dev/null +++ b/content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability.md @@ -0,0 +1,30 @@ +--- +title: Privately reporting a security vulnerability +intro: Some public repositories configure security advisories so that anyone can report security vulnerabilities directly and privately to the maintainers. +versions: + fpt: '*' + ghec: '*' +contentType: how-tos +topics: + - Security advisories + - Vulnerabilities +permissions: '**Anyone** can privately report a security vulnerability to repository maintainers.' +shortTitle: Report privately +redirect_from: + - /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability + - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability +--- + +{% data reusables.security-advisory.private-vulnerability-reporting-enable %} + +> [!NOTE] +> * If you have admin or security permissions for a public repository, you don’t need to submit a vulnerability report. Instead, create a draft security advisory directly. See [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory). +> * Private vulnerability reporting is separate from a repository’s `SECURITY.md` file. You can only report vulnerabilities privately for repositories where this feature is enabled, and you don’t need to follow the instructions in `SECURITY.md`. + +If a public repository has private vulnerability reporting enabled, anyone can submit a private vulnerability report to the repository maintainers. Users can also evaluate the general security of a public repository and suggest a security policy. See [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository). + +If the repository doesn't have private vulnerability reporting enabled, you need to initiate the reporting process by following the instructions in the security policy for the repository, or by creating an issue asking the maintainers for a preferred security contact. See [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github). + +{% data reusables.security-advisory.reporting-a-vulnerability-non-admin %} + +The next steps depend on the action taken by the repository maintainer. See [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities). diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning.md similarity index 82% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning.md index 20c7e22d955c..7d02d61d902b 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -1,43 +1,33 @@ --- title: Configuring advanced setup for code scanning shortTitle: Configure advanced setup -intro: 'You can configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable {% data variables.product.prodname_code_scanning %} configuration.' +intro: You can configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable {% data variables.product.prodname_code_scanning %} configuration. permissions: '{% data reusables.permissions.security-repo-enable %}' product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Code scanning - Actions - Repositories allowTitleToDifferFromFilename: true +contentType: how-tos --- {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %} -## About advanced setup for {% data variables.product.prodname_code_scanning %} - -Advanced setup for {% data variables.product.prodname_code_scanning %} is helpful when you need to customize your {% data variables.product.prodname_code_scanning %}. By creating and editing a workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use. For more information about {% data variables.product.prodname_actions %} workflows, see [AUTOTITLE](/actions/using-workflows/about-workflows). - -{% ifversion fpt or ghec %} -You can also configure {% data variables.product.prodname_code_scanning %} with third-party tools. For more information, see [Configuring {% data variables.product.prodname_code_scanning %} using third-party actions](#configuring-code-scanning-using-third-party-actions). - -{% else %} -Your site administrator can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions). -{% endif %} - -{% data reusables.code-scanning.about-multiple-configurations-link %} {% data reusables.code-scanning.codeql-action-version-ghes %} -If you do not need a highly customizable {% data variables.product.prodname_code_scanning %} configuration, consider using default setup for {% data variables.product.prodname_code_scanning %}. For more information on eligibility for default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#requirements-for-using-default-setup). +If you do not need a highly customizable {% data variables.product.prodname_code_scanning %} configuration, consider using default setup for {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types). -### Prerequisites +## Prerequisites Your repository is eligible for advanced setup if it meets these requirements. * It uses {% data variables.product.prodname_codeql %}-supported languages or you plan to generate code scanning results with a third-party tool. diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning.md similarity index 67% rename from content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning.md index 505f1bdd94ef..9034f06113f4 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning.md @@ -1,7 +1,7 @@ --- title: Configuring default setup for code scanning shortTitle: Configure code scanning -intro: 'Quickly set up {% data variables.product.prodname_code_scanning %} to find {% ifversion fpt or ghec %}and fix {% endif %}vulnerable code automatically.' +intro: Quickly set up {% data variables.product.prodname_code_scanning %} to find {% ifversion fpt or ghec %}and fix {% endif %}vulnerable code automatically. redirect_from: - /github/managing-security-vulnerabilities/configuring-automated-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning @@ -14,9 +14,9 @@ redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning + - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning permissions: '{% data reusables.permissions.security-repo-enable %}' product: '{% data reusables.gated-features.code-scanning %}' -type: how_to topics: - Code Security - Code scanning @@ -24,42 +24,17 @@ versions: fpt: '*' ghes: '*' ghec: '*' +contentType: how-tos --- -## About default setup +We recommend that you start using {% data variables.product.prodname_code_scanning %} with default setup. After you've initially configured default setup, you can evaluate {% data variables.product.prodname_code_scanning %} to see how it's working for you and customize it to better meet your needs. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types). -Default setup for {% data variables.product.prodname_code_scanning %} is the quickest, easiest, most low-maintenance way to enable {% data variables.product.prodname_code_scanning %} for your repository. Based on the code in your repository, default setup will automatically create a custom {% data variables.product.prodname_code_scanning %} configuration. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in your repository will be scanned: -* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches). -* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks. -* On a weekly schedule. - -> [!NOTE] -> If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes. - -You can also enable default setup for multiple or all repositories in an organization at the same time. For information on bulk enablement, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale). - -If you need more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you should instead configure advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). - -### Requirements for using default setup +## Prerequisites Your repository is eligible for default setup for {% data variables.product.prodname_code_scanning %} if: {% data reusables.code-scanning.require-actions-ghcs %} -{% data reusables.code-scanning.default-setup-pre-enablement-explanation %} - -You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages for self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. See [Assigning labels to runners](#assigning-labels-to-runners), later in this article. - -Default setup uses the `none` build mode for {% data variables.code-scanning.no_build_support %} and uses the `autobuild` build mode for other compiled languages. You should configure your self-hosted runners to make sure they can run all the necessary commands for C/C++, C#, and Swift analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration. - -### Customizing default setup - -We recommend that you start using {% data variables.product.prodname_code_scanning %} with default setup. After you've initially configured default setup, you can evaluate {% data variables.product.prodname_code_scanning %} to see how it's working for you. If you find that something isn't working as you expect, you can customize default setup to better meet your needs. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning). - -### About adding new languages to your default setup - -If the code in a repository changes to include any {% data variables.product.prodname_codeql %}-supported languages, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage. - ## Configuring default setup for a repository > [!NOTE] @@ -98,24 +73,31 @@ If the code in a repository changes to include any {% data variables.product.pro 1. Optionally, to view your default setup configuration after enablement, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" aria-label="gear" %} View {% data variables.product.prodname_codeql %} configuration**. -## Assigning labels to runners +> [!NOTE] +> If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes. ->[!NOTE]{% data variables.product.prodname_code_scanning_caps %} sees assigned runners when default setup is enabled. If a runner is assigned to a repository that is already running default setup, you must disable and re-enable default setup to start using the runner. If you add a runner and want to start using it, you can change the configuration manually without needing to disable and re-enable default setup. +{% ifversion fpt or ghec %} -You can also assign self-hosted runners{% ifversion code-scanning-default-setup-customize-labels %} with the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}with the `code-scanning` label.{% endif %} For information about assigning labels to self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners). +## Running default setup on self-hosted or {% data variables.actions.hosted_runners %} -{% ifversion code-scanning-default-setup-customize-labels %} +You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages on self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. -Specifying custom labels for self-hosted runners is optional. Unless you have a specific use case, we recommend that you only assign runners with the default `code-scanning` label. For example, you may want to: +{% else %} -* Assign more powerful self-hosted runners to critical repositories for faster {% data variables.product.prodname_code_scanning %} analysis. -* Run your {% data variables.product.prodname_code_scanning %} analyses on a particular platform (for example, macOS). -* Have granular control over the workload for your {% data variables.product.prodname_dotcom %}-hosted runners and self-hosted runners. +## Assigning runners for default setup -Once you've assigned custom labels to self-hosted runners, your repositories can use those runners for {% data variables.product.prodname_code_scanning %} default setup. For more information, see [Configuring default setup for a repository](#configuring-default-setup-for-a-repository), earlier in this article. +{% endif %} -You can also use {% data variables.product.prodname_security_configurations %} to assign labels to self-hosted runners for {% data variables.product.prodname_code_scanning %}. See [AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +>[!NOTE]{% data variables.product.prodname_code_scanning_caps %} sees assigned runners when default setup is enabled. If a runner is assigned to a repository that is already running default setup, you must disable and re-enable default setup to start using the runner. If you add a runner and want to start using it, you can change the configuration manually without needing to disable and re-enable default setup. +### Assigning labels to self-hosted runners + +To assign a self-hosted runner for default setup, you can use {% ifversion code-scanning-default-setup-customize-labels %}the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}the `code-scanning` label.{% endif %} For information about assigning labels to self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners). + +Once you've assigned custom labels to self-hosted runners, your repositories can use those runners for {% data variables.product.prodname_code_scanning %} default setup. + +{% ifversion security-configurations %} +You can also use {% data variables.product.prodname_security_configurations %} to assign labels to self-hosted runners for {% data variables.product.prodname_code_scanning %}. See [AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration#creating-a-custom-security-configuration). {% endif %} {% ifversion fpt or ghec %} @@ -126,6 +108,10 @@ To assign a {% data variables.actions.hosted_runner %}, name the runner `code-sc {% endif %} +### Ensuring build support + +Default setup uses the `none` build mode for {% data variables.code-scanning.no_build_support %} and uses the `autobuild` build mode for other compiled languages. You should configure your self-hosted runners to make sure they can run all the necessary commands for C/C++, C#, and Swift analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration. + ## Next steps After your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts) and [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/customizing-your-advanced-setup-for-code-scanning.md similarity index 99% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/customizing-your-advanced-setup-for-code-scanning.md index 75952a094a3c..162a018735c1 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/customizing-your-advanced-setup-for-code-scanning.md @@ -1,6 +1,6 @@ --- title: Customizing your advanced setup for code scanning -intro: 'You can customize how your advanced setup scans the code in your project for vulnerabilities and errors.' +intro: You can customize how your advanced setup scans the code in your project for vulnerabilities and errors. permissions: '{% data reusables.permissions.code-scanning-all-alerts %} if [advanced setup](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning) is already enabled' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning @@ -9,11 +9,11 @@ redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Code scanning @@ -24,6 +24,7 @@ topics: - Python shortTitle: Customize advanced setup allowTitleToDifferFromFilename: true +contentType: how-tos --- @@ -370,11 +371,8 @@ In the following example, the `+` symbol ensures that the specified additional p queries: +security-and-quality,octo-org/python-qlpack/show_ifs.ql@main packs: +scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries ``` - - - - + ## Using a custom configuration file @@ -517,6 +515,8 @@ For analysis where code is built, if you want to limit {% data variables.product You can quickly analyze small portions of a monorepo when you modify code in specific directories. You'll need to both exclude directories in your build steps and use the `paths-ignore` and `paths` keywords for [`on.`](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore) in your workflow. + + ### Example configuration files {% data reusables.code-scanning.example-configuration-files %} diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/index.md new file mode 100644 index 000000000000..5c3a30ec5cec --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/index.md @@ -0,0 +1,20 @@ +--- +title: Configure code scanning +intro: Configure {% data variables.product.prodname_code_scanning %} for your repositories by choosing between default or advanced setup and customizing advanced settings as needed. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Code scanning + - Actions + - Repositories +children: + - /configuring-default-setup-for-code-scanning + - /configuring-advanced-setup-for-code-scanning + - /customizing-your-advanced-setup-for-code-scanning +redirect_from: + - /code-security/code-scanning/enabling-code-scanning +--- diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/index.md new file mode 100644 index 000000000000..0fe175e8beb9 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/index.md @@ -0,0 +1,18 @@ +--- +title: Scan code for vulnerabilities +intro: Scan your code for vulnerabilities by configuring code scanning, managing configurations, running scans locally or in your editor, integrating with existing tools, and troubleshooting issues. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +redirect_from: + - /code-security/code-scanning +children: + - /configure-code-scanning + - /manage-your-configuration + - /scan-from-the-command-line + - /scan-from-vs-code + - /integrate-with-existing-tools + - /troubleshooting +--- diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/index.md similarity index 52% rename from content/code-security/code-scanning/integrating-with-code-scanning/index.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/index.md index f23fd5a5066d..a91c69a33582 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/index.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/index.md @@ -1,23 +1,26 @@ --- -title: Integrating with code scanning -shortTitle: Integrate with code scanning -intro: 'You can integrate third-party code analysis tools with {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_code_scanning %} by uploading data as SARIF files.' -product: '{% data reusables.gated-features.code-scanning %}' -redirect_from: - - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning - - /github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning - - /code-security/secure-coding/integrating-with-code-scanning +title: Integrate with existing tools +intro: Integrate {% data variables.product.prodname_code_scanning %} with your existing tools and workflows by running scans in your CI system or uploading results to {% data variables.product.github %} using Static Analysis Results Interchange Format (SARIF). versions: fpt: '*' ghes: '*' ghec: '*' +contentType: how-tos topics: - Code Security - Code scanning + - CodeQL + - Repositories + - Pull requests - Integration + - CI + - SARIF +redirect_from: + - /code-security/code-scanning/integrating-with-code-scanning + - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning + - /github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning + - /code-security/secure-coding/integrating-with-code-scanning children: - - /about-integration-with-code-scanning - /using-code-scanning-with-your-existing-ci-system - /uploading-a-sarif-file-to-github - - /sarif-support-for-code-scanning --- diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github.md similarity index 71% rename from content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github.md index ade94508c8d9..ab8730af625b 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github.md @@ -10,11 +10,11 @@ redirect_from: - /code-security/secure-coding/uploading-a-sarif-file-to-github - /code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github - /github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning/uploading-a-sarif-file-to-github + - /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Code scanning @@ -23,22 +23,21 @@ topics: - Repositories - CI - SARIF +contentType: how-tos --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} -## About SARIF file uploads for {% data variables.product.prodname_code_scanning %} +If you use a third-party analysis tool or CI/CD system to scan code for vulnerabilities, you can generate SARIF file and upload it to {% data variables.product.github %}. The best upload method depends on how you generate the SARIF file. -{% data variables.product.prodname_dotcom %} creates {% data variables.product.prodname_code_scanning %} alerts in a repository using information from Static Analysis Results Interchange Format (SARIF) files. SARIF files can be uploaded to a repository using the API or {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system). - -You can generate SARIF files using many static analysis security testing tools, including {% data variables.product.prodname_codeql %}. The results must use SARIF version 2.1.0. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning). - -You can upload the results using {% data variables.product.prodname_actions %}, the {% data variables.product.prodname_code_scanning %} API, or the {% data variables.product.prodname_codeql_cli %}. The best upload method will depend on how you generate the SARIF file, for example, if you use: +For example, if you use: * {% data variables.product.prodname_actions %} to run the {% data variables.product.prodname_codeql %} action, there is no further action required. The {% data variables.product.prodname_codeql %} action uploads the SARIF file automatically when it completes analysis. -* {% data variables.product.prodname_actions %} to run a SARIF-compatible analysis tool, you could update the workflow to include a final step that uploads the results (see below). -* The {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} in your CI system, you can use the CLI to upload results to {% data variables.product.prodname_dotcom %} (for more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)). -* A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see [AUTOTITLE](/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data)). +* {% data variables.product.prodname_actions %} to run a SARIF-compatible analysis tool, you could update the workflow to include a final step that uploads the results. See [Uploading a {% data variables.product.prodname_code_scanning %} analysis with {% data variables.product.prodname_actions %}](#uploading-a-code-scanning-analysis-with-github-actions). +* The {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} in your CI system, you can use the CLI to upload results to {% data variables.product.prodname_dotcom %}. See [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system). +* A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file. See [AUTOTITLE](/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data). + +By default, {% data variables.product.prodname_code_scanning %} expects one SARIF results file per analysis for a repository. If you want to upload more than one set of results for a commit in a repository, you must identify each set of results as a unique set. {% ifversion fpt or ghec %} @@ -60,7 +59,7 @@ For more information, see the [`upload-sarif` action](https://github.com/github/ The `upload-sarif` action can be configured to run when the `push` and `scheduled` event occur. For more information about {% data variables.product.prodname_actions %} events, see [AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows). -If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs). +If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts). {% data reusables.code-scanning.upload-sarif-alert-limit %} @@ -149,9 +148,21 @@ jobs: sarif_file: results.sarif ``` +## Uploading more than one SARIF file for a commit + +By default, {% data variables.product.prodname_code_scanning %} expects one SARIF results file per analysis for a repository. Consequently, when you upload a second SARIF results file for a commit, it is treated as a replacement for the original set of data. You may want to upload two different SARIF files for one analysis if, for example, your analysis tool generates a different SARIF file for each language it analyzes or each set of rules it uses. If you want to upload more than one set of results for a commit in a repository, you must identify each set of results as a unique set. + +When you upload multiple SARIF files for a commit, you must indicate a "category" for each analysis. The way to specify a category varies according to the analysis method: +* Using the {% data variables.product.prodname_codeql_cli %} directly, pass the `--sarif-category` argument to the `codeql database analyze` command when you generate SARIF files. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli#about-generating-code-scanning-results-with-the-codeql-cli). +* Using {% data variables.product.prodname_actions %} with `codeql-action/analyze`, the category is set automatically from the workflow name and any matrix variables (typically, `language`). You can override this by specifying a `category` input for the action, which is useful when you analyze different sections of a monorepo in a single workflow. +* Using {% data variables.product.prodname_actions %} to upload results from other static analysis tools, then you must specify a `category` input if you upload more than one file of results for the same tool in one workflow. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions). +* If you are not using either of these approaches, you must specify a unique `runAutomationDetails.id` in each SARIF file to upload. For more information about this property, see [`runAutomationDetails` object](#runautomationdetails-object). + +If you upload a second SARIF file for a commit with the same category and from the same tool, the earlier results are overwritten. However, if you try to upload multiple SARIF files for the same tool and category in a single {% data variables.product.prodname_actions %} workflow run, the misconfiguration is detected and the run will fail. + ## Further reading -* [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads) +* [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads) * [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions) * [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history) * [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system) diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/using-code-scanning-with-your-existing-ci-system.md similarity index 76% rename from content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/using-code-scanning-with-your-existing-ci-system.md index a15ee3936d02..0bf159dc15e3 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/using-code-scanning-with-your-existing-ci-system.md @@ -1,17 +1,18 @@ --- title: Using code scanning with your existing CI system -intro: 'You can analyze your code with the {% data variables.product.prodname_codeql_cli %} or another tool in a third-party continuous integration system and upload the results to {% data variables.product.github %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.github %}.' +shortTitle: Use with existing CI system +intro: You can analyze your code with the {% data variables.product.prodname_codeql_cli %} or another tool in a third-party continuous integration system and upload the results to {% data variables.product.github %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.github %}. permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system + - /code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Code Security - Code scanning @@ -21,20 +22,13 @@ topics: - Integration - CI - SARIF +contentType: how-tos --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} -## About using {% data variables.product.prodname_code_scanning %} with your existing CI system - As an alternative to running {% data variables.product.prodname_code_scanning %} within {% data variables.product.github %} using {% data variables.product.prodname_actions %}, you can analyze code in an external continuous integration or continuous delivery/deployment (CI/CD) system, then upload the results to {% data variables.product.github %}. -You can add the {% data variables.product.prodname_codeql_cli %} to your third-party system, or use another third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data. For more information about the supported SARIF format, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning). - -The {% data variables.product.prodname_codeql_cli %} is a standalone, command-line tool that you can use to analyze code. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli). - -Alerts for {% data variables.product.prodname_code_scanning %} that you generate externally are displayed in the same way as those for {% data variables.product.prodname_code_scanning %} that you generate within {% data variables.product.github %}. {% data reusables.code-scanning.about-multiple-configurations-link %} - {% data reusables.code-scanning.upload-sarif-ghas %} ## Setting up your analysis tool @@ -65,4 +59,4 @@ Once you have analyzed your code, produced SARIF results, and ensured you can au For specific details on uploading your results to {% data variables.product.github %} using the {% data variables.product.prodname_codeql_cli %}, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github). -By default, {% data variables.product.prodname_code_scanning %} expects one SARIF results file per analysis for a repository. Consequently, when you upload a second SARIF results file for a commit, it is treated as a replacement for the original set of data. You may want to upload two different SARIF files for one analysis if, for example, your analysis tool generates a different SARIF file for each language it analyzes or each set of rules it uses. If you want to upload more than one set of results for a commit in a repository, you must identify each set of results as a unique set. The way to specify a category for a SARIF upload varies according to the analysis method. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit). +By default, {% data variables.product.prodname_code_scanning %} expects one SARIF results file per analysis for a repository. Consequently, when you upload a second SARIF results file for a commit, it is treated as a replacement for the original set of data. You may want to upload two different SARIF files for one analysis if, for example, your analysis tool generates a different SARIF file for each language it analyzes or each set of rules it uses. If you want to upload more than one set of results for a commit in a repository, you must identify each set of results as a unique set. The way to specify a category for a SARIF upload varies according to the analysis method. diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/about-the-tool-status-page.md similarity index 98% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/about-the-tool-status-page.md index d56aaba40e9c..81afbbaecf6b 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/about-the-tool-status-page.md @@ -11,11 +11,12 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page -type: overview + - /code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page topics: - Code Security - Code scanning - CodeQL +contentType: how-tos --- {% data reusables.code-scanning.enterprise-enable-code-scanning %} @@ -113,4 +114,4 @@ For integrated tools such as {% data variables.product.prodname_codeql %}, you c > [!NOTE] > If you have set up {% data variables.product.prodname_codeql %} using advanced setup and then set up default setup on the same repository, the {% data variables.code-scanning.tool_status_page %} will only show default setup. -For more information, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning) and [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads). +For more information, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning) and [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads). diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/codeql-code-scanning-for-compiled-languages.md similarity index 99% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/codeql-code-scanning-for-compiled-languages.md index 531d9a8c4528..eb329969f224 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/codeql-code-scanning-for-compiled-languages.md @@ -1,7 +1,7 @@ --- title: CodeQL code scanning for compiled languages shortTitle: CodeQL for compiled languages -intro: 'Understand how {% data variables.product.prodname_codeql %} analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.' +intro: Understand how {% data variables.product.prodname_codeql %} analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to. permissions: '{% data reusables.permissions.code-scanning-all-alerts %} if [advanced setup](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning) is already enabled' product: '{% data reusables.gated-features.code-scanning %}' redirect_from: @@ -13,11 +13,11 @@ redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/codeql-code-scanning-for-compiled-languages + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Code scanning @@ -28,6 +28,7 @@ topics: - C# - Java - Kotlin +contentType: how-tos --- {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/configuring-larger-runners-for-default-setup.md similarity index 94% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/configuring-larger-runners-for-default-setup.md index 1bec77e0582a..73b28ff5486e 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/configuring-larger-runners-for-default-setup.md @@ -1,7 +1,7 @@ --- title: Configuring larger runners for default setup shortTitle: Configure larger runners -intro: 'You can run {% data variables.product.prodname_code_scanning %} default setup more quickly on bigger codebases using {% data variables.actions.hosted_runners %}.' +intro: You can run {% data variables.product.prodname_code_scanning %} default setup more quickly on bigger codebases using {% data variables.actions.hosted_runners %}. product: '{% data reusables.actions.larger-runner-permissions %}' versions: feature: default-setup-larger-runners @@ -9,6 +9,9 @@ topics: - Code scanning - CodeQL - Actions +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup +contentType: how-tos --- {% data reusables.code-scanning.beta-larger-runners-support %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup.md similarity index 82% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup.md index c3f2e343b6bd..3ddcc0cf4ec6 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup.md @@ -1,26 +1,21 @@ --- title: Editing your configuration of default setup shortTitle: Edit default setup -intro: 'You can edit your existing configuration of default setup for {% data variables.product.prodname_code_scanning %} to better meet your needs.' +intro: You can edit your existing configuration of default setup for {% data variables.product.prodname_code_scanning %} to better meet your needs. permissions: '{% data reusables.permissions.security-org-enable %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup +contentType: how-tos --- -## About editing your configuration of default setup - -After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your needs. For existing configurations of default setup, you can edit: -* Which languages default setup will analyze. -* The query suite run during analysis. For more information on the available query suites, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites). -* The threat models ({% data variables.release-phases.public_preview %}) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the {% data variables.release-phases.public_preview %}, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see [Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup). - -If your codebase depends on a library or framework that is not recognized by the standard libraries included with {% data variables.product.prodname_codeql %}, you can also extend the {% data variables.product.prodname_codeql %} coverage in default setup using {% data variables.product.prodname_codeql %} model packs. For more information, see [Extending CodeQL coverage with CodeQL model packs in default setup](#extending-codeql-coverage-with-codeql-model-packs-in-default-setup). +After running an initial analysis of your code with default setup, you can make changes to your configuration to better meet your needs. For more information on setup types and customization options, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types). If you need to change any other aspects of your {% data variables.product.prodname_code_scanning %} configuration, consider configuring advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/index.md new file mode 100644 index 000000000000..2bc9319b162e --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/index.md @@ -0,0 +1,27 @@ +--- +title: Manage your configuration +intro: Manage and refine your {% data variables.product.prodname_code_scanning %} configuration by monitoring tool status, updating default setup settings, and enforcing protections as your needs evolve. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Code scanning + - CodeQL + - Actions + - Repositories + - C/C++ + - C# + - Java + - Kotlin +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration +children: + - /about-the-tool-status-page + - /editing-your-configuration-of-default-setup + - /set-code-scanning-merge-protection + - /configuring-larger-runners-for-default-setup + - /codeql-code-scanning-for-compiled-languages +--- diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md new file mode 100644 index 000000000000..b0e34125edb1 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md @@ -0,0 +1,49 @@ +--- +title: Set code scanning merge protection +shortTitle: Set merge protection +intro: 'Secure your codebase by blocking pull requests that fail {% data variables.product.prodname_code_scanning %} checks.' +permissions: '{% data reusables.permissions.security-org-enable %}' +product: '{% data reusables.gated-features.code-scanning %}' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Code scanning + - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection +contentType: how-tos +--- + +## Creating a merge protection ruleset for a repository + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.repo-rulesets-settings %} +1. Click **New ruleset**. +1. To create a ruleset targeting branches, click **New branch ruleset**. +{% data reusables.repositories.rulesets-general-step %} +{% data reusables.repositories.rulesets-require-code-scanning-results %} + +For more information about managing rulesets in a repository, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/). + +{% ifversion ghec or ghes %} + +## Creating a merge protection ruleset for all repositories in an organization + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.organizations.access-ruleset-settings %} +1. Click **New ruleset**. +1. To create a ruleset targeting branches, click **New branch ruleset**. +{% data reusables.repositories.rulesets-general-step %} +{% data reusables.repositories.rulesets-require-code-scanning-results %} + +For more information about managing rulesets for repositories in an organization, see [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization). + +{% endif %} + +## Creating a merge protection ruleset with the REST API + +You can use the REST API to create a ruleset with the `code_scanning` rule, which allows you to define specific tools and set alert thresholds. For more information, see [AUTOTITLE](/rest/repos/rules?apiVersion=2022-11-28#create-a-repository-ruleset). diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/advanced-setup-of-the-codeql-cli.md similarity index 93% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/advanced-setup-of-the-codeql-cli.md index e669f8e79337..73adb232f206 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/advanced-setup-of-the-codeql-cli.md @@ -1,6 +1,6 @@ --- title: Advanced setup of the CodeQL CLI -intro: 'You can modify your {% data variables.product.prodname_codeql_cli %} setup to use a local checkout of the {% data variables.product.prodname_codeql %} repository for analysis, set up multiple versions of the {% data variables.product.prodname_codeql_cli %}, and analyze databases you have downloaded from {% data variables.product.github %}.' +intro: You can modify your {% data variables.product.prodname_codeql_cli %} setup to use a local checkout of the {% data variables.product.prodname_codeql %} repository for analysis, set up multiple versions of the {% data variables.product.prodname_codeql_cli %}, and analyze databases you have downloaded from {% data variables.product.github %}. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -10,6 +10,9 @@ topics: - Code Security - Code scanning - CodeQL +redirect_from: + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli +contentType: how-tos --- ## About advanced setup of the {% data variables.product.prodname_codeql_cli %} @@ -43,7 +46,7 @@ further options on the command line. ### 3. Obtain a local copy of the {% data variables.product.prodname_codeql %} queries -The [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql) contains +The [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql?ref_product=code-scanning&ref_type=engagement&ref_style=text) contains the queries and libraries required for {% data variables.product.prodname_codeql %} analysis of all supported languages. Clone a copy of this repository into `codeql-home`. @@ -109,6 +112,6 @@ When you have confirmed that a {% data variables.product.prodname_codeql %} data gh api /repos///code-scanning/codeql/databases/ -H 'Accept: application/zip' > path/to/local/database.zip ``` -For more information, see the documentation for the [Get {% data variables.product.prodname_codeql %} database endpoint](/rest/code-scanning?apiVersion=2022-11-28#get-a-codeql-database-for-a-repository). +For more information, see the documentation for the [Get {% data variables.product.prodname_codeql %} database endpoint](/rest/code-scanning/code-scanning#get-a-codeql-database-for-a-repository). Before running an analysis with the {% data variables.product.prodname_codeql_cli %}, you must unzip the databases. diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-database-bundle-for-troubleshooting.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/creating-database-bundle-for-troubleshooting.md similarity index 87% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-database-bundle-for-troubleshooting.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/creating-database-bundle-for-troubleshooting.md index c497493490cd..48cb24da1497 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-database-bundle-for-troubleshooting.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/creating-database-bundle-for-troubleshooting.md @@ -1,6 +1,7 @@ --- title: Creating CodeQL CLI database bundles -intro: 'You can create a database bundle with {% data variables.product.prodname_codeql %} troubleshooting information.' +shortTitle: Creating CodeQL CLI database bundles +intro: You can create a database bundle with {% data variables.product.prodname_codeql %} troubleshooting information. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.codeql %}' versions: @@ -11,6 +12,9 @@ topics: - Code Security - Code scanning - CodeQL +redirect_from: + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-database-bundle-for-troubleshooting +contentType: how-tos --- {% data reusables.code-scanning.codeql-database-archive-contains-source-code %} diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/index.md new file mode 100644 index 000000000000..917b13c5ed9e --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/index.md @@ -0,0 +1,24 @@ +--- +title: Scan from the command line +intro: Run code scanning from the command line using the {% data variables.product.prodname_codeql_cli %} to configure scans, customize queries, and troubleshoot results. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Code scanning + - CodeQL +children: + - /setting-up-the-codeql-cli + - /advanced-setup-of-the-codeql-cli + - /using-custom-queries-with-the-codeql-cli + - /testing-query-help-files + - /specifying-command-options-in-a-codeql-configuration-file + - /creating-database-bundle-for-troubleshooting +redirect_from: + - /code-security/codeql-cli/using-the-codeql-cli + - /code-security/codeql-cli/getting-started-with-the-codeql-cli + - /code-security/codeql-cli +--- diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/setting-up-the-codeql-cli.md similarity index 75% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/setting-up-the-codeql-cli.md index 8b49b7bbc73c..e467dd16343a 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/setting-up-the-codeql-cli.md @@ -1,6 +1,7 @@ --- title: Setting up the CodeQL CLI -intro: 'To get started with the {% data variables.product.prodname_codeql_cli %}, you need to download and set up the CLI so that it can access the tools and libraries required to create and analyze databases.' +shortTitle: Set up the CodeQL CLI +intro: To get started with the {% data variables.product.prodname_codeql_cli %}, you need to download and set up the CLI so that it can access the tools and libraries required to create and analyze databases. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -16,24 +17,24 @@ redirect_from: - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system - + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli +contentType: how-tos --- ## Setting up the {% data variables.product.prodname_codeql_cli %} {% data reusables.code-scanning.codeql-cli-version-ghes %} -To run {% data variables.product.prodname_codeql %} commands, you need to set up the CLI so that it can access -the tools, queries, and libraries required to create and analyze databases. +To run {% data variables.product.prodname_codeql %} commands, you need to set up the {% data variables.product.prodname_codeql_cli %} so that it can access the tools, queries, and libraries required to create and analyze databases. -The {% data variables.product.prodname_codeql_cli %} can be set up to support many different use cases and directory structures. To get started quickly, we recommend adopting a relatively simple setup, as outlined in the steps below. +The {% data variables.product.prodname_codeql_cli %} supports a range of use cases and directory structures. This article walks through a simple setup that works for most users and environments. -If you plan to use the {% data variables.product.prodname_codeql_cli %} for security research or to test or contribute queries, you may want a more advanced setup of {% data variables.product.prodname_codeql_cli %}. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli). +If you plan to use the {% data variables.product.prodname_codeql_cli %} for security research or to test or contribute queries, you may need a more advanced setup. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/advanced-setup-of-the-codeql-cli). -If you are setting up the {% data variables.product.prodname_codeql_cli %} in your CI system, you need to make the full contents of the {% data variables.product.prodname_codeql_cli %} bundle available to every CI server that you want to run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} analysis on. For example, you might configure each server to copy the bundle from a central, internal location and extract it. Alternatively, you could use the REST API to get the bundle directly from {% data variables.product.prodname_dotcom %}, ensuring that you benefit from the latest improvements to queries. For more information, see [AUTOTITLE](/rest/releases) in the REST API documentation. +### Before you begin If you are using macOS on Apple Silicon (for example, Apple M1), ensure that the [Xcode command-line developer -tools](https://developer.apple.com/downloads/index.action) and [Rosetta 2](https://support.apple.com/en-us/HT211861) are installed. +tools](https://developer.apple.com/library/archive/technotes/tn2339/_index.html) and [Rosetta 2](https://support.apple.com/en-us/HT211861) are installed. > [!NOTE] > The {% data variables.product.prodname_codeql_cli %} is currently not compatible with non-glibc Linux distributions such as (muslc-based) Alpine Linux. @@ -46,6 +47,15 @@ tools](https://developer.apple.com/downloads/index.action) and [Rosetta 2](https Extract the {% data variables.product.prodname_codeql_cli %} tar archive to a directory of your choosing. +### Optional: Make the {% data variables.product.prodname_codeql_cli %} available in your CI system + +If you plan to run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} analysis in a CI system, ensure that the full contents of the {% data variables.product.prodname_codeql_cli %} bundle are available to every CI server that will run analysis. + +For example, you can: + +* Copy the bundle from a central internal location and extract it on each server, or +* Use the REST API to download the bundle directly from {% data variables.product.prodname_dotcom %}, ensuring that you receive the latest improvements to queries. For more information, see [AUTOTITLE](/rest/releases). + ### 3. Launch `codeql` {% data reusables.codeql-cli.launch-codeql %} diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/specifying-command-options-in-a-codeql-configuration-file.md similarity index 90% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/specifying-command-options-in-a-codeql-configuration-file.md index 195cfc4bae53..8d9cf03e396f 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/specifying-command-options-in-a-codeql-configuration-file.md @@ -1,6 +1,7 @@ --- title: Specifying command options in a CodeQL configuration file -intro: 'You can save default command options in a {% data variables.product.prodname_codeql %} configuration file.' +shortTitle: Specify command options in a CodeQL configuration file +intro: You can save default command options in a {% data variables.product.prodname_codeql %} configuration file. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/specifying-command-options-in-a-codeql-configuration-file - /code-security/codeql-cli/using-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file +contentType: how-tos --- ## About specifying command options in a {% data variables.product.prodname_codeql %} configuration file diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/testing-query-help-files.md similarity index 93% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/testing-query-help-files.md index 09134f44276f..272b09a716b7 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/testing-query-help-files.md @@ -1,6 +1,7 @@ --- title: Testing query help files -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to preview your query help files as Markdown and ensure they are valid.' +shortTitle: Test query help files +intro: You can use the {% data variables.product.prodname_codeql_cli %} to preview your query help files as Markdown and ensure they are valid. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/testing-query-help-files - /code-security/codeql-cli/using-the-codeql-cli/testing-query-help-files + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-query-help-files +contentType: how-tos --- ## About testing query help files diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/using-custom-queries-with-the-codeql-cli.md similarity index 95% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/using-custom-queries-with-the-codeql-cli.md index 88c241fbfc78..e6fa4adbcb6d 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/using-custom-queries-with-the-codeql-cli.md @@ -1,6 +1,7 @@ --- title: Using custom queries with the CodeQL CLI -intro: 'You can write your own {% data variables.product.prodname_codeql %} queries to find specific vulnerabilities and errors.' +shortTitle: Use custom queries with the CodeQL CLI +intro: You can write your own {% data variables.product.prodname_codeql %} queries to find specific vulnerabilities and errors. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/using-custom-queries-with-the-codeql-cli - /code-security/codeql-cli/using-the-codeql-cli/using-custom-queries-with-the-codeql-cli + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli +contentType: how-tos --- ## About custom queries and the {% data variables.product.prodname_codeql_cli %} diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md similarity index 88% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md index e8e2f97c566a..1ce5abc3c947 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md @@ -9,9 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'The {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension uses the {% data variables.product.prodname_codeql_cli %} to compile and run queries.' +intro: The {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension uses the {% data variables.product.prodname_codeql_cli %} to compile and run queries. allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli +contentType: how-tos --- ## Configuring access to the {% data variables.product.prodname_codeql_cli %} diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/creating-a-custom-query.md similarity index 90% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/creating-a-custom-query.md index 1aaae688a008..c27899995a68 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/creating-a-custom-query.md @@ -9,8 +9,10 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can work from a template to write your own code to create a custom query to analyze a specific language.' +intro: You can work from a template to write your own code to create a custom query to analyze a specific language. +redirect_from: + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query +contentType: how-tos --- ## About custom queries diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/customizing-settings.md similarity index 96% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/customizing-settings.md index 9f5819b3872b..856e276e543b 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/customizing-settings.md @@ -9,10 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can edit the settings for the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension to suit your needs.' +intro: You can edit the settings for the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension to suit your needs. redirect_from: - /code-security/codeql-for-vs-code/customizing-settings + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings +contentType: how-tos --- ## About settings in the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md new file mode 100644 index 000000000000..4984e9a92a7d --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md @@ -0,0 +1,39 @@ +--- +title: Exploring data flow with path queries +shortTitle: Explore data flow +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Code Security + - Code scanning + - CodeQL +intro: Detect potential vulnerabilities by running path queries and analyzing your data flow. +redirect_from: + - /code-security/codeql-for-vs-code/exploring-data-flow-with-path-queries + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries +contentType: how-tos +--- + +## Prerequisites + +Before you can effectively use path queries, you should understand the basics of data flow analysis. See [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation. + +## Running path queries in {% data variables.product.prodname_vscode_shortname %} locally + +1. Open a path query in {% data variables.product.prodname_vscode_shortname %}. A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`. +1. Right-click in the window with the query open, then select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}. +1. Once the query has finished running, you can see the results in the "Results" view (under `alerts` in the dropdown menu). Each query result describes the flow of information between a source and a sink. +1. Expand the result to see the individual steps that the data follows. +1. Click each step to jump to it in the source code and investigate the problem further. + +## Next steps + +{% ifversion codeql-vs-code-mrva %} + +You can use the "Variant Analysis Repositories" view to run a query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. See [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis). + +{% endif %} + +To start writing your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation. diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-the-structure-of-your-source-code.md similarity index 89% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-the-structure-of-your-source-code.md index 178f46e84a33..bbcf99b28a2c 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-the-structure-of-your-source-code.md @@ -9,10 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can use the AST viewer to display the abstract syntax tree of a {% data variables.product.prodname_codeql %} database.' +intro: You can use the AST viewer to display the abstract syntax tree of a {% data variables.product.prodname_codeql %} database. redirect_from: - /code-security/codeql-for-vs-code/exploring-the-structure-of-your-source-code + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code +contentType: how-tos --- ## About the abstract syntax tree diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/index.md new file mode 100644 index 000000000000..61c31ff12443 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/index.md @@ -0,0 +1,30 @@ +--- +title: Scan from VS Code +intro: Scan and analyze code from {% data variables.product.prodname_vscode %} using {% data variables.product.prodname_codeql %} to write, test, and run queries, explore code structure, and manage databases and packs. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code Security + - Code scanning + - CodeQL +redirect_from: + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension + - /code-security/codeql-for-vs-code +children: + - /installing-codeql-for-vs-code + - /managing-codeql-databases + - /running-codeql-queries + - /exploring-data-flow-with-path-queries + - /running-codeql-queries-at-scale-with-multi-repository-variant-analysis + - /using-the-codeql-model-editor + - /creating-a-custom-query + - /managing-codeql-packs + - /exploring-the-structure-of-your-source-code + - /testing-codeql-queries-in-vs-code + - /customizing-settings + - /setting-up-a-codeql-workspace + - /configuring-access-to-the-codeql-cli +--- diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/installing-codeql-for-vs-code.md similarity index 83% rename from content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/installing-codeql-for-vs-code.md index abb8f7c21051..eb949c231868 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/installing-codeql-for-vs-code.md @@ -10,9 +10,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'To get started with {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}, you need to install and set up the extension.' +intro: To get started with {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}, you need to install and set up the extension. allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code + - /code-security/codeql-for-vs-code/setting-up-codeql-in-visual-studio-code +contentType: how-tos --- ## Prerequisites @@ -43,7 +47,7 @@ You can install the {% data variables.product.prodname_codeql %} for {% data var ### Using the {% data variables.product.prodname_codeql %} VSIX file -1. Download the [{% data variables.product.prodname_codeql %} VSIX file](https://github.com/github/vscode-codeql/releases) from the `github/vscode-codeql` repository on {% data variables.product.prodname_dotcom %}. +1. Download the [{% data variables.product.prodname_codeql %} VSIX file](https://github.com/github/vscode-codeql/releases?ref_product=code-scanning&ref_type=engagement&ref_style=text) from the `github/vscode-codeql` repository on {% data variables.product.prodname_dotcom %}. 1. In {% data variables.product.prodname_vscode_shortname %}, open the "Extensions" view. diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-databases.md similarity index 93% rename from content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-databases.md index 851f94d5fcb9..ffd53cb10306 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-databases.md @@ -9,8 +9,10 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can work with {% data variables.product.prodname_codeql %} databases using the extension.' +intro: You can work with {% data variables.product.prodname_codeql %} databases using the extension. +redirect_from: + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases +contentType: how-tos --- ## About {% data variables.product.prodname_codeql %} databases diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-packs.md similarity index 91% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-packs.md index 911defcbc970..c21c795626be 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/managing-codeql-packs.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can view, write, and edit {% data variables.product.prodname_codeql %} query and library packs in {% data variables.product.prodname_vscode %} using the {% data variables.product.prodname_codeql %} extension.' +intro: You can view, write, and edit {% data variables.product.prodname_codeql %} query and library packs in {% data variables.product.prodname_vscode %} using the {% data variables.product.prodname_codeql %} extension. allowTitleToDifferFromFilename: true redirect_from: - /code-security/codeql-for-vs-code/working-with-codeql-packs-in-visual-studio-code + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs +contentType: how-tos --- ## Benefits of using the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} to work with packs diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md similarity index 95% rename from content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md index 6bc0bfcc030d..524f3f4ccf9d 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md @@ -1,16 +1,17 @@ --- title: Running CodeQL queries at scale with multi-repository variant analysis -shortTitle: Queries at scale +shortTitle: Run queries at scale versions: - feature: codeql-vs-code-mrva + feature: codeql-vs-code-mrva topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can run {% data variables.product.prodname_codeql %} queries on a large number of repositories on {% data variables.product.github %} from {% data variables.product.prodname_vscode %}.' +intro: You can run {% data variables.product.prodname_codeql %} queries on a large number of repositories on {% data variables.product.github %} from {% data variables.product.prodname_vscode %}. redirect_from: - /code-security/codeql-for-vs-code/running-codeql-queries-at-scale-with-mrva + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis +contentType: how-tos --- ## About running {% data variables.product.prodname_codeql %} queries at scale with multi-repository variant analysis @@ -19,7 +20,7 @@ With multi-repository variant analysis (MRVA), you can run {% data variables.pro When you run MRVA against a list of repositories, your query is run against each repository that has a {% data variables.product.prodname_codeql %} database available to analyze. {% data variables.product.github %} creates and stores the latest {% data variables.product.prodname_codeql %} database for the default branch of thousands of public repositories, including every repository that runs {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}. -You need to enable {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} on {% data variables.product.github %}, using either default setup or advanced setup, before adding your repository to a list for analysis. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). +You need to enable {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} on {% data variables.product.github %}, using either default setup or advanced setup, before adding your repository to a list for analysis. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning). ### How MRVA runs queries against {% data variables.product.prodname_codeql %} databases on {% data variables.product.prodname_dotcom_the_website %} @@ -125,7 +126,7 @@ You can export your results for further analysis or to discuss them with collabo ## Creating a custom list of repositories > [!NOTE] -> {% data variables.product.prodname_codeql %} analysis always requires a {% data variables.product.prodname_codeql %} database to run queries against. When you run variant analysis against a list of repositories, your query will only be executed against the repositories that currently have a {% data variables.product.prodname_codeql %} database available to download. The best way to make a repository available for variant analysis is to enable {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). +> {% data variables.product.prodname_codeql %} analysis always requires a {% data variables.product.prodname_codeql %} database to run queries against. When you run variant analysis against a list of repositories, your query will only be executed against the repositories that currently have a {% data variables.product.prodname_codeql %} database available to download. The best way to make a repository available for variant analysis is to enable {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning). 1. In the "Variant Analysis Repositories" view, click the "Add list" icon. diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries.md similarity index 97% rename from content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries.md index 1f9b6dc73795..ad0532d2da46 100644 --- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can run queries on {% data variables.product.prodname_codeql %} databases and view the results in {% data variables.product.prodname_vscode %}.' +intro: You can run queries on {% data variables.product.prodname_codeql %} databases and view the results in {% data variables.product.prodname_vscode %}. allowTitleToDifferFromFilename: true redirect_from: - /code-security/codeql-for-vs-code/analyzing-your-projects + - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries +contentType: how-tos --- ## About running {% data variables.product.prodname_codeql %} queries diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/setting-up-a-codeql-workspace.md similarity index 87% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/setting-up-a-codeql-workspace.md index 7577fb098fd9..a3c843d4ee7f 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/setting-up-a-codeql-workspace.md @@ -9,9 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'When you''re working with {% data variables.product.prodname_codeql %}, you need access to the standard libraries and queries.' +intro: When you're working with {% data variables.product.prodname_codeql %}, you need access to the standard libraries and queries. allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace +contentType: how-tos --- ## Setting up a {% data variables.product.prodname_codeql %} workspace @@ -29,7 +31,7 @@ There are several different ways to give the extension access to the standard li > [!NOTE] > The {% data variables.product.prodname_codeql %} repository is included as a submodule in the starter workspace. You should use `git submodule update --remote` regularly to keep the submodules up to date, and ensure that they remain compatible with newer versions of the {% data variables.product.prodname_vscode_shortname %} extension and the {% data variables.product.prodname_codeql_cli %}. -1. Clone the [vscode-codeql-starter repository](https://github.com/github/vscode-codeql-starter/) to your computer. Make sure you include the submodules, either by using `git clone --recursive`, or by using `git submodule update --init --remote` after cloning. +1. Clone the [vscode-codeql-starter repository](https://github.com/github/vscode-codeql-starter/?ref_product=code-scanning&ref_type=engagement&ref_style=text) to your computer. Make sure you include the submodules, either by using `git clone --recursive`, or by using `git submodule update --init --remote` after cloning. 1. In {% data variables.product.prodname_vscode_shortname %}, click **File** then **Open Workspace from File...** to open the `vscode-codeql-starter.code-workspace` file from your checkout of the workspace repository. diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/testing-codeql-queries-in-vs-code.md similarity index 93% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/testing-codeql-queries-in-vs-code.md index aca4591a9afc..70b40239550f 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/testing-codeql-queries-in-vs-code.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can run unit tests for {% data variables.product.prodname_codeql %} queries using the {% data variables.product.prodname_vscode %} extension.' +intro: You can run unit tests for {% data variables.product.prodname_codeql %} queries using the {% data variables.product.prodname_vscode %} extension. allowTitleToDifferFromFilename: true redirect_from: - /code-security/codeql-for-vs-code/testing-codeql-queries-in-visual-studio-code + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code +contentType: how-tos --- ## About testing queries in {% data variables.product.prodname_vscode_shortname %} diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/using-the-codeql-model-editor.md similarity index 97% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/using-the-codeql-model-editor.md index 09c52ad99712..cd6ef4c7615d 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/using-the-codeql-model-editor.md @@ -1,6 +1,6 @@ --- title: Using the CodeQL model editor -shortTitle: CodeQL model editor +shortTitle: Use the model editor versions: fpt: '*' ghec: '*' @@ -9,10 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'You can view, write, and edit {% data variables.product.prodname_codeql %} model packs in {% data variables.product.prodname_vscode %}.' +intro: You can view, write, and edit {% data variables.product.prodname_codeql %} model packs in {% data variables.product.prodname_vscode %}. redirect_from: - /code-security/codeql-for-vs-code/using-the-codeql-model-editor + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor +contentType: how-tos --- {% data reusables.code-scanning.beta-model-packs %} diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/index.md new file mode 100644 index 000000000000..93858efe0259 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/index.md @@ -0,0 +1,23 @@ +--- +title: Troubleshooting +shortTitle: Troubleshoot +intro: Diagnose and resolve issues with code scanning by troubleshooting analysis errors and problems uploading SARIF results. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code scanning + - Errors + - Troubleshooting + - SARIF +children: + - /troubleshooting-codeql-for-vs-code + - /troubleshooting-analysis-errors + - /troubleshooting-sarif-uploads +redirect_from: + - /code-security/code-scanning/troubleshooting-sarif + - /code-security/code-scanning/troubleshooting-sarif-uploads +--- + diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/advanced-security-must-be-enabled.md similarity index 94% rename from content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/advanced-security-must-be-enabled.md index b2c6d1a66cba..017812c5d5bb 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/advanced-security-must-be-enabled.md @@ -1,9 +1,8 @@ --- title: 'Error: "{% data variables.product.prodname_GHAS_or_code_security %} must be enabled for this repository to use code scanning"' shortTitle: '{% data variables.product.prodname_code_security %} must be enabled' -intro: 'If you see this error, make sure that {% data variables.product.prodname_GH_code_security %} is enabled.' +intro: If you see this error, make sure that {% data variables.product.prodname_GH_code_security %} is enabled. allowTitleToDifferFromFilename: true -type: reference topics: - Code scanning - Errors @@ -12,6 +11,9 @@ versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/alerts-in-generated-code.md similarity index 60% rename from content/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/alerts-in-generated-code.md index 0367a9f0e7af..ff0b443bfa33 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/alerts-in-generated-code.md @@ -1,7 +1,7 @@ --- title: Alerts found in generated code shortTitle: Alerts in generated code -intro: 'When analyzing your code with {% data variables.product.prodname_code_scanning %}, you may wish to build only the code which you wish to analyze.' +intro: When analyzing your code with {% data variables.product.prodname_code_scanning %}, you may wish to build only the code which you wish to analyze. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -9,6 +9,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/alerts-found-in-generated-code + - /code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/analysis-takes-too-long.md similarity index 96% rename from content/code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/analysis-takes-too-long.md index 0ca7fad654b7..530e7a35399b 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/analysis-takes-too-long.md @@ -1,7 +1,7 @@ --- title: Code scanning analysis takes too long shortTitle: Analysis takes too long -intro: 'You can fine tune your {% data variables.product.prodname_code_scanning %} configuration to minimize analysis time.' +intro: You can fine tune your {% data variables.product.prodname_code_scanning %} configuration to minimize analysis time. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -9,6 +9,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/build-is-taking-too-long + - /code-security/code-scanning/troubleshooting-code-scanning/analysis-takes-too-long +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/automatic-build-failed.md similarity index 79% rename from content/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/automatic-build-failed.md index 95ce2f09070c..47e78d658d2b 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/automatic-build-failed.md @@ -2,13 +2,15 @@ title: Automatic build failed for a compiled language shortTitle: Automatic build failed allowTitleToDifferFromFilename: true -intro: 'If automatic build fails, you can configure {% data variables.product.prodname_code_scanning %} to use specific build steps for compiled languages.' +intro: If automatic build fails, you can configure {% data variables.product.prodname_code_scanning %} to use specific build steps for compiled languages. versions: fpt: '*' ghes: '*' ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed-for-a-compiled-language + - /code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/c-sharp-compiler-unexpectedly-failing.md similarity index 84% rename from content/code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/c-sharp-compiler-unexpectedly-failing.md index a77b97db3768..d9d8fb6b06a5 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/c-sharp-compiler-unexpectedly-failing.md @@ -1,12 +1,15 @@ --- -title: 'C# compiler unexpectedly failing' -shortTitle: 'C# compiler failing' +title: C# compiler unexpectedly failing +shortTitle: C# compiler failing allowTitleToDifferFromFilename: true -intro: 'If your MSBuild C# compilation is unexpectedly failing, you may need to amend your application project file.' +intro: If your MSBuild C# compilation is unexpectedly failing, you may need to amend your application project file. versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/c-sharp-compiler-unexpectedly-failing +contentType: how-tos --- ## About these errors diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/cannot-enable-codeql-in-a-private-repository.md similarity index 94% rename from content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/cannot-enable-codeql-in-a-private-repository.md index 3341a87b57fb..3dd31a54d278 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/cannot-enable-codeql-in-a-private-repository.md @@ -1,8 +1,7 @@ --- -title: 'Cannot enable CodeQL in a private repository' +title: Cannot enable CodeQL in a private repository intro: '{% data variables.product.prodname_GH_code_security %} must be enabled in order to use {% data variables.product.prodname_code_scanning %} on private repositories.' allowTitleToDifferFromFilename: true -type: reference topics: - Code scanning - Errors @@ -11,6 +10,9 @@ versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository +contentType: how-tos --- {% ifversion fpt %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/enabling-default-setup-takes-too-long.md similarity index 82% rename from content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/enabling-default-setup-takes-too-long.md index 1eba1d0b2007..e97c40f7b551 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/enabling-default-setup-takes-too-long.md @@ -1,11 +1,14 @@ --- -title: 'Enabling default setup takes too long' -intro: 'If you think that enabling default setup has stalled, you can restart the process.' +title: Enabling default setup takes too long +intro: If you think that enabling default setup has stalled, you can restart the process. allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long +contentType: how-tos --- diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/extraction-errors-in-the-database.md similarity index 77% rename from content/code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/extraction-errors-in-the-database.md index 94520fc66883..37584813d533 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/extraction-errors-in-the-database.md @@ -1,11 +1,14 @@ --- -title: 'Extraction errors in the database' -intro: 'You can check whether or not extraction errors affect the health of the {% data variables.product.prodname_codeql %} database created.' +title: Extraction errors in the database +intro: You can check whether or not extraction errors affect the health of the {% data variables.product.prodname_codeql %} database created. allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/extraction-errors-in-the-database +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/fewer-lines-scanned-than-expected.md similarity index 93% rename from content/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/fewer-lines-scanned-than-expected.md index b4f2a84051e6..9a5d70e052b0 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/fewer-lines-scanned-than-expected.md @@ -1,7 +1,7 @@ --- title: CodeQL scanned fewer lines than expected shortTitle: Fewer lines scanned than expected -intro: 'If {% data variables.product.prodname_codeql %} analyzed less code than you expected, you may need to use a custom build command.' +intro: If {% data variables.product.prodname_codeql %} analyzed less code than you expected, you may need to use a custom build command. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -9,6 +9,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/codeql-scanned-fewer-lines-than-expected + - /code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected +contentType: how-tos --- ## About analysis of compiled languages diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/index.md similarity index 77% rename from content/code-security/code-scanning/troubleshooting-code-scanning/index.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/index.md index ae91122e9735..5da839a58d1b 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/index.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/index.md @@ -1,39 +1,41 @@ --- -title: Troubleshooting code scanning -intro: 'When analyzing your code with {% data variables.product.prodname_code_scanning %}, you may need to troubleshoot unexpected issues.' -redirect_from: - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-your-default-setup-for-codeql - - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow - - /code-security/code-scanning/troubleshooting-code-scanning/results-differ-between-platforms +title: Troubleshooting analysis errors +shortTitle: Troubleshoot analysis errors +intro: Identify and resolve errors that occur during code analysis, including build failures, incomplete scans, resource limits, and unexpected results. versions: fpt: '*' ghes: '*' ghec: '*' +contentType: how-tos topics: - - Code Security - Code scanning - - CodeQL - - Repositories + - Errors + - Troubleshooting children: - - /advanced-security-must-be-enabled - /alerts-in-generated-code - - /analysis-takes-too-long - /automatic-build-failed - /c-sharp-compiler-unexpectedly-failing - /cannot-enable-codeql-in-a-private-repository - - /enabling-default-setup-takes-too-long - - /extraction-errors-in-the-database + - /analysis-takes-too-long - /fewer-lines-scanned-than-expected - - /logs-not-detailed-enough - - /no-source-code-seen-during-build - - /not-recognized + - /enabling-default-setup-takes-too-long + - /advanced-security-must-be-enabled - /out-of-disk-or-memory - /resource-not-accessible - - /results-different-than-expected + - /not-recognized + - /no-source-code-seen-during-build - /server-error + - /extraction-errors-in-the-database + - /logs-not-detailed-enough + - /results-different-than-expected - /some-languages-not-analyzed - /two-codeql-workflows - /unclear-what-triggered-a-workflow - /unnecessary-step-found - /kotlin-detected-in-no-build +redirect_from: + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-your-default-setup-for-codeql + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow + - /code-security/code-scanning/troubleshooting-code-scanning/results-differ-between-platforms + - /code-security/code-scanning/troubleshooting-code-scanning --- diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/kotlin-detected-in-no-build.md similarity index 97% rename from content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/kotlin-detected-in-no-build.md index 7487635f7f66..4efb1cfe7252 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/kotlin-detected-in-no-build.md @@ -7,6 +7,9 @@ versions: fpt: '*' ghec: '*' ghes: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build +contentType: how-tos --- ## About this warning diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough.md new file mode 100644 index 000000000000..495a3a2e3422 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough.md @@ -0,0 +1,65 @@ +--- +title: Logs are not detailed enough +shortTitle: Logs not detailed enough +intro: If you'd like to increase the level of detail in your logs, try these steps. +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/logs-are-not-detailed-enough + - /code-security/code-scanning/troubleshooting-code-scanning/logs-not-detailed-enough +contentType: how-tos +--- + +If your logs are not detailed enough to troubleshoot a problem, there are several steps you can take to obtain extra information and make logs more useful. + +## Enable step debug logging + +You can enable step debug logging in {% data variables.product.prodname_actions %} to increase the verbosity of a job's logs during a job's execution. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). + +## Creating {% data variables.product.prodname_codeql %} debugging artifacts + +> [!WARNING] +> {% data variables.product.prodname_codeql %} debugging artifacts contain a copy of the source code being analyzed by {% data variables.product.prodname_codeql %}, therefore we suggest sharing these bundles only with people who are authorized to access that source code. + +You can obtain artifacts to help you debug {% data variables.product.prodname_codeql %}. +The debug artifacts will be uploaded to the workflow run as artifacts with names starting with `debug-artifacts`. If {% data variables.product.prodname_codeql %} analyzes multiple languages concurrently as part of the workflow run, there will be one such artifact for every language. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} databases, extracted source code files, and any SARIF files produced by the workflow. For more information about downloading {% data variables.product.prodname_codeql %} artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts). + +These artifacts will help you debug problems with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. If you contact GitHub support, they might ask for this data. + +### Creating {% data variables.product.prodname_codeql %} debugging artifacts for {% data variables.product.prodname_codeql %} default setup + +You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling {% data variables.product.prodname_actions %} step debug logging and triggering a new {% data variables.product.prodname_codeql %} analysis by, for example, pushing a new commit to a pull request branch. For information on how to enable {% data variables.product.prodname_actions %} step debug logging, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). + +{% ifversion org-private-registry %} + +If you have given {% data variables.product.prodname_codeql %} access to private registries, additional artifacts whose names start with `proxy-log-file` will be available. These contain logs of the authentication proxy that is used by {% data variables.product.prodname_codeql %} default setup to authenticate requests to private registries and may be used to troubleshoot private registry configurations. To learn more, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). + +{% endif %} + +### Creating {% data variables.product.prodname_codeql %} debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup + +Debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup can be obtained in several different ways. + +#### Re-running jobs with debug logging enabled + +The easiest option to create debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup is by re-running jobs with debug logging enabled. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see [AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs). + +You need to ensure that you select **Enable debug logging**. This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download {% data variables.product.prodname_codeql %} debugging artifacts to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs. + +#### Using a workflow flag + +You can create {% data variables.product.prodname_codeql %} debugging artifacts by using a flag in your workflow. For this, you need to modify the `init` step of your {% data variables.code-scanning.codeql_workflow %} file and set `debug: true`. + +```yaml +- name: Initialize CodeQL + uses: {% data reusables.actions.action-codeql-action-init %} + with: + debug: true +``` + +#### Using {% data variables.product.prodname_actions %} step debug logging + +If you have enabled {% data variables.product.prodname_actions %} step debug logging, {% data variables.product.prodname_codeql %} will also produce debugging artifacts and upload them. See [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/no-source-code-seen-during-build.md similarity index 93% rename from content/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/no-source-code-seen-during-build.md index 6602a72d7950..0a73b21bda3b 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/no-source-code-seen-during-build.md @@ -1,12 +1,15 @@ --- title: 'Error: "No source code was seen during the build"' -shortTitle: 'No source code seen during build' -intro: 'When {% data variables.product.prodname_codeql %} fails to find any source code, you need to resolve this problem to unblock {% data variables.product.prodname_code_scanning %} analysis.' +shortTitle: No source code seen during build +intro: When {% data variables.product.prodname_codeql %} fails to find any source code, you need to resolve this problem to unblock {% data variables.product.prodname_code_scanning %} analysis. allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build +contentType: how-tos --- diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/not-recognized.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/not-recognized.md similarity index 89% rename from content/code-security/code-scanning/troubleshooting-code-scanning/not-recognized.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/not-recognized.md index 6506bd4cdba7..a88ae160b1e0 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/not-recognized.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/not-recognized.md @@ -7,6 +7,9 @@ versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/not-recognized +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/out-of-disk-or-memory.md similarity index 85% rename from content/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/out-of-disk-or-memory.md index 25047ffa4632..9b802a862b34 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/out-of-disk-or-memory.md @@ -1,12 +1,15 @@ --- title: 'Error: "Out of disk" or Error: "Out of memory"' -shortTitle: 'Out of disk or memory' -intro: 'If you see one of these errors with {% data variables.product.prodname_actions %}, {% ifversion ghes %}try reviewing the specifications of your self-hosted runners.{% else %}you can try alternative runners.{% endif %}' +shortTitle: Out of disk or memory +intro: If you see one of these errors with {% data variables.product.prodname_actions %}, {% ifversion ghes %}try reviewing the specifications of your self-hosted runners.{% else %}you can try alternative runners.{% endif %} allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/out-of-disk-or-memory +contentType: how-tos --- diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/resource-not-accessible.md similarity index 93% rename from content/code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/resource-not-accessible.md index f01dfcb46087..3a14bb7db0d8 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/resource-not-accessible.md @@ -1,13 +1,15 @@ --- title: 'Error: 403 "Resource not accessible by integration"' shortTitle: Resource not accessible -intro: 'This error may be seen on pull requests created by {% data variables.product.prodname_dependabot %} and can be resolved in a couple of different ways.' +intro: This error may be seen on pull requests created by {% data variables.product.prodname_dependabot %} and can be resolved in a couple of different ways. allowTitleToDifferFromFilename: true versions: fpt: '*' ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible-by-integration + - /code-security/code-scanning/troubleshooting-code-scanning/resource-not-accessible +contentType: how-tos --- >[!NOTE] diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/results-different-than-expected.md similarity index 88% rename from content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/results-different-than-expected.md index a0dc68b961fa..09ecc303275b 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/results-different-than-expected.md @@ -1,7 +1,7 @@ --- title: Results are different than expected shortTitle: Results different than expected -intro: 'If your {% data variables.product.prodname_code_scanning %} results are different than you expected, you can check which configurations are active.' +intro: If your {% data variables.product.prodname_code_scanning %} results are different than you expected, you can check which configurations are active. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -9,6 +9,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/results-are-different-than-expected + - /code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected +contentType: how-tos --- If your {% data variables.product.prodname_code_scanning %} results are different than you expected, you may have both default and advanced setup configured for your repository. When you enable default setup, this disables the existing {% data variables.product.prodname_codeql %} workflow file and blocks any {% data variables.product.prodname_codeql %} API analysis from uploading results. diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/server-error.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/server-error.md similarity index 66% rename from content/code-security/code-scanning/troubleshooting-code-scanning/server-error.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/server-error.md index 06f6870360b9..baf62d881ade 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/server-error.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/server-error.md @@ -1,11 +1,14 @@ --- title: 'Error: "Server error"' -shortTitle: 'Server error' -intro: 'If you see this error, it may be transient. Check the current {% data variables.product.prodname_actions %} service status, and try running your workflow again.' +shortTitle: Server error +intro: If you see this error, it may be transient. Check the current {% data variables.product.prodname_actions %} service status, and try running your workflow again. allowTitleToDifferFromFilename: true versions: fpt: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/server-error +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/some-languages-not-analyzed.md similarity index 86% rename from content/code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/some-languages-not-analyzed.md index 4a3fa689b9d8..847a292fecba 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/some-languages-not-analyzed.md @@ -2,13 +2,15 @@ title: Some languages were not analyzed with CodeQL advanced setup shortTitle: Some languages not analyzed allowTitleToDifferFromFilename: true -intro: 'If some languages were not analyzed, you can modify your {% data variables.product.prodname_code_scanning %} workflow to add a matrix specifying the languages you want to analyze.' +intro: If some languages were not analyzed, you can modify your {% data variables.product.prodname_code_scanning %} workflow to add a matrix specifying the languages you want to analyze. versions: fpt: '*' ghes: '*' ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/some-languages-were-not-analyzed + - /code-security/code-scanning/troubleshooting-code-scanning/some-languages-not-analyzed +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/two-codeql-workflows.md similarity index 75% rename from content/code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/two-codeql-workflows.md index 7fd41f4e0b02..4f81958430fa 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/two-codeql-workflows.md @@ -1,11 +1,14 @@ --- -title: 'Two CodeQL workflows' +title: Two CodeQL workflows allowTitleToDifferFromFilename: true -intro: 'If you see two workflows named "{% data variables.product.prodname_codeql %}", one workflow may be a pre-existing {% data variables.product.prodname_codeql %} workflow file which has been disabled by default setup.' +intro: If you see two workflows named "{% data variables.product.prodname_codeql %}", one workflow may be a pre-existing {% data variables.product.prodname_codeql %} workflow file which has been disabled by default setup. versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/two-codeql-workflows +contentType: how-tos --- {% data reusables.code-scanning.codeql-action-version-ghes %} diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unclear-what-triggered-a-workflow.md similarity index 82% rename from content/code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unclear-what-triggered-a-workflow.md index 71ec314ac42c..c8552d188332 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unclear-what-triggered-a-workflow.md @@ -1,7 +1,7 @@ --- title: Unclear what triggered a workflow run shortTitle: Unclear what triggered a workflow -intro: 'If you don''t know what triggered an analysis, investigate the {% data variables.code-scanning.tool_status_page %} or look at the log for the last scan.' +intro: If you don't know what triggered an analysis, investigate the {% data variables.code-scanning.tool_status_page %} or look at the log for the last scan. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -9,6 +9,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow-run + - /code-security/code-scanning/troubleshooting-code-scanning/unclear-what-triggered-a-workflow +contentType: how-tos --- The {% data variables.code-scanning.tool_status_page %} shows you how well {% data variables.product.prodname_code_scanning %} tools are working for a repository, when files in the repository were first scanned and most recently scanned, and when scans are scheduled. For integrated tools like {% data variables.product.prodname_codeql %}, you can also see more detailed information, including a percentage of files scanned and specific error messages. For more information about the {% data variables.code-scanning.tool_status_page %}, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page). diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unnecessary-step-found.md similarity index 89% rename from content/code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unnecessary-step-found.md index 015173768f81..854ce9c6b6c6 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/unnecessary-step-found.md @@ -1,12 +1,15 @@ --- title: 'Warning: "1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary"' -shortTitle: 'Unnecessary step found' -intro: 'If you see this warning, you should update your workflow to follow current best practice.' +shortTitle: Unnecessary step found +intro: If you see this warning, you should update your workflow to follow current best practice. allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/troubleshooting-code-scanning/unnecessary-step-found +contentType: how-tos --- ## About this warning diff --git a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/accessing-logs.md similarity index 79% rename from content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/accessing-logs.md index 9e83027c96ae..fe4f9b503b51 100644 --- a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/accessing-logs.md @@ -1,6 +1,6 @@ --- -title: 'Accessing logs' -shortTitle: 'Access logs' +title: Accessing logs +shortTitle: Access logs versions: fpt: '*' ghec: '*' @@ -9,9 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'If you need to troubleshoot problems with {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}, there are several logs you can access.' +intro: If you need to troubleshoot problems with {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}, there are several logs you can access. allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs +contentType: how-tos --- ## About logs diff --git a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/index.md similarity index 60% rename from content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/index.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/index.md index 37db10207b14..58f3c4934ebb 100644 --- a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/index.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/index.md @@ -1,6 +1,6 @@ --- title: Troubleshooting CodeQL for VS Code -intro: 'Learn how to resolve problems with the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %}.' +intro: Learn how to resolve problems with the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %}. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -15,4 +15,7 @@ children: - /warning-problem-with-controller-repository redirect_from: - /code-security/codeql-for-vs-code/troubleshooting-codeql-for-visual-studio-code + - /code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code +contentType: how-tos --- + diff --git a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md similarity index 81% rename from content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md index 523498eed35a..5a538095013d 100644 --- a/content/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository.md @@ -1,16 +1,17 @@ --- -title: 'Problem with controller repository' +title: Problem with controller repository versions: feature: codeql-vs-code-mrva topics: - Code Security - Code scanning - CodeQL -type: reference -intro: 'If you see this warning, update your controller repository to a private repository.' +intro: If you see this warning, update your controller repository to a private repository. allowTitleToDifferFromFilename: true redirect_from: - /code-security/codeql-for-vs-code/troubleshooting-variant-analysis + - /code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/warning-problem-with-controller-repository +contentType: how-tos --- ## About this warning diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/default-setup-enabled.md similarity index 82% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/default-setup-enabled.md index 4af686973052..30bd30e1c4c5 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/default-setup-enabled.md @@ -1,9 +1,8 @@ --- -title: 'Upload was rejected because CodeQL default setup is enabled for {% data variables.product.prodname_code_scanning %}' +title: Upload was rejected because CodeQL default setup is enabled for {% data variables.product.prodname_code_scanning %} shortTitle: Default setup is enabled allowTitleToDifferFromFilename: true -intro: 'You cannot upload SARIF results generated by the {% data variables.product.prodname_codeql %} action or {% data variables.product.prodname_codeql %} CLI when default setup for {% data variables.product.prodname_code_scanning %} is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload.' -type: reference +intro: You cannot upload SARIF results generated by the {% data variables.product.prodname_codeql %} action or {% data variables.product.prodname_codeql %} CLI when default setup for {% data variables.product.prodname_code_scanning %} is enabled. Check your configuration and decide whether to keep default setup or unblock SARIF upload. topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/default-setup-enabled + - /code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large.md similarity index 95% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large.md index a1854f8ebaf9..1a494babdf67 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large.md @@ -1,9 +1,8 @@ --- -title: 'SARIF results file is too large' +title: SARIF results file is too large shortTitle: Results file too large allowTitleToDifferFromFilename: true -intro: 'You cannot upload a SARIF results file larger than 10 MB to {% data variables.product.prodname_code_scanning %}. Explore ways to generate a smaller file containing the highest impact results.' -type: reference +intro: You cannot upload a SARIF results file larger than 10 MB to {% data variables.product.prodname_code_scanning %}. Explore ways to generate a smaller file containing the highest impact results. topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/file-too-large + - /code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large +contentType: how-tos --- ## About this error @@ -30,7 +31,7 @@ A fatal error occurred: SARIF file is too large One of these errors is reported if a process attempts to upload a SARIF file that is larger than the maximum size of 10 MB. {% data variables.product.prodname_code_scanning_caps %} does not accept files above this size. There are several different ways to reduce the number of results generated for upload to {% data variables.product.prodname_code_scanning %}. -You could see this error for SARIF files generated by {% data variables.product.prodname_codeql %} or by third-party analysis tools. For information about the limits on uploads, see {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file). +You could see this error for SARIF files generated by {% data variables.product.prodname_codeql %} or by third-party analysis tools. For information about the limits on uploads, see {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#file-compatibility). ## Confirming the cause of the error diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/ghas-required.md similarity index 77% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/ghas-required.md index 20170e188764..d916b181dad6 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/ghas-required.md @@ -1,9 +1,8 @@ --- -title: 'Upload fails because {% data variables.product.prodname_GH_code_security %} is disabled' +title: Upload fails because {% data variables.product.prodname_GH_code_security %} is disabled shortTitle: '{% data variables.product.prodname_GH_code_security %} disabled' allowTitleToDifferFromFilename: true -intro: 'You can only upload SARIF results to {% ifversion fpt or ghec %}private or internal {% endif %}repositories where {% data variables.product.prodname_GH_code_security %} is enabled.' -type: reference +intro: You can only upload SARIF results to {% ifversion fpt or ghec %}private or internal {% endif %}repositories where {% data variables.product.prodname_GH_code_security %} is enabled. topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/ghas-required + - /code-security/code-scanning/troubleshooting-sarif-uploads/ghas-required +contentType: how-tos --- ## About this error diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/index.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/index.md new file mode 100644 index 000000000000..8205a9eeada5 --- /dev/null +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/index.md @@ -0,0 +1,22 @@ +--- +title: Troubleshooting SARIF uploads +shortTitle: Troubleshoot SARIF uploads +intro: Identify and resolve issues when uploading SARIF files, including authentication problems, file validation errors, and upload limits. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Code scanning + - Errors + - SARIF + - Troubleshooting +children: + - /missing-token + - /sarif-invalid + - /results-exceed-limit + - /file-too-large + - /ghas-required + - /default-setup-enabled +--- diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/missing-token.md similarity index 86% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/missing-token.md index 80c7951c63ef..bcd4a7abbee2 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/missing-token.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/missing-token.md @@ -1,9 +1,8 @@ --- -title: 'GitHub token is required to upload SARIF results' +title: GitHub token is required to upload SARIF results shortTitle: GitHub token missing allowTitleToDifferFromFilename: true -intro: 'You need to provide an authentication method for the upload process to use to access the repository.' -type: reference +intro: You need to provide an authentication method for the upload process to use to access the repository. topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/missing-token + - /code-security/code-scanning/troubleshooting-sarif-uploads/missing-token +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/results-exceed-limit.md similarity index 81% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/results-exceed-limit.md index a1b4c8505f1d..75ce98347f08 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/results-exceed-limit.md @@ -1,9 +1,8 @@ --- -title: 'SARIF results exceed one or more limits' +title: SARIF results exceed one or more limits shortTitle: Results exceed limits allowTitleToDifferFromFilename: true -intro: 'Learn how to resolve problems when a SARIF file is rejected by {% data variables.product.prodname_code_scanning %} because one or more limits is exceeded.' -type: reference +intro: Learn how to resolve problems when a SARIF file is rejected by {% data variables.product.prodname_code_scanning %} because one or more limits is exceeded. topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/results-exceed-limit + - /code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit +contentType: how-tos --- ## About {% data variables.product.prodname_code_scanning %} limits on SARIF results @@ -47,7 +48,7 @@ You could see these errors for SARIF files generated by {% data variables.produc {% data reusables.code-scanning.sarif-limits %} -For information about validating your SARIF file, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file). +For information about validating your SARIF file, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#file-compatibility). ## Fixing soft limit errors @@ -55,7 +56,7 @@ When soft limits are exceeded, {% data variables.product.prodname_code_scanning ## Fixing "Analysis SARIF file rejected due to results limits" -There are many considerations and potential solutions for reducing the number of results included in a SARIF results file. For guidance, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large). +There are many considerations and potential solutions for reducing the number of results included in a SARIF results file. For guidance, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large). ## Fixing "Alert(s) in SARIF file exceeded thread flow location limits" @@ -65,24 +66,24 @@ You can configure the analysis to limit the number of dataflow paths included in ## Fixing "Analysis SARIF file rejected due to run limits" -The simplest approach is generate a new SARIF file for each run and upload each file separately. You add a "category" to each results and this enables {% data variables.product.prodname_code_scanning %} to store and display the results appropriately. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit). +The simplest approach is generate a new SARIF file for each run and upload each file separately. You add a "category" to each results and this enables {% data variables.product.prodname_code_scanning %} to store and display the results appropriately. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github#uploading-more-than-one-sarif-file-for-a-commit). ## Fixing "Analysis SARIF file rejected due to rule limits" There are two possible approaches here. -1. Reduce the number of rules you use to analyze the code. For more information, see [Defining the query suite to run](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#defining-the-query-suite-to-run) and [Excluding a query from analysis](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis) in "SARIF results file too large." -1. Run the analysis twice, each time with a different set of rules, and upload both results files to {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit). +1. Reduce the number of rules you use to analyze the code. For more information, see [Defining the query suite to run](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large#defining-the-query-suite-to-run) and [Excluding a query from analysis](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis) in "SARIF results file too large." +1. Run the analysis twice, each time with a different set of rules, and upload both results files to {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github#uploading-more-than-one-sarif-file-for-a-commit). ## Fixing "Analysis SARIF file rejected due to extension limits" -The simplest approach is to create a separate SARIF file each time you run the tool and upload each file separately. You may also need to contact the maintainer of the tool. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#uploading-more-than-one-sarif-file-for-a-commit). +The simplest approach is to create a separate SARIF file each time you run the tool and upload each file separately. You may also need to contact the maintainer of the tool. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github#uploading-more-than-one-sarif-file-for-a-commit). {% data variables.product.prodname_codeql %} analysis should not generate this error. If you see this error while using the {% data variables.product.prodname_codeql %} action or {% data variables.product.prodname_codeql_cli %}, you should contact {% data variables.contact.github_support %} to let us know. For more information, see [AUTOTITLE](/support/contacting-github-support). ## Fixing "Analysis SARIF file rejected due to location limit" -The best way to resolve this problem is usually to identify the query that reports too many locations and exclude it from analysis. For information on how to do this, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis). +The best way to resolve this problem is usually to identify the query that reports too many locations and exclude it from analysis. For information on how to do this, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large#excluding-a-query-from-analysis). ## Fixing "Analysis SARIF file rejected due to rule tag limits" diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/sarif-invalid.md similarity index 92% rename from content/code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid.md rename to content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/sarif-invalid.md index 24f668112f4b..155b212be343 100644 --- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/sarif-invalid.md @@ -1,9 +1,8 @@ --- -title: 'SARIF file is invalid' +title: SARIF file is invalid shortTitle: SARIF file invalid allowTitleToDifferFromFilename: true intro: '{% data variables.product.prodname_code_scanning_caps %} can only process syntactically valid SARIF files. Invalid files are rejected.' -type: reference topics: - Code scanning - Errors @@ -15,6 +14,8 @@ versions: ghec: '*' redirect_from: - /code-security/code-scanning/troubleshooting-sarif/sarif-invalid + - /code-security/code-scanning/troubleshooting-sarif-uploads/sarif-invalid +contentType: how-tos --- ## About this error diff --git a/content/code-security/code-quality/how-tos/allow-in-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/allow-github-code-quality-in-enterprise.md similarity index 87% rename from content/code-security/code-quality/how-tos/allow-in-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/allow-github-code-quality-in-enterprise.md index 5baeb2121cea..cc8cea2907d2 100644 --- a/content/code-security/code-quality/how-tos/allow-in-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/allow-github-code-quality-in-enterprise.md @@ -1,16 +1,19 @@ --- title: Allowing use of {% data variables.product.prodname_code_quality %} in your enterprise -shortTitle: Allow in enterprise -intro: 'Define policies for {% data variables.product.prodname_AS %} that allow repository owners to enable {% data variables.product.prodname_code_quality %}.' +shortTitle: Allow {% data variables.product.prodname_code_quality_short %} +intro: Define policies for {% data variables.product.prodname_AS %} that allow repository owners to enable {% data variables.product.prodname_code_quality %}. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' -permissions: 'Enterprise owners' +permissions: Enterprise owners audience: - driver topics: - Code Quality contentType: how-tos +allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/code-quality/how-tos/allow-in-enterprise --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-code-scanning-for-your-appliance.md similarity index 95% rename from content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-code-scanning-for-your-appliance.md index a1137757ff5e..8de323da91df 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-code-scanning-for-your-appliance.md @@ -1,7 +1,7 @@ --- title: '{% ifversion ghes %}Configuring code scanning for your appliance{% elsif default-setup-self-hosted-runners-GHEC %}Configuring self-hosted runners for code scanning in your enterprise{% endif %}' -shortTitle: Configuring code scanning -intro: 'You can enable, configure, and disable {% data variables.product.prodname_code_scanning %} for your enterprise{% ifversion default-setup-self-hosted-runners-GHEC %} without {% data variables.product.prodname_dotcom %}-hosted runners{% endif %}. {% data variables.product.prodname_code_scanning_caps %} allows users to scan code for vulnerabilities and errors.' +shortTitle: Configure code scanning +intro: You can enable, configure, and disable {% data variables.product.prodname_code_scanning %} for your enterprise{% ifversion default-setup-self-hosted-runners-GHEC %} without {% data variables.product.prodname_dotcom %}-hosted runners{% endif %}. {% data variables.product.prodname_code_scanning_caps %} allows users to scan code for vulnerabilities and errors. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.code-scanning %}' redirect_from: @@ -9,15 +9,16 @@ redirect_from: - /admin/configuration/configuring-code-scanning-for-your-appliance - /admin/advanced-security/configuring-code-scanning-for-your-appliance - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance + - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance versions: ghes: '*' ghec: '*' -type: how_to topics: - Advanced Security - Code scanning - Enterprise - Security +contentType: how-tos --- diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependabot-to-work-with-limited-internet-access.md similarity index 94% rename from content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependabot-to-work-with-limited-internet-access.md index ef48005ce65e..99e44183646a 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependabot-to-work-with-limited-internet-access.md @@ -1,9 +1,8 @@ --- title: Configuring Dependabot to work with limited internet access -intro: 'You can configure {% data variables.product.prodname_dependabot %} to generate pull requests for version and security updates using private registries when {% data variables.product.prodname_ghe_server %} has limited, or no, internet access.' +intro: You can configure {% data variables.product.prodname_dependabot %} to generate pull requests for version and security updates using private registries when {% data variables.product.prodname_ghe_server %} has limited, or no, internet access. versions: feature: dependabot-ghes-no-public-internet -type: how_to topics: - Dependabot - Version updates @@ -13,6 +12,8 @@ topics: shortTitle: Limited internet access redirect_from: - /admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access + - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access +contentType: how-tos --- ## About {% data variables.product.prodname_dependabot %} updates diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependency-review-for-your-appliance.md similarity index 89% rename from content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependency-review-for-your-appliance.md index 71fa68234bd9..dcba4160d9b8 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependency-review-for-your-appliance.md @@ -1,11 +1,10 @@ --- title: Configuring dependency review for your appliance -shortTitle: Configuring dependency review -intro: 'To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.product.prodname_ghe_server %}.' +shortTitle: Configure dependency review +intro: To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.product.prodname_ghe_server %}. product: '{% data reusables.gated-features.dependency-review %}' versions: ghes: '*' -type: how_to topics: - Advanced Security - Enterprise @@ -13,6 +12,8 @@ topics: - Security redirect_from: - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance + - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance +contentType: how-tos --- ## About dependency review diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md similarity index 90% rename from content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md index 86707a66323c..1786942ed315 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md @@ -1,20 +1,21 @@ --- title: Configuring secret scanning for your appliance -shortTitle: Configuring secret scanning -intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.' +shortTitle: Configure secret scanning +intro: You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets. product: '{% data reusables.gated-features.secret-scanning %}' redirect_from: - /admin/configuration/configuring-secret-scanning-for-your-appliance - /admin/advanced-security/configuring-secret-scanning-for-your-appliance - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance + - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance versions: ghes: '*' -type: how_to topics: - Advanced Security - Enterprise - Secret scanning - Security +contentType: how-tos --- ## About {% data variables.product.prodname_secret_scanning %} diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/enabling-the-dependency-graph-for-your-enterprise.md similarity index 94% rename from content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/enabling-the-dependency-graph-for-your-enterprise.md index 6139e4ec6f50..64900f631af9 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/enabling-the-dependency-graph-for-your-enterprise.md @@ -5,13 +5,14 @@ shortTitle: Enable dependency graph permissions: Site administrators can enable the dependency graph. versions: ghes: '*' -type: how_to topics: - Enterprise - Security - Dependency graph redirect_from: - /admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise + - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise +contentType: how-tos --- ## About the dependency graph diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/index.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/index.md new file mode 100644 index 000000000000..e19955e7173b --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/index.md @@ -0,0 +1,18 @@ +--- +title: Configure specific tools +intro: Learn how to configure specific {% data variables.product.github %} security and quality tools—such as the dependency graph, {% data variables.product.prodname_code_scanning %}, secret scanning, and {% data variables.product.prodname_dependabot %}—for your enterprise. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /enabling-the-dependency-graph-for-your-enterprise + - /allow-github-code-quality-in-enterprise + - /configuring-code-scanning-for-your-appliance + - /configuring-dependency-review-for-your-appliance + - /configuring-secret-scanning-for-your-appliance + - /viewing-the-vulnerability-data-for-your-enterprise + - /configuring-dependabot-to-work-with-limited-internet-access + - /setting-dependabot-to-run-on-github-hosted-runners-using-vnet +--- diff --git a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md similarity index 97% rename from content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md index 9c2dbb3a3f68..bab707f9f6a3 100644 --- a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md @@ -2,7 +2,7 @@ title: Setting up Dependabot to run on github-hosted action runners using the Azure Private Network intro: You can configure an Azure Virtual Network (VNET) to run {% data variables.product.prodname_dependabot %} on {% data variables.product.company_short %}-hosted runners. versions: - feature: dependabot-vnet-support + feature: dependabot-vnet-support permissions: '{% data reusables.permissions.dependabot-various-tasks %}' topics: - Repositories @@ -13,6 +13,9 @@ topics: - Pull requests allowTitleToDifferFromFilename: true shortTitle: Configure VNET +redirect_from: + - /code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet +contentType: how-tos --- ## Configuring VNET for {% data variables.product.prodname_dependabot_updates %} diff --git a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/viewing-the-vulnerability-data-for-your-enterprise.md similarity index 77% rename from content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/viewing-the-vulnerability-data-for-your-enterprise.md index 6f0c535e0a44..66d3c1ebc200 100644 --- a/content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/viewing-the-vulnerability-data-for-your-enterprise.md @@ -1,17 +1,18 @@ --- title: Viewing the vulnerability data for your enterprise -intro: 'You can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_ghe_server %}.' +intro: You can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_ghe_server %}. shortTitle: View vulnerability data -permissions: 'Site administrators' +permissions: Site administrators versions: ghes: '*' -type: how_to topics: - Enterprise - Security - Dependency graph redirect_from: - /admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise + - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise +contentType: how-tos --- If {% data variables.product.prodname_dependabot_alerts %} are enabled for your enterprise, you can view all vulnerabilities that were downloaded to {% data variables.product.prodname_ghe_server %} from the {% data variables.product.prodname_advisory_database %}. diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-a-custom-security-configuration-to-your-enterprise.md similarity index 82% rename from content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-a-custom-security-configuration-to-your-enterprise.md index c6ca7793cd31..f1f0fe267d08 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-a-custom-security-configuration-to-your-enterprise.md @@ -1,7 +1,7 @@ --- title: Applying a custom security configuration to your enterprise shortTitle: Apply custom configuration -intro: 'You can apply your {% data variables.product.prodname_custom_security_configuration %} to organizations and repositories in your organization to meet the specific security needs of your enterprise.' +intro: You can apply your {% data variables.product.prodname_custom_security_configuration %} to organizations and repositories in your organization to meet the specific security needs of your enterprise. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: feature: security-configuration-enterprise-level @@ -9,6 +9,9 @@ topics: - Advanced Security - Organizations - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise +contentType: how-tos --- ## About applying a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-to-your-enterprise.md similarity index 90% rename from content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-to-your-enterprise.md index 1c2399e4aab4..2ae482dcaf26 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-to-your-enterprise.md @@ -1,7 +1,7 @@ --- title: Applying the GitHub-recommended security configuration to your enterprise shortTitle: Apply recommended configuration -intro: 'Secure your code with the security enablement settings created, managed, and recommended by {% data variables.product.github %}.' +intro: Secure your code with the security enablement settings created, managed, and recommended by {% data variables.product.github %}. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: ghec: '*' @@ -9,6 +9,9 @@ topics: - Advanced Security - Enterprise - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise +contentType: how-tos --- ## About the {% data variables.product.prodname_github_security_configuration %} diff --git a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise.md similarity index 87% rename from content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise.md index 407c0b391153..632b0c16941a 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise.md @@ -1,7 +1,7 @@ --- title: Configuring additional secret scanning settings for your enterprise shortTitle: Configure additional settings -intro: 'Learn how to configure additional {% data variables.product.prodname_secret_scanning %} settings for your enterprise.' +intro: Learn how to configure additional {% data variables.product.prodname_secret_scanning %} settings for your enterprise. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: feature: security-configuration-enterprise-level @@ -9,6 +9,9 @@ topics: - Advanced Security - Enterprise - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise +contentType: how-tos --- ## About additional settings for {% data variables.product.prodname_secret_scanning %} @@ -51,6 +54,9 @@ You can customize which secret patterns are included in push protection, giving 1. Under "Additional settings", in the "{% data variables.product.UI_secret_protection_scanning %}" section, click anywhere inside the "Pattern configurations for push protection" row. 1. In the page that gets displayed, make the desired changes in the "Enterprise setting" column. + {% data reusables.secret-scanning.pattern-enablement-org-enterprise %} +For more information on how to read data on the {% data variables.product.prodname_secret_scanning %} pattern configuration page, see [AUTOTITLE](/code-security/reference/secret-security/secret-scanning-pattern-configuration-data). + {% endif %} diff --git a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md similarity index 93% rename from content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md index a1a8c640963d..7f3a06ea92e9 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md @@ -1,7 +1,7 @@ --- title: Creating a custom security configuration for your enterprise shortTitle: Create custom configuration -intro: 'Build a {% data variables.product.prodname_custom_security_configuration %} to meet the specific security needs of your enterprise.' +intro: Build a {% data variables.product.prodname_custom_security_configuration %} to meet the specific security needs of your enterprise. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: feature: security-configuration-enterprise-level @@ -9,6 +9,9 @@ topics: - Advanced Security - Enterprise - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise +contentType: how-tos --- ## About {% data variables.product.prodname_custom_security_configurations %} @@ -56,7 +59,8 @@ When creating a security configuration, keep in mind that: * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %} * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %} * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %} - * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %} + * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion push-protection-delegated-bypass-configurations-enterprise %} + * **Bypass privileges**. By assigning bypass privileges, selected repository, organization, and business members can bypass push protection. There is a review and approval process for all other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% endif %}{% ifversion security-delegated-alert-dismissal %} * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %} 1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features: * **Default setup**. To learn more about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). @@ -69,7 +73,8 @@ When creating a security configuration, keep in mind that: > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %} * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %} * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). - * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %} + * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %} + * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %} 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %} 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied: * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**. @@ -108,7 +113,8 @@ When creating a security configuration, keep in mind that: > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %} * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %} * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). - * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %} + * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %} + * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %} 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %} 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied: * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**. diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-github-advanced-security-for-your-enterprise.md similarity index 93% rename from content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-github-advanced-security-for-your-enterprise.md index db77274060f7..bac038aabcf1 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-github-advanced-security-for-your-enterprise.md @@ -1,21 +1,22 @@ --- title: Enabling {% data variables.product.prodname_GHAS %} {% ifversion ghas-products %}products {% endif %}for your enterprise -shortTitle: Enabling {% data variables.product.prodname_GHAS %} -intro: 'You can configure {% data variables.product.prodname_ghe_server %} to include {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}. This provides extra features that help users find and fix security problems in their code.' +shortTitle: Enable {% data variables.product.prodname_GHAS %} +intro: You can configure {% data variables.product.prodname_ghe_server %} to include {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}. This provides extra features that help users find and fix security problems in their code. product: '{% data reusables.gated-features.ghas-ghec %}' allowTitleToDifferFromFilename: true redirect_from: - /admin/advanced-security/enabling-github-advanced-security-for-your-enterprise - /admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise + - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise versions: ghes: '*' -type: how_to topics: - Advanced Security - Code scanning - Enterprise - Secret scanning - Security +contentType: how-tos --- ## About enabling {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-security-features-for-multiple-repositories.md similarity index 97% rename from content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-security-features-for-multiple-repositories.md index 64fb270fcce4..e9b336e12664 100644 --- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-security-features-for-multiple-repositories.md @@ -5,8 +5,7 @@ intro: You can use security overview to select a subset of repositories and enab permissions: '{% data reusables.permissions.security-org-enable %}' allowTitleToDifferFromFilename: true versions: - feature: security-configurations-beta-and-pre-beta # Display article for old GHES versions only -type: how_to + feature: security-configurations-beta-and-pre-beta topics: - Security overview - Code Security @@ -14,6 +13,9 @@ topics: - Alerts - Organizations - Teams +redirect_from: + - /code-security/security-overview/enabling-security-features-for-multiple-repositories +contentType: how-tos --- ## About enabling security features diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/index.md new file mode 100644 index 000000000000..59c6b066b576 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/index.md @@ -0,0 +1,16 @@ +--- +title: Establish complete coverage +intro: Learn how to establish comprehensive, enterprise-wide security coverage by enabling {% data variables.product.prodname_GHAS %}, applying recommended or custom security configurations, and configuring additional secret scanning settings across your enterprise. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /enabling-security-features-for-multiple-repositories + - /enabling-github-advanced-security-for-your-enterprise + - /applying-the-github-recommended-security-configuration-to-your-enterprise + - /creating-a-custom-security-configuration-for-your-enterprise + - /applying-a-custom-security-configuration-to-your-enterprise + - /configuring-additional-secret-scanning-settings-for-your-enterprise +--- diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/index.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/index.md new file mode 100644 index 000000000000..6021cbf9e07e --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/index.md @@ -0,0 +1,13 @@ +--- +title: Configure enterprise security +intro: Configure and standardize security features across your enterprise, including establishing coverage, managing settings, and enabling approved tools at scale. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /establish-complete-coverage + - /manage-your-coverage + - /configure-specific-tools +--- diff --git a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/deleting-a-custom-security-configuration.md similarity index 89% rename from content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/deleting-a-custom-security-configuration.md index 061e9ce6fd27..995c3f01501e 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/deleting-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Deleting a custom security configuration shortTitle: Delete custom configuration -intro: 'You can delete unnecessary {% data variables.product.prodname_custom_security_configurations %} in your enterprise.' +intro: You can delete unnecessary {% data variables.product.prodname_custom_security_configurations %} in your enterprise. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: feature: security-configuration-enterprise-level @@ -9,6 +9,9 @@ topics: - Advanced Security - Enterprise - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration +contentType: how-tos --- ## About deleting a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/editing-a-custom-security-configuration.md similarity index 88% rename from content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/editing-a-custom-security-configuration.md index 4b2f03dea2c8..38526997912c 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/editing-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Editing a custom security configuration shortTitle: Edit custom configuration -intro: 'Change the enablement settings in your {% data variables.product.prodname_custom_security_configuration %} to better meet the security needs of your repositories.' +intro: Change the enablement settings in your {% data variables.product.prodname_custom_security_configuration %} to better meet the security needs of your repositories. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' versions: feature: security-configuration-enterprise-level @@ -9,6 +9,9 @@ topics: - Advanced Security - Organizations - Security +redirect_from: + - /admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration +contentType: how-tos --- ## About editing a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md new file mode 100644 index 000000000000..cacb8f94f2f5 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md @@ -0,0 +1,12 @@ +--- +title: Manage your coverage +intro: Review and manage your enterprise’s repository security coverage by adjusting which repositories are included in your custom security configurations and removing unneeded configurations. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /editing-a-custom-security-configuration + - /deleting-a-custom-security-configuration +--- diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md similarity index 73% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md index 5891d34fe4ac..aac2c4d52b75 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md @@ -1,10 +1,9 @@ ---- -title: 'Running the secret risk assessment for your organization' -shortTitle: 'Assess your secret risk' -intro: 'Determine your organization''s exposure to leaked secrets by generating a {% data variables.product.prodname_secret_risk_assessment %} report.' +https://github.com/microsoft/vscode-java-pack/pull/1577#issue-3938033561--- +title: Running the secret risk assessment for your organization +shortTitle: Assess your secret risk +intro: Determine your organization's exposure to leaked secrets by generating a {% data variables.product.prodname_secret_risk_assessment %} report. product: '{% data reusables.gated-features.secret-risk-assessment-report %}' permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}' -type: how_to versions: feature: secret-risk-assessment topics: @@ -13,6 +12,10 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets +contentType: how-tos --- ## Generating an initial {% data variables.product.prodname_secret_risk_assessment %} @@ -28,7 +31,6 @@ topics: > [!NOTE] > You can only generate a secret risk assessment report once every 90 days. - {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} {% data reusables.security-overview.open-assessments-view %} diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/calculating-the-cost-savings-of-push-protection.md similarity index 97% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/calculating-the-cost-savings-of-push-protection.md index 18309da30280..d60f21e6af83 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/calculating-the-cost-savings-of-push-protection.md @@ -10,6 +10,8 @@ topics: - Secret scanning - Secret Protection contentType: how-tos +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection --- ## What is the cost savings calculator? diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md similarity index 51% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md index 34ad2b335d73..7bcaa2353f9b 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md @@ -1,46 +1,39 @@ --- title: Configuring advanced setup for code scanning with CodeQL at scale shortTitle: CodeQL advanced setup at scale -intro: 'You can use a script to configure advanced setup for {% data variables.product.prodname_code_scanning %} for a specific group of repositories in your organization.' +intro: Establish a highly customizable {% data variables.product.prodname_code_scanning %} setup at scale with a script. permissions: '{% data reusables.permissions.security-org-enable %}' product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Code Security - Code scanning allowTitleToDifferFromFilename: true +contentType: how-tos --- -## About enabling advanced setup for {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} at scale - -If you need to configure a highly customizable {% data variables.product.prodname_code_scanning %} setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can enable {% data variables.product.prodname_code_scanning %} at scale with advanced setup. - -To enable advanced setup across multiple repositories, you can write a bulk configuration script. To successfully execute the script, {% data variables.product.prodname_actions %} must be enabled for the {% ifversion fpt %}organization{% elsif ghec %}organization or enterprise{% elsif ghes %}site{% endif %}. - -Alternatively, if you do not need granular control over the {% data variables.product.prodname_code_scanning %} configuration for many repositories in your organization, you can quickly and easily configure {% data variables.product.prodname_code_scanning %} at scale with default setup. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale). - ## Using a script to enable advanced setup For repositories that are not eligible for default setup, you can use a bulk configuration script to enable advanced setup across multiple repositories. +> [!NOTE] To successfully execute the script, {% data variables.product.prodname_actions %} must be enabled for the {% ifversion fpt %}organization{% elsif ghec %}organization or enterprise{% elsif ghes %}instance{% endif %}. + 1. Identify a group of repositories that can be analyzed using the same {% data variables.product.prodname_code_scanning %} configuration. For example, all repositories that build Java artifacts using the production environment. 1. Create and test a {% data variables.product.prodname_actions %} workflow to call the {% data variables.product.prodname_codeql %} action with the appropriate configuration. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql). 1. Use one of the example scripts or create a custom script to add the workflow to each repository in the group. - * GitHub CLI extension: [`advanced-security/gh-add-files`](https://github.com/advanced-security/gh-add-files) - * Python example: [`Malwarebytes/ghas-cli`](https://github.com/Malwarebytes/ghas-cli) repository - * NodeJS example: [`nickliffen/ghas-enablement`](https://github.com/NickLiffen/ghas-enablement) repository - * PowerShell example: [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository + * GitHub CLI extension: [`advanced-security/gh-add-files`](https://github.com/advanced-security/gh-add-files?ref_product=code-scanning&ref_type=engagement&ref_style=text) + * Python example: [`Malwarebytes/ghas-cli`](https://github.com/Malwarebytes/ghas-cli?ref_product=code-scanning&ref_type=engagement&ref_style=text) repository + * NodeJS example: [`nickliffen/ghas-enablement`](https://github.com/NickLiffen/ghas-enablement?ref_product=code-scanning&ref_type=engagement&ref_style=text) repository + * PowerShell example: [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs?ref_product=code-scanning&ref_type=engagement&ref_style=text) repository -### Extending {% data variables.product.prodname_codeql %} coverage with model packs +## Next steps {% data reusables.code-scanning.beta-model-packs %} If your codebase depends on a library or framework that is not recognized by the standard queries in {% data variables.product.prodname_codeql %}, you can extend the {% data variables.product.prodname_codeql %} coverage in your bulk configuration script by specifying published {% data variables.product.prodname_codeql %} model packs. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs). - -Alternatively, if you do not need granular control over the {% data variables.product.prodname_code_scanning %} configuration for many repositories in your organization, you can quickly and easily configure model packs with {% data variables.product.prodname_code_scanning %} at scale with default setup. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup). diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-default-setup-for-code-scanning-at-scale.md similarity index 78% rename from content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-default-setup-for-code-scanning-at-scale.md index 7c1920ac623a..541a90dab296 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-default-setup-for-code-scanning-at-scale.md @@ -1,13 +1,13 @@ --- title: Configuring default setup for code scanning at scale shortTitle: Code scanning at scale -intro: 'You can quickly configure {% data variables.product.prodname_code_scanning %} for repositories across your organization using default setup.' +intro: You can quickly configure {% data variables.product.prodname_code_scanning %} for repositories across your organization using default setup. redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning-at-scale + - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale permissions: '{% data reusables.permissions.security-org-enable %}' product: '{% data reusables.gated-features.code-scanning %}' -type: how_to topics: - Code Security - Code scanning @@ -15,39 +15,12 @@ versions: fpt: '*' ghes: '*' ghec: '*' +contentType: how-tos --- -## About configuring default setup at scale +With default setup for {% data variables.product.prodname_code_scanning %}, you can quickly secure code in repositories across your organization. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types). -With default setup for {% data variables.product.prodname_code_scanning %}, you can quickly secure code in repositories across your organization. - -You can enable {% data variables.product.prodname_code_scanning %} for all repositories in your organization that are eligible for default setup. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in repositories in the organization will be scanned: - -* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches). -* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks. -* On a weekly schedule. - -For more information, see [Configuring default setup for all eligible repositories in an organization](#configuring-default-setup-for-all-eligible-repositories-in-an-organization). - -{% ifversion pre-security-configurations %} - -You can also use security overview to find a set of repositories in your organization and enable or disable default setup for all of them at the same time. For more information, see [Configuring default setup for a subset of repositories in an organization](#configuring-default-setup-for-a-subset-of-repositories-in-an-organization). - -{% endif %} - -For repositories that are not eligible for default setup, you can configure advanced setup at the repository level, or at the organization level using a script. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale). - - - - -### Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale - -A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup. - -* Advanced setup for {% data variables.product.prodname_code_scanning %} is not already enabled. -{% data reusables.code-scanning.require-actions-ghcs %} - -{% data reusables.code-scanning.default-setup-pre-enablement-explanation %} +For repositories that are not suitable for default setup, you can configure advanced setup at the repository level, or at the organization level using a script. {% ifversion pre-security-configurations %} @@ -56,23 +29,18 @@ A repository must meet all the following criteria to be eligible for default set {% endif %} -### About adding languages to an existing default setup configuration +## Prerequisites -If the code in a repository changes to include a {% data variables.product.prodname_codeql %}-supported language, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage. +A repository must meet all the following criteria to be eligible for default setup: -{% ifversion org-private-registry %} - -### Providing default setup access to private registries - -When a repository uses code stored in a private registry, default setup needs access to the registry to work effectively. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries). - -{% endif %} +* Advanced setup for {% data variables.product.prodname_code_scanning %} is not already enabled. +{% data reusables.code-scanning.require-actions-ghcs %} ## Configuring default setup for all eligible repositories in an organization {% ifversion security-configurations %} You can enable default setup for all eligible repositories in your organization. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). {% else %} -Through the "{% data variables.product.UI_advanced_security %}" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see [Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup). +Through the "{% data variables.product.UI_advanced_security %}" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} @@ -103,7 +71,7 @@ You can filter for specific repositories you would like to configure default set {% ifversion pre-security-configurations %} -Through security overview for your organization, you can find eligible repositories for default setup, then enable default setup across each of those repositories simultaneously. For more information on repository eligibility, see [Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup). +Through security overview for your organization, you can find eligible repositories for default setup, then enable default setup across each of those repositories simultaneously. ### Finding repositories that are eligible for default setup @@ -155,6 +123,14 @@ You can select all of the displayed repositories, or a subset of them, and enabl {% endif %} +{% ifversion org-private-registry %} + +## Providing default setup access to private registries + +When a repository uses code stored in a private registry, default setup needs access to the registry to work effectively. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries). + +{% endif %} + {% ifversion ghes or ghec %} ## Configuring merge protection for all repositories in an organization diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-private-vulnerability-reporting-for-an-organization.md similarity index 94% rename from content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-private-vulnerability-reporting-for-an-organization.md index 7d46e8fb726c..33a0778bc7bb 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-private-vulnerability-reporting-for-an-organization.md @@ -5,13 +5,14 @@ permissions: '{% data reusables.permissions.security-org-enable %}' versions: fpt: '*' ghec: '*' -type: how_to topics: - Security advisories - Vulnerabilities shortTitle: Configure for an organization redirect_from: - /code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization + - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization +contentType: how-tos --- ## About privately reporting a security vulnerability diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md similarity index 89% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md index 638c9b14a11c..5e2298a866ff 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md @@ -1,19 +1,21 @@ --- title: Enforcing dependency review across an organization -intro: 'Dependency review lets you catch insecure dependencies before you introduce them to your environment. You can enforce the use of the {% data variables.dependency-review.action_name %} across your organization.' +intro: Dependency review lets you catch insecure dependencies before you introduce them to your environment. You can enforce the use of the {% data variables.dependency-review.action_name %} across your organization. shortTitle: Enforce dependency review permissions: '{% data reusables.permissions.security-org-enable %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Code Security - Dependency review - Vulnerabilities - Dependencies - Pull requests +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization +contentType: how-tos --- ## About dependency review enforcement diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/estimating-the-price-of-secret-protection.md similarity index 95% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/estimating-the-price-of-secret-protection.md index 06a378ad3d62..3541e70c3b59 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/estimating-the-price-of-secret-protection.md @@ -10,6 +10,8 @@ topics: - Secret scanning - Secret Protection contentType: how-tos +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection --- ## What is the pricing calculator? diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/index.md new file mode 100644 index 000000000000..43c2335884c4 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/index.md @@ -0,0 +1,19 @@ +--- +title: Configure specific tools +intro: Configure individual code security tools across your organization to assess risk, enable protections, and manage scanning and dependency features at scale. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /assess-your-secret-risk + - /viewing-the-secret-risk-assessment-report-for-your-organization + - /estimating-the-price-of-secret-protection + - /calculating-the-cost-savings-of-push-protection + - /protect-your-secrets + - /configuring-default-setup-for-code-scanning-at-scale + - /configuring-advanced-setup-for-code-scanning-with-codeql-at-scale + - /enforcing-dependency-review-across-an-organization + - /configuring-private-vulnerability-reporting-for-an-organization +--- diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets.md new file mode 100644 index 000000000000..7f4c96c6acdc --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets.md @@ -0,0 +1,34 @@ +--- +title: Pricing and enabling {% data variables.product.prodname_GH_secret_protection %} +shortTitle: Protect your secrets +intro: Secure your organization's secrets within your budget by enabling {% data variables.product.prodname_GH_secret_protection %}. +product: Organizations on {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} +allowTitleToDifferFromFilename: true +contentType: how-tos +versions: + feature: secret-risk-assessment +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/protect-your-secrets +topics: + - Secret scanning + - Secret Protection + - Code Security + - Organizations + - Security +--- + +## Prerequisites + +Before you configure {% data variables.product.prodname_GH_secret_protection %}, you should run the free {% data variables.product.prodname_secret_risk_assessment %} to inform your enablement strategy. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk). + +## Configuring {% data variables.product.prodname_GH_secret_protection %} + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.security-overview %} +{% data reusables.security-overview.open-assessments-view %} +1. In the banner display, select the **Get started** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click one of following enablement options: + * **For public repositories for free**: Click to enable for _only_ public repositories in your organization. + * **For all repositories**: Click to see an estimated cost for {% data variables.product.prodname_GH_secret_protection %} for all repositories in your organization. + * If you are satisfied with the pricing estimate, to enable {% data variables.product.prodname_secret_scanning %} alerts and push protection across your organization, click **Enable {% data variables.product.prodname_secret_protection %}**. + * Alternatively, click **Configure in settings** to customize which repositories you want to enable {% data variables.product.prodname_secret_protection %} for. See {% ifversion fpt or ghec %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization) and {% endif %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/viewing-the-secret-risk-assessment-report-for-your-organization.md similarity index 54% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/viewing-the-secret-risk-assessment-report-for-your-organization.md index 71ce15a8b456..11f1847d72ea 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/viewing-the-secret-risk-assessment-report-for-your-organization.md @@ -1,11 +1,10 @@ --- -title: 'Viewing the secret risk assessment report for your organization' -shortTitle: 'View risk report' -intro: 'Understand your organization''s exposure to leaked secrets at a glance by viewing your most recent {% data variables.product.prodname_secret_risk_assessment %} report.' +title: Viewing the secret risk assessment report for your organization +shortTitle: View risk report +intro: Understand your organization's exposure to leaked secrets at a glance by viewing your most recent {% data variables.product.prodname_secret_risk_assessment %} report. product: '{% data reusables.gated-features.secret-risk-assessment-report %}' permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}' allowTitleToDifferFromFilename: true -type: how_to versions: feature: secret-risk-assessment topics: @@ -14,6 +13,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization +contentType: how-tos --- {% data reusables.organizations.navigate-to-org %} diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md similarity index 89% rename from content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md index 7b0a501c9765..c20779d4fe1a 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Applying a custom security configuration shortTitle: Apply custom configuration -intro: 'You can apply your {% data variables.product.prodname_custom_security_configuration %} to repositories in your organization to meet the specific security needs of those repositories.' +intro: You can apply your {% data variables.product.prodname_custom_security_configuration %} to repositories in your organization to meet the specific security needs of those repositories. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -12,6 +12,8 @@ topics: - Security redirect_from: - /code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration + - /code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration +contentType: how-tos --- ## About applying a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization.md similarity index 92% rename from content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization.md index ddf0d502ed6b..aee87cb7ac52 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization.md @@ -1,7 +1,7 @@ --- title: Applying the GitHub-recommended security configuration in your organization shortTitle: Apply recommended configuration -intro: 'Secure your code with the security enablement settings created, managed, and recommended by {% data variables.product.company_short %}.' +intro: Secure your code with the security enablement settings created, managed, and recommended by {% data variables.product.company_short %}. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations-cloud @@ -10,6 +10,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization +contentType: how-tos --- ## About the {% data variables.product.prodname_github_security_configuration %} diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization.md similarity index 84% rename from content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization.md index 3cacb400ffb4..f004b445b5bf 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization.md @@ -1,7 +1,7 @@ --- title: Configuring global security settings for your organization shortTitle: Configure global settings -intro: 'Customize {% data variables.product.prodname_AS %} features to strengthen the security of your organization.' +intro: Customize {% data variables.product.prodname_AS %} features for your organization by defining global settings that ensure consistent security standards and safeguard all your repositories. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,12 +10,11 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization +contentType: how-tos --- -## About {% data variables.product.prodname_global_settings %} - -Alongside {% data variables.product.prodname_security_configurations %}, which determine repository-level security settings, you should also configure {% data variables.product.prodname_global_settings %} for your organization. {% data variables.product.prodname_global_settings_caps %} apply to your entire organization, and can customize {% data variables.product.prodname_AS %} features based on your needs. {% ifversion ghes < 3.16 %}You can also create a team of security managers to monitor and maintain your organization's security.{% endif %} - ## Accessing the {% data variables.product.prodname_global_settings %} page for your organization {% data reusables.profile.access_org %} @@ -24,13 +23,11 @@ Alongside {% data variables.product.prodname_security_configurations %}, which d ## Configuring global {% data variables.product.prodname_dependabot %} settings -{% data reusables.dependabot.dependabot-overview %} - You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_dependabot %}: * [Creating and managing {% data variables.dependabot.auto_triage_rules %}](#creating-and-managing-dependabot-auto-triage-rules) * [Grouping {% data variables.product.prodname_dependabot %} security updates](#grouping-dependabot-security-updates){% ifversion dependabot-on-actions-opt-in %} -* [Enabling dependency updates on {% data variables.product.prodname_actions %} runners](#enabling-dependency-updates-on-github-actions-runners){% endif %}{% ifversion dependabot-arc-support %} +* [Enabling dependency updates on {% data variables.product.prodname_actions %} runners](#enabling-dependency-updates-on-github-actions-runners){% endif %}{% ifversion dependabot-self-hosted-labels %} * [Configuring the runner type for {% data variables.product.prodname_dependabot %}](#configuring-the-runner-type-for-dependabot){% endif %}{% ifversion fpt %} * [Granting {% data variables.product.prodname_dependabot %} access to private repositories](#granting-dependabot-access-to-private-repositories){% else %} * [Granting {% data variables.product.prodname_dependabot %} access to private and internal repositories](#granting-dependabot-access-to-private-and-internal-repositories){% endif %} @@ -41,11 +38,11 @@ You can create and manage {% data variables.dependabot.auto_triage_rules %} to i * You can create a new rule by clicking **New rule**, then entering the details for your rule and clicking **Create rule**. * You can edit an existing rule by clicking {% octicon "pencil" aria-label="Edit CURATED-OR-CUSTOM rule" %}, then making the desired changes and clicking **Save rule**. -For more information on {% data variables.dependabot.auto_triage_rules %}, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules) and [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-organization). +For more information on {% data variables.dependabot.auto_triage_rules %}, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-organization). ### Grouping {% data variables.product.prodname_dependabot_security_updates %} -{% data variables.product.prodname_dependabot %} can group all automatically suggested security updates into a single pull request. To enable grouped security updates, select **Grouped security updates**. For more information about grouped updates and customization options, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request). +{% data variables.product.prodname_dependabot %} can group all automatically suggested security updates into a single pull request. To enable grouped security updates, select **Grouped security updates**. For more information about grouped updates and customization options, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request). {% ifversion dependabot-on-actions-opt-in %} @@ -59,14 +56,14 @@ For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dep {% endif %} -{% ifversion dependabot-arc-support %} +{% ifversion dependabot-self-hosted-labels %} ### Configuring the runner type for {% data variables.product.prodname_dependabot %} You can configure which type of runner {% data variables.product.prodname_dependabot %} uses to scan for version and security updates. By default, {% data variables.product.prodname_dependabot %} uses standard **{% data variables.product.company_short %}-hosted runners**. You can configure {% data variables.product.prodname_dependabot %} to use **self-hosted runners** with custom labels, which allows you to integrate with existing runner infrastructure such as {% data variables.product.prodname_actions_runner_controller %} (ARC). > [!NOTE] -> * For security reasons, {% data variables.product.prodname_dependabot %} uses {% data variables.product.company_short %}-hosted runners for public repositories, even when you configure labeled runners. +> * For security reasons, {% data variables.product.prodname_dependabot %} uses {% data variables.product.company_short %}-hosted runners for public repositories, even when you configure labeled runners. > * Labeled runners **do not work** for public repositories. To configure the runner type: @@ -80,7 +77,6 @@ To configure the runner type: * Optionally, in "Runner group name", enter the name of a runner group if you want to target a specific group of runners. 1. Click **Save runner selection**. - {% endif %} {% ifversion dependabot-on-actions-self-hosted %} @@ -91,7 +87,7 @@ For more information about configuring self-hosted runners for {% data variables ### Granting {% data variables.product.prodname_dependabot %} access to private {% ifversion ghec or ghes %}and internal {% endif %}repositories -To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories). +To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see [AUTOTITLE](/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories). ## Configuring global {% data variables.product.prodname_code_scanning %} settings @@ -107,14 +103,15 @@ You can recommend that repositories in your organization use the "Extended" quer You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_code_scanning %}: {% ifversion code-scanning-autofix %}* [Enabling {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql){% endif %} -* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion ghes < 3.17 %} +* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup) +* [Expanding {% data variables.product.prodname_codeql %} analysis](#expanding-codeql-analysis){% ifversion ghes < 3.17 %} * [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests).{% endif %} {% endif %} ### Recommending the extended query suite for default setup -{% data variables.product.prodname_code_scanning_caps %} offers specific groups of {% data variables.product.prodname_codeql %} queries, called {% data variables.product.prodname_codeql %} query suites, to run against your code. By default, the "Default" query suite is run. {% data variables.product.company_short %} also offers the "Extended" query suite, which contains all the queries in the "Default" query suite, plus additional queries with lower precision and severity. To suggest the "Extended" query suite across your organization, select **Recommend the extended query suite for repositories enabling default setup**. For more information on built-in query suites for {% data variables.product.prodname_codeql %} default setup, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites). +{% data variables.product.prodname_code_scanning_caps %} offers specific groups of {% data variables.product.prodname_codeql %} queries, called {% data variables.product.prodname_codeql %} query suites, to run against your code. By default, the "Default" query suite is run. {% data variables.product.company_short %} also offers the "Extended" query suite, which contains all the queries in the "Default" query suite, plus additional queries with lower precision and severity. To suggest the "Extended" query suite across your organization, select **Recommend the extended query suite for repositories enabling default setup**. For more information on built-in query suites for {% data variables.product.prodname_codeql %} default setup, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-suites). {% ifversion code-scanning-autofix %} @@ -124,6 +121,10 @@ You can select **{% data variables.copilot.copilot_autofix_short %}** to enable {% endif %} +### Expanding {% data variables.product.prodname_codeql %} analysis + +You can expand {% data variables.product.prodname_codeql %} analysis coverage for all repositories in your organization that use default setup by configuring {% data variables.product.prodname_codeql %} model packs. Model packs extend the {% data variables.product.prodname_codeql %} analysis to recognize additional frameworks and libraries that are not included in the standard {% data variables.product.prodname_codeql %} libraries. This global configuration applies to repositories using default setup and allows you to specify model packs published via the container registry. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization). + {% ifversion ghes < 3.17 %} ### Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests @@ -148,7 +149,7 @@ To provide context for developers when {% data variables.product.prodname_secret ### Defining custom patterns -You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). +You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning). {% ifversion push-protected-pattern-configuration %} @@ -160,8 +161,11 @@ You can customize which secret patterns are included in push protection, giving 1. Under "Additional settings", in the "{% data variables.product.prodname_secret_scanning_caps %}" section and to the right of "Pattern configurations", click **{% octicon "gear" aria-label="The Gear icon" %}**. 1. In the page that gets displayed, make the desired changes in the "Organization setting" column. + {% data reusables.secret-scanning.pattern-enablement-org-enterprise %} +For more information on how to read data on the {% data variables.product.prodname_secret_scanning %} pattern configuration page, see [AUTOTITLE](/code-security/reference/secret-security/secret-scanning-pattern-configuration-data). + {% endif %} ## Creating security managers for your organization diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md similarity index 93% rename from content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md index 7579165d9a20..272312a743db 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Creating a custom security configuration shortTitle: Create custom configuration -intro: 'Build a {% data variables.product.prodname_custom_security_configuration %} to meet the specific security needs of repositories in your organization.' +intro: Build a {% data variables.product.prodname_custom_security_configuration %} to meet the specific security needs of repositories in your organization. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -12,31 +12,23 @@ topics: - Security redirect_from: - /code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration + - /code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration +contentType: how-tos --- -## About {% data variables.product.prodname_custom_security_configurations %} +{% ifversion security-configurations-cloud %} -{% ifversion fpt or ghec %} +If you are familiar with {% data variables.product.company_short %}'s security products, and you have specific security needs that the {% data variables.product.prodname_github_security_configuration %} can't meet, you can create and apply {% data variables.product.prodname_custom_security_configurations %}. For more information, see [AUTOTITLE](/code-security/concepts/security-at-scale/choosing-a-security-configuration-for-your-repositories). -We recommend securing your organization with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization). - -{% endif %} +{% else %} With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your organization. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each group of repositories to reflect their different levels of visibility, risk tolerance, and impact. -{% ifversion ghas-products %} - -You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration. - -{%- ifversion fpt or ghec %} If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories.{% endif %} For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security). - -{% endif %} - -{% ifversion ghes %} - * Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI. * {% ifversion ghas-products %}Some features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance has purchased the relevant {% data variables.product.prodname_GHAS %} product ({% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}){% else %}{% data variables.product.prodname_GHAS %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %} license{% endif %}. -* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.{% endif %} +* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance. + +{% endif %} {% ifversion ghas-products %} @@ -70,7 +62,8 @@ You can also choose whether or not you want to include {% data variables.product > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %} * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %} * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). - * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %} + * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %} + * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %} 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %} 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied: * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**. @@ -110,7 +103,8 @@ You can also choose whether or not you want to include {% data variables.product > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %} * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %} * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). - * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %} + * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %} + * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %} 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %} 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied: * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**. diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/index.md new file mode 100644 index 000000000000..012a36ec3a09 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/index.md @@ -0,0 +1,14 @@ +--- +title: Establish complete coverage +intro: Ensure all repositories in your organization are covered by security protections by applying recommended or custom configurations and managing global security settings. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /applying-the-github-recommended-security-configuration-in-your-organization + - /creating-a-custom-security-configuration + - /applying-a-custom-security-configuration + - /configuring-global-security-settings-for-your-organization +--- diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/index.md new file mode 100644 index 000000000000..a68b28f3d80d --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/index.md @@ -0,0 +1,19 @@ +--- +title: Configuring security features in your organization +shortTitle: Configure organization security +intro: Configure security across your organization by establishing coverage, managing settings, and controlling access to code security tools at scale. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /establish-complete-coverage + - /manage-your-coverage + - /configure-specific-tools + - /manage-usage-and-access +redirect_from: + - /code-security/securing-your-organization/enabling-security-features-in-your-organization + - /code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations + - /code-security/securing-your-organization +--- diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md similarity index 74% rename from content/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md index e08582aa32f8..cc1a6f76102a 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md @@ -1,7 +1,7 @@ --- title: Giving security features access to private registries shortTitle: Give access to private registries -intro: 'If your organization uses private registries, you can improve the results of {% data variables.product.prodname_code_scanning %} analysis and enable {% data variables.product.prodname_dependabot %} to maintain more dependencies by setting up access to these registries.' +intro: If your organization uses private registries, you can improve the results of {% data variables.product.prodname_code_scanning %} analysis and enable {% data variables.product.prodname_dependabot %} to maintain more dependencies by setting up access to these registries. allowTitleToDifferFromFilename: true versions: feature: org-private-registry @@ -9,24 +9,35 @@ topics: - Code Security - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries +contentType: how-tos --- ## About the importance of providing access to private registries -When a repository uses code stored in a private registry, some security features need access to the registry to enable them to work effectively. Without access to all the dependencies of a repository, {% ifversion code-quality %}{% data variables.product.prodname_code_quality_short %} ({% data variables.release-phases.public_preview %}), {% endif %}{% data variables.product.prodname_code_scanning %} default setup and {% data variables.product.prodname_dependabot %} are limited. +When code in a repository has dependencies that are stored in a private registry, some security features need access to the registry to enable them to work effectively. Without access to all the dependencies of a repository, the effectiveness of {% ifversion code-quality %}{% data variables.product.prodname_code_quality_short %} ({% data variables.release-phases.public_preview %}), {% endif %}{% data variables.product.prodname_code_scanning %} default setup and {% data variables.product.prodname_dependabot %} are limited. ## {% data variables.product.prodname_code_scanning_caps %} default setup access to private registries -If you do not define access to the private registries your organization uses, then {% data variables.product.prodname_code_scanning %} will only gather necessary data from dependencies available in public registries. Most times, this is enough for surfacing most of the vulnerabilities. However, in some cases the lack of access can lead to false negative results, that is, {% data variables.product.prodname_code_scanning %} is unable to detect a vulnerability in the code because it does not have all the information it needs to analyze the code. For example, some of the data flow paths may not be detected because steps are defined in dependencies that are not accessible and {% data variables.product.prodname_code_scanning %} does not know how to interpret them. +If you do not define access to the private registries your organization uses, then {% data variables.product.prodname_code_scanning %} will only gather necessary data from dependencies available in public registries. Most times, this is enough for surfacing most of the vulnerabilities. However, in some cases the lack of access can lead to false negative results. In other words, {% data variables.product.prodname_code_scanning %} is unable to detect a vulnerability in the code because it does not have all the information it needs to analyze the code. For example, some of the data flow paths may not be detected because steps are defined in dependencies that are not accessible and {% data variables.product.prodname_code_scanning %} does not know how to interpret them. When you configure access to the private registries used in your organization, {% data variables.product.prodname_code_scanning %} has access to all the information it needs and is much less likely to miss a vulnerability. +{% data variables.product.prodname_code_scanning_caps %} default setup supports the following registry types: + +| Language | Registry types | +|----------|----------------| +| C# | NuGet Feed | +| Go | GOPROXY server, Git Source | +| Java | Maven Repository | + > [!TIP] -> You can define one of each type of registry for each organization. If the codebases in your organization use more than one registry of a given type, you should define access to the most important registry for the codebases in that organization. +> You can define one of each type of registry for each organization. If the codebases in your organization use more than one registry of a given type, you should set up a unified access point or define access to the most important registry for the codebases in that organization. ### Defining registry access for {% data variables.product.prodname_code_scanning %} default setup -You need to be an **organization owner** to set up access to private registries in the user interface. You can also use the REST API with organization owner or `{read,write}_org_private_registries` permission. +You need to be an **organization owner** to set up access to private registries in the user interface. You can also use the REST API with the organization owner or `{read,write}_org_private_registries` permissions. 1. On the **Settings** tab for the organization, scroll down to the "Security" section and select **Secrets and variables**. 1. In the expanded list of secrets and variables, select **Private registries** to display the "Private Registries" page. @@ -35,6 +46,7 @@ You need to be an **organization owner** to set up access to private registries * **URL** is the location where you access the private registry. For example, to use the {% data variables.product.prodname_registry %} registry for NuGet: `https://nuget.pkg.github.com/`. * **Type** is the type of registry. 1. Select either **Token** or **Username and password**, depending on the authentication method, then enter data into the appropriate fields. + Some types of authentication tokens, such as a {% data variables.product.github %} {% data variables.product.pat_generic_title_case %}, are tied to a particular user identity. Select the **Username and password** option for these and enter the relevant username as **Username** and the token as **Password**. 1. Define which repositories in the organization can access the private registry using these details: all, private and internal, or selected repositories only. 1. When you have finished defining the private registry, select **Add Registry** to save the registry information. diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/index.md new file mode 100644 index 000000000000..cb5e969deae0 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/index.md @@ -0,0 +1,12 @@ +--- +title: Manage usage and access +intro: Control access to code security features and monitor usage across your organization, including access to private registries and {% data variables.product.prodname_AS %} license consumption. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /giving-org-access-private-registries + - /managing-your-github-advanced-security-license-usage +--- diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/managing-your-github-advanced-security-license-usage.md similarity index 71% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/managing-your-github-advanced-security-license-usage.md index 0071180688d8..a660af8ca00d 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/managing-your-github-advanced-security-license-usage.md @@ -1,7 +1,7 @@ --- title: Managing your paid use of {% data variables.product.prodname_AS %} shortTitle: Manage paid GHAS use -intro: 'You can understand and control the costs of using {% data variables.product.prodname_GH_cs_and_sp %} in repositories in your organization.' +intro: Control the costs of {% data variables.product.prodname_GH_cs_and_sp %} in your organization. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.security-org-enable %}' product: '{% data reusables.gated-features.ghas-billing %}' @@ -12,18 +12,14 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage +contentType: how-tos --- -## Requirements for enabling {% data variables.product.prodname_AS %} products +## Prerequisites -To use {% data variables.product.prodname_GHAS_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}. - -* **Metered billing:** by default, there is no limit on how many licenses you can consume. See {% data reusables.advanced-security.control-use-cost-links %}. -* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:** once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_GHAS_cs_or_sp %} on additional repositories until you free up or buy additional licenses. - -With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization, as well as the number of available {% data variables.product.prodname_GHAS_cs_or_sp %} licenses in your {% data variables.enterprise.enterprise_or_org %}. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion fpt or ghec %} on private and internal repositories{% endif %} at scale. - -To learn about licensing for {% data variables.product.prodname_GHAS_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). +Before you can effectively manage your paid use of {% data variables.product.prodname_AS %}, you should understand how {% data variables.product.prodname_AS %} is billed. See [AUTOTITLE](/billing/concepts/product-billing/github-advanced-security). ## Understanding your license usage @@ -57,12 +53,14 @@ To learn about licensing for {% data variables.product.prodname_GHAS_cs_and_sp % The simplest way to turn off all {% data variables.product.prodname_cs_or_sp %} features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features. -To prevent future enablement of security features, we recommend you ask your enterprise administrator to set the enterprise account's {% data variables.product.prodname_AS %} policies so that: -* {% data variables.product.prodname_AS %} is **not available**. -* Repository administrators are **not allowed** to enable or disable {% data variables.product.prodname_AS %} features for their repositories. -See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise). - > [!TIP] > Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration) and [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration). + +{% ifversion ghec or ghes %} +To prevent future enablement of security features, we recommend you ask your enterprise administrator to set the enterprise account's {% data variables.product.prodname_AS %} policies so that: +* {% data variables.product.prodname_AS %} is **not available**. +* Repository administrators are **not allowed** to enable or disable {% data variables.product.prodname_AS %} features for their repositories. +See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise). +{% endif %} diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/deleting-a-custom-security-configuration.md similarity index 87% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/deleting-a-custom-security-configuration.md index bf8834e753c0..9cc5f36a12e1 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/deleting-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Deleting a custom security configuration shortTitle: Delete custom configuration -intro: 'You can delete unnecessary {% data variables.product.prodname_custom_security_configurations %} in your organization.' +intro: You can delete unnecessary {% data variables.product.prodname_custom_security_configurations %} in your organization. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,6 +10,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration +contentType: how-tos --- ## About deleting a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/detaching-repositories-from-their-security-configurations.md similarity index 87% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/detaching-repositories-from-their-security-configurations.md index f536a27c732c..fc736b753276 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/detaching-repositories-from-their-security-configurations.md @@ -1,7 +1,7 @@ --- title: Detaching repositories from their security configurations shortTitle: Detach security configuration -intro: 'You can unlink repositories from their {% data variables.product.prodname_security_configurations %} and instead manage their security enablement settings at the repository level.' +intro: You can unlink repositories from their {% data variables.product.prodname_security_configurations %} and instead manage their security enablement settings at the repository level. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,6 +10,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations +contentType: how-tos --- ## About detaching repositories from their {% data variables.product.prodname_security_configurations %} diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/editing-a-custom-security-configuration.md similarity index 89% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/editing-a-custom-security-configuration.md index 2d5a1adaf201..05fb8fea12fc 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/editing-a-custom-security-configuration.md @@ -1,7 +1,7 @@ --- title: Editing a custom security configuration shortTitle: Edit custom configuration -intro: 'Change the enablement settings in your {% data variables.product.prodname_custom_security_configuration %} to better meet the security needs of your repositories.' +intro: Change the enablement settings in your {% data variables.product.prodname_custom_security_configuration %} to better meet the security needs of your repositories. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,6 +10,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration +contentType: how-tos --- ## About editing a {% data variables.product.prodname_custom_security_configuration %} diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/filtering-repositories-in-your-organization-using-the-repository-table.md similarity index 73% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table.md rename to content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/filtering-repositories-in-your-organization-using-the-repository-table.md index 395411669540..db1df229329c 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/filtering-repositories-in-your-organization-using-the-repository-table.md @@ -1,7 +1,7 @@ --- title: Filtering repositories in your organization using the repository table shortTitle: Filter repositories -intro: 'You can filter the repository table for your organization to better manage the security settings of specific repositories.' +intro: You can filter the repository table for your organization to better manage the security settings of specific repositories. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,11 +10,12 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table +contentType: how-tos --- -## About filtering repositories in your organization - -By default, when managing {% data variables.product.prodname_security_configurations %} for repositories in your organization, the repository table displays all repositories in your organization. You can filter the repository table to help you apply and detach {% data variables.product.prodname_security_configurations %}, as well as manage {% data variables.product.prodname_AS %} license usage in your organization. +You can filter the repository table in your organization to quickly find and manage specific repositories when applying {% data variables.product.prodname_security_configurations %} or managing {% data variables.product.prodname_AS %} license usage in the organization. This article explains how to use filters in the repository table. ## Filtering the repository table with the search bar diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md new file mode 100644 index 000000000000..b2e2925ab35d --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md @@ -0,0 +1,14 @@ +--- +title: Manage your coverage +intro: Review and adjust your organization’s security coverage by managing which repositories are included in security configurations and updating or removing configurations as needed. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /editing-a-custom-security-configuration + - /filtering-repositories-in-your-organization-using-the-repository-table + - /detaching-repositories-from-their-security-configurations + - /deleting-a-custom-security-configuration +--- diff --git a/content/code-security/how-tos/secure-at-scale/index.md b/content/code-security/how-tos/secure-at-scale/index.md new file mode 100644 index 000000000000..fe26bd501157 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/index.md @@ -0,0 +1,21 @@ +--- +title: Secure at scale +intro: Secure your codebase at scale by configuring security at the enterprise and organization levels and troubleshooting security configurations as needed. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: how-tos +children: + - /configure-enterprise-security + - /configure-organization-security + - /troubleshoot-security-configurations +--- diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md similarity index 90% rename from content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md rename to content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md index 1a8117262ac0..5435ac149fd4 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md @@ -1,16 +1,18 @@ --- title: A repository is using advanced setup for code scanning shortTitle: Active advanced setup -intro: 'You see an error when you try to attach a {% data variables.product.prodname_security_configuration %} with default code scanning enabled to repositories that use advanced setup for code scanning.' +intro: You see an error when you try to attach a {% data variables.product.prodname_security_configuration %} with default code scanning enabled to repositories that use advanced setup for code scanning. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations redirect_from: - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning + - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning topics: - Code Security - Organizations - Security +contentType: how-tos --- ## About the problem diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/feature-disappears.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/feature-disappears.md similarity index 88% rename from content/code-security/securing-your-organization/troubleshooting-security-configurations/feature-disappears.md rename to content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/feature-disappears.md index d4ef187f419b..e830534b9072 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/feature-disappears.md +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/feature-disappears.md @@ -2,7 +2,7 @@ title: A feature has disappeared from a security configuration shortTitle: Feature disappears allowTitleToDifferFromFilename: true -intro: 'Changes to your {% data variables.product.prodname_ghe_server %} instance''s installation settings by a site administrator may affect which security features are available to your configuration.' +intro: Changes to your {% data variables.product.prodname_ghe_server %} instance's installation settings by a site administrator may affect which security features are available to your configuration. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations-ghes-only @@ -11,6 +11,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/troubleshooting-security-configurations/feature-disappears +contentType: how-tos --- ## About the problem diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/finding-repositories-with-attachment-failures.md similarity index 87% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures.md rename to content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/finding-repositories-with-attachment-failures.md index ec8347fdfc29..39d60f155f6d 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures.md +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/finding-repositories-with-attachment-failures.md @@ -2,7 +2,7 @@ title: Finding and fixing configuration attachment failures shortTitle: Find attachment failures allowTitleToDifferFromFilename: true -intro: 'You can identify any repositories where the security configuration could not be attached, and follow guidance to remediate the problem.' +intro: You can identify any repositories where the security configuration could not be attached, and follow guidance to remediate the problem. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -11,6 +11,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/managing-the-security-of-your-organization/finding-repositories-with-attachment-failures +contentType: how-tos --- ## Finding and remediating attachment failures diff --git a/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/index.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/index.md new file mode 100644 index 000000000000..aaf2d7df46b5 --- /dev/null +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/index.md @@ -0,0 +1,17 @@ +--- +title: Troubleshoot security configurations +intro: Identify and resolve issues with your security configurations by diagnosing common problems related to setup, coverage, and license availability. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /a-repository-is-using-advanced-setup-for-code-scanning + - /feature-disappears + - /unexpected-default-setup + - /finding-repositories-with-attachment-failures + - /not-enough-github-advanced-security-licenses +redirect_from: + - /code-security/securing-your-organization/troubleshooting-security-configurations +--- diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/not-enough-github-advanced-security-licenses.md similarity index 84% rename from content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md rename to content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/not-enough-github-advanced-security-licenses.md index 4991d85c1b1f..cc7b141f360d 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/not-enough-github-advanced-security-licenses.md @@ -1,7 +1,7 @@ --- title: Not enough GitHub Advanced Security licenses shortTitle: Not enough GHAS licenses -intro: 'If you are on a subscription-based billing model for GHAS, you need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository.' +intro: If you are on a subscription-based billing model for GHAS, you need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,6 +10,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses +contentType: how-tos --- If you are on a volume / subscription-based billing model for {% data variables.product.prodname_GHAS %} (GHAS), you must have an available GHAS license for any additional unique active committers to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/unexpected-default-setup.md b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/unexpected-default-setup.md similarity index 79% rename from content/code-security/securing-your-organization/troubleshooting-security-configurations/unexpected-default-setup.md rename to content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/unexpected-default-setup.md index 27a22e4c501d..99390fa96e36 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/unexpected-default-setup.md +++ b/content/code-security/how-tos/secure-at-scale/troubleshoot-security-configurations/unexpected-default-setup.md @@ -1,7 +1,7 @@ --- title: Default setup for code scanning overrides advanced setup shortTitle: Unexpected default setup -intro: 'You apply a {% data variables.product.prodname_security_configuration %} with "Enabled with advanced setup allowed" and the existing advanced setup for {% data variables.product.prodname_code_scanning %} is ignored in some repositories.' +intro: You apply a {% data variables.product.prodname_security_configuration %} with "Enabled with advanced setup allowed" and the existing advanced setup for {% data variables.product.prodname_code_scanning %} is ignored in some repositories. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -9,6 +9,9 @@ topics: - Code Security - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/troubleshooting-security-configurations/unexpected-default-setup +contentType: how-tos --- ## About the problem diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md similarity index 96% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md index a611622acb49..256b26b46da5 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md @@ -1,17 +1,19 @@ --- title: Defining custom patterns for secret scanning shortTitle: Define custom patterns -intro: 'You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions.' +intro: You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions. product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}' permissions: '{% data reusables.permissions.security-enterprise-enable %}' redirect_from: - /code-security/secret-security/defining-custom-patterns-for-secret-scanning - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret Protection - Secret scanning diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-extended-metadata-checks-for-your-repository.md similarity index 85% rename from content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-extended-metadata-checks-for-your-repository.md index 13b83fb69db6..f7d9cb49d040 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-extended-metadata-checks-for-your-repository.md @@ -1,17 +1,18 @@ --- title: Enabling extended metadata checks for your repository shortTitle: Enable metadata checks -intro: 'Learn how to enable extended metadata checks for detected secrets so alerts detected by {% data variables.product.prodname_secret_scanning %} include additional information that help you assess and remediate leaks faster.' +intro: Learn how to enable extended metadata checks for detected secrets so alerts detected by {% data variables.product.prodname_secret_scanning %} include additional information that help you assess and remediate leaks faster. product: '{% data reusables.gated-features.metadata-checks-ghas %}' permissions: '{% data reusables.permissions.push-protection %}' versions: feature: secret-scanning-extended-metadata-checks -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts -contentType: how-tos +redirect_from: + - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository --- {% data reusables.secret-scanning.metadata-checks-public-preview %} diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-validity-checks-for-your-repository.md similarity index 91% rename from content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-validity-checks-for-your-repository.md index f1efd8e0ef27..06662990997f 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-validity-checks-for-your-repository.md @@ -1,15 +1,17 @@ --- title: Enabling validity checks for your repository shortTitle: Enable validity checks -intro: 'Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.' +intro: Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive. product: '{% data reusables.gated-features.partner-pattern-validity-check-ghas %}' versions: feature: secret-scanning-validity-check-partner-patterns -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts +redirect_from: + - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository --- ## About validity checks diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/excluding-folders-and-files-from-secret-scanning.md similarity index 80% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/excluding-folders-and-files-from-secret-scanning.md index 93bba13213fb..fd6507c6a153 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/excluding-folders-and-files-from-secret-scanning.md @@ -1,25 +1,21 @@ --- title: Excluding folders and files from secret scanning -intro: 'You can customize {% data variables.product.prodname_secret_scanning %} to automatically close alerts for secrets found in specific directories or files by configuring a `secret_scanning.yml` file in your repository.' +intro: You can customize {% data variables.product.prodname_secret_scanning %} to automatically close alerts for secrets found in specific directories or files by configuring a `secret_scanning.yml` file in your repository. permissions: '{% data reusables.permissions.secret-scanning-alerts %}' shortTitle: Exclude folders and files versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Repositories +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning --- -## About {% data variables.product.prodname_secret_scanning %} - -{% data variables.product.prodname_secret_scanning_caps %} automatically detects tokens or credentials that have been checked into a repository. You can view {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}alerts{% endif %} for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised.{% data reusables.secret-scanning.alert-type-links %} - -## About excluding directories from {% data variables.secret-scanning.user_alerts %} - You may have a reason to commit a secret to a repository, such as when you want to provide a fake secret in documentation, or in an example application. In these scenarios, you can quickly dismiss the alert and document the reasons. However, there may be cases where you want to ignore a directory entirely to avoid creating false positive alerts at scale. For example, you might have a monolithic application with several integrations containing a file of dummy keys that could set off numerous false alerts to triage. You can configure a `secret_scanning.yml` file to automatically close alerts found in specific directories from {% data variables.product.prodname_secret_scanning %}, and exclude these directories included in push protection. These alerts are closed as "ignored by configuration". diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md similarity index 83% rename from content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md index 85851a8ad76d..a7dc297af1a4 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md @@ -1,12 +1,12 @@ --- title: Generating regular expressions for custom patterns with Copilot secret scanning -shortTitle: Regular expression generator -intro: 'You can use {% data variables.secret-scanning.copilot-secret-scanning %}''s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} to write regular expressions for custom patterns. The generator uses an AI model to generate expressions that match your input, and optionally example strings.' +shortTitle: Generate regular expressions +intro: You can use {% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} to write regular expressions for custom patterns. The generator uses an AI model to generate expressions that match your input, and optionally example strings. permissions: '{% data reusables.permissions.security-repo-enable %}' allowTitleToDifferFromFilename: true versions: feature: secret-scanning-custom-pattern-ai-generated -type: how_to +contentType: how-tos topics: - Secret Protection - Secret scanning @@ -16,6 +16,7 @@ redirect_from: - /code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/generating-regular-expressions-for-custom-patterns-with-ai - /code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai + - /code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning --- ## Generating a regular expression for a repository with {% data variables.secret-scanning.copilot-secret-scanning %} diff --git a/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md new file mode 100644 index 000000000000..5492bf35afc7 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md @@ -0,0 +1,22 @@ +--- +title: How-tos for customizing secret leak detection +shortTitle: Detection customization +intro: Learn how to customize {% data variables.product.github %}'s secret leak detection tools. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features +children: + - /defining-custom-patterns-for-secret-scanning + - /generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning + - /managing-custom-patterns + - /excluding-folders-and-files-from-secret-scanning + - /enabling-validity-checks-for-your-repository + - /enabling-extended-metadata-checks-for-your-repository +--- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/managing-custom-patterns.md similarity index 91% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md rename to content/code-security/how-tos/secure-your-secrets/customize-leak-detection/managing-custom-patterns.md index 0ba9c75f4561..1e8b495421ac 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/managing-custom-patterns.md @@ -1,16 +1,18 @@ --- title: Managing custom patterns shortTitle: Manage custom patterns -intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.' +intro: You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns. permissions: '{% data reusables.permissions.security-enterprise-enable %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret Protection - Secret scanning +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns --- Custom patterns are user-defined patterns that you can use to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). @@ -39,6 +41,8 @@ When you remove a custom pattern, {% data variables.product.github %} gives you 1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern. 1. Click **Yes, delete this pattern**. +If you choose to close the alerts when removing a custom pattern, you need to be aware that the deletion process happens asynchronously in the background. For custom patterns that have generated a high volume of alerts (thousands or more), the deletion process may take several minutes to hours to complete. You can continue working while the process completes. + ## Enabling push protection for a custom pattern You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at the enterprise, organization, or repository level. diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md similarity index 88% rename from content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md rename to content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md index dcd8c18cb2ba..c688b97739a7 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md +++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md @@ -1,12 +1,12 @@ --- title: Enabling Copilot secret scanning's generic secret detection shortTitle: Enable generic secret detection -intro: 'You can enable {% data variables.secret-scanning.generic-secret-detection %} for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page.' +intro: You can enable {% data variables.secret-scanning.generic-secret-detection %} for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.security-repo-enable %}' versions: feature: secret-scanning-ai-generic-secret-detection -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection @@ -15,6 +15,7 @@ topics: redirect_from: - /code-security/secret-scanning/enabling-ai-powered-generic-secret-detection - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/enabling-ai-powered-generic-secret-detection + - /code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection --- ## Enabling {% data variables.secret-scanning.generic-secret-detection %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md similarity index 80% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md rename to content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md index 0fd1da8ea261..f766dd9a6fbf 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md +++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md @@ -1,20 +1,23 @@ --- title: Enabling secret scanning for non-provider patterns allowTitleToDifferFromFilename: true -intro: 'You can enable {% data variables.product.prodname_secret_scanning %} to detect additional potential secrets at the {% ifversion security-configurations %}repository and organization levels{% else %}repository level{% endif %}.' +intro: You can enable {% data variables.product.prodname_secret_scanning %} to detect additional potential secrets at the {% ifversion security-configurations %}repository and organization levels{% else %}repository level{% endif %}. permissions: '{% data reusables.permissions.security-repo-enable %}' product: '{% data reusables.gated-features.secret-scanning-non-provider-patterns %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts - Repositories shortTitle: Enable for non-provider patterns +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns --- ## Enabling scanning for non-provider patterns diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-your-repository.md similarity index 93% rename from content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md rename to content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-your-repository.md index 941742026291..df76460857f9 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md +++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-your-repository.md @@ -1,17 +1,19 @@ --- title: Enabling secret scanning for your repository shortTitle: Enable secret scanning -intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for leaked secrets and generates alerts.' +intro: You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for leaked secrets and generates alerts. product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts +redirect_from: + - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository --- ## About enabling {% data variables.secret-scanning.user_alerts %} diff --git a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md new file mode 100644 index 000000000000..63ec3f163859 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md @@ -0,0 +1,19 @@ +--- +title: How-tos for detecting secret leaks +shortTitle: Leak detection +intro: Learn how to use {% data variables.product.github %}'s tools to detect secret leaks. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +redirect_from: + - /code-security/secret-scanning/enabling-secret-scanning-features +children: + - /enabling-secret-scanning-for-your-repository + - /enabling-secret-scanning-for-non-provider-patterns + - /enabling-ai-powered-generic-secret-detection +--- diff --git a/content/code-security/how-tos/secure-your-secrets/index.md b/content/code-security/how-tos/secure-your-secrets/index.md new file mode 100644 index 000000000000..5d4ddf8b6d7b --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/index.md @@ -0,0 +1,22 @@ +--- +title: How-tos for securing secrets +shortTitle: Secure your secrets +intro: Learn how to use {% data variables.product.github %}'s security and code quality features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +redirect_from: + - /code-security/secret-scanning +children: + - /detect-secret-leaks + - /customize-leak-detection + - /prevent-future-leaks + - /work-with-leak-prevention + - /manage-bypass-requests +--- + diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md similarity index 74% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md rename to content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md index a95992c025dd..1dffc63abd78 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md @@ -1,18 +1,20 @@ --- title: Enabling delegated bypass for push protection -intro: 'You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}.' +intro: You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}. permissions: '{% data reusables.permissions.delegated-bypass %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts - Repositories shortTitle: Enable delegated bypass +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection --- ## About enabling delegated bypass for push protection @@ -52,7 +54,10 @@ When you enable this feature, you will create a bypass list of roles and teams w You must configure delegated bypass for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization. -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.org_settings %} +{% data reusables.security-configurations.view-configurations-page %} +{% data reusables.security-configurations.custom-security-configurations-org %} 1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}," ensure that {% ifversion ghas-products %}"Push protection" is set to **Enabled**{% else %}the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**{% endif %}. 1. Under "Push protection," to the right of "Bypass privileges," select the dropdown menu, then click **Specific actors**. @@ -89,6 +94,33 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu {% ifversion push-protection-bypass-fine-grained-permissions %} +{% ifversion push-protection-delegated-bypass-configurations-enterprise %} + +## Enabling delegated bypass for an enterprise + +You can configure delegated bypass for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories, organizations, or businesses in your enterprise. + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.settings-tab %} +{% data reusables.enterprise-accounts.advanced-security-tab %} +{% data reusables.security-configurations.view-configurations-page %} +{% data reusables.security-configurations.custom-security-configurations-enterprise %} +1. Under **Secret scanning**, ensure **Push protection** is enabled. +1. Under "Push protection," to the right of "Bypass privileges," select the dropdown menu, then click **Specific actors**. + + > [!NOTE] + > When you assign bypass privileges to selected actors, these organizations' members are granted the ability to bypass push protection, and they also review and manage the requests from all other contributors to bypass push protection. + > + > You can't add secret teams to the bypass list. + +1. Click the "Select actors" dropdown menu, then select the roles and teams you want to assign bypass privileges to. +1. Click **Save configuration**. +1. Apply the security configuration to all (or selected) organizations and repositories in your enterprise. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration). + +When you apply the configuration, delegated bypass settings are enforced for the organizations and repositories in scope of that enterprise security configuration. Repositories outside the scope of the configuration aren’t affected. + +{% endif %} + ## Using fine-grained permissions to control who can review and manage bypass requests You can grant specific individuals or teams in your organization the ability to review and manage bypass requests using fine-grained permissions. diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md new file mode 100644 index 000000000000..261f68f37691 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md @@ -0,0 +1,18 @@ +--- +title: How-tos for bypass requests +shortTitle: Bypass requests +intro: Learn how to use the delegated bypass feature. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +children: + - /enabling-delegated-bypass-for-push-protection + - /managing-requests-to-bypass-push-protection + - /reviewing-requests-to-bypass-push-protection +--- + diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/managing-requests-to-bypass-push-protection.md similarity index 50% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md rename to content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/managing-requests-to-bypass-push-protection.md index 3a42dc9391b4..a57f9d9affad 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/managing-requests-to-bypass-push-protection.md @@ -1,50 +1,31 @@ --- title: Managing requests to bypass push protection -intro: 'As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.' +intro: As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository. permissions: '{% data reusables.permissions.delegated-bypass-list %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts - Repositories shortTitle: Manage bypass requests +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection --- -## Managing requests to bypass push protection - {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} -When enabling delegated bypass for push protection, organization owners or repository administrators decide which {% ifversion push-protection-bypass-fine-grained-permissions %}individuals, {% endif %}roles or teams can review (approve or deny) requests to bypass push protection. - ->[!NOTE] -> You can also use {% data variables.product.prodname_github_apps %} with fine-grained permissions to programmatically review and approve push protection bypass requests. This enables your organization to streamline security request reviews and enforce policies, or integrate with external security tools, ensuring that all reviews meet established standards. _For {% data variables.product.prodname_ghe_server %}, the use of {% data variables.product.prodname_github_apps %} to review bypass requests is available from version 3.19._ -> For more information about permissions, see [Organization permissions for "Organization bypass requests for secret scanning"](/enterprise-cloud@latest/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#organization-permissions-for-organization-bypass-requests-for-secret-scanning). - -When a contributor requests bypass privileges to push a commit containing a secret, this designated group of reviewers: - -* Receives an email notification containing a link to the request. -* Reviews the request in the "Bypass requests" page of the repository{% ifversion security-overview-delegated-bypass-requests %}, or in the organization's security overview{% endif %}. -* Has 7 days to either approve or deny the request before the request expires. - -To help reviewers efficiently triage secrets for which there is a bypass request, {% data variables.product.prodname_dotcom %} displays the following information in the request: - -* Name of the user who attempted the push. -* Repository where the push was attempted. -* Commit hash of the push. -* Timestamp of the push.{% ifversion push-protection-delegated-bypass-enhancements %} -* File path and branch information. The branch information is only available for pushes to single branches.{% endif %} +When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets. -The contributor is notified of the decision by email and must take the required action: +This article explains how to review and manage bypass requests for repositories and organizations. -* If the request is approved, the contributor can push the commit containing the secret to the repository. -* If the request is denied, the contributor must remove the secret from the commit in order to successfully push the commit to the repository. +For more information about how bypass requests work, see [AUTOTITLE](/code-security/concepts/secret-security/about-bypass-requests-for-push-protection). -### Managing requests for a repository +## Managing requests for a repository {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} @@ -59,13 +40,13 @@ The contributor is notified of the decision by email and must take the required {% ifversion security-overview-delegated-bypass-requests %} -### Managing requests for an organization +## Managing requests for an organization Organization owners, security managers and organization members with the relevant fine-grained permission (via a custom role) can review and manage bypass requests for all repositories in the organization using security overview. See [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection). {% endif %} -### Filtering requests +## Filtering requests You can filter requests by: @@ -74,7 +55,7 @@ You can filter requests by: * Timeframe * Status -#### Filtering by status +### Filtering by status The following statuses are assigned to a request: diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md similarity index 92% rename from content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md rename to content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md index ffb553904dcd..616e6bc857f8 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md @@ -1,10 +1,10 @@ --- title: Reviewing requests to bypass push protection shortTitle: Review bypass requests -intro: 'You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization.' +intro: You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}' -type: how_to +contentType: how-tos topics: - Security overview - Secret Protection @@ -14,6 +14,8 @@ topics: - Alerts versions: feature: security-overview-delegated-bypass-requests +redirect_from: + - /code-security/security-overview/reviewing-requests-to-bypass-push-protection --- ## About bypass requests diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md new file mode 100644 index 000000000000..ccf4b9e4ca67 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md @@ -0,0 +1,31 @@ +--- +title: Enabling push protection for your repository +shortTitle: Enable push protection +intro: With push protection, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block. +permissions: '{% data reusables.permissions.push-protection %}' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +topics: + - Secret scanning + - Secret Protection + - Alerts +redirect_from: + - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository +--- + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %} +1. If you have not already enabled {% data variables.product.prodname_secret_protection %}, to the right of "{% data variables.product.prodname_secret_protection %}", click **Enable**. +1. In the "{% data variables.product.prodname_secret_protection %}" section, to the right of "Push protection", click **Enable**.{% else %} +{% data reusables.repositories.navigate-to-ghas-settings %} +{% data reusables.advanced-security.secret-scanning-push-protection-repo %}{% endif %} + +## Further reading + +* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection) +* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning) +* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md new file mode 100644 index 000000000000..d8e374f8d745 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md @@ -0,0 +1,17 @@ +--- +title: How-tos for leak prevention +shortTitle: Leak prevention +intro: Learn how to prevent future secret leaks with {% data variables.product.github %}'s tools. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +children: + - /enabling-push-protection-for-your-repository + - /push-protection-for-users +--- + diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md similarity index 90% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md rename to content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md index 33a7a7bbc652..22319c1294cf 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md +++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md @@ -1,10 +1,11 @@ --- title: Push protection for users -intro: 'With push protection for users, you are automatically protected on all pushes to public repositories across {% data variables.product.github %}.' +shortTitle: Push protection for users +intro: With push protection for users, you are automatically protected on all pushes to public repositories across {% data variables.product.github %}. versions: feature: secret-scanning-push-protection-for-users product: '{% data reusables.gated-features.push-protection-for-users %}' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection @@ -12,6 +13,7 @@ topics: - User account redirect_from: - /code-security/secret-scanning/push-protection-for-users + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users --- ## About push protection for users diff --git a/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md new file mode 100644 index 000000000000..d69c827dacd5 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md @@ -0,0 +1,18 @@ +--- +title: How-tos for push protection +shortTitle: Push protection +intro: Learn how to use {% data variables.product.github %}'s push protection. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: how-tos +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection +children: + - /working-with-push-protection-from-the-command-line + - /working-with-push-protection-in-the-github-ui +--- diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line.md similarity index 53% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md rename to content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line.md index 324b4851c1a4..0d0fabb82967 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md +++ b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line.md @@ -1,57 +1,36 @@ --- title: Working with push protection from the command line shortTitle: Push protection on the command line -intro: 'Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' +intro: Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes. permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts - Repositories +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line --- -## About push protection from the command line - -Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets. - -When you attempt to push a supported secret from the command line to a repository secured by push protection, {% data variables.product.prodname_dotcom %} will block the push. - -You should either: - -* **Remove** the secret from your branch. For more information, see [Resolving a blocked push](#resolving-a-blocked-push). -* **Follow a provided URL** to see what options are available to you to allow the push. For more information, see [Bypassing push protection](#bypassing-push-protection) and [Requesting bypass privileges](#requesting-bypass-privileges). - -Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret. - -If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository). - -{% data reusables.secret-scanning.push-protection-multiple-branch-note %} - ## Resolving a blocked push To resolve a blocked push, you must remove the secret from all of the commits it appears in. * If the secret was introduced by your latest commit, see [Removing a secret introduced by the latest commit on your branch](#removing-a-secret-introduced-by-the-latest-commit-on-your-branch). * If the secret appears in earlier commits, see [Removing a secret introduced by an earlier commit on your branch](#removing-a-secret-introduced-by-an-earlier-commit-on-your-branch). ->[!NOTE] To learn how to resolved a blocked commit in the {% data variables.product.prodname_dotcom %} UI, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui#resolving-a-blocked-commit). - ### Removing a secret introduced by the latest commit on your branch -If the blocked secret was introduced by the latest commit on your branch, you can follow the guidance below. - 1. Remove the secret from your code. 1. To commit the changes, run `git commit --amend --all`. This updates the original commit that introduced the secret instead of creating a new commit. 1. Push your changes with `git push`. ### Removing a secret introduced by an earlier commit on your branch -You can also remove the secret if the secret appears in an earlier commit in the Git history. To do so, you will need to identify which commit first introduced the secret and modify the commit history with an interactive rebase. - 1. Examine the error message that displayed when you tried to push your branch, which lists all of the commits that contain the secret. ```text @@ -119,13 +98,7 @@ You can also remove the secret if the secret appears in an earlier commit in the ## Bypassing push protection -If {% data variables.product.prodname_dotcom %} blocks a secret that you believe is safe to push, you may be able to bypass the block by specifying a reason for allowing the secret to be pushed. - -{% data reusables.secret-scanning.push-protection-allow-secrets-alerts %} - -{% data reusables.secret-scanning.push-protection-allow-email %} - -If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see [Requesting bypass privileges](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges). +> [!NOTE] If you don't see the option to bypass a block, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. See [Requesting bypass privileges](#requesting-bypass-privileges). {% data reusables.secret-scanning.push-protection-visit-URL %} {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %} @@ -135,22 +108,13 @@ If you don't see the option to bypass the block, the repository administrator or ## Requesting bypass privileges -{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} - -If your push has been blocked by push protection and you believe the secret is safe to push, you can request permission to bypass the block. Your request is sent to a designated group of reviewers, who will either approve or deny the request. - -Requests expire after 7 days. - {% data reusables.secret-scanning.push-protection-visit-URL %} {% data reusables.secret-scanning.push-protection-bypass-request-add-comment %} {% data reusables.secret-scanning.push-protection-submit-bypass-request %} -{% data reusables.secret-scanning.push-protection-bypass-request-check-email %} - -{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %} - -If your request is approved, you can push the commit (or commits) containing the secret to the repository, as well as any future commits that contain the same secret. +{% data reusables.secret-scanning.push-protection-bypass-request-check-email %} {% data reusables.secret-scanning.push-protection-bypass-request-decision-email %} -If your request is denied, you will need to remove the secret from all commits containing the secret before pushing again. For information on how to remove a blocked secret, see [Resolving a blocked push](#resolving-a-blocked-push). + * If your request is **approved**, you can push the commit (or commits) containing the secret to the repository, as well as any future commits that contain the same secret. + * If your request is **denied**, you need to remove the secret from all commits before pushing again. For information on how to remove a blocked secret, see [Resolving a blocked push](#resolving-a-blocked-push). ## Further reading diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-in-the-github-ui.md similarity index 94% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md rename to content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-in-the-github-ui.md index 57526b410c31..2ce7de42ee9d 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md +++ b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-in-the-github-ui.md @@ -1,18 +1,20 @@ --- title: Working with push protection in the GitHub UI shortTitle: Push protection in the GitHub UI -intro: 'Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' +intro: Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes. permissions: '{% data reusables.permissions.push-protection-resolve-block %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to +contentType: how-tos topics: - Secret scanning - Secret Protection - Alerts - Repositories +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui --- ## About push protection in the {% data variables.product.prodname_dotcom %} UI diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/exporting-a-software-bill-of-materials-for-your-repository.md similarity index 94% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md rename to content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/exporting-a-software-bill-of-materials-for-your-repository.md index 2d0341491374..eb56096302e0 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/exporting-a-software-bill-of-materials-for-your-repository.md @@ -6,12 +6,14 @@ versions: ghes: '*' ghec: '*' permissions: '{% data reusables.permissions.dependency-graph-export-sbom %}' -type: how_to topics: - Dependency graph - Dependencies - Repositories shortTitle: Export dependencies as SBOM +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository +contentType: how-tos --- ## About the dependency graph and SBOM exports diff --git a/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/index.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/index.md new file mode 100644 index 000000000000..e9336ee5b70c --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/index.md @@ -0,0 +1,17 @@ +--- +title: Establishing provenance and integrity for your projects +shortTitle: Establish provenance and integrity +intro: Secure and audit your releases and artifacts. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /preventing-changes-to-your-releases + - /exporting-a-software-bill-of-materials-for-your-repository + - /upload-linked-artifacts + - /view-linked-artifacts + - /remove-linked-artifacts +--- + diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/preventing-changes-to-your-releases.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/preventing-changes-to-your-releases.md similarity index 82% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/preventing-changes-to-your-releases.md rename to content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/preventing-changes-to-your-releases.md index 8d056b886621..6ca1c12a966e 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/preventing-changes-to-your-releases.md +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/preventing-changes-to-your-releases.md @@ -1,15 +1,17 @@ --- title: Preventing changes to your releases shortTitle: Prevent release changes -intro: 'You can enforce immutable releases for a repository or organization to prevent potential vulnerabilities.' +intro: You can enforce immutable releases for a repository or organization to prevent potential vulnerabilities. versions: fpt: '*' ghec: '*' -type: overview topics: - Code Security - Vulnerabilities - Dependencies +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/preventing-changes-to-your-releases +contentType: how-tos --- ## Enforcing immutable releases for your repository diff --git a/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/remove-linked-artifacts.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/remove-linked-artifacts.md new file mode 100644 index 000000000000..190a953f007e --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/remove-linked-artifacts.md @@ -0,0 +1,33 @@ +--- +title: Removing artifacts from the {% data variables.product.virtual_registry %} +intro: "Set the storage and deployment status of artifacts to reflect that they are no longer in use." +versions: + feature: virtual-registry +topics: + - Vulnerabilities + - Dependencies +contentType: concepts +product: 'Organization accounts on any plan' +permissions: 'Write access to the repository where an artifact is built' +shortTitle: Remove linked artifacts +--- + +It is **not possible** to delete an artifact from the {% data variables.product.virtual_registry %}. However, if an artifact has been removed from your organization's registry or is no longer deployed anywhere, you can update an artifact's storage or deployment record to reflect its status. + +## Updating a storage record + +When you delete an artifact from your external registry, you can use the [Create artifact metadata storage record](/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record) API endpoint to set the status of an existing artifact to `deleted`. You can also mark an artifact as `eol`. + +This information is displayed as a tag next to the artifact repository name. + +![Screenshot of the artifact page. The "deleted" tag is highlighted in orange.](/assets/images/help/security/virtual-registry-deleted.png) + +If you have deleted an artifact from a registry, you should also remove any attestations associated with the artifact. See [AUTOTITLE](/actions/how-tos/secure-your-work/use-artifact-attestations/manage-attestations). + +## Updating a deployment record + +When an artifact stops being deployed in a given environment, you can use the [Create an artifact deployment record](/rest/orgs/artifact-metadata#create-an-artifact-deployment-record) API endpoint to set the deployment's status to `decommissioned`. + +This information is reflected in the icon next to the deployment record. + +![Screenshot of the artifact page. A cloud icon with a line through it is highlighted in orange.](/assets/images/help/security/virtual-registry-decommissioned.png) diff --git a/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts.md new file mode 100644 index 000000000000..dea89c9bbc37 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts.md @@ -0,0 +1,167 @@ +--- +title: Uploading storage and deployment data to the {% data variables.product.virtual_registry %} +intro: "Associate packages and builds in your organization with storage and deployment data." +versions: + feature: virtual-registry +topics: + - Vulnerabilities + - Dependencies +contentType: concepts +product: 'Organization accounts on any plan' +permissions: 'Anyone with write access to an organization-owned repository' +shortTitle: Upload linked artifacts +--- + +The {% data variables.product.virtual_registry %} includes storage records and deployment records for artifacts that you build in your organization. Metadata for each artifact is provided by your organization using one of the following methods: + +* A workflow containing one of {% data variables.product.company_short %}'s actions for **artifact attestations** +* An integration with the **JFrog Artifactory** or **Microsoft Defender for Cloud** +* A custom script using the **artifact metadata REST API** + +The available methods depend on whether you are uploading a storage record or a deployment record. For more information about record types, see [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts#which-metadata-is-included). + +## Uploading a storage record + +You can upload a storage record by creating an **artifact attestation** or enabling an integration with **JFrog Artifactory**. If you don't want to use these options, you must set up a custom integration with the **REST API**. + +### Attesting with {% data variables.product.prodname_actions %} + +You can upload a storage record for an artifact using {% data variables.product.github %}'s first-party actions for artifact attestations. You can do this in the same workflow you use to build the artifact. These actions create signed provenance and integrity guarantees for the software you build, as well as automatically uploading a storage record to the {% data variables.product.virtual_registry %}. + +{% data reusables.actions.attestation-virtual-registry %} + +For more information on using these actions, see [AUTOTITLE](/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). + +If the artifact does not require attestation, or if you want to upload deployment records or additional storage metadata, see the following sections. + +### Using the JFrog integration + +This two-way integration automatically keeps your storage records on {% data variables.product.github %} up to date with the artifact on JFrog. For example, attestations you create on {% data variables.product.github %} are automatically uploaded to JFrog, and promoting an artifact to production on JFrog automatically adds the production context to the record on {% data variables.product.github %}. + +For setup instructions, see [Get Started with JFrog Artifactory and GitHub Integration](https://jfrog.com/help/r/jfrog-and-github-integration-guide/get-started-with-jfrog-artifactory-and-github-integration) in the JFrog documentation. + +### Using the REST API + +For artifacts that do not need to be attested and are not stored on JFrog, you can create a custom integration using the [Create artifact metadata storage record](/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record) API endpoint. You should configure your system to call the endpoint whenever an artifact is published to your chosen package repository. + +>[!NOTE] If the artifact is not associated with a provenance attestation on {% data variables.product.github %}, the `github_repository` parameter is mandatory. + +## Uploading a deployment record + +If you store artifacts in **{% data variables.product.prodname_mdc_definition %}**, you can use an integration to automatically sync data to the {% data variables.product.virtual_registry %}. Otherwise, you must set up a custom integration with the **REST API**. + +### Using the Microsoft Defender for Cloud integration + +You can connect your {% data variables.product.prodname_mdc %} instance to your {% data variables.product.github %} organization. {% data variables.product.prodname_mdc %} will automatically send deployment and runtime data to {% data variables.product.github %}. + +For setup instructions, see [Quick Start: Connect your {% data variables.product.github %} Environment to {% data variables.product.prodname_microsoft_defender %}](https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github) in the documentation for {% data variables.product.prodname_mdc %}. + +{% data reusables.security.production-context-mdc-preview %} + +### Using the REST API + +The [Create an artifact deployment record](/rest/orgs/artifact-metadata#create-an-artifact-deployment-record) API endpoint allows systems to send deployment data for a specific artifact to {% data variables.product.github %}, such as its name, digest, environments, cluster, and deployment. You should call this endpoint whenever an artifact is deployed to a new staging or production environment. + +>[!NOTE] If the artifact is not associated with a provenance attestation on {% data variables.product.github %}, the `github_repository` parameter is mandatory. + +## Verifying an upload + +To check that a record has been uploaded successfully, you can view the updated artifact in your organization settings. See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/view-linked-artifacts). + +## Removing unwanted records + +It is not possible to delete an artifact from the {% data variables.product.virtual_registry %}. However, you can update a storage record or deployment record to reflect an artifact's status. See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/remove-linked-artifacts). + +## {% data variables.product.prodname_actions %} examples + +You can upload data to the {% data variables.product.virtual_registry %} in the same workflow you use to build and publish an artifact. + +### Generating an attestation + +In the following example, we build and publish a Docker image, then use the `{% raw %}${{ steps.push.outputs.digest }}{% endraw %}` output in the next step to generate a provenance attestation. + +The `attest-build-provenance` action automatically uploads a storage record to the {% data variables.product.virtual_registry %} when `push-to-registry: true` is set and the workflow includes the `artifact-metadata: write` permission. + +``` yaml +{% raw %} +env: + IMAGE_NAME: my-container-image + ACR_ENDPOINT: my-registry.azurecr.io + +jobs: + generate-build: + name: Build and publish Docker image + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + attestations: write + packages: write + artifact-metadata: write + + steps: + - name: Build and push Docker image + id: push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + push: true + tags: | + ${{ env.ACR_ENDPOINT }}/${{ env.IMAGE_NAME }}:latest + ${{ env.ACR_ENDPOINT }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v3 + with: + subject-name: ${{ env.ACR_ENDPOINT }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true +{% endraw %} +``` + +### Using the REST API + +Alternatively, if you are not generating an attestation, you can call the artifact metadata API directly. + +``` yaml +{% raw %} +env: + IMAGE_NAME: my-container-image + IMAGE_VERSION: 1.1.2 + ACR_ENDPOINT: my-registry.azurecr.io + +jobs: + generate-build: + name: Build and publish Docker image + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + packages: write + artifact-metadata: write + + steps: + - name: Build and push Docker image + id: push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + push: true + tags: | + ${{ env.ACR_ENDPOINT }}/${{ env.IMAGE_NAME }}:latest + ${{ env.ACR_ENDPOINT }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + + - name: Create artifact metadata storage record + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + jq -n --arg artifactName "${{ env.IMAGE_NAME }}" --arg artifactVersion "${{ env.IMAGE_VERSION }}" --arg artifactDigest "${{ steps.push.outputs.digest }}" '{"name": $artifactName, "digest": $artifactDigest, "version": $artifactVersion, "registry_url": "https://azurecr.io", "repository": "my-repository"}' > create-record.json + + gh api -X POST orgs/${{ github.repository_owner }}/artifacts/metadata/storage-record --input create-record.json + shell: bash +{% endraw %} +``` + +## Next steps + +Once you have uploaded data, teams in your organization can use the context from storage and deployment data to prioritize security alerts. See [AUTOTITLE](/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code). diff --git a/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/view-linked-artifacts.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/view-linked-artifacts.md new file mode 100644 index 000000000000..1ef7a7d933c2 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/view-linked-artifacts.md @@ -0,0 +1,32 @@ +--- +title: Auditing your organization's builds on the {% data variables.product.virtual_registry %} +intro: "View or export metadata for build runs, storage details, and deployment context." +versions: + feature: virtual-registry +topics: + - Vulnerabilities + - Dependencies +contentType: concepts +product: 'Organization accounts on any plan' +permissions: 'Anyone with read access to an organization-owned repository' +shortTitle: View linked artifacts +--- + +You can use the {% data variables.product.virtual_registry %} to connect your organization's artifacts to their build details, deployment context, and security metadata. The {% data variables.product.virtual_registry %} collects metadata for artifacts built with {% data variables.product.prodname_actions %} in your organization's repositories, regardless of whether the artifacts are stored on {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). + +## Viewing an artifact + +{% data reusables.package_registry.package-settings-from-org-level %} +1. In the left sidebar, click **Linked artifacts**. +1. Click the artifact you want to view. +1. On the artifact's page, you can: + + * View the artifact's deployment history and registry storage details + * Click through to the repository where the artifact's source code is defined + * If available, click on the artifact's provenance attestation to find the workflow run that was used to build the artifact + +For more information about how data enters the {% data variables.product.virtual_registry %}, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts). + +## Exporting artifact metadata + +To export metadata in bulk for an audit, use the [List artifact deployment records](/rest/orgs/artifact-metadata#list-artifact-deployment-records) and [List artifact storage records](/rest/orgs/artifact-metadata#list-artifact-storage-records) endpoints of the artifact metadata API. diff --git a/content/code-security/how-tos/secure-your-supply-chain/index.md b/content/code-security/how-tos/secure-your-supply-chain/index.md new file mode 100644 index 000000000000..1c7f24d76091 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/index.md @@ -0,0 +1,21 @@ +--- +title: Securing your supply chain +shortTitle: Secure your supply chain +intro: Enable and manage features for supply chain security. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +redirect_from: + - /categories/managing-security-vulnerabilities + - /github/managing-security-vulnerabilities + - /code-security/supply-chain-security + - /code-security/dependabot/working-with-dependabot + - /code-security/dependabot +children: + - secure-your-dependencies + - manage-your-dependency-security + - troubleshoot-dependency-security + - establish-provenance-and-integrity +--- diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-github-hosted-runners.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-github-hosted-runners.md new file mode 100644 index 000000000000..a494371aedeb --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-github-hosted-runners.md @@ -0,0 +1,61 @@ +--- +title: Configuring Dependabot on GitHub-hosted runners +intro: Enable {% data variables.product.prodname_dependabot %} on {% data variables.product.github %}-hosted runners to more easily identify {% data variables.product.prodname_dependabot %} job errors and manually detect and troubleshoot failed runs. +shortTitle: Configure on GitHub-hosted runners +permissions: '{% data reusables.permissions.dependabot-actions %}' +versions: + feature: dependabot-on-actions-opt-in +topics: + - Dependabot + - Security updates + - Version updates + - Actions + - Dependencies + - Repositories +contentType: how-tos +--- + +## Enabling or disabling {% data variables.product.prodname_dependabot %} on standard {% data variables.product.github %}-hosted runners + +You can configure {% data variables.product.prodname_dependabot %} on standard {% data variables.product.github %}-hosted runners: +* [For your repository](#for-your-repository) +* [For your organization](#for-your-organization) + +If you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses prior to enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners. You can update your IP allow list to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses (instead of the {% data variables.product.prodname_dependabot %} IP addresses), sourced from the [meta](/rest/meta) REST API endpoint. + +>[!WARNING] You should not rely on the {% data variables.product.prodname_actions %} IP addresses for authentication to private registries. These {% data variables.product.prodname_actions %} addresses are not only used by {% data variables.product.prodname_dotcom %}, and should not be trusted for authentication. Instead, use a self-hosted runner to ensure greater control over your network access. For more information, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners). + +### For your repository + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %} +1. Under "Dependabot", to the right of "{% data variables.product.prodname_dependabot %} on Actions runners", click **Enable** to enable the feature or **Disable** to disable it. + + {% data reusables.dependabot.no-ubuntu-latest-label-self-hosted %} + +### For your organization + +Only repositories meeting the following criteria will be updated to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} the next time a {% data variables.product.prodname_dependabot %} job is triggered. + + * {% data variables.product.prodname_dependabot %} is enabled in the repository. + * {% data variables.product.prodname_actions %} is enabled in the repository. + +If a repository in your organization has {% data variables.product.prodname_dependabot %} enabled but {% data variables.product.prodname_actions %} disabled, {% data variables.product.prodname_dependabot %} will not run on {% data variables.product.prodname_actions %}, but will continue to run using the built-in {% data variables.product.prodname_dependabot %} application. + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.security-configurations.display-global-settings %}{% ifversion dependabot-self-hosted-labels %} +1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Runner type", confirm that you have selected "Standard {% data variables.product.github %} runner". If not, click {% octicon "pencil" aria-label="Edit runner type" %} and update your configuration.{% else %} +1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on Actions runners" to enable the feature or deselect to disable it.{% endif %} + + {% data reusables.dependabot.no-ubuntu-latest-label-self-hosted %} + +## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.actions.hosted_runners %} + +If you run into {% data variables.product.prodname_dependabot %} timeouts and out-of-memory errors, you may want to use {% data variables.actions.hosted_runners %}, as you can configure these runners to have more resources. You can only enable {% data variables.actions.hosted_runners %} for {% data variables.product.prodname_dependabot %} **for an organization**. + +1. Add a {% data variables.actions.hosted_runner %} to your organization and ensure the name specified is `dependabot`. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization). +1. Opt in the organization to self-hosted runners. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners#for-your-organization). This step is required, as it ensures that future {% data variables.product.prodname_dependabot %} jobs will run on the larger {% data variables.product.prodname_dotcom %}-hosted runner that has the `dependabot` name. + + {% data reusables.dependabot.no-ubuntu-latest-label-self-hosted %} diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md new file mode 100644 index 000000000000..fe9e7fab2346 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md @@ -0,0 +1,63 @@ +--- +title: Configuring Dependabot on self-hosted runners +intro: You can configure self-hosted runners that {% data variables.product.prodname_dependabot %} uses to access your private registries and internal network resources. +shortTitle: Configure on self-hosted runners +permissions: '{% data reusables.permissions.dependabot-actions %}' +versions: + feature: dependabot-on-actions-self-hosted +topics: + - Dependabot + - Security updates + - Version updates + - Actions + - Dependencies + - Repositories +redirect_from: + - /code-security/dependabot/working-with-dependabot/managing-dependabot-on-self-hosted-runners + - /code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners + - /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners +contentType: how-tos +--- + +## Prerequisites + +* {% data variables.product.prodname_dependabot %} is installed and enabled. +* {% data variables.product.prodname_actions %} is enabled and in use. + +{% data reusables.dependabot.dependabot-on-actions-enterprise-policy-condition %} + +## Adding self-hosted runners for {% data variables.product.prodname_dependabot %} updates + +1. Provision self-hosted runners, at the repository or organization level. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners). +1. Configure your environment and runners to meet the requirements for {% data variables.product.prodname_dependabot %}. See [Requirements for using {% data variables.product.prodname_dependabot %} with self-hosted runners](/code-security/reference/supply-chain-security/dependabot-on-actions#requirements-for-using-dependabot-with-self-hosted-runners).{% ifversion dependabot-self-hosted-labels %} +1. If you are configuring self-hosted runners for your organization, you can create and assign a custom label for your runners. Otherwise, if you are configuring self-hosted runners for a standalone repository, you need to apply the `dependabot` label. See [AUTOTITLE](/actions/how-tos/manage-runners/self-hosted-runners/apply-labels).{% else %} +1. Assign a `dependabot` label to each runner you want {% data variables.product.prodname_dependabot %} to use. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners#assigning-a-label-to-a-self-hosted-runner).{% endif %} +1. Optionally, enable workflows triggered by {% data variables.product.prodname_dependabot %} to use more than read-only permissions and to have access to any secrets that are normally available. For more information, see [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions#restrictions-when-dependabot-triggers-events). + +## Enabling self-hosted runners for {% data variables.product.prodname_dependabot_updates %} + +Once you have configured self-hosted runners for {% data variables.product.prodname_dependabot_updates %}, you can enable or disable {% data variables.product.prodname_dependabot_updates %} on self-hosted runners at the organization or repository level. + +> [!NOTE] +> Disabling and re-enabling the "{% data variables.product.prodname_dependabot %} on self-hosted runners" setting does not trigger a new {% data variables.product.prodname_dependabot %} run. + +### For your private{% ifversion ghec %} or internal{% endif %} repository + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %} +1. Under "Dependabot", to the right of "{% data variables.product.prodname_dependabot %} on self-hosted runners", click **Enable** to enable the feature or **Disable** to disable it. + + > [!NOTE] If you do not see the option to enable {% data variables.product.prodname_dependabot %} on self-hosted runners, your organization may have configured a policy to restrict actions and self-hosted runners from running in specific repositories. Contact your organization owner for more information. + +### For your organization + +You can enable {% data variables.product.prodname_dependabot %} on self-hosted runners for all existing private{% ifversion ghec %} or internal{% endif %} repositories in an organization. Only repositories already configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} will be updated to run {% data variables.product.prodname_dependabot %} on self-hosted runners the next time a {% data variables.product.prodname_dependabot %} job is triggered. + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.security-configurations.display-global-settings %}{% ifversion dependabot-self-hosted-labels %} +1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Runner type", click {% octicon "pencil" aria-label="Edit runner type" %}. +1. Select the "Runner type" dropdown menu, then click **Labeled runner** and provide any additional information. If you applied a custom label to your self-hosted runners, type that label in the "Runner label" text box. +1. To enable the feature for all new repositories in the organization, click **Save runner selection**.{% else %} +1. Under "{% data variables.product.prodname_dependabot %}", select "{% data variables.product.prodname_dependabot %} on self-hosted runners" to enable the feature for all new repositories in the organization.{% endif %} diff --git a/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md similarity index 80% rename from content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md index 338ea66a57a0..2a83cde15799 100644 --- a/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md @@ -1,17 +1,17 @@ --- title: Configuring access to private registries for Dependabot -intro: 'You can configure {% data variables.product.prodname_dependabot %} to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the {% data variables.product.prodname_dependabot %} configuration file.{% ifversion dependabot-on-actions-self-hosted %} If you have registries on private networks, you can also configure {% data variables.product.prodname_dependabot %} access when running {% data variables.product.prodname_dependabot %} on self-hosted runners.{% endif %}' +intro: You can configure {% data variables.product.prodname_dependabot %} to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the {% data variables.product.prodname_dependabot %} configuration file.{% ifversion dependabot-on-actions-self-hosted %} If you have registries on private networks, you can also configure {% data variables.product.prodname_dependabot %} access when running {% data variables.product.prodname_dependabot %} on self-hosted runners.{% endif %} permissions: '{% data reusables.permissions.dependabot-various-tasks %}' redirect_from: - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot + - /code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Version updates @@ -19,6 +19,7 @@ topics: - Repositories - Dependencies shortTitle: Configure access to private registries +contentType: how-tos --- ## About private registries @@ -123,6 +124,66 @@ If your private registry is configured with an IP allow list, you can find the I {% endif %} +## Using OIDC for authentication + +{% data variables.product.prodname_dependabot %} can use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. + +With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider, just like {% data variables.product.prodname_actions %} workflows using OIDC federation. + +{% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on one of the following cloud providers: + +* AWS CodeArtifact +* Azure DevOps Artifacts +* JFrog Artifactory + +To configure OIDC authentication, you need to specify different values instead of `username` and `password` in your registry configuration. + +### AWS CodeArtifact + +AWS CodeArtifact requires the values `aws-region`, `account-id`, `role-name`, `domain`, and `domain-owner`. The `audience` field is optional. + +```yaml +registries: + my-aws-codeartifact-feed: + type: npm-registry + url: https://MY_DOMAIN-MY-ACCOUNT_ID.d.codeartifact.REGION.amazonaws.com/npm/MY_REPOSITORY/ + aws-region: REGION + account-id: '123456789012' + role-name: MY_ROLE_NAME + domain: MY_DOMAIN + domain-owner: '987654321098' + audience: MY_AUDIENCE # if required by your feed +``` + +### Azure DevOps Artifacts + +Azure DevOps Artifacts requires the values `tenant-id` and `client-id`: + +```yaml +registries: + my-azure-devops-artifacts-feed: + type: npm-registry + url: https://pkgs.dev.azure.com/MY-ORGANIZATION/MY-PROJECT/_packaging/MY-FEED/npm/registry/ + tenant-id: {% raw %}${{ secrets.AZURE_TENANT_ID }}{% endraw %} + client-id: {% raw %}${{ secrets.AZURE_CLIENT_ID }}{% endraw %} +``` + +### JFrog Artifactory + +JFrog Artifactory requires the values `url` and `jfrog-oidc-provider-name`. The values `audience` and `identity-mapping-name` are optional: + +```yaml +registries: + my-jfrog-artifactory-feed: + type: npm-registry + url: https://JFROG-PLATFORM-URL/artifactory/api/npm/MY-REPOSITORY + jfrog-oidc-provider-name: MY-PROVIDER + audience: MY-AUDIENCE # if required by your feed + identity-mapping-name: MY-IDENTITY-MAPPING # if required by your feed +``` + +For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect). + ## Allowing external code execution When you give {% data variables.product.prodname_dependabot %} access to one or more registries, external code execution is automatically disabled to protect your code from compromised packages. However, some version updates may fail. @@ -344,7 +405,7 @@ registries: ### `maven-repository` -The `maven-repository` type supports username and password. {% data reusables.dependabot.password-definition %} +The `maven-repository` type supports username, password and replaces-base. {% data reusables.dependabot.password-definition %} {% data reusables.dependabot.dependabot-updates-path-match %} @@ -357,6 +418,23 @@ registries: url: https://acme.jfrog.io/artifactory/my-maven-registry username: octocat password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} + replaces-base: true +``` + +{% endraw %} + +You can also use OIDC authentication to access JFrog Artifactory. {% data reusables.dependabot.dependabot-oidc-credentials %} + +{% raw %} + +```yaml copy +registries: + maven-artifactory-oidc: + type: maven-repository + url: https://acme.jfrog.io/artifactory/my-maven-registry + tenant-id: ${{secrets.ARTIFACTORY_TENANT_ID}} + client-id: ${{secrets.ARTIFACTORY_CLIENT_ID}} + replaces-base: true ``` {% endraw %} @@ -431,6 +509,23 @@ registries: {% endraw %} +You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %} + +{% raw %} + +```yaml copy +registries: + nuget-azure-devops-oidc: + type: nuget-feed + url: https://pkgs.dev.azure.com/MyOrganization/MyProject/_packaging/MyArtifactFeedName/nuget/v3/index.json + tenant-id: ${{secrets.AZURE_TENANT_ID}} + client-id: ${{secrets.AZURE_CLIENT_ID}} +``` + +{% endraw %} + +The `AZURE_TENANT_ID` and `AZURE_CLIENT_ID` values can be obtained from the overview page of your Entra ID app registration. + ### `pub-repository` The `pub-repository` type supports a URL and a token. @@ -488,6 +583,22 @@ registries: {% endraw %} +You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %} + +{% raw %} + +```yaml copy +registries: + python-azure-oidc: + type: python-index + url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example + tenant-id: ${{secrets.AZURE_TENANT_ID}} + client-id: ${{secrets.AZURE_CLIENT_ID}} + replaces-base: true +``` + +{% endraw %} + ### `rubygems-server` The `rubygems-server` type supports username and password, or token. {% data reusables.dependabot.password-definition %} diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-notifications-for-dependabot-alerts.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-notifications-for-dependabot-alerts.md new file mode 100644 index 000000000000..a1c46bedd080 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-notifications-for-dependabot-alerts.md @@ -0,0 +1,44 @@ +--- +title: Configuring notifications for Dependabot alerts +shortTitle: Configure Dependabot notifications +intro: Optimize how you receive notifications about {% data variables.product.prodname_dependabot_alerts %}. +redirect_from: + - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Dependabot + - Alerts + - Notifications + - Vulnerabilities + - Dependencies + - Repositories +contentType: how-tos +--- + +By default, {% data variables.product.github %} sends notifications about new alerts by email to people with write, maintain, or admin permissions to a repository. See [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-alerts#notifications-for-alerts). + +## Configuring notifications for {% data variables.product.prodname_dependabot_alerts %} + +You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#choosing-your-notification-settings). + +{% data reusables.notifications.vulnerable-dependency-notification-options %} + +{% ifversion update-notification-settings-22 %} +![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu with frequency options is outlined in orange.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %} +![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %} + +> [!NOTE] +> You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#dependabot-custom-filters). + +{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#filtering-email-notifications). + +## Further reading + +* [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications) +* [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#supported-is-queries) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-the-dependency-review-action.md similarity index 98% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-the-dependency-review-action.md index d5487ffc0ded..4377c500ea70 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-the-dependency-review-action.md @@ -7,7 +7,6 @@ versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Dependency review @@ -16,6 +15,8 @@ topics: - Pull requests redirect_from: - /code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review + - /code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action +contentType: how-tos --- ## About the {% data variables.dependency-review.action_name %} diff --git a/content/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/controlling-dependencies-updated.md similarity index 97% rename from content/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/controlling-dependencies-updated.md index b92b455d0578..c229ac51673b 100644 --- a/content/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/controlling-dependencies-updated.md @@ -1,13 +1,12 @@ --- title: Controlling which dependencies are updated by Dependabot -intro: 'Learn how to configure your `dependabot.yml` file so that {% data variables.product.prodname_dependabot %} automatically updates the packages you specify, in the way you define.' +intro: Learn how to configure your `dependabot.yml` file so that {% data variables.product.prodname_dependabot %} automatically updates the packages you specify, in the way you define. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Version updates @@ -15,6 +14,9 @@ topics: - Dependencies - Pull requests shortTitle: Control dependency update +redirect_from: + - /code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated +contentType: how-tos --- You can customize your {% data variables.product.prodname_dependabot %} configuration to suit your needs, by adding options to your `dependabot.yml` file. For example, you can make sure that {% data variables.product.prodname_dependabot %} uses the correct package manifest files, and updates only the dependencies you want maintained. diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md similarity index 95% rename from content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md index 0028e13365db..afa7f8eeca29 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md @@ -1,22 +1,23 @@ --- title: Customizing auto-triage rules to prioritize Dependabot alerts -intro: 'You can create your own {% data variables.dependabot.auto_triage_rules_short %} to control which alerts are dismissed or snoozed, and which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for.' +intro: You can create your own {% data variables.dependabot.auto_triage_rules_short %} to control which alerts are dismissed or snoozed, and which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for. product: '{% data reusables.gated-features.dependabot-auto-triage-rules %}' permissions: '{% data reusables.permissions.dependabot-auto-triage-rules %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Alerts - Vulnerabilities - Repositories - Dependencies -shortTitle: Custom auto-triage rules +shortTitle: Auto-triage Dependabot alerts redirect_from: - /code-security/dependabot/dependabot-alert-rules/customizing-alert-rules-to-prioritize-dependabot-alerts + - /code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts +contentType: how-tos --- ## About {% data variables.dependabot.custom_rules %} diff --git a/content/code-security/dependabot/dependabot-security-updates/customizing-dependabot-security-prs.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md similarity index 78% rename from content/code-security/dependabot/dependabot-security-updates/customizing-dependabot-security-prs.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md index 96d046d4f66b..7ae2313a7a37 100644 --- a/content/code-security/dependabot/dependabot-security-updates/customizing-dependabot-security-prs.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md @@ -1,13 +1,12 @@ --- title: Customizing pull requests for Dependabot security updates -intro: 'Learn how to customize Dependabot pull requests for security updates to align with your project''s security priorities and workflows.' +intro: Learn how to customize Dependabot pull requests for security updates to align with your project's security priorities and workflows. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Security updates @@ -15,22 +14,18 @@ topics: - Dependencies - Pull requests shortTitle: Customize Dependabot PRs +redirect_from: + - /code-security/dependabot/dependabot-security-updates/customizing-dependabot-security-prs +contentType: how-tos --- -## About customizing pull requests for security updates - -You can customize how {% data variables.product.prodname_dependabot %} raises pull requests for security updates, so that they best fit your project's security priorities and processes. For example: -* **Optimize {% data variables.product.prodname_dependabot %} pull requests to prioritize meaningful updates** by grouping multiple updates into a single pull request. -* Applying custom labels to **integrate {% data variables.product.prodname_dependabot %}'s pull requests** into your existing workflows. - -Similar to version updates, customization options for security updates are defined in the `dependabot.yml` file. If you have already customized the `dependabot.yml` for version updates, then many of the configuration options that you have defined could automatically apply to security updates, too. However, there's a couple of important points to note: -* {% data variables.product.prodname_dependabot_security_updates %} are **always triggered by a security advisory**, rather than running according to the `schedule` you have set in the `dependabot.yml` for version updates. -* {% data variables.product.prodname_dependabot %} raises pull requests for security updates against the **default branch only**. If your configuration sets a value for `target-branch`, then the customization for that package ecosystem will only apply to version updates by default. +## Preparing to customize pull requests If you haven't yet configured a `dependabot.yml` file for your repository and you want to customize pull requests for security updates, you must first: -* Check in a `dependabot.yml` file into the `.github` directory of your repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates). -* Set all the required keys. For more information, see [Required keys](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#required-keys). -* If you want the customization for a package ecosystem to **only apply to security updates** (and exclude version updates), set the `open-pull-requests-limit` key to `0`. + +1. Check in a `dependabot.yml` file into the `.github` directory of your repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates). +1. Set all the required keys. For more information, see [Required keys](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#required-keys). +1. If you want the customization for a package ecosystem to **only apply to security updates** (and exclude version updates), set the `open-pull-requests-limit` key to `0`. You can then consider what your needs and priorities are for security updates, and apply a combination of the customization options outlined below. diff --git a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/guidance-for-the-configuration-of-private-registries-for-dependabot.md similarity index 90% rename from content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/guidance-for-the-configuration-of-private-registries-for-dependabot.md index 38bf6aa7ac35..3d147331f6a9 100644 --- a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/guidance-for-the-configuration-of-private-registries-for-dependabot.md @@ -1,30 +1,30 @@ --- title: Guidance for the configuration of private registries for Dependabot -intro: 'This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally.' +intro: This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally. permissions: '{% data reusables.permissions.dependabot-various-tasks %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Version updates - Secret store - Repositories - Dependencies -shortTitle: Guidance for configuring private registries +shortTitle: Configure private registries +redirect_from: + - /code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot +contentType: how-tos --- -## About configuring private registries for {% data variables.product.prodname_dependabot %} - This article contains recommendations and advice to help you configure {% data variables.product.prodname_dependabot %} to access your private registry, along with: -* Detailed snippets of the `dependabot.yml` configuration file for each package manager. -* Important limitations or caveats. -* Steps explaining how to test that the configuration is working. -* Extra configuration options, wherever appropriate (for example, npm has a configuration file that needs to be set). -* Advice about configuring registry hosts. +* Detailed snippets of the `dependabot.yml` configuration file for each package manager +* Important limitations or caveats +* Steps explaining how to test that the configuration is working +* Extra configuration options, wherever appropriate (for example, npm has a configuration file that needs to be set) +* Advice about configuring registry hosts You'll find detailed guidance for the setup of the following package managers: @@ -41,7 +41,8 @@ You'll find detailed guidance for the setup of the following package managers: * [npm](#npm) * [NuGet](#nuget) * [pub](#pub) -* [Python](#python) +* [Python](#python) (includes pip, pip-compile, pipenv, and poetry){% ifversion dependabot-uv-support %} +* [uv](#uv){% endif %} * [Yarn](#yarn) You'll also find recommendations for the setup of the following registry hosts: @@ -69,7 +70,7 @@ Bun adheres to the same configuration guidelines as npm. Note that the `.npmrc` Supported by Artifactory, Artifacts, Cloudsmith, {% data variables.product.prodname_registry %} registry, Nexus, and ProGet. -You can authenticate with either a username and password, or a token. For more information, see `rubygems-server` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#rubygems-server). +You can authenticate with either a username and password, or a token. For more information, see `rubygems-server` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#rubygems-server). Snippet of a `dependabot.yml` file using a username and password. @@ -106,7 +107,7 @@ registries: ### Cargo -Cargo supports username, password and token-based authentication. For more information, see `cargo-registry` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#cargo-registry). +Cargo supports username, password and token-based authentication. For more information, see `cargo-registry` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#cargo-registry). The snippet below shows a `dependabot.yml` file configuration that uses a token. @@ -114,7 +115,7 @@ The snippet below shows a `dependabot.yml` file configuration that uses a token. ### Docker -Docker supports using a username and password for registries. For more information, see `docker-registry` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#docker-registry). +Docker supports using a username and password for registries. For more information, see `docker-registry` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#docker-registry). Snippet of `dependabot.yml` file using a username and password. @@ -171,7 +172,7 @@ Docker Compose adheres to the same configuration guidelines as Docker. For more ### Helm Charts -Helm supports using a username and password for registries. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#helm-registry). +Helm supports using a username and password for registries. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#helm-registry). Snippet of `dependabot.yml` file using a username and password. @@ -209,9 +210,9 @@ When configuring {% data variables.product.prodname_dependabot %} for Helm chart {% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to certain Gradle files. For more information, see "Gradle" in [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#gradle). -Gradle supports the `maven-repository` registry type. For more information, see `maven-repository` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#maven-repository). +Gradle supports the `maven-repository` registry type. For more information, see `maven-repository` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#maven-repository). -The `maven-repository` type supports username and password. {% data reusables.dependabot.password-definition %} +The `maven-repository` type supports username, password and replaces-base. {% data reusables.dependabot.password-definition %} {% raw %} @@ -222,6 +223,7 @@ registries: url: https://acme.jfrog.io/artifactory/my-gradle-registry username: octocat password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} + replaces-base: true updates: - package-ecosystem: "gradle" directory: "/" @@ -280,7 +282,7 @@ This feature enables unified dependency management for both public and private G ### Maven -Maven supports username and password authentication. For more information, see `maven-repository` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#maven-repository). +Maven supports username, password and replaces-base. For more information, see `maven-repository` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#maven-repository). {% raw %} @@ -291,6 +293,7 @@ registries: url: https://acme.jfrog.io/artifactory/my-maven-registry username: octocat password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} + replaces-base: true ``` {% endraw %} @@ -307,6 +310,7 @@ registries: url: https://maven.pkg.github.com/octocat username: octocat password: ${{secrets.OCTOCAT_GITHUB_PAT}} + replaces-base: true updates: - package-ecosystem: "maven" directory: "/" @@ -328,7 +332,7 @@ You can define the configuration in the `dependabot.yml` file using the `npm-reg #### Using the `npm-registry` type in the configuration file -You can define the private registry configuration in a `dependabot.yml` file using the `npm-registry` type. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#npm-registry). +You can define the private registry configuration in a `dependabot.yml` file using the `npm-registry` type. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#npm-registry). The snippet of a `dependabot.yml` file below uses a token. {% data reusables.dependabot.token-is-github-pat %} @@ -409,7 +413,7 @@ If you use a monorepo, the `.npmrc` file should live in the project's root direc You can configure {% data variables.product.prodname_dependabot %} to send all registry requests through a specified base URL. In order for {% data variables.product.prodname_dependabot %} to access a public dependency, the registry must either have a cloned copy of the dependency with the requested version, or allow traffic to fetch from a public registry if the dependency is not available. -If there is no global registry defined in a `.npmrc` file, you can set `replaces-base` to `true` in the `dependabot.yml` file. For more information, see "`replaces-base`" in [Top-level `registries` key](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#top-level-registries-key). +If there is no global registry defined in a `.npmrc` file, you can set `replaces-base` to `true` in the `dependabot.yml` file. For more information, see "`replaces-base`" in [Top-level `registries` key](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/dependabot-options-reference#top-level-registries-key). #### Notes @@ -423,7 +427,7 @@ Registries should be configured using the `https` protocol. Supported by Artifactory, Artifacts, Cloudsmith, {% data variables.product.prodname_registry %} registry, Nexus, and ProGet. -The `nuget-feed` type supports username and password, or token. For more information, see `nuget-feed` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#nuget-feed). +The `nuget-feed` type supports username and password, or token. For more information, see `nuget-feed` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#nuget-feed). {% raw %} @@ -469,7 +473,7 @@ registries: ### pub -You can define the private registry configuration in a `dependabot.yml` file using the `pub-repository` type. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#pub-repository). +You can define the private registry configuration in a `dependabot.yml` file using the `pub-repository` type. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#pub-repository). {% raw %} @@ -502,7 +506,7 @@ pub supports URL and token authentication. The URL used for the registry should Supported by Artifactory, Azure Artifacts, Cloudsmith, Nexus, and ProGet. The {% data variables.product.prodname_registry %} registry is not supported. -The `python-index` type supports username and password, or token. For more information, see `python-index` in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#python-index). +The `python-index` type supports username and password, or token. For more information, see `python-index` in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#python-index). {% raw %} @@ -547,9 +551,17 @@ registries: `url` should contain the URL, organization, and the "feed" or repository. +{% ifversion dependabot-uv-support %} + +### uv + +The uv registry uses a configuration similar to that of the python index. For more information, see "`python-index`" in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#python-index). + +{% endif %} + ### Yarn -The Yarn registry uses a configuration similar to that of the npm registry. For more information, see "`npm-registry`" in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#npm-registry). +The Yarn registry uses a configuration similar to that of the npm registry. For more information, see "`npm-registry`" in [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#npm-registry). {% raw %} @@ -573,7 +585,7 @@ You can either specify the private registry configuration in the `dependabot.yml ##### Defining the private registry configuration in the `dependabot.yml` file -You can define the private registry configuration in your `dependabot.yml` file. For more information, see [Top-level `registries` key](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#top-level-registries-key). +You can define the private registry configuration in your `dependabot.yml` file. For more information, see [Top-level `registries` key](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/dependabot-options-reference#top-level-registries-key). To ensure that the private registry is listed as the dependency source in the project's `yarn.lock` file, you need to run `yarn install` on a machine with private registry access. Yarn should update the resolved field to include the private registry URL. @@ -610,7 +622,7 @@ As with Yarn Classic, you can either specify the private registry configuration ##### Defining the private registry configuration in the `dependabot.yml` file -You can define the private registry configuration in your `dependabot.yml` file. For more information, see [Top-level `registries` key](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#top-level-registries-key). +You can define the private registry configuration in your `dependabot.yml` file. For more information, see [Top-level `registries` key](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/dependabot-options-reference#top-level-registries-key). To ensure the private registry is listed as the dependency source in the project's `yarn.lock` file, run `yarn install` on a machine with private registry access. Yarn should update the resolved field to include the private registry URL. diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/index.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/index.md new file mode 100644 index 000000000000..9bc769b84863 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/index.md @@ -0,0 +1,29 @@ +--- +title: Managing your dependency security +shortTitle: Manage your dependency security +intro: Customize and configure features for dependency management. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /customizing-auto-triage-rules-to-prioritize-dependabot-alerts + - /using-github-preset-rules-to-prioritize-dependabot-alerts + - /customizing-dependabot-security-prs + - /controlling-dependencies-updated + - /configuring-the-dependency-review-action + - /optimizing-java-packages-dependabot + - /configuring-notifications-for-dependabot-alerts + - /configuring-access-to-private-registries-for-dependabot + - /removing-dependabot-access-to-public-registries + - /managing-pull-requests-for-dependency-updates + - /configure-on-github-hosted-runners + - /configure-on-self-hosted-runners + - /re-run-dependabot-jobs + - /listing-dependencies-configured-for-version-updates + - /guidance-for-the-configuration-of-private-registries-for-dependabot +redirect_from: + - /code-security/dependabot/maintain-dependencies + - /code-security/dependabot/dependabot-security-updates +--- diff --git a/content/code-security/dependabot/troubleshooting-dependabot/listing-dependencies-configured-for-version-updates.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/listing-dependencies-configured-for-version-updates.md similarity index 89% rename from content/code-security/dependabot/troubleshooting-dependabot/listing-dependencies-configured-for-version-updates.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/listing-dependencies-configured-for-version-updates.md index 59632c4d17ce..9ba4aabc5c03 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/listing-dependencies-configured-for-version-updates.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/listing-dependencies-configured-for-version-updates.md @@ -1,23 +1,24 @@ --- title: Listing dependencies configured for version updates -intro: 'You can view the dependencies that {% data variables.product.prodname_dependabot %} monitors for updates.' +intro: You can view the dependencies that {% data variables.product.prodname_dependabot %} monitors for updates. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' redirect_from: - /github/administering-a-repository/listing-dependencies-configured-for-version-updates - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates + - /code-security/dependabot/troubleshooting-dependabot/listing-dependencies-configured-for-version-updates versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Repositories - Dependabot - Version updates - Dependencies shortTitle: List configured dependencies +contentType: how-tos --- {% data reusables.dependabot.enterprise-enable-dependabot %} diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates.md new file mode 100644 index 000000000000..7a67b39ae56b --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates.md @@ -0,0 +1,51 @@ +--- +title: Managing pull requests for dependency updates +intro: You manage pull requests raised by {% data variables.product.prodname_dependabot %} in much the same way as other pull requests, but there are some extra options. +permissions: '{% data reusables.permissions.dependabot-various-tasks %}' +redirect_from: + - /github/administering-a-repository/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Repositories + - Version updates + - Security updates + - Pull requests + - Dependencies + - Vulnerabilities +shortTitle: Manage Dependabot PRs +contentType: how-tos +--- + +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Viewing {% data variables.product.prodname_dependabot %} pull requests + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-pr %} +1. Any pull requests for security or version updates are easy to identify. + * The author is {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, the bot account used by {% data variables.product.prodname_dependabot %}. + * By default, they have the `dependencies` label. + +## Changing the rebase strategy for {% data variables.product.prodname_dependabot %} pull requests + +By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. {% data reusables.dependabot.pull-requests-30-days-cutoff %} If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#rebase-strategy--). + +## Allowing {% data variables.product.prodname_dependabot %} to rebase and force push over extra commits + +By default, {% data variables.product.prodname_dependabot %} will stop rebasing a pull request once extra commits have been pushed to it. To allow {% data variables.product.prodname_dependabot %} to force push over commits added to its branches, include any of the following strings: `[dependabot skip]` , `[skip dependabot]`, `[dependabot-skip]`, or `[skip-dependabot]`, in either lower or uppercase, to the commit message. + +## Managing {% data variables.product.prodname_dependabot %} pull requests with comment commands + +You can use comment commands on {% data variables.product.prodname_dependabot %} pull requests to manage and customize your dependency updates. For details, see [AUTOTITLE](/code-security/reference/supply-chain-security/dependabot-pull-request-comment-commands). + +{% data variables.product.prodname_dependabot %} will react with a "thumbs up" emoji to acknowledge the command, and may respond with a comment on the pull request. While {% data variables.product.prodname_dependabot %} usually responds quickly, some commands may take several minutes to complete if {% data variables.product.prodname_dependabot %} is busy processing other updates or commands. + +If you run any of the commands for ignoring dependencies or versions, {% data variables.product.prodname_dependabot %} stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. + +For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--). diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/optimizing-java-packages-dependabot.md similarity index 88% rename from content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/optimizing-java-packages-dependabot.md index be4d943040e6..4553e25f94fd 100644 --- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/optimizing-java-packages-dependabot.md @@ -1,17 +1,19 @@ --- title: Optimizing Java packages for Dependabot updates -intro: 'By including metadata in your `pom.xml` file, you can enhance the information available to users in {% data variables.product.prodname_dependabot%} pull requests to update your Java packages.' -shortTitle: Optimize Java packages # Max 31 characters +intro: By including metadata in your `pom.xml` file, you can enhance the information available to users in {% data variables.product.prodname_dependabot%} pull requests to update your Java packages. +shortTitle: Optimize Java packages allowTitleToDifferFromFilename: true versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Dependencies - Repositories +redirect_from: + - /code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot +contentType: how-tos --- {% data variables.product.prodname_dependabot %} uses the information defined in `pom.xml` files to create pull requests to update Java dependencies for the Gradle and Maven ecosystems. When you include the project metadata that {% data variables.product.prodname_dependabot %} expects, pull requests contain links to the release notes for the suggested package update and a link where users can report any issues. This information means that users can update their packages with confidence after reviewing all the release information. diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md new file mode 100644 index 000000000000..4e75f90f4c80 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md @@ -0,0 +1,33 @@ +--- +title: Re-running Dependabot jobs on GitHub Actions +shortTitle: Re-run Dependabot jobs +intro: Resolve run failures and manually update your dependencies by re-running {% data variables.product.prodname_dependabot %} jobs. +permissions: '{% data reusables.permissions.dependabot-actions %}' +versions: + feature: dependabot-on-actions-opt-in +topics: + - Dependabot + - Security updates + - Version updates + - Actions + - Dependencies + - Repositories +contentType: how-tos +--- + +## Re-running a {% data variables.product.prodname_dependabot_version_updates %} job + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.accessing-repository-graphs %} +{% data reusables.repositories.click-dependency-graph %} +{% data reusables.dependabot.click-dependabot-tab %} +1. To the right of the name of manifest file that you're interested in, click **Recent update jobs**. +1. To the right of the affected manifest file, click **Check for updates** to re-run a {% data variables.product.prodname_dependabot_version_updates %} job and check for new updates to dependencies for that ecosystem. + +## Re-running a {% data variables.product.prodname_dependabot_security_updates %} job + +{% data reusables.repositories.navigate-to-repo %} +1. Under your repository name, click **{% octicon "shield-lock" aria-hidden="true" aria-label="shield-lock" %} Security**. +1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_dependabot %}**. +1. Under "{% data variables.product.prodname_dependabot %}", click the alert you want to view. +1. In the section displaying the error details for the alert, click **Try again** to re-run the {% data variables.product.prodname_dependabot_security_updates %} job. diff --git a/content/code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/removing-dependabot-access-to-public-registries.md similarity index 98% rename from content/code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/removing-dependabot-access-to-public-registries.md index 85a3869a8c8e..d08a52cfd1f8 100644 --- a/content/code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/removing-dependabot-access-to-public-registries.md @@ -1,12 +1,11 @@ --- title: Removing Dependabot access to public registries -intro: 'Examples of how you can configure {% data variables.product.prodname_dependabot %} to only access private registries by removing calls to public registries.' +intro: Examples of how you can configure {% data variables.product.prodname_dependabot %} to only access private registries by removing calls to public registries. permissions: '{% data reusables.permissions.dependabot-various-tasks %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Dependabot - Version updates @@ -14,6 +13,8 @@ shortTitle: Remove access to public registries redirect_from: - /code-security/dependabot/working-with-dependabot/configuring-dependabot-to-only-access-private-registries - /code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries + - /code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries +contentType: how-tos --- ## About configuring {% data variables.product.prodname_dependabot %} to only access private registries diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md similarity index 93% rename from content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md rename to content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md index 1c7295aace7f..6c6f8da4be01 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md @@ -1,22 +1,23 @@ --- title: Using GitHub preset rules to prioritize Dependabot alerts -intro: 'You can use {% data variables.dependabot.github_presets %}, which are rules curated by {% data variables.product.company_short %}, to auto-dismiss low impact development alerts for npm dependencies.' +intro: You can use {% data variables.dependabot.github_presets %}, which are rules curated by {% data variables.product.company_short %}, to auto-dismiss low impact development alerts for npm dependencies. permissions: '{% data reusables.permissions.dependabot-github-presets %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Alerts - Vulnerabilities - Repositories - Dependencies -shortTitle: GitHub preset rules +shortTitle: Prioritize with preset rules redirect_from: - /code-security/dependabot/dependabot-alert-rules/using-github-curated-alert-rules-to-prioritize-dependabot-alerts - /code-security/dependabot/dependabot-auto-triage-rules/using-github-curated-default-rules-to-prioritize-dependabot-alerts + - /code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts +contentType: how-tos --- ## About {% data variables.dependabot.github_presets %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-automatic-dependency-submission-for-your-repository.md similarity index 78% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-automatic-dependency-submission-for-your-repository.md index 7daf5c5280d7..9d0fe4b6b9dd 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-automatic-dependency-submission-for-your-repository.md @@ -1,17 +1,18 @@ --- title: Configuring automatic dependency submission for your repository -shortTitle: Automatic dependency submission -intro: 'You can use automatic dependency submission to submit transitive dependency data in your repository. This enables you to analyze these transitive dependencies using the dependency graph.' +shortTitle: Submit dependencies automatically +intro: You can use automatic dependency submission to submit transitive dependency data in your repository. This enables you to analyze these transitive dependencies using the dependency graph. permissions: '{% data reusables.permissions.security-repo-enable %}' redirect_from: - /early-access/ghas/automatic-dependency-submission-for-maven + - /code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository versions: feature: maven-transitive-dependencies -type: how_to topics: - Dependency graph - Dependencies - Repositories +contentType: how-tos --- ## About automatic dependency submission @@ -69,6 +70,57 @@ Once enabled, automatic dependency submission jobs will run on the self-hosted r >[!NOTE] For Maven or Gradle projects that use self-hosted runners with private Maven registries, you need to modify the Maven server settings file to allow the dependency submission workflows to connect to the registries. For more information about the Maven server settings file, see [Security and Deployment Settings](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies) in the Maven documentation. +### Configuring network access for self-hosted runners + +If your self-hosted runners operate behind a firewall with restricted outbound internet access, you must add certain URLs to the allowlist for automatic dependency submission. The required URLs depend on the ecosystems your repositories use. + +#### Required URLs for all ecosystems + +These URLs are required for all automatic dependency submission workflows: + +* `https://github.com`—Required for accessing {% data variables.product.github %} and downloading actions. +* `https://api.github.com`—Required for {% data variables.product.github %} API access. +* `https://*.githubusercontent.com`—Required for downloading action source code and releases (including `raw.githubusercontent.com`, `github-releases.githubusercontent.com`, and `objects.githubusercontent.com`). + +#### Ecosystem-specific URLs + +Depending on the ecosystems you use, you may need to allowlist additional URLs. + +##### Go + +* `https://go.dev`—For downloading the Go toolchain. +* `https://golang.org`—Alternate domain for Go downloads. +* `https://proxy.golang.org`—Official Go module proxy for downloading Go modules during dependency detection. + +> [!NOTE] +> The `actions/go-versions` repository is accessed via `https://raw.githubusercontent.com`, which is already covered in the general requirements. + +##### Java (Maven and Gradle) + +* `https://repo.maven.apache.org`—Maven Central repository for downloading dependencies. +* `https://api.adoptium.net`—For downloading Adoptium/Temurin JDK distributions (default distribution used by `actions/setup-java`). + +If you use a different JDK distribution, you may also need: +* `https://aka.ms` and `https://download.microsoft.com`—For Microsoft Build of OpenJDK (note: `aka.ms` is also used for .NET downloads). +* `https://download.oracle.com`—For Oracle JDK. +* `https://api.azul.com`—For Azul Zulu OpenJDK. + +##### .NET (C#, F#, Visual Basic) + +* `https://aka.ms`—Microsoft URL shortener that redirects to .NET download locations. +* `https://builds.dotnet.microsoft.com`—Primary feed for .NET SDK and runtime downloads. +* `https://ci.dot.net`—Secondary feed for .NET builds. + +> [!NOTE] +> The `microsoft/component-detection` tool used by .NET autosubmission is downloaded from {% data variables.product.github %} releases, which is already covered in the general requirements (`https://github.com` and `https://*.githubusercontent.com`). + +##### Python + +* `https://python.org`—For downloading Python interpreters. + +> [!NOTE] +> The `actions/python-versions` repository and `microsoft/component-detection` releases are accessed via URLs already covered in the general requirements (`https://*.githubusercontent.com` and `https://github.com`). + ## Using {% data variables.product.company_short %}-hosted {% data variables.actions.hosted_runners %} for automatic dependency submission {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} users can use {% data variables.actions.hosted_runners %} to run automatic dependency submissions jobs. diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-alerts.md similarity index 89% rename from content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-alerts.md index 9e30476fcd54..8b0d3c174d73 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-alerts.md @@ -1,13 +1,12 @@ --- title: Configuring Dependabot alerts -intro: 'Enable {% data variables.product.prodname_dependabot_alerts %} to be generated when a new vulnerable dependency is found in one of your repositories.' +intro: Enable {% data variables.product.prodname_dependabot_alerts %} to be generated when a new vulnerable dependency is found in one of your repositories. shortTitle: Configure Dependabot alerts permissions: '{% data reusables.permissions.dependabot-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Dependabot - Security updates @@ -15,19 +14,13 @@ topics: - Dependencies - Pull requests - Repositories +redirect_from: + - /code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts + - /code-security/dependabot/dependabot-alerts +contentType: how-tos --- -## About {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies - -{% data reusables.repositories.a-vulnerability-is %} - -{% data variables.product.prodname_dependabot %} scans code when a new advisory is added to the {% data variables.product.prodname_advisory_database %} or the dependency graph for a repository changes. When vulnerable dependencies are detected, {% data variables.product.prodname_dependabot_alerts %} are generated. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). - -{% data reusables.dependabot.dependabot-alert-create-PR %} - -{% ifversion ghes %} -> [!NOTE] -> An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can configure {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise).{% endif %} +When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in a repository, it generates alerts. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for: * Your personal account @@ -35,7 +28,10 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % * Your organization{% ifversion dependabot-alerts-enterprise-enablement or ghes %} * Your enterprise{% endif %} -{% data reusables.dependabot.dependabot-alert-rules %} +{% ifversion ghes %} +> [!NOTE] +> An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can configure {% data variables.product.prodname_dependabot_alerts %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). +{% endif %} ## Managing {% data variables.product.prodname_dependabot_alerts %} for your personal account @@ -43,10 +39,10 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your personal account. +Go to your security settings {% octicon "link-external" height:16 aria-label="link-external" %} + ### Enabling or disabling {% data variables.product.prodname_dependabot_alerts %} for existing repositories -{% data reusables.user-settings.access_settings %} -{% data reusables.user-settings.security-analysis %} 1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories that you create, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories you own. @@ -55,8 +51,6 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis ### Enabling or disabling {% data variables.product.prodname_dependabot_alerts %} for new repositories -{% data reusables.user-settings.access_settings %} -{% data reusables.user-settings.security-analysis %} 1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, select **Automatically enable for new repositories**. {% else %} @@ -128,3 +122,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% endif %} {% endif %} + +## Managing {% data variables.product.prodname_dependabot_alerts %} at scale with rules + +{% data reusables.dependabot.dependabot-alert-rules %} diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md similarity index 97% rename from content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md index c317f302f54b..c9b91e0a837a 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md @@ -1,6 +1,6 @@ --- title: Configuring Dependabot security updates -intro: 'You can use {% data variables.product.prodname_dependabot_security_updates %} or manual pull requests to easily update vulnerable dependencies.' +intro: You can use {% data variables.product.prodname_dependabot_security_updates %} or manual pull requests to easily update vulnerable dependencies. shortTitle: Configure security updates permissions: '{% data reusables.permissions.dependabot-yml-configure %}' redirect_from: @@ -11,11 +11,11 @@ redirect_from: - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates - /code-security/supply-chain-security/configuring-dependabot-security-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Security updates @@ -23,6 +23,7 @@ topics: - Dependencies - Pull requests - Repositories +contentType: how-tos --- diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates.md similarity index 80% rename from content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates.md index c8fb79e039a5..4bc284953dcd 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates.md @@ -1,17 +1,17 @@ --- title: Configuring Dependabot version updates -intro: 'You can configure your repository so that {% data variables.product.prodname_dependabot %} automatically updates the packages you use.' +intro: You can configure your repository so that {% data variables.product.prodname_dependabot %} automatically updates the packages you use. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' redirect_from: - /github/administering-a-repository/enabling-and-disabling-version-updates - /code-security/supply-chain-security/enabling-and-disabling-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Version updates @@ -19,22 +19,11 @@ topics: - Dependencies - Pull requests shortTitle: Configure version updates +contentType: how-tos --- {% data reusables.dependabot.enterprise-enable-dependabot %} -## About version updates for dependencies - -You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file in to your repository's `.github` directory. {% data variables.product.prodname_dependabot %} then raises pull requests to keep the dependencies you configure up-to-date. For each package manager's dependencies that you want to update, you must specify the location of the package manifest files and how often to check for updates to the dependencies listed in those files. For information about enabling security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). - -{% data reusables.dependabot.initial-updates %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates). - -{% data reusables.dependabot.version-updates-skip-scheduled-runs %} - -By default only direct dependencies that are explicitly defined in a manifest are kept up to date by {% data variables.product.prodname_dependabot_version_updates %}. You can choose to receive updates for indirect dependencies defined in lock files. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#allowing-specific-dependencies-to-be-updated). - -{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories) and [AUTOTITLE](/get-started/learning-about-github/github-language-support). - ## Enabling {% data variables.product.prodname_dependabot_version_updates %} You enable {% data variables.product.prodname_dependabot_version_updates %} by committing a `dependabot.yml` configuration file to your repository. @@ -62,7 +51,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c 1. Add a `version`. This key is mandatory. The file must start with `version: 2`. 1. Optionally, if you have dependencies in a private registry, add a `registries` section containing authentication details. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). -1. Add an `updates` section, with an entry for each package manager you want {% data variables.product.prodname_dependabot %} to monitor. This key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager. For more information, see [About the dependabot.yml file](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#about-the-dependabotyml-file) in "{% data variables.product.prodname_dependabot %} options reference." +1. Add an `updates` section, with an entry for each package manager you want {% data variables.product.prodname_dependabot %} to monitor. This key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference). 1. For each package manager, use: * `package-ecosystem` to specify the package manager. For more information about the supported package managers, see [`package-ecosystem`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-). @@ -108,7 +97,7 @@ updates: In the example above, if the Docker dependencies were very outdated, you might want to start with a `daily` schedule until the dependencies are up-to-date, and then drop back to a weekly schedule. -### Enabling version updates on forks +## Enabling version updates on forks If you want to enable version updates on forks, there's an extra step. Version updates are not automatically enabled on forks when a `dependabot.yml` configuration file is present. This ensures that fork owners don't unintentionally enable version updates when they pull changes including a `dependabot.yml` configuration file from the original repository. @@ -119,6 +108,16 @@ On a fork, you also need to explicitly enable {% data variables.product.prodname {% data reusables.repositories.navigate-to-code-security-and-analysis %} 1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}," to the right of "{% data variables.product.prodname_dependabot_version_updates %}," click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates. +## Receiving updates for indirect dependencies + +By default, only direct dependencies that are explicitly defined in a manifest are kept up to date by {% data variables.product.prodname_dependabot_version_updates %}. You can choose to receive updates for indirect dependencies defined in lock files. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#allowing-specific-dependencies-to-be-updated). + +## Enabling access to private dependencies + +{% data reusables.dependabot.private-dependencies-note %} + +Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories) and [AUTOTITLE](/get-started/learning-about-github/github-language-support). + ## Checking the status of version updates After you enable version updates, the **Dependabot** tab in the dependency graph for the repository is populated. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions. diff --git a/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/enabling-the-dependency-graph.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/enabling-the-dependency-graph.md new file mode 100644 index 000000000000..79018bb1078f --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/enabling-the-dependency-graph.md @@ -0,0 +1,60 @@ +--- +title: Enabling the dependency graph +intro: You can allow users to identify their projects' dependencies by enabling the dependency graph. +permissions: '{% data reusables.permissions.dependency-graph %}' +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph + - /code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph + - /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-the-dependency-graph +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Dependency graph + - Dependencies + - Repositories +shortTitle: Enable dependency graph +contentType: how-tos +--- + +The dependency graph is a summary of the manifest and lock files stored in a repository and any dependencies that are submitted for the repository using the {% data variables.dependency-submission-api.name %}. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). + +When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% ifversion fpt or ghec %} and every push to other repositories in the graph{% endif %}. + +{% ifversion ghes %} + +## Enabling the dependency graph for a {% data variables.product.prodname_ghe_server %} instance + +{% data reusables.dependabot.ghes-enabling-dependency-graph %} + +{% else %} + +## Enabling the dependency graph for a repository + +Enabling the dependency graph gives {% data variables.product.github %} read-only access to the dependency manifest and lock files for a repository. + +{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo-public-fork %} + +## Enabling the dependency graph for multiple repositories + +You can enable or disable the dependency graph for all repositories owned by your user account, regardless of their visibility. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account). + +You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization).{% else %}[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization).{% endif %} + +{% endif %} + +## Next steps + +{% data reusables.dependency-submission.dependency-submission-link %} + +For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). + +## Further reading + +{%- ifversion maven-transitive-dependencies %} +* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository){%- endif %} +{%- ifversion fpt or ghec %} +* [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization){%- endif %} +* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) +* [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/exploring-the-dependencies-of-a-repository.md similarity index 73% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/exploring-the-dependencies-of-a-repository.md index b2c2142a91e4..972dfefdb686 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/exploring-the-dependencies-of-a-repository.md @@ -1,6 +1,6 @@ --- title: Exploring the dependencies of a repository -intro: 'You can use the dependency graph to see the packages your project depends on{% ifversion fpt or ghec %} and the repositories that depend on it{% endif %}. In addition, you can see any vulnerabilities detected in its dependencies.' +intro: You can use the dependency graph to see the packages your project depends on{% ifversion fpt or ghec %} and the repositories that depend on it{% endif %}. In addition, you can see any vulnerabilities detected in its dependencies. permissions: '{% data reusables.permissions.dependency-graph-view-dependencies %}' redirect_from: - /articles/listing-the-packages-that-a-repository-depends-on @@ -10,16 +10,17 @@ redirect_from: - /github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository - /github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository - /code-security/supply-chain-security/exploring-the-dependencies-of-a-repository + - /code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Dependency graph - Dependencies - Repositories shortTitle: Explore dependencies +contentType: how-tos --- ## Viewing the dependency graph @@ -80,31 +81,6 @@ If vulnerabilities have been detected in the repository, these are shown at the For public repositories, the dependents view shows how the repository is used by other repositories. To show only the repositories that contain a library in a package manager, click **NUMBER Packages** immediately above the list of dependent repositories. The dependent counts are approximate and may not always match the dependents listed. -## Enabling and disabling the dependency graph - -{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo-public-fork %} - -## Changing the "Used by" package - -You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: -* The dependency graph is enabled for the repository (see the above section for more details). -* Your repository contains a package that is published on a [supported package ecosystem](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). -* Within the ecosystem, your package has a link to a _public_ repository where the source is stored. -* More than 100 repositories depend on your package. - -The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects. - -![Screenshot of the "Used by" section for a repository showing the summary of "13.4m" with details of 8 avatars and "+13,435,819."](/assets/images/help/repository/used-by-section.png) - -Clicking any item in this section takes you to the **Dependents** tab of the dependency graph. - -The "Used by" section represents a single package from the repository. If you have admin permissions to a repository that contains multiple packages, you can choose which package the "Used by" section represents. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "{% data variables.product.UI_advanced_security %}", click the drop-down menu in the "Used by counter" section and choose a package. - {% endif %} ## Further reading diff --git a/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/index.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/index.md new file mode 100644 index 000000000000..ee3743a1e504 --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/index.md @@ -0,0 +1,21 @@ +--- +title: Securing your dependencies +shortTitle: Secure your dependencies +intro: Keep your supply chain secure by understanding and updating dependencies. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +children: + - /configuring-dependabot-alerts + - /configuring-dependabot-security-updates + - /configuring-dependabot-version-updates + - /keeping-your-actions-up-to-date-with-dependabot + - /enabling-the-dependency-graph + - /exploring-the-dependencies-of-a-repository + - /configuring-automatic-dependency-submission-for-your-repository + - /using-the-dependency-submission-api + - /verifying-the-integrity-of-a-release +--- + diff --git a/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot.md similarity index 59% rename from content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot.md index ee3124491815..b4dcb6166d0b 100644 --- a/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot.md @@ -1,48 +1,32 @@ --- title: Keeping your actions up to date with Dependabot -intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the actions you use updated to the latest versions.' +intro: You can use {% data variables.product.prodname_dependabot %} to keep the actions you use updated to the latest versions. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' redirect_from: - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot + - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Repositories - Dependabot - Version updates - Actions shortTitle: Auto-update actions +contentType: how-tos --- {% data reusables.dependabot.enterprise-enable-dependabot %} -## About {% data variables.product.prodname_dependabot_version_updates %} for actions - -Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's _workflow.yml_ file and reusable workflows used inside workflows are kept up to date. - -For each action in the file, {% data variables.product.prodname_dependabot %} checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. For information about how action creators version their actions, see [Using release management for your custom actions](/actions/learn-github-actions/finding-and-customizing-actions#using-release-management-for-your-custom-actions). - -If a more recent version of the action is available, {% data variables.product.prodname_dependabot %} will send you a pull request that updates the reference in the workflow file to the latest version. For more information about {% data variables.product.prodname_dependabot_version_updates %}, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). For more information about configuring workflows for {% data variables.product.prodname_actions %}, see [AUTOTITLE](/actions/learn-github-actions). - -{% data variables.product.prodname_dependabot %} also checks workflow files for uses of reusable workflows, and updates the git reference for these called reusable workflows. For more information about reusable workflows, see [AUTOTITLE](/actions/using-workflows/reusing-workflows). - -{% ifversion fpt or ghec %} - -> [!NOTE] -> {% data reusables.actions.workflow-runs-dependabot-note %} - -{% endif %} +When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's _workflow.yml_ file and reusable workflows used inside workflows are kept up to date. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-version-updates). ## Enabling {% data variables.product.prodname_dependabot_version_updates %} for actions -You can configure {% data variables.product.prodname_dependabot_version_updates %} to maintain your actions as well as the libraries and packages you depend on. - 1. If you have already enabled {% data variables.product.prodname_dependabot_version_updates %} for other ecosystems or package managers, simply open the existing `dependabot.yml` file. Otherwise, create a `dependabot.yml` configuration file in the `.github` directory of your repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates). 1. Specify `"github-actions"` as a `package-ecosystem` to monitor. 1. Set the `directory` to `"/"` to check for workflow files in `.github/workflows`. @@ -51,7 +35,7 @@ You can configure {% data variables.product.prodname_dependabot_version_updates You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-version-updates-on-forks). -### Example `dependabot.yml` file for {% data variables.product.prodname_actions %} +## Example `dependabot.yml` file for {% data variables.product.prodname_actions %} The example `dependabot.yml` file below configures version updates for {% data variables.product.prodname_actions %}. The `directory` must be set to `"/"` to check for workflow files in `.github/workflows`. The `schedule.interval` is set to `"weekly"`. After this file has been checked in or updated, {% data variables.product.prodname_dependabot %} checks for new versions of your actions. {% data variables.product.prodname_dependabot %} will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, {% data variables.product.prodname_dependabot %} will continue to check for outdated versions of actions once a week. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api.md similarity index 92% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api.md index 26f89c77c7a0..e56724961988 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api.md @@ -1,7 +1,7 @@ --- title: Using the dependency submission API -intro: 'You can use the {% data variables.dependency-submission-api.name %} to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled.' -shortTitle: Dependency submission API +intro: You can use the {% data variables.dependency-submission-api.name %} to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled. +shortTitle: Use dependency submission API topics: - API - Dependency graph @@ -11,6 +11,9 @@ versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api +contentType: how-tos --- ## About the {% data variables.dependency-submission-api.name %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/verifying-the-integrity-of-a-release.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/verifying-the-integrity-of-a-release.md similarity index 77% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/verifying-the-integrity-of-a-release.md rename to content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/verifying-the-integrity-of-a-release.md index 5887986a03c8..0cdf915969e4 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/verifying-the-integrity-of-a-release.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/verifying-the-integrity-of-a-release.md @@ -1,23 +1,25 @@ --- title: Verifying the integrity of a release shortTitle: Verify release integrity -intro: 'You can avoid tampering and accidental changes by ensuring the releases you use have not been modified after publication.' +intro: You can avoid tampering and accidental changes by ensuring the releases you use have not been modified after publication. versions: fpt: '*' ghec: '*' -type: overview topics: - Code Security - Vulnerabilities - Dependencies defaultTool: cli +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/verifying-the-integrity-of-a-release +contentType: how-tos --- {% cli %} ## Prerequisites -Before you can validate the authenticity of a release and its assets on the command line, you need to [install the {% data variables.product.prodname_cli %}](https://github.com/cli/cli?tab=readme-ov-file#installation). +Before you can validate the authenticity of a release and its assets on the command line, you need to [install the {% data variables.product.prodname_cli %}](https://github.com/cli/cli?tab=readme-ov-file&ref_product=supply-chain-security&ref_type=engagement&ref_style=text#installation). ## Verifying immutable releases and local artifacts diff --git a/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/dependabot-updates-stopped.md similarity index 97% rename from content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md rename to content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/dependabot-updates-stopped.md index 3216e814f667..5cdcf952785d 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md +++ b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/dependabot-updates-stopped.md @@ -7,7 +7,6 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Version updates @@ -15,6 +14,9 @@ topics: - Dependencies - Pull requests shortTitle: Dependabot stopped working +redirect_from: + - /code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped +contentType: how-tos --- * When maintainers of a repository stop interacting with {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.prodname_dependabot %} temporarily pauses its updates and lets you know. diff --git a/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/index.md b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/index.md new file mode 100644 index 000000000000..2d05f2fc9b2d --- /dev/null +++ b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/index.md @@ -0,0 +1,18 @@ +--- +title: Troubleshooting dependency security +shortTitle: Troubleshoot dependency security +intro: Get help with Dependabot and dependency detection. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: how-tos +redirect_from: + - /code-security/dependabot/troubleshooting-dependabot +children: + - /troubleshooting-the-detection-of-vulnerable-dependencies + - /dependabot-updates-stopped + - /troubleshooting-the-dependency-graph + - /troubleshooting-dependabot-on-github-actions +--- + diff --git a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions.md b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-dependabot-on-github-actions.md similarity index 75% rename from content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions.md rename to content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-dependabot-on-github-actions.md index f67bc94e67cd..b5b24d2cf743 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions.md +++ b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-dependabot-on-github-actions.md @@ -1,11 +1,10 @@ --- title: Troubleshooting Dependabot on GitHub Actions -intro: 'This article provides troubleshooting information for issues you may encounter when using {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}.' +intro: This article provides troubleshooting information for issues you may encounter when using {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}. versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Actions - Dependabot @@ -17,23 +16,10 @@ topics: shortTitle: Troubleshoot Dependabot on Actions redirect_from: - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-on-github-actions + - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions +contentType: how-tos --- -## Restrictions when {% data variables.product.prodname_dependabot %} triggers events - -{% data reusables.dependabot.working-with-actions-considerations %} - -For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment`, and `deployment_status` events, these restrictions apply: - -* `GITHUB_TOKEN` has read-only permissions by default. -* Secrets are populated from {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. - -For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.event.pull_request.user.login == 'dependabot[bot]'`), the `GITHUB_TOKEN` will be read-only and secrets are not available. - -These restrictions apply even if the workflow is re-run by a different actor. - -For more information, see [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). - ## Troubleshooting failures when {% data variables.product.prodname_dependabot %} triggers existing workflows {% data reusables.dependabot.dependabot-on-actions-troubleshooting-workflows %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-dependency-graph.md similarity index 95% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md rename to content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-dependency-graph.md index a5fdd408a8d5..5c72f7f6f521 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md +++ b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-dependency-graph.md @@ -1,13 +1,12 @@ --- title: Troubleshooting the dependency graph -intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.' +intro: If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check. product: '{% data reusables.gated-features.dependency-graph %}' shortTitle: Troubleshoot dependency graph versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Troubleshooting - Errors @@ -16,6 +15,9 @@ topics: - Dependency graph - CVEs - Repositories +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph +contentType: how-tos --- {% data reusables.dependabot.result-discrepancy %} diff --git a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-detection-of-vulnerable-dependencies.md similarity index 97% rename from content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md rename to content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-detection-of-vulnerable-dependencies.md index 50434476a6d6..07c70763710d 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/content/code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -1,17 +1,17 @@ --- title: Troubleshooting the detection of vulnerable dependencies -intro: 'If the dependency information reported by {% data variables.product.github %} is not what you expected, there are a number of points to consider, and various things you can check.' +intro: If the dependency information reported by {% data variables.product.github %} is not what you expected, there are a number of points to consider, and various things you can check. shortTitle: Troubleshoot vulnerability detection redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Dependabot - Alerts @@ -22,6 +22,7 @@ topics: - Vulnerabilities - CVEs - Repositories +contentType: how-tos --- {% data reusables.dependabot.result-discrepancy %} diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md similarity index 97% rename from content/code-security/security-overview/assessing-adoption-code-security.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md index 867163efde4f..fc4863cbf81f 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md @@ -2,21 +2,23 @@ title: Assessing adoption of security features shortTitle: Assess adoption of features allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see which teams and repositories have already enabled features for secure coding, and identify any that are not yet protected.' +intro: You can use security overview to see which teams and repositories have already enabled features for secure coding, and identify any that are not yet protected. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-both %}' -type: how_to +contentType: how-tos topics: - Security overview - Code Security - Secret Protection - - 'Set up' + - Set up - Organizations - Teams versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/security-overview/assessing-adoption-code-security --- ## About adoption of features for secure coding diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md similarity index 95% rename from content/code-security/security-overview/assessing-code-security-risk.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md index e2805636faed..afb9227b0f1c 100644 --- a/content/code-security/security-overview/assessing-code-security-risk.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md @@ -2,10 +2,10 @@ title: Assessing the security risk of your code shortTitle: Assess security risk of code allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.' +intro: You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-both %}' -type: how_to +contentType: how-tos topics: - Security overview - Code Security @@ -19,6 +19,7 @@ versions: ghec: '*' redirect_from: - /code-security/security-overview/viewing-the-security-overview + - /code-security/security-overview/assessing-code-security-risk --- ## Exploring the security risks in your code diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/export-risk-report-csv.md similarity index 69% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/export-risk-report-csv.md index 6fdf4356f217..cf18b50e2513 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/export-risk-report-csv.md @@ -1,10 +1,10 @@ --- -title: 'Exporting the secret risk assessment report to CSV' -shortTitle: 'Export risk report CSV' -intro: 'Export the {% data variables.product.prodname_secret_risk_assessment %} report to a CSV file for detailed investigation and stakeholder sharing.' +title: Exporting the secret risk assessment report to CSV +shortTitle: Export risk report CSV +intro: Export the {% data variables.product.prodname_secret_risk_assessment %} report to a CSV file for detailed investigation and stakeholder sharing. product: '{% data reusables.gated-features.secret-risk-assessment-report %}' permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}' -type: how_to +contentType: how-tos versions: feature: secret-risk-assessment topics: @@ -13,6 +13,8 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv --- {% data reusables.organizations.navigate-to-org %} diff --git a/content/code-security/security-overview/exporting-data-from-security-overview.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/exporting-data-from-security-overview.md similarity index 88% rename from content/code-security/security-overview/exporting-data-from-security-overview.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/exporting-data-from-security-overview.md index 3f38f6ab060d..f3e32b84a416 100644 --- a/content/code-security/security-overview/exporting-data-from-security-overview.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/exporting-data-from-security-overview.md @@ -6,7 +6,7 @@ permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-both %}' versions: feature: security-overview-export-data -type: how_to +contentType: how-tos topics: - Security overview - Code Security @@ -16,14 +16,11 @@ topics: - Teams redirect_from: - /code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages + - /code-security/security-overview/exporting-data-from-security-overview --- -## About exporting your security overview data - {% data reusables.security-overview.download-csv-files %} -The overview page contains data about security alerts across your organization or enterprise, while the risk and coverage pages contain data about repositories and how they are affected by security alerts or covered by security features. The {% data variables.product.prodname_codeql %} pull request alerts page contains data about {% data variables.product.prodname_codeql %} alerts that were caught in pull requests merged to the default branch. - The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter `dependabot-alerts:enabled`, your file will only contain data for repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}. > [!NOTE] diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md new file mode 100644 index 000000000000..ec244d0d4b17 --- /dev/null +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md @@ -0,0 +1,28 @@ +--- +title: How-tos for analyzing security data for an organization +shortTitle: Analyze organization data +intro: Learn how to assess security risks, track feature adoption, view key metrics, and export data to analyze your organization’s security posture. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: how-tos +children: + - /assessing-code-security-risk + - /assessing-adoption-code-security + - /exporting-data-from-security-overview + - /viewing-security-insights + - /interpreting-security-findings + - /viewing-metrics-for-pull-request-alerts + - /viewing-metrics-for-secret-scanning-push-protection + - /viewing-metrics-for-dependabot-alerts + - /export-risk-report-csv +--- diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/interpreting-security-findings.md similarity index 95% rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/interpreting-security-findings.md index 7560ffd3b5a6..a40840b536b2 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/interpreting-security-findings.md @@ -1,7 +1,7 @@ --- title: Interpreting security findings shortTitle: Interpret security data -intro: 'You can analyze security data on repositories in your organization to determine if you need to make changes to your security setup.' +intro: You can analyze security data on repositories in your organization to determine if you need to make changes to your security setup. permissions: '{% data reusables.permissions.security-org-enable %}' versions: feature: security-configurations @@ -10,8 +10,11 @@ topics: - Secret Protection - Organizations - Security +contentType: how-tos redirect_from: - /code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository + - /code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings + - /code-security/securing-your-organization/managing-the-security-of-your-organization --- ## About security findings diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-dependabot-alerts.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-dependabot-alerts.md new file mode 100644 index 000000000000..3e5134baf5c6 --- /dev/null +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-dependabot-alerts.md @@ -0,0 +1,56 @@ +--- +title: Viewing metrics for Dependabot alerts +shortTitle: View Dependabot metrics +allowTitleToDifferFromFilename: true +intro: You can use security overview to see how many {% data variables.product.prodname_dependabot_alerts %} are in repositories across your organization, to prioritize the most critical alerts to fix, and to identify repositories where you may need to take action. +versions: + feature: dependabot-metrics +permissions: '{% data reusables.permissions.security-overview-dependabot-metrics %}' +product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' +contentType: how-tos +topics: + - Security overview + - Code Security + - Dependabot + - Organizations + - Alerts + - Vulnerabilities +redirect_from: + - /code-security/security-overview/viewing-metrics-for-dependabot-alerts +--- + +You can view metrics for {% data variables.product.prodname_dependabot_alerts %} to track and prioritize vulnerabilities across your organization. For more information about the available metrics and how to use them, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts). + +This article explains how to access and view these metrics for your organization. + +## Viewing metrics for {% data variables.product.prodname_dependabot %} for an organization + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.security-overview %} +1. In the sidebar, under "Metrics", click **{% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} {% data variables.product.prodname_dependabot %} dashboard**. +1. Optionally, use the filters at your disposal, or build your own filters. {% data reusables.security-overview.dependabot-filters-link %} +1. Optionally, click on a number on the x-axis of the chart to filter the alert list by the relevant criteria (for example `has:patch severity:critical,high epss_percentage:>=0.01`). +1. Optionally, click on an individual repository to see the associated {% data variables.product.prodname_dependabot_alerts %}. + +## Configuring funnel categories + +The default funnel order is `has:patch, severity:critical,high, epss_percentage>=0.01`. By tailoring the funnel’s order, you and your teams can focus on the vulnerabilities that matter most to your organization, environments, or regulatory obligations, making remediation efforts more effective and aligned with your specific needs. + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.security-overview %} +1. In the sidebar, under "Metrics", click **{% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} {% data variables.product.prodname_dependabot %} dashboard**. +1. On the top right of the "Alert prioritization" graph, click {% octicon "gear" aria-label="Configure funnel categories" %}. +1. In the "Configure funnel order" dialog, move the criteria as desired. +1. Once you're done, click **Move** to save your changes. + +>[!TIP] You can reset the funnel order back to the default settings by clicking **Reset to default** to the right of the graph. + +## Using metrics effectively + +Use {% data variables.product.prodname_dependabot %} metrics to: + +* **Prioritize remediation**: Focus on critical and high-severity alerts that are easily exploitable. Developers can use severity and patch availability filters to identify vulnerabilities they can fix immediately, reducing noise and focusing attention on actionable issues. +* **Monitor progress**: Track how quickly your organization resolves security vulnerabilities and measure the effectiveness of vulnerability management efforts. +* **Make data-driven decisions**: Allocate resources based on actual risk and usage patterns. The repository-level breakdown helps you understand which projects are most at risk and where to focus remediation efforts. +* **Identify trends**: Understand whether your security posture is improving over time and ensure compliance with organizational or regulatory timelines. +* **Understand risk profiles**: Developers can use these metrics to understand the risk profile of their dependencies, enabling informed prioritization of work. diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md similarity index 94% rename from content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md index 916a7df066f3..87b223d04f30 100644 --- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md @@ -2,10 +2,10 @@ title: Viewing metrics for pull request alerts shortTitle: View PR alert metrics allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.' +intro: You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' -type: how_to +contentType: how-tos topics: - Security overview - Code Security @@ -15,6 +15,8 @@ topics: - Teams versions: feature: security-overview-org-codeql-pr-alerts +redirect_from: + - /code-security/security-overview/viewing-metrics-for-pull-request-alerts --- ## About {% data variables.product.prodname_codeql %} pull request alerts metrics diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md similarity index 88% rename from content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md index 1cc74d226429..f5f913549f23 100644 --- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md @@ -2,12 +2,13 @@ title: Viewing metrics for secret scanning push protection shortTitle: View secret scanning metrics allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action.' +intro: You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}' -type: how_to +contentType: how-tos redirect_from: -- /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization + - /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization + - /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection topics: - Security overview - Secret Protection diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md similarity index 98% rename from content/code-security/security-overview/viewing-security-insights.md rename to content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md index ab7259b56066..b782e1812e5f 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md @@ -1,14 +1,14 @@ --- title: Viewing security insights shortTitle: View security insights -intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.' +intro: You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-both %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Security overview - Code Security @@ -17,11 +17,10 @@ topics: - Organizations redirect_from: - /code-security/security-overview/viewing-security-insights-for-your-organization + - /code-security/security-overview/viewing-security-insights allowTitleToDifferFromFilename: true --- - - ## {% ifversion security-overview-dashboard-enterprise %}About security insights{% else %} About organization-level security insights{% endif %} The overview page in security overview is a consolidated dashboard of insights about your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}'s security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes. diff --git a/content/code-security/how-tos/view-and-interpret-data/change-used-by-data.md b/content/code-security/how-tos/view-and-interpret-data/change-used-by-data.md new file mode 100644 index 000000000000..95331b104d37 --- /dev/null +++ b/content/code-security/how-tos/view-and-interpret-data/change-used-by-data.md @@ -0,0 +1,19 @@ +--- +title: Changing the "used by" data for a repository +shortTitle: Change "used by" data +intro: Display your repository's dependents for a different package. +permissions: 'Repository administrators' +versions: + fpt: '*' + ghec: '*' +contentType: how-tos +--- + +{% data reusables.dependency-graph.used-by %} For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-the-dependency-graph#dependents-and-used-by-data). + +If you have admin permissions to a repository that contains multiple packages, you can choose which package the "Used by" section represents. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %} +1. Under "{% data variables.product.UI_advanced_security %}", click the drop-down menu in the "Used by counter" section and choose a package. diff --git a/content/code-security/how-tos/view-and-interpret-data/index.md b/content/code-security/how-tos/view-and-interpret-data/index.md new file mode 100644 index 000000000000..d3cbe5d660e5 --- /dev/null +++ b/content/code-security/how-tos/view-and-interpret-data/index.md @@ -0,0 +1,24 @@ +--- +title: How-tos for viewing and interpreting security results +shortTitle: View and interpret data +intro: Discover how to analyze organization-level security data, interpret key insights and metrics, and export reports to assess your security posture. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: how-tos +children: + - /analyze-organization-data + - /viewing-code-scanning-logs + - /viewing-dependabot-job-logs + - /metrics-for-custom-patterns + - /change-used-by-data +--- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md b/content/code-security/how-tos/view-and-interpret-data/metrics-for-custom-patterns.md similarity index 75% rename from content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md rename to content/code-security/how-tos/view-and-interpret-data/metrics-for-custom-patterns.md index b7d9b3db32b5..1a210b8ee2dc 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md +++ b/content/code-security/how-tos/view-and-interpret-data/metrics-for-custom-patterns.md @@ -1,16 +1,18 @@ --- title: Metrics for custom patterns shortTitle: Custom pattern metrics -intro: 'You can view alert metrics for custom patterns at the repository, organization, and enterprise levels.' +intro: You can view alert metrics for custom patterns at the repository, organization, and enterprise levels. permissions: '{% data reusables.permissions.security-enterprise-enable %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: how-tos topics: - Secret Protection - Secret scanning +redirect_from: + - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns --- ## Metrics for custom patterns diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md b/content/code-security/how-tos/view-and-interpret-data/viewing-code-scanning-logs.md similarity index 72% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md rename to content/code-security/how-tos/view-and-interpret-data/viewing-code-scanning-logs.md index 8b480bb91ae8..2bd541732acb 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md +++ b/content/code-security/how-tos/view-and-interpret-data/viewing-code-scanning-logs.md @@ -1,14 +1,16 @@ --- title: Viewing code scanning logs -intro: 'You can view the output generated during {% data variables.product.prodname_code_scanning %} analysis in {% data variables.product.github %}.' +intro: You can view the output generated during {% data variables.product.prodname_code_scanning %} analysis in {% data variables.product.github %}. permissions: '{% data reusables.permissions.code-scanning-pr-alerts %}' redirect_from: - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs + - /code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs versions: fpt: '*' ghes: '*' ghec: '*' +contentType: how-tos topics: - Security shortTitle: View code scanning logs @@ -75,15 +77,17 @@ After configuring {% data variables.product.prodname_code_scanning %} for your r ### Determining whether {% data variables.product.prodname_code_scanning %} default setup used any private registries -{% data variables.product.prodname_code_scanning_caps %} default setup includes a `Setup proxy or registries` step. When you are looking at a log file for default setup, you can expand this step. If the step includes: +{% data variables.product.prodname_code_scanning_caps %} default setup workflows include a `Setup proxy for registries` step. When you are looking at a workflow run for default setup, you can expand this step to view the corresponding log and look for the following messages: -* `Using registries_credentials input.` At least one private registry is configured for the organization. +* `Using registries_credentials input.` At least one private registry is configured for the organization. This includes configurations for private registry types which are not supported by {% data variables.product.prodname_code_scanning %} default setup. For more details about supported registry types, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries#code-scanning-default-setup-access-to-private-registries). * `Credentials loaded for the following registries:` - * No further output in the step. Access was unsuccessful. - * `Type: nuget_feed;` Default set up accessed a private Nuget feed. - * `Type: maven_repository;` Default set up accessed a private Maven repository. + * If no list of configurations follows, then no private registry configurations supported by {% data variables.product.prodname_code_scanning %} default setup were found. + * Otherwise, one line for each supported configuration that was successfully loaded is shown. For example, a line containing `Type: nuget_feed; Host: undefined; Url: https://nuget.pkg.github.com/; Username: undefined; Password: true; Token: false` indicates that a private NuGet Feed configuration was loaded. + * The information about the configuration in the log may not match exactly what is configured for the organization in the UI. For example, the log may indicate that a `Password` is set, even though a `Token` is configured in the UI. -For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries). +If the output from the `Setup proxy for registries` step is as expected, but {% data variables.product.prodname_code_scanning %} default setup is unable to successfully access dependencies in the private registries, you can obtain additional troubleshooting information. See [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup). + +For more information about giving {% data variables.product.prodname_code_scanning %} default setup access to private registries, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries). {% endif %} diff --git a/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md b/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md new file mode 100644 index 000000000000..9c9ca0d00b14 --- /dev/null +++ b/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md @@ -0,0 +1,35 @@ +--- +title: Viewing Dependabot job logs +intro: Access job logs to troubleshoot failed {% data variables.product.prodname_dependabot_updates %} and understand what is happening. +shortTitle: View Dependabot logs +permissions: '{% data reusables.permissions.dependabot-various-tasks %}' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +contentType: how-tos +topics: + - Dependabot + - Troubleshooting + - Errors + - Security updates + - Dependencies +redirect_from: + - /code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs + - /code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs +--- + +When {% data variables.product.prodname_dependabot_updates %} fail or behave unexpectedly, job logs show you exactly what happened. Access job logs from the dependency graph to debug issues quickly. For background on what job logs contain and the types of jobs {% data variables.product.github %} records, see [AUTOTITLE](/code-security/concepts/supply-chain-security/dependabot-job-logs). + +## Viewing {% data variables.product.prodname_dependabot %} job logs + +The {% data variables.product.prodname_dependabot %} job logs list is accessible from the dependency graph tab in your repository. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.accessing-repository-graphs %} +{% data reusables.repositories.click-dependency-graph %} +{% data reusables.dependabot.click-dependabot-tab %} +1. To the right of the name of manifest file that you're interested in, click **Recent update jobs**. +1. Optionally, to see the full logs files for a particular job, click **view logs**. + + ![Screenshot of a Dependabot job log entry for the Gemfile package manager. A button, called "View logs", is highlighted in a dark orange outline.](/assets/images/help/dependabot/dependabot-job-logs.png) diff --git a/content/code-security/index.md b/content/code-security/index.md index e350d908b53b..7c210cca6ec0 100644 --- a/content/code-security/index.md +++ b/content/code-security/index.md @@ -1,32 +1,32 @@ --- title: Security and code quality documentation shortTitle: Security and code quality -intro: 'Build security and code quality into your {% data variables.product.github %} workflow to secure your software supply chain, prevent data leaks, and automatically find and fix vulnerabilities and code health issues in your codebase.' +intro: Build security and code quality into your {% data variables.product.github %} workflow to secure your software supply chain, prevent data leaks, and automatically find and fix vulnerabilities and code health issues in your codebase. redirect_from: - /code-security/guides introLinks: overview: '{% ifversion ghes %}/code-security/getting-started/github-security-features{% endif %}' - generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment{% endif %}' + generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk{% endif %}' featuredLinks: - startHere: # Links aimed at the builder audience + startHere: - '{% ifversion fpt or ghec %}/code-security/getting-started/github-security-features{% endif %}' - /code-security/getting-started/quickstart-for-securing-your-repository - '{% ifversion ghes %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection{% endif %}' - - /code-security/getting-started/dependabot-quickstart-guide - - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning + - /code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide + - /code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning guideCards: - /code-security/trialing-github-advanced-security/planning-a-trial-of-ghas - /code-security/secret-scanning/enabling-secret-scanning-features - - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning - - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates - popular: # Links aimed at the driver audience + - /code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning + - /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates + - /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates + popular: - '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment{% endif %}' - '{% ifversion ghes %}/admin/release-notes{% endif %}' - - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities - - /code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization - - /code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale - - /code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies + - /code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities + - /code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization + - /code-security/tutorials/secure-your-organization/best-practice-fix-alerts-at-scale + - /code-security/concepts/supply-chain-security/best-practices-for-maintaining-dependencies changelog: label: security-and-compliance versions: @@ -43,16 +43,9 @@ topics: - Vulnerabilities children: - /getting-started - - /trialing-github-advanced-security - - /code-quality - - /adopting-github-advanced-security-at-scale - - /securing-your-organization - - /secret-scanning - - /code-scanning - - /codeql-cli - - /codeql-for-vs-code - - /security-advisories - - /supply-chain-security - - /dependabot - - /security-overview + - /concepts + - /how-tos + - /reference + - /tutorials + - /responsible-use --- diff --git a/content/code-security/code-quality/reference/codeql-detection.md b/content/code-security/reference/code-quality/codeql-detection.md similarity index 54% rename from content/code-security/code-quality/reference/codeql-detection.md rename to content/code-security/reference/code-quality/codeql-detection.md index a96d3d27e3c7..c9ad3305c015 100644 --- a/content/code-security/code-quality/reference/codeql-detection.md +++ b/content/code-security/reference/code-quality/codeql-detection.md @@ -1,21 +1,43 @@ --- -title: CodeQL detection of code quality problems -shortTitle: CodeQL detection -intro: 'Information on how CodeQL-powered analysis for {% data variables.product.prodname_code_quality_short %} works, the workflow used, and the status checks reported on pull requests.' +title: CodeQL-powered analysis for Code Quality +shortTitle: CodeQL analysis +allowTitleToDifferFromFilename: true +intro: Information on how CodeQL-powered analysis for {% data variables.product.prodname_code_quality_short %} works, the workflow used, and the status checks reported on pull requests. versions: feature: code-quality topics: - Code Quality contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-detection --- {% data reusables.code-quality.code-quality-preview-note %} -## {% data variables.product.prodname_codeql %} detection +## {% data variables.product.prodname_codeql %}-powered analysis -{% data variables.product.prodname_code_quality_short %} performs rule-based analysis of pull requests and your default branch using {% data variables.product.prodname_codeql %}. Each rule is written as a query in {% data variables.product.prodname_codeql %} and then run using {% data variables.product.prodname_actions %}. +{% data variables.product.prodname_code_quality_short %} uses {% data variables.product.prodname_codeql %} to perform rule-based analysis of pull requests and your default branch. -The rules are continually refined by both {% data variables.product.github %} and open source developers. See [https://github.com/github/codeql](https://github.com/github/codeql). +* Findings for your **default branch** appear under the "{% data variables.code-quality.all_findings %}" dashboard under your repository's Security tab. + +* Findings **on pull requests** appear as comments made by `{% data variables.code-quality.pr_commenter %}`. + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +### Query lists for supported languages + +Each {% data variables.product.prodname_code_quality_short %} rule is written as a query in {% data variables.product.prodname_codeql %} and then run using {% data variables.product.prodname_actions %}. + +The rules are continually refined by both {% data variables.product.github %} and open source developers. + +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/csharp-queries) +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/go-queries) +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/java-queries) +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/javascript-queries) +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/python-queries) +* [AUTOTITLE](/code-security/code-quality/reference/codeql-queries/ruby-queries) + +For more information about the {% data variables.product.prodname_codeql %} project, see [https://codeql.github.com/](https://codeql.github.com/). ## Workflow used for code quality analysis diff --git a/content/code-security/reference/code-quality/codeql-queries/csharp-queries.md b/content/code-security/reference/code-quality/codeql-queries/csharp-queries.md new file mode 100644 index 000000000000..aabf3f1d2a68 --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/csharp-queries.md @@ -0,0 +1,22 @@ +--- +title: C# CodeQL queries for Code Quality +shortTitle: C# queries +allowTitleToDifferFromFilename: true +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in C#. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/csharp-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze C# code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.csharp %} diff --git a/content/code-security/reference/code-quality/codeql-queries/go-queries.md b/content/code-security/reference/code-quality/codeql-queries/go-queries.md new file mode 100644 index 000000000000..2a55e49ec8db --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/go-queries.md @@ -0,0 +1,21 @@ +--- +title: Go CodeQL queries for Code Quality +shortTitle: Go queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in Go. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/go-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze Go code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.go %} diff --git a/content/code-security/reference/code-quality/codeql-queries/index.md b/content/code-security/reference/code-quality/codeql-queries/index.md new file mode 100644 index 000000000000..1e7d580b04f6 --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/index.md @@ -0,0 +1,23 @@ +--- +title: Reference for CodeQL queries +shortTitle: CodeQL queries +intro: Find lists of CodeQL queries used by {% data variables.product.prodname_code_quality_short %} for each supported programming language. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Code scanning + - Vulnerabilities +contentType: reference +children: + - /csharp-queries + - /go-queries + - /java-queries + - /javascript-queries + - /python-queries + - /ruby-queries +redirect_from: + - /code-security/code-quality/reference/codeql-queries +--- diff --git a/content/code-security/reference/code-quality/codeql-queries/java-queries.md b/content/code-security/reference/code-quality/codeql-queries/java-queries.md new file mode 100644 index 000000000000..fbc834d87df7 --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/java-queries.md @@ -0,0 +1,22 @@ +--- +title: Java CodeQL queries for Code Quality +shortTitle: Java queries +allowTitleToDifferFromFilename: true +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in Java. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/java-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze Java code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.java %} diff --git a/content/code-security/reference/code-quality/codeql-queries/javascript-queries.md b/content/code-security/reference/code-quality/codeql-queries/javascript-queries.md new file mode 100644 index 000000000000..6c291bf53959 --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/javascript-queries.md @@ -0,0 +1,22 @@ +--- +title: JavaScript CodeQL queries for Code Quality +shortTitle: JavaScript queries +allowTitleToDifferFromFilename: true +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in JavaScript. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/javascript-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze JavaScript code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.javascript %} diff --git a/content/code-security/reference/code-quality/codeql-queries/python-queries.md b/content/code-security/reference/code-quality/codeql-queries/python-queries.md new file mode 100644 index 000000000000..d5f3c48a7d79 --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/python-queries.md @@ -0,0 +1,22 @@ +--- +title: Python CodeQL queries for Code Quality +shortTitle: Python queries +allowTitleToDifferFromFilename: true +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in Python. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/python-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze Python code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.python %} diff --git a/content/code-security/reference/code-quality/codeql-queries/ruby-queries.md b/content/code-security/reference/code-quality/codeql-queries/ruby-queries.md new file mode 100644 index 000000000000..776145737d5d --- /dev/null +++ b/content/code-security/reference/code-quality/codeql-queries/ruby-queries.md @@ -0,0 +1,22 @@ +--- +title: Ruby CodeQL queries for Code Quality +shortTitle: Ruby queries +allowTitleToDifferFromFilename: true +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code quality for code written in Ruby. +versions: + feature: code-quality +topics: + - Code Quality +contentType: reference +redirect_from: + - /code-security/code-quality/reference/codeql-queries/ruby-queries +--- + +{% data variables.product.prodname_code_quality_short %} uses the following {% data variables.product.prodname_codeql %} queries to analyze Ruby code and detect code quality issues on: + +* Your **default branch**, with results shown on the repository's "{% data variables.code-quality.all_findings %}" dashboard +* **Pull requests**, with findings shown as comments made by `{% data variables.code-quality.pr_commenter %}` + +{% data variables.copilot.copilot_autofix_short %} suggestions are provided for findings where possible. + +{% data reusables.code-quality.codeql-query-tables.ruby %} diff --git a/content/code-security/reference/code-quality/index.md b/content/code-security/reference/code-quality/index.md new file mode 100644 index 000000000000..260392750b33 --- /dev/null +++ b/content/code-security/reference/code-quality/index.md @@ -0,0 +1,18 @@ +--- +title: Reference for code quality +shortTitle: Code quality +intro: Find reference documentation for {% data variables.product.prodname_code_quality_short %}. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Quality +contentType: reference +children: + - /metrics-and-ratings + - /codeql-detection + - /codeql-queries +redirect_from: + - /code-security/code-quality/reference +--- diff --git a/content/code-security/code-quality/reference/metrics-and-ratings.md b/content/code-security/reference/code-quality/metrics-and-ratings.md similarity index 94% rename from content/code-security/code-quality/reference/metrics-and-ratings.md rename to content/code-security/reference/code-quality/metrics-and-ratings.md index 51d99a9b330e..b23559073ea5 100644 --- a/content/code-security/code-quality/reference/metrics-and-ratings.md +++ b/content/code-security/reference/code-quality/metrics-and-ratings.md @@ -1,12 +1,14 @@ --- title: Metrics and ratings reference shortTitle: Metrics and ratings -intro: 'Understand the terminology used by {% data variables.product.github %} to assess the quality of your repository''s code.' +intro: Understand the terminology used by {% data variables.product.github %} to assess the quality of your repository's code. versions: feature: code-quality topics: - Code Quality contentType: reference +redirect_from: + - /code-security/code-quality/reference/metrics-and-ratings --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-decode.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode.md similarity index 93% rename from content/code-security/codeql-cli/codeql-cli-manual/bqrs-decode.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode.md index 091913b27998..bba5d9e1871a 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-decode.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Convert result data from BQRS into other forms. redirect_from: - /code-security/codeql-cli/manual/bqrs-decode + - /code-security/codeql-cli/codeql-cli-manual/bqrs-decode +contentType: reference --- @@ -52,7 +53,7 @@ The file to write the desired output to. #### `-r, --result-set=` Select a particular result set from the BQRS file to decode. The -available results sets can be listed by [codeql bqrs info](/code-security/codeql-cli/codeql-cli-manual/bqrs-info). +available results sets can be listed by [codeql bqrs info](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-info). If no result set is selected, all result sets will be decoded, provided the selected output format and processing options support that. @@ -115,7 +116,7 @@ at the top, or at the location given by `--start-at`. #### `--start-at=` \[Advanced] Start printing the row defined at a particular byte offset -in the BQRS file. The offset must be gotten from [codeql bqrs info](/code-security/codeql-cli/codeql-cli-manual/bqrs-info), or from the "next" pointer found in JSON output from a previous invocation with `--rows` +in the BQRS file. The offset must be gotten from [codeql bqrs info](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-info), or from the "next" pointer found in JSON output from a previous invocation with `--rows` set. Other offsets are likely to produce nonsense output and/or explicit errors. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-diff.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-diff.md similarity index 89% rename from content/code-security/codeql-cli/codeql-cli-manual/bqrs-diff.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-diff.md index 89f8e81da92f..19c0ca06c991 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-diff.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-diff.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Compute the difference between two result sets. redirect_from: - /code-security/codeql-cli/manual/bqrs-diff + - /code-security/codeql-cli/codeql-cli-manual/bqrs-diff +contentType: reference --- @@ -65,6 +66,13 @@ corresponding output instead of comparing. If --both is given, that output is taken from `file1`. Defaults to 'nodes,edges,subpaths' to simplify handling of path-problem results. +#### `--result-sets=,` + +Compare only the specified result sets. The format is +\,\ where \ is the result set name in `file1` +and \ is the result set name in `file2`. The two result sets +must be compatible. The option can be repeated. + #### `--[no-]compare-internal-ids` \[Advanced] Include internal entity IDs in the comparison. Entity IDs diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-hash.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-hash.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/bqrs-hash.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-hash.md index 7624f3eb664e..39afe899b05d 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-hash.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-hash.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Compute a stable hash of a BQRS file.' redirect_from: - /code-security/codeql-cli/manual/bqrs-hash + - /code-security/codeql-cli/codeql-cli-manual/bqrs-hash +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-info.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-info.md similarity index 87% rename from content/code-security/codeql-cli/codeql-cli-manual/bqrs-info.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-info.md index 5e3a997d37d7..45fb8f1712a7 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-info.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-info.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Display metadata for a BQRS file. redirect_from: - /code-security/codeql-cli/manual/bqrs-info + - /code-security/codeql-cli/codeql-cli-manual/bqrs-info +contentType: reference --- @@ -40,7 +41,7 @@ names and sizes of each result set (table) in the BQRS file, and the column types of each result set. It can also optionally precompute offsets for using the pagination -options of [codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode). This is mainly useful for IDE plugins. +options of [codeql bqrs decode](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode). This is mainly useful for IDE plugins. ## Options @@ -60,7 +61,7 @@ Select output format, either `text` _(default)_ or `json`. \[Advanced] When given together with `--format=json`, compute a table of byte offsets that can later be given to the `--start-at` option of -[codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode), to start streaming results at positions 0, _\_, 2\*_\_, and so +[codeql bqrs decode](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode), to start streaming results at positions 0, _\_, 2\*_\_, and so forth. #### `--paginate-result-set=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret.md similarity index 99% rename from content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret.md index 45f7c46ad674..80b6203b6273 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Interpret data in a single BQRS.' redirect_from: - /code-security/codeql-cli/manual/bqrs-interpret + - /code-security/codeql-cli/codeql-cli-manual/bqrs-interpret +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-add-diagnostic.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-add-diagnostic.md index 3bc1a01adef4..416fcccc422c 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-add-diagnostic.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli redirect_from: - /code-security/codeql-cli/manual/database-add-diagnostic + - /code-security/codeql-cli/codeql-cli-manual/database-add-diagnostic +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze.md similarity index 93% rename from content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze.md index 190528e5cc02..8ce6339ff807 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- source code. redirect_from: - /code-security/codeql-cli/manual/database-analyze + - /code-security/codeql-cli/codeql-cli-manual/database-analyze +contentType: reference --- @@ -41,9 +42,9 @@ Run a query suite (or some individual queries) against a CodeQL database, producing results, styled as alerts or paths, in SARIF or another interpreted format. -This command combines the effect of the [codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries) and [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results) commands. If you want to run queries whose results _don't_ meet the requirements for +This command combines the effect of the [codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries) and [codeql database interpret-results](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results) commands. If you want to run queries whose results _don't_ meet the requirements for being interpreted as source-code alerts, use -[codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries) or [codeql query run](/code-security/codeql-cli/codeql-cli-manual/query-run) instead, and then [codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode) to convert the raw results to a readable notation. +[codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries) or [codeql query run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-run) instead, and then [codeql bqrs decode](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode) to convert the raw results to a readable notation. ## Options @@ -151,7 +152,7 @@ all queries. It loads query help for /path/to/query.ql from the /path/to/query.md file. If this flag is not supplied the default behavior is to include help only for custom queries i.e. those in query packs which are not of the form \`codeql/\` @@ -166,7 +167,7 @@ queries i.e. those in query packs which are not of the form `never`: Do not include query help for any queries. -This option has no effect when passed to [codeql bqrs interpret](/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret). +This option has no effect when passed to [codeql bqrs interpret](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret). Available since `v2.15.2`. @@ -181,7 +182,7 @@ Available since `v2.18.1`. \[SARIF formats only] Place the rule object for each query under its corresponding QL pack in the `.tool.extensions` property. This -option has no effect when passed to [codeql bqrs interpret](/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret). +option has no effect when passed to [codeql bqrs interpret](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret). #### `--[no-]sarif-multicause-markdown` @@ -316,7 +317,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -328,9 +329,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -341,7 +340,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-bundle.md similarity index 95% rename from content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-bundle.md index 2d520bd3130d..adbe27c8af5d 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-bundle.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Create a relocatable archive of a CodeQL database. redirect_from: - /code-security/codeql-cli/manual/database-bundle + - /code-security/codeql-cli/codeql-cli-manual/database-bundle +contentType: reference --- @@ -78,6 +79,13 @@ Available since `v2.13.3`. Include an uncompressed version of the source archive directory. This is necessary for legacy CodeQL plugins (like CodeQL for Eclipse). +#### `--include=` + +\[Advanced] Additional paths relative to the database directory to +include in the bundle. + +Available since `v2.24.0`. + #### `--name=` The name of the top-level directory in the bundle. If not given, it diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-cleanup.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/database-cleanup.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup.md index 7eb9659cc56c..cee246fed100 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-cleanup.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Compact a CodeQL database on disk. redirect_from: - /code-security/codeql-cli/manual/database-cleanup + - /code-security/codeql-cli/codeql-cli-manual/database-cleanup +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-create.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/database-create.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create.md index 7c9119991eb2..3cc94fba5cae 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-create.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- one of the CodeQL products. redirect_from: - /code-security/codeql-cli/manual/database-create + - /code-security/codeql-cli/codeql-cli-manual/database-create +contentType: reference --- @@ -73,7 +74,7 @@ delete the entire database directory. on how to create the CodeQL databases and what queries to run in later steps. For more details on the format of this configuration file, refer to [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning). To run queries from -this file in a later step, invoke [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) without any other queries specified. +this file in a later step, invoke [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) without any other queries specified. #### `--[no-]db-cluster` @@ -85,7 +86,7 @@ directory given on the command line. The language that the new database will be used to analyze. -Use [codeql resolve languages](/code-security/codeql-cli/codeql-cli-manual/resolve-languages) to get a list of the pluggable language extractors found on the search path. +Use [codeql resolve languages](/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-languages) to get a list of the pluggable language extractors found on the search path. When the `--db-cluster` option is given, this can appear multiple times, or the value can be a comma-separated list of languages. @@ -172,7 +173,7 @@ will be left unfinalized. #### `--[no-]linkage-aware-import` -\[Advanced] Controls whether [codeql dataset import](/code-security/codeql-cli/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation +\[Advanced] Controls whether [codeql dataset import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation consumes too much memory, disabling this option may help them progress at the expense of database completeness. @@ -348,10 +349,10 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed after extractor options given via `--extractor-options-file`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the @@ -374,10 +375,10 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed before extractor options given via `--extractor-option`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-export-diagnostics.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-export-diagnostics.md index aab924d80e9c..6f52baf38369 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-export-diagnostics.md @@ -11,11 +11,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli redirect_from: - /code-security/codeql-cli/manual/database-export-diagnostics + - /code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics +contentType: reference --- @@ -46,7 +47,7 @@ Available since `v2.12.6`. #### `` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). If the `--db-cluster` option is given, this is not a database itself, but a directory that _contains_ databases, and all of those databases diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-finalize.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md similarity index 90% rename from content/code-security/codeql-cli/codeql-cli-manual/database-finalize.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md index ae07940d4fdd..5c81dba4ae82 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-finalize.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Final steps in database creation.' redirect_from: - /code-security/codeql-cli/manual/database-finalize + - /code-security/codeql-cli/codeql-cli-manual/database-finalize +contentType: reference --- @@ -34,7 +35,7 @@ codeql database finalize [--dbscheme=] [--threads=] [--ram=] ` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). If the `--db-cluster` option is given, this is not a database itself, but a directory that _contains_ databases, and all of those databases @@ -61,7 +62,7 @@ construction. Those databases will be processed together. These will not themselves be finalized, but the data from them will be included in the finalized database being created. This is an advanced option that may not have the desired effect in all cases. For more -information, please refer to the documentation of [codeql database import](/code-security/codeql-cli/codeql-cli-manual/database-import). +information, please refer to the documentation of [codeql database import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-import). If the `--db-cluster` option is given, it is expected that these will be database clusters rather than individual CodeQL databases. @@ -187,7 +188,7 @@ takes up a lot of space in the dataset. #### `--[no-]linkage-aware-import` -\[Advanced] Controls whether [codeql dataset import](/code-security/codeql-cli/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation +\[Advanced] Controls whether [codeql dataset import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation consumes too much memory, disabling this option may help them progress at the expense of database completeness. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-import.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-import.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/database-import.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-import.md index 1720418a1280..057bd0f790ef 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-import.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-import.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- unfinalized database. redirect_from: - /code-security/codeql-cli/manual/database-import + - /code-security/codeql-cli/codeql-cli-manual/database-import +contentType: reference --- @@ -57,7 +58,7 @@ meaningful. #### `` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). If the `--db-cluster` option is given, this is not a database itself, but a directory that _contains_ databases, and all of those databases @@ -131,7 +132,7 @@ takes up a lot of space in the dataset. #### `--[no-]linkage-aware-import` -\[Advanced] Controls whether [codeql dataset import](/code-security/codeql-cli/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation +\[Advanced] Controls whether [codeql dataset import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation consumes too much memory, disabling this option may help them progress at the expense of database completeness. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-index-files.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-index-files.md similarity index 89% rename from content/code-security/codeql-cli/codeql-cli-manual/database-index-files.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-index-files.md index 7d66da5c6d38..cb2728470c5f 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-index-files.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-index-files.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Index standalone files with a given CodeQL extractor.' redirect_from: - /code-security/codeql-cli/manual/database-index-files + - /code-security/codeql-cli/codeql-cli-manual/database-index-files +contentType: reference --- @@ -56,7 +57,7 @@ patterns, which can use the following wildcard characters: #### `` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). #### `-l, --language=` @@ -81,7 +82,7 @@ set, the environment variable value takes precedence over this option. \[Advanced] The directory in which the specified command should be executed. If this argument is not provided, the command is executed in -the value of `--source-root` passed to [codeql database create](/code-security/codeql-cli/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the +the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the current working directory. ### Options to control extractor behavior @@ -104,10 +105,10 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed after extractor options given via `--extractor-options-file`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the @@ -130,10 +131,10 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed before extractor options given via `--extractor-option`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-init.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/database-init.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init.md index a7ac69276878..dbb4108a38a8 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-init.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Create an empty CodeQL database.' redirect_from: - /code-security/codeql-cli/manual/database-init + - /code-security/codeql-cli/codeql-cli-manual/database-init +contentType: reference --- @@ -36,7 +37,7 @@ codeql database init --source-root= [--language=[,...]] [--gith Create a skeleton structure for a CodeQL database that doesn't have a raw QL dataset yet, but is ready for running extractor steps. After this -command completes, run one or more [codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) commands followed by [codeql database finalize](/code-security/codeql-cli/codeql-cli-manual/database-finalize) to prepare the database for querying. +command completes, run one or more [codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) commands followed by [codeql database finalize](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize) to prepare the database for querying. (Part of what this does is resolve the location of the appropriate language pack and store it in the database metadata, such that it won't @@ -86,7 +87,7 @@ delete the entire database directory. on how to create the CodeQL databases and what queries to run in later steps. For more details on the format of this configuration file, refer to [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning). To run queries from -this file in a later step, invoke [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) without any other queries specified. +this file in a later step, invoke [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) without any other queries specified. #### `--[no-]db-cluster` @@ -98,7 +99,7 @@ directory given on the command line. The language that the new database will be used to analyze. -Use [codeql resolve languages](/code-security/codeql-cli/codeql-cli-manual/resolve-languages) to get a list of the pluggable language extractors found on the search path. +Use [codeql resolve languages](/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-languages) to get a list of the pluggable language extractors found on the search path. When the `--db-cluster` option is given, this can appear multiple times, or the value can be a comma-separated list of languages. @@ -270,7 +271,7 @@ given via `--extractor-options-file`. When passed to codeql database init or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the @@ -296,7 +297,7 @@ given via `--extractor-option`. When passed to codeql database init or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to -[codeql database trace-command](/code-security/codeql-cli/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. +[codeql database trace-command](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command) then the options also need to be passed there if desired. See for more information on CodeQL extractor options, including how to list the diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results.md similarity index 93% rename from content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results.md index 7abb3c8fa5f3..64357bf339c9 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- such as SARIF or CSV. redirect_from: - /code-security/codeql-cli/manual/database-interpret-results + - /code-security/codeql-cli/codeql-cli-manual/database-interpret-results +contentType: reference --- @@ -38,7 +39,7 @@ codeql database interpret-results --format= --output= [--threads such as SARIF or CSV. The results should have been computed and stored in a CodeQL database -directory using [codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries). (Usually you'd want to do these steps together, by using [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze)). +directory using [codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries). (Usually you'd want to do these steps together, by using [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze)). ## Options @@ -53,7 +54,7 @@ directory using [codeql database run-queries](/code-security/codeql-cli/codeql-c Repeat the specification of which queries were executed here. If omitted, the CLI will determine a suitable set of queries using the -same logic as [codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries). +same logic as [codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries). (In a future version it ought to be possible to omit this and instead interpret all results that are found in the database. That glorious @@ -113,7 +114,7 @@ all queries. It loads query help for /path/to/query.ql from the /path/to/query.md file. If this flag is not supplied the default behavior is to include help only for custom queries i.e. those in query packs which are not of the form \`codeql/\` @@ -128,7 +129,7 @@ queries i.e. those in query packs which are not of the form `never`: Do not include query help for any queries. -This option has no effect when passed to [codeql bqrs interpret](/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret). +This option has no effect when passed to [codeql bqrs interpret](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret). Available since `v2.15.2`. @@ -143,7 +144,7 @@ Available since `v2.18.1`. \[SARIF formats only] Place the rule object for each query under its corresponding QL pack in the `.tool.extensions` property. This -option has no effect when passed to [codeql bqrs interpret](/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret). +option has no effect when passed to [codeql bqrs interpret](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-interpret). #### `--[no-]sarif-multicause-markdown` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-print-baseline.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-print-baseline.md similarity index 91% rename from content/code-security/codeql-cli/codeql-cli-manual/database-print-baseline.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-print-baseline.md index ee6a2decd9a4..4ceb25dec6c7 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-print-baseline.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-print-baseline.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Print a summary of the baseline lines of code seen.' redirect_from: - /code-security/codeql-cli/manual/database-print-baseline + - /code-security/codeql-cli/codeql-cli-manual/database-print-baseline +contentType: reference --- @@ -35,7 +36,7 @@ codeql database print-baseline ... -- \[Plumbing] Print a summary of the baseline lines of code seen. This command will print to standard out the baseline lines of code seen -within the source root specified at [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) time for each language present in the database. +within the source root specified at [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) time for each language present in the database. The baseline is an estimate of the non-empty, non-comment lines of code in a database. This count is different from the lines of code counted by @@ -52,7 +53,7 @@ source root. #### `` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). If the `--db-cluster` option is given, this is not a database itself, but a directory that _contains_ databases, and all of those databases diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries.md similarity index 90% rename from content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries.md index fa354dc903e9..ee4da6678747 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Run a set of queries together.' redirect_from: - /code-security/codeql-cli/manual/database-run-queries + - /code-security/codeql-cli/codeql-cli-manual/database-run-queries +contentType: reference --- @@ -37,13 +38,13 @@ codeql database run-queries [--threads=] [--ram=] ... -- ` @@ -170,9 +171,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -183,7 +182,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-trace-command.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/database-trace-command.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command.md index 8f90ceb9d32c..65fe26e6f8ba 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-trace-command.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Run a single command as part of a traced build.' redirect_from: - /code-security/codeql-cli/manual/database-trace-command + - /code-security/codeql-cli/codeql-cli-manual/database-trace-command +contentType: reference --- @@ -45,7 +46,7 @@ database. #### `` \[Mandatory] Path to the CodeQL database under construction. This must -have been prepared for extraction with [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init). +have been prepared for extraction with [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init). If the `--db-cluster` option is given, this is not a database itself, but a directory that _contains_ databases, and all of those databases @@ -113,7 +114,7 @@ cannot be used in conjunction with `--index-traceless-dbs`. \[Advanced] The directory in which the specified command should be executed. If this argument is not provided, the command is executed in -the value of `--source-root` passed to [codeql database create](/code-security/codeql-cli/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the +the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the current working directory. #### `--no-run-unnecessary-builds` @@ -144,7 +145,7 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed after extractor options given via `--extractor-options-file`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to codeql database trace-command then the options also need to be passed there if desired. @@ -170,7 +171,7 @@ will use all the values provided, in order. Extractor options specified using this command-line option are processed before extractor options given via `--extractor-option`. -When passed to [codeql database init](/code-security/codeql-cli/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be +When passed to [codeql database init](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be applied to the indirect tracing environment. If your workflow also makes calls to codeql database trace-command then the options also need to be passed there if desired. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-unbundle.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-unbundle.md similarity index 85% rename from content/code-security/codeql-cli/codeql-cli-manual/database-unbundle.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-unbundle.md index c6101def470d..b7dbbb59f763 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-unbundle.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-unbundle.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Extracts a CodeQL database archive. redirect_from: - /code-security/codeql-cli/manual/database-unbundle + - /code-security/codeql-cli/codeql-cli-manual/database-unbundle +contentType: reference --- @@ -34,7 +35,7 @@ codeql database unbundle ... -- Extracts a CodeQL database archive. -This command extracts a CodeQL database archive created by [codeql database bundle](/code-security/codeql-cli/codeql-cli-manual/database-bundle). It is similar to using unzip to extract the database, but performs better in certain scenarios (for instance, unzip is very slow on Windows) and supports additional options such as setting the name of the database extracted. +This command extracts a CodeQL database archive created by [codeql database bundle](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-bundle). It is similar to using unzip to extract the database, but performs better in certain scenarios (for instance, unzip is very slow on Windows) and supports additional options such as setting the name of the database extracted. ## Options diff --git a/content/code-security/codeql-cli/codeql-cli-manual/database-upgrade.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-upgrade.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/database-upgrade.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-upgrade.md index b57b822933d3..ec2b730963e7 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/database-upgrade.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-upgrade.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Upgrade a database so it is usable by the current tools. redirect_from: - /code-security/codeql-cli/manual/database-upgrade + - /code-security/codeql-cli/codeql-cli-manual/database-upgrade +contentType: reference --- @@ -117,7 +118,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -129,9 +130,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -142,7 +141,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/dataset-check.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-check.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/dataset-check.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-check.md index 490e358f0097..ba1a266b66db 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/dataset-check.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-check.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Check a particular dataset for internal consistency.' redirect_from: - /code-security/codeql-cli/manual/dataset-check + - /code-security/codeql-cli/codeql-cli-manual/dataset-check +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup.md index 092f4299cb2f..818355160cf5 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Clean up temporary files from a dataset.' redirect_from: - /code-security/codeql-cli/manual/dataset-cleanup + - /code-security/codeql-cli/codeql-cli-manual/dataset-cleanup +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/dataset-import.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/dataset-import.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import.md index 2dd26deba3d2..24ae39f743dc 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/dataset-import.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Import a set of TRAP files to a raw dataset.' redirect_from: - /code-security/codeql-cli/manual/dataset-import + - /code-security/codeql-cli/codeql-cli-manual/dataset-import +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/dataset-measure.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-measure.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/dataset-measure.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-measure.md index dec978bb94b2..a020c9f0c7a7 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/dataset-measure.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-measure.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- dataset. redirect_from: - /code-security/codeql-cli/manual/dataset-measure + - /code-security/codeql-cli/codeql-cli-manual/dataset-measure +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/dataset-upgrade.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-upgrade.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/dataset-upgrade.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-upgrade.md index e61c13279727..48a5fce5714a 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/dataset-upgrade.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-upgrade.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Upgrade a dataset so it is usable by the current tools.' redirect_from: - /code-security/codeql-cli/manual/dataset-upgrade + - /code-security/codeql-cli/codeql-cli-manual/dataset-upgrade +contentType: reference --- @@ -35,7 +36,7 @@ codeql dataset upgrade [--threads=] [--ram=] ... -- \[Plumbing] Upgrade a dataset so it is usable by the current tools. This does the same as -[codeql database upgrade](/code-security/codeql-cli/codeql-cli-manual/database-upgrade) but works on a raw dataset rather than an entire database. +[codeql database upgrade](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-upgrade) but works on a raw dataset rather than an entire database. ## Options @@ -113,7 +114,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -125,9 +126,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -138,7 +137,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/diagnostic-add.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-add.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/diagnostic-add.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-add.md index 72b4a6c9d3af..c604ef1440b6 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/diagnostic-add.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-add.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli redirect_from: - /code-security/codeql-cli/manual/diagnostic-add + - /code-security/codeql-cli/codeql-cli-manual/diagnostic-add +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/diagnostic-export.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-export.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/diagnostic-export.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-export.md index 31806c493aaa..e2ee28f9e5fd 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/diagnostic-export.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/diagnostic-export.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli redirect_from: - /code-security/codeql-cli/manual/diagnostic-export + - /code-security/codeql-cli/codeql-cli-manual/diagnostic-export +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-cli-server.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-cli-server.md similarity index 95% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-cli-server.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-cli-server.md index f6db3ed738d1..1d9bbb8aa4fb 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-cli-server.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-cli-server.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- repeated JVM initialization. redirect_from: - /code-security/codeql-cli/manual/execute-cli-server + - /code-security/codeql-cli/codeql-cli-manual/execute-cli-server +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-language-server.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-language-server.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-language-server.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-language-server.md index e7dfde0fb66f..879e1949eae8 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-language-server.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-language-server.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] On-line support for the QL language in IDEs.' redirect_from: - /code-security/codeql-cli/manual/execute-language-server + - /code-security/codeql-cli/codeql-cli-manual/execute-language-server +contentType: reference --- @@ -49,7 +50,7 @@ and output streams. #### `--search-path=[:...]` -This works like the similar option to [codeql query compile](/code-security/codeql-cli/codeql-cli-manual/query-compile) (q.v.). +This works like the similar option to [codeql query compile](/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-compile) (q.v.). There are no `--additional-packs` or `--library-path` options, as the corresponding values are provided online by the IDE extension through diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-queries.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-queries.md index a11bafa50713..1d88f51f9aaf 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-queries.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Run one or more queries against a dataset.' redirect_from: - /code-security/codeql-cli/manual/execute-queries + - /code-security/codeql-cli/codeql-cli-manual/execute-queries +contentType: reference --- @@ -35,7 +36,7 @@ codeql execute queries [--output=] [--threads=] ... \[Plumbing] Run one or more queries against a dataset. This command should not normally be invoked directly. Instead use either -[codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries) or [codeql query run](/code-security/codeql-cli/codeql-cli-manual/query-run), which will start codeql execute queries with specific JVM options to tune the performance of the QL evaluator. +[codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries) or [codeql query run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-run), which will start codeql execute queries with specific JVM options to tune the performance of the QL evaluator. ## Options @@ -141,7 +142,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -153,9 +154,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -166,7 +165,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-query-server.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-query-server.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server.md index b99b63f7179a..a50eed2ec6cf 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-query-server.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Support for running queries from IDEs.' redirect_from: - /code-security/codeql-cli/manual/execute-query-server + - /code-security/codeql-cli/codeql-cli-manual/execute-query-server +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-query-server2.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server2.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-query-server2.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server2.md index 802569157a79..afce60dc7f19 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-query-server2.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-query-server2.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Support for running queries from IDEs.' redirect_from: - /code-security/codeql-cli/manual/execute-query-server2 + - /code-security/codeql-cli/codeql-cli-manual/execute-query-server2 +contentType: reference --- @@ -66,7 +67,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -78,9 +79,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -91,7 +90,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` @@ -148,7 +147,7 @@ terminal than stderr. Mostly useful for internal testing. #### `--search-path=[:...]` -This works like the similar option to [codeql query compile](/code-security/codeql-cli/codeql-cli-manual/query-compile) (q.v.). +This works like the similar option to [codeql query compile](/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-compile) (q.v.). There are no `--additional-packs` or `--library-path` options, as the corresponding values are provided per query diff --git a/content/code-security/codeql-cli/codeql-cli-manual/execute-upgrades.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-upgrades.md similarity index 95% rename from content/code-security/codeql-cli/codeql-cli-manual/execute-upgrades.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-upgrades.md index c607a976d52f..266d009c4c6c 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/execute-upgrades.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/execute-upgrades.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Run upgrade scripts on an existing raw QL dataset.' redirect_from: - /code-security/codeql-cli/manual/execute-upgrades + - /code-security/codeql-cli/codeql-cli-manual/execute-upgrades +contentType: reference --- @@ -116,7 +117,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -128,9 +129,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -141,7 +140,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-extensible-predicate-metadata.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-extensible-predicate-metadata.md index 6c45cdb55029..e08627364056 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-extensible-predicate-metadata.md @@ -11,9 +11,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli +redirect_from: + - /code-security/codeql-cli/codeql-cli-manual/generate-extensible-predicate-metadata +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/generate-log-summary.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-log-summary.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/generate-log-summary.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-log-summary.md index 109c040d38d9..4fb75db972a0 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/generate-log-summary.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-log-summary.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Advanced] Create a summary of a structured log file.' redirect_from: - /code-security/codeql-cli/manual/generate-log-summary + - /code-security/codeql-cli/codeql-cli-manual/generate-log-summary +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/generate-overlay-changes.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-overlay-changes.md similarity index 91% rename from content/code-security/codeql-cli/codeql-cli-manual/generate-overlay-changes.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-overlay-changes.md index 6fa8e707e468..220ff7c9a3bd 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/generate-overlay-changes.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-overlay-changes.md @@ -10,9 +10,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli +redirect_from: + - /code-security/codeql-cli/codeql-cli-manual/generate-overlay-changes +contentType: reference --- @@ -29,7 +31,7 @@ codeql generate overlay-changes [--source-root=] [--output=] diff --git a/content/code-security/codeql-cli/codeql-cli-manual/github-merge-results.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-merge-results.md similarity index 85% rename from content/code-security/codeql-cli/codeql-cli-manual/github-merge-results.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-merge-results.md index d9d5addb1d0e..ab0a7af129db 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/github-merge-results.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-merge-results.md @@ -9,9 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli +redirect_from: + - /code-security/codeql-cli/codeql-cli-manual/github-merge-results +contentType: reference --- @@ -38,7 +40,7 @@ codeql github merge-results --sarif= --output= ... #### `-s, --sarif=` \[Mandatory] Path to the SARIF files to use. This should be the output -of [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or +of [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or the appropriate supported format tag for GitHub Enterprise Server instances (see [AUTOTITLE](/enterprise-server@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) for SARIF versions supported by your release). diff --git a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-upload-results.md similarity index 93% rename from content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-upload-results.md index 7d55974de78d..935b4d4d5a66 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/github-upload-results.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Uploads a SARIF file to GitHub code scanning. redirect_from: - /code-security/codeql-cli/manual/github-upload-results + - /code-security/codeql-cli/codeql-cli-manual/github-upload-results +contentType: reference --- @@ -50,7 +51,7 @@ This token must have the `security_events` scope. #### `-s, --sarif=` \[Mandatory] Path to the SARIF files to use. This should be the output -of [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or +of [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or the appropriate supported format tag for GitHub Enterprise Server instances (see [AUTOTITLE](/enterprise-server@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) for SARIF versions supported by your release). diff --git a/content/code-security/codeql-cli/codeql-cli-manual/index.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/index.md similarity index 90% rename from content/code-security/codeql-cli/codeql-cli-manual/index.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/index.md index 4eabc073f39f..a0f77d90ef11 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/index.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/index.md @@ -2,9 +2,7 @@ title: CodeQL CLI commands manual shortTitle: CodeQL CLI manual allowTitleToDifferFromFilename: true -intro: >- - Reference information for the commands available in the most recent release of - {% data variables.product.prodname_codeql_cli %}. +intro: Reference information for the commands available in the most recent release of {% data variables.product.prodname_codeql_cli %}. versions: fpt: '*' ghec: '*' @@ -13,11 +11,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli redirect_from: - /code-security/codeql-cli/manual + - /code-security/codeql-cli/codeql-cli-manual children: - /bqrs-decode - /bqrs-diff @@ -95,6 +93,7 @@ children: - /test-extract - /test-run - /version +contentType: reference --- {% data reusables.codeql-cli.man-pages-version-note %} diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-add.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-add.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-add.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-add.md index d0bcb2f16dc9..f71b7c1f1dfb 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-add.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-add.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- ranges as dependencies of the current package, and then installs them. redirect_from: - /code-security/codeql-cli/manual/pack-add + - /code-security/codeql-cli/codeql-cli-manual/pack-add +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-bundle.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-bundle.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-bundle.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-bundle.md index 79b671ceea84..1fb859f3c5b2 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-bundle.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-bundle.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Bundle a QL library pack.' redirect_from: - /code-security/codeql-cli/manual/pack-bundle + - /code-security/codeql-cli/codeql-cli-manual/pack-bundle +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-ci.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ci.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-ci.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ci.md index 1551deb37084..e7ea11fb8df7 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-ci.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ci.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- existing lock file is up to date. redirect_from: - /code-security/codeql-cli/manual/pack-ci + - /code-security/codeql-cli/codeql-cli-manual/pack-ci +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-create.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-create.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-create.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-create.md index b051c5269878..928b501d466b 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-create.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-create.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- source code. redirect_from: - /code-security/codeql-cli/manual/pack-create + - /code-security/codeql-cli/codeql-cli-manual/pack-create +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-download.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-download.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-download.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-download.md index 4927d89ed034..1be6cac5e481 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-download.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-download.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -17,6 +16,8 @@ intro: |- name or implicitly inside of a query suite (.qls) file. redirect_from: - /code-security/codeql-cli/manual/pack-download + - /code-security/codeql-cli/codeql-cli-manual/pack-download +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-init.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-init.md similarity index 94% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-init.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-init.md index bd72043b5f75..06046711a7d3 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-init.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-init.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli -intro: 'Initializes a qlpack in the specified directory.' +intro: Initializes a qlpack in the specified directory. redirect_from: - /code-security/codeql-cli/manual/pack-init + - /code-security/codeql-cli/codeql-cli-manual/pack-init +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-install.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-install.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-install.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-install.md index 8d35d6159aa9..58d57de2da19 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-install.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-install.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli -intro: 'Install dependencies for this pack.' +intro: Install dependencies for this pack. redirect_from: - /code-security/codeql-cli/manual/pack-install + - /code-security/codeql-cli/codeql-cli-manual/pack-install +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-ls.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ls.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-ls.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ls.md index 6a6f3268b7e9..1e414efafac0 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-ls.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-ls.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -17,6 +16,8 @@ intro: |- .codeqlmanifest.json file. redirect_from: - /code-security/codeql-cli/manual/pack-ls + - /code-security/codeql-cli/codeql-cli-manual/pack-ls +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-packlist.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-packlist.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-packlist.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-packlist.md index f52bb8d1a305..bc93630cf0ea 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-packlist.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-packlist.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- a QL query pack or library pack. redirect_from: - /code-security/codeql-cli/manual/pack-packlist + - /code-security/codeql-cli/codeql-cli-manual/pack-packlist +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-publish.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-publish.md index 468a593da7de..52c9d363df3b 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-publish.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Publishes a QL library pack to a package registry. redirect_from: - /code-security/codeql-cli/manual/pack-publish + - /code-security/codeql-cli/codeql-cli-manual/pack-publish +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-resolve-dependencies.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-resolve-dependencies.md index d2fad44c55c9..f59aa4c0ecf0 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-resolve-dependencies.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- for this QL pack. redirect_from: - /code-security/codeql-cli/manual/pack-resolve-dependencies + - /code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/pack-upgrade.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-upgrade.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/pack-upgrade.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-upgrade.md index f44c0f978245..7f69ac9e59ce 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/pack-upgrade.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-upgrade.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- available versions. redirect_from: - /code-security/codeql-cli/manual/pack-upgrade + - /code-security/codeql-cli/codeql-cli-manual/pack-upgrade +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/query-compile.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-compile.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/query-compile.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-compile.md index 32801fb06743..dc35ac7fe64f 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/query-compile.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-compile.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Compile or check QL code. redirect_from: - /code-security/codeql-cli/manual/query-compile + - /code-security/codeql-cli/codeql-cli-manual/query-compile +contentType: reference --- @@ -65,7 +66,7 @@ compilation. the `.ql` source. This is only supposed to be used while preparing a query pack for -distribution (in which case it is used automatically by [codeql pack publish](/code-security/codeql-cli/codeql-cli-manual/pack-publish)). Once the `.qlx` files exist, later commands that execute queries may ignore +distribution (in which case it is used automatically by [codeql pack publish](/code-security/reference/code-scanning/codeql/codeql-cli-manual/pack-publish)). Once the `.qlx` files exist, later commands that execute queries may ignore changes to the QL source in favor of the precompiled version. Some rarely used compilation options are incompatible with this and will diff --git a/content/code-security/codeql-cli/codeql-cli-manual/query-decompile.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-decompile.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/query-decompile.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-decompile.md index 52acd29d6d02..ae710a38cb0c 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/query-decompile.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-decompile.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- from a .qlo file. redirect_from: - /code-security/codeql-cli/manual/query-decompile + - /code-security/codeql-cli/codeql-cli-manual/query-decompile +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/query-format.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-format.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/query-format.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-format.md index 1562c9a538c3..435b7229d51b 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/query-format.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-format.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Autoformat QL source code. redirect_from: - /code-security/codeql-cli/manual/query-format + - /code-security/codeql-cli/codeql-cli-manual/query-format +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/query-run.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-run.md similarity index 92% rename from content/code-security/codeql-cli/codeql-cli-manual/query-run.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-run.md index 5f2f574c4ae7..2c7f1b337002 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/query-run.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/query-run.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Run a single query. redirect_from: - /code-security/codeql-cli/manual/query-run + - /code-security/codeql-cli/codeql-cli-manual/query-run +contentType: reference --- @@ -42,12 +43,12 @@ a human-friendly rendering. If you want to do further processing of the results, we strongly recommend using the `--output` option to write the results to a file in an intermediate binary format, which can then be unpacked into various more machine-friendly representations by -[codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode). +[codeql bqrs decode](/code-security/reference/code-scanning/codeql/codeql-cli-manual/bqrs-decode). If your query produces results in a form that can be interpreted as -source-code alerts, you may find [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) a more convenient way to run it. In particular, [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) can produce output in the SARIF format, which can be used with an variety of alert viewers. +source-code alerts, you may find [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) a more convenient way to run it. In particular, [codeql database analyze](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-analyze) can produce output in the SARIF format, which can be used with an variety of alert viewers. -To run multiple queries in parallel, see [codeql database run-queries](/code-security/codeql-cli/codeql-cli-manual/database-run-queries). +To run multiple queries in parallel, see [codeql database run-queries](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-run-queries). ## Options @@ -96,7 +97,7 @@ timed parts are "RA layers" of the optimized query, but that might change in the future. If no timeout is specified, or is given as 0, no timeout will be set -(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes). +(except for [codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run), where the default timeout is 5 minutes). #### `-j, --threads=` @@ -108,9 +109,7 @@ thread). #### `--[no-]save-cache` -\[Advanced] Aggressively write intermediate results to the disk cache. -This takes more time and uses (much) more disk space, but may speed up -the subsequent execution of similar queries. +\[Deprecated] \[Advanced] This flag does nothing. #### `--[no-]expect-discarded-cache` @@ -121,7 +120,7 @@ be discarded after the queries have been executed. #### `--[no-]keep-full-cache` \[Advanced] Don't clean up the disk cache after evaluation completes. -This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway. +This may save time if you're going to do [codeql dataset cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-cleanup) afterwards anyway. #### `--max-disk-cache=` diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-database.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-database.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-database.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-database.md index c0eb9d36a988..8f6374c64ff5 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-database.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-database.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Report metadata about the database.' redirect_from: - /code-security/codeql-cli/manual/resolve-database + - /code-security/codeql-cli/codeql-cli-manual/resolve-database +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions-by-pack.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions-by-pack.md index 30ebdf5cd676..37dae66297bf 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions-by-pack.md @@ -12,9 +12,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli +redirect_from: + - /code-security/codeql-cli/codeql-cli-manual/resolve-extensions-by-pack +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions.md index a5be28aff79a..2f82aced5495 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extensions.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extensions.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- includes machine learning models and data extensions. redirect_from: - /code-security/codeql-cli/manual/resolve-extensions + - /code-security/codeql-cli/codeql-cli-manual/resolve-extensions +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extractor.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extractor.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-extractor.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extractor.md index b819567aa583..125baedcdd02 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-extractor.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-extractor.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- language. redirect_from: - /code-security/codeql-cli/manual/resolve-extractor + - /code-security/codeql-cli/codeql-cli-manual/resolve-extractor +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-files.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-files.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-files.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-files.md index a3af3c80aa99..38578dc23aad 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-files.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-files.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Expand a set of file inclusion/exclusion globs.' redirect_from: - /code-security/codeql-cli/manual/resolve-files + - /code-security/codeql-cli/codeql-cli-manual/resolve-files +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-languages.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-languages.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-languages.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-languages.md index 08731765781c..b355ed78b700 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-languages.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-languages.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: List installed CodeQL extractor packs. redirect_from: - /code-security/codeql-cli/manual/resolve-languages + - /code-security/codeql-cli/codeql-cli-manual/resolve-languages +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-library-path.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-library-path.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-library-path.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-library-path.md index 73e0eabb815f..4990b617a43c 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-library-path.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-library-path.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Determine QL library path and dbscheme for a query.' redirect_from: - /code-security/codeql-cli/manual/resolve-library-path + - /code-security/codeql-cli/codeql-cli-manual/resolve-library-path +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-metadata.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-metadata.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-metadata.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-metadata.md index 9f016be45607..b1a9a2b59da3 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-metadata.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-metadata.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- query source file. redirect_from: - /code-security/codeql-cli/manual/resolve-metadata + - /code-security/codeql-cli/codeql-cli-manual/resolve-metadata +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-ml-models.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ml-models.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-ml-models.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ml-models.md index 454315596d25..ea79db411b92 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-ml-models.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ml-models.md @@ -8,7 +8,6 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: |- @@ -16,6 +15,8 @@ intro: |- machine learning models. redirect_from: - /code-security/codeql-cli/manual/resolve-ml-models + - /code-security/codeql-cli/codeql-cli-manual/resolve-ml-models +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-packs.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-packs.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-packs.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-packs.md index 5a3814a9858d..a7254ee667ea 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-packs.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-packs.md @@ -9,9 +9,11 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli +redirect_from: + - /code-security/codeql-cli/codeql-cli-manual/resolve-packs +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlpacks.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlpacks.md index 5cd22ccd341d..38918d5ef78f 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlpacks.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Create a list of installed QL packs and their locations. redirect_from: - /code-security/codeql-cli/manual/resolve-qlpacks + - /code-security/codeql-cli/codeql-cli-manual/resolve-qlpacks +contentType: reference --- @@ -34,7 +35,7 @@ codeql resolve qlpacks ... \[Deprecated] Create a list of installed QL packs and their locations. -This command is deprecated. Use the [codeql resolve packs](/code-security/codeql-cli/codeql-cli-manual/resolve-packs) command instead. +This command is deprecated. Use the [codeql resolve packs](/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-packs) command instead. This command creates a list of QL packs that can be resolved given the configured (or given) search path. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-qlref.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlref.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-qlref.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlref.md index 39e6509064ee..65145597089a 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-qlref.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-qlref.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Dereferences a .qlref file to return a .ql one.' redirect_from: - /code-security/codeql-cli/manual/resolve-qlref + - /code-security/codeql-cli/codeql-cli-manual/resolve-qlref +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-queries.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-queries.md index 787428659e61..23a7905bfd18 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-queries.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Expand query directories and suite specifications.' redirect_from: - /code-security/codeql-cli/manual/resolve-queries + - /code-security/codeql-cli/codeql-cli-manual/resolve-queries +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-ram.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ram.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-ram.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ram.md index eb6511dc9deb..6b8400c2bf69 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-ram.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-ram.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Prepare RAM options.' redirect_from: - /code-security/codeql-cli/manual/resolve-ram + - /code-security/codeql-cli/codeql-cli-manual/resolve-ram +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-tests.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-tests.md similarity index 97% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-tests.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-tests.md index 7fe823a3c719..f9c20a82b603 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-tests.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-tests.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Find QL unit tests in given directories.' redirect_from: - /code-security/codeql-cli/manual/resolve-tests + - /code-security/codeql-cli/codeql-cli-manual/resolve-tests +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/resolve-upgrades.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-upgrades.md similarity index 98% rename from content/code-security/codeql-cli/codeql-cli-manual/resolve-upgrades.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-upgrades.md index f1e8a0b87513..5b5b9219ce10 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/resolve-upgrades.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/resolve-upgrades.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Deep plumbing] Determine upgrades to run for a raw dataset.' redirect_from: - /code-security/codeql-cli/manual/resolve-upgrades + - /code-security/codeql-cli/codeql-cli-manual/resolve-upgrades +contentType: reference --- diff --git a/content/code-security/codeql-cli/codeql-cli-manual/test-accept.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-accept.md similarity index 93% rename from content/code-security/codeql-cli/codeql-cli-manual/test-accept.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-accept.md index 78909caa0746..d71858977b7f 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/test-accept.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-accept.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Accept results of failing unit tests. redirect_from: - /code-security/codeql-cli/manual/test-accept + - /code-security/codeql-cli/codeql-cli-manual/test-accept +contentType: reference --- @@ -35,7 +36,7 @@ codeql test accept ... -- ... Accept results of failing unit tests. This is a convenience command that renames the `.actual` files left by -[codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run) for failing tests into `.expected`, such that future runs on the tests that give the +[codeql test run](/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run) for failing tests into `.expected`, such that future runs on the tests that give the same output will be considered to pass. What it does can also be achieved by ordinary file manipulation, but you may find its syntax more useful for this special case. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/test-extract.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-extract.md similarity index 95% rename from content/code-security/codeql-cli/codeql-cli-manual/test-extract.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-extract.md index de9a598d5037..94d867658989 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/test-extract.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-extract.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: '[Plumbing] Build a dataset for a test directory.' redirect_from: - /code-security/codeql-cli/manual/test-extract + - /code-security/codeql-cli/codeql-cli-manual/test-extract +contentType: reference --- @@ -122,7 +123,7 @@ takes up a lot of space in the dataset. #### `--[no-]linkage-aware-import` -\[Advanced] Controls whether [codeql dataset import](/code-security/codeql-cli/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation +\[Advanced] Controls whether [codeql dataset import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation consumes too much memory, disabling this option may help them progress at the expense of database completeness. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/test-run.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run.md similarity index 95% rename from content/code-security/codeql-cli/codeql-cli-manual/test-run.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run.md index 191a1a246d15..70bd433b4726 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/test-run.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/test-run.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Run unit tests for QL queries. redirect_from: - /code-security/codeql-cli/manual/test-run + - /code-security/codeql-cli/codeql-cli-manual/test-run +contentType: reference --- @@ -99,7 +100,7 @@ useful for testing extractors. #### `--[no-]check-databases` \[Advanced] Run -[codeql dataset check](/code-security/codeql-cli/codeql-cli-manual/dataset-check) over each test database created and report a failure if it detects inconsistencies. This is useful when testing extractors. If the check is (temporarily!) expected to fail for a particular database, place a `DB-CHECK.expected` file in the test directory. +[codeql dataset check](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-check) over each test database created and report a failure if it detects inconsistencies. This is useful when testing extractors. If the check is (temporarily!) expected to fail for a particular database, place a `DB-CHECK.expected` file in the test directory. #### `--[no-]show-extractor-output` @@ -340,7 +341,7 @@ takes up a lot of space in the dataset. #### `--[no-]linkage-aware-import` -\[Advanced] Controls whether [codeql dataset import](/code-security/codeql-cli/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation +\[Advanced] Controls whether [codeql dataset import](/code-security/reference/code-scanning/codeql/codeql-cli-manual/dataset-import) is linkage-aware _(default)_ or not. On projects where this part of database creation consumes too much memory, disabling this option may help them progress at the expense of database completeness. diff --git a/content/code-security/codeql-cli/codeql-cli-manual/version.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/version.md similarity index 96% rename from content/code-security/codeql-cli/codeql-cli-manual/version.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli-manual/version.md index 908fca35be1d..6e72590b8353 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/version.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/version.md @@ -8,12 +8,13 @@ topics: - Code Security - Code scanning - CodeQL -type: reference product: '{% data reusables.gated-features.codeql %}' autogenerated: codeql-cli intro: Show the version of the CodeQL toolchain. redirect_from: - /code-security/codeql-cli/manual/version + - /code-security/codeql-cli/codeql-cli-manual/version +contentType: reference --- diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output.md b/content/code-security/reference/code-scanning/codeql/codeql-cli/csv-output.md similarity index 89% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli/csv-output.md index fcc2aef5dbdd..0fad973c1b93 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli/csv-output.md @@ -1,6 +1,6 @@ --- title: CodeQL CLI CSV output -intro: 'You can output results from the {% data variables.product.prodname_codeql_cli %} in CSV format to share with other systems.' +intro: You can output results from the {% data variables.product.prodname_codeql_cli %} in CSV format to share with other systems. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: @@ -11,6 +11,9 @@ topics: - Code Security - Code scanning - CodeQL +redirect_from: + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/csv-output +contentType: reference --- ## About CSV output diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes.md b/content/code-security/reference/code-scanning/codeql/codeql-cli/exit-codes.md similarity index 93% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli/exit-codes.md index 904477c81b23..a688eabc50d4 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli/exit-codes.md @@ -1,6 +1,6 @@ --- title: Exit codes -intro: 'Exit codes signify the status of a command after the {% data variables.product.prodname_codeql_cli %} runs it.' +intro: Exit codes signify the status of a command after the {% data variables.product.prodname_codeql_cli %} runs it. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +13,8 @@ topics: redirect_from: - /code-security/codeql-cli/exit-codes - /code-security/codeql-cli/codeql-cli-reference/exit-codes + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/exit-codes +contentType: reference --- ## About exit codes diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options.md b/content/code-security/reference/code-scanning/codeql/codeql-cli/extractor-options.md similarity index 95% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli/extractor-options.md index 0b6560e8b8bc..7789e30c2617 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli/extractor-options.md @@ -1,6 +1,6 @@ --- title: Extractor options -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_codeql %} processes locally on software projects.' +intro: You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_codeql %} processes locally on software projects. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -11,8 +11,10 @@ topics: - Code scanning - CodeQL redirect_from: - - /code-security/codeql-cli/extractor-options - - /code-security/codeql-cli/using-the-codeql-cli/extractor-options + - /code-security/codeql-cli/extractor-options + - /code-security/codeql-cli/using-the-codeql-cli/extractor-options + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options +contentType: reference --- diff --git a/content/code-security/reference/code-scanning/codeql/codeql-cli/index.md b/content/code-security/reference/code-scanning/codeql/codeql-cli/index.md new file mode 100644 index 000000000000..a16ddd036fe1 --- /dev/null +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli/index.md @@ -0,0 +1,23 @@ +--- +title: Using the advanced functionality of the CodeQL CLI +intro: You can use the {% data variables.product.prodname_codeql_cli %} to locally develop, test and run {% data variables.product.prodname_codeql %} queries on software projects. +product: '{% data reusables.gated-features.codeql %}' +shortTitle: CodeQL CLI +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Code scanning + - CodeQL +children: + - /sarif-output + - /csv-output + - /extractor-options + - /exit-codes +redirect_from: + - /code-security/codeql-cli/codeql-cli-reference + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli +contentType: reference +--- diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output.md b/content/code-security/reference/code-scanning/codeql/codeql-cli/sarif-output.md similarity index 98% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output.md rename to content/code-security/reference/code-scanning/codeql/codeql-cli/sarif-output.md index 00cb793bd0b6..13257f27b3eb 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-cli/sarif-output.md @@ -1,6 +1,6 @@ --- title: CodeQL CLI SARIF output -intro: 'You can output SARIF from the {% data variables.product.prodname_codeql_cli %} and share static analysis results with other systems.' +intro: You can output SARIF from the {% data variables.product.prodname_codeql_cli %} and share static analysis results with other systems. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: @@ -14,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/sarif-output - /code-security/codeql-cli/codeql-cli-reference/sarif-output + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/sarif-output +contentType: reference --- ## About SARIF output diff --git a/content/code-security/reference/code-scanning/codeql/codeql-queries/about-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/about-built-in-queries.md new file mode 100644 index 000000000000..7e6f45ab83a1 --- /dev/null +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/about-built-in-queries.md @@ -0,0 +1,26 @@ +--- +title: About built-in CodeQL queries +shortTitle: About built-in queries +allowTitleToDifferFromFilename: true +intro: Learn about the CodeQL queries that code scanning uses to analyze code. +product: '{% data reusables.gated-features.code-scanning %}' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Code Security + - Code scanning + - CodeQL +contentType: reference +redirect_from: + - /code-security/code-scanning/reference/code-ql-built-in-queries/about-built-in-queries +--- + +## About built-in queries for CodeQL analysis + +For each language, the following articles list which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where {% data variables.copilot.copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %} + +{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %} + +For more information about CodeQL query suites, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites). diff --git a/content/code-security/reference/code-scanning/codeql/codeql-queries/actions-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/actions-built-in-queries.md new file mode 100644 index 000000000000..e525b1e4258c --- /dev/null +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/actions-built-in-queries.md @@ -0,0 +1,27 @@ +--- +title: GitHub Actions queries for CodeQL analysis +shortTitle: Actions queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in {% data variables.product.prodname_actions %} workflow files when you select the `default` or the `security-extended` query suite. +product: '{% data reusables.gated-features.codeql %}' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '>3.17' + ghec: '*' +topics: + - Code scanning + - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/actions-built-in-queries + - /code-security/code-scanning/managing-your-code-scanning-configuration/github-actions-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/actions-built-in-queries +contentType: reference +--- + +{% data variables.product.prodname_codeql %} includes many queries for analyzing {% data variables.product.prodname_actions %} workflows. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} + +## Built-in queries for {% data variables.product.prodname_actions %} analysis + +{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %} + +{% data reusables.code-scanning.codeql-query-tables.actions %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/c-cpp-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/c-cpp-built-in-queries.md index 7e8b6f8a4f52..fc6afa01f443 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/c-cpp-built-in-queries.md @@ -1,17 +1,20 @@ --- title: C and C++ queries for CodeQL analysis -shortTitle: C and C++ CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C or C++ when you select the `default` or the `security-extended` query suite.' +shortTitle: C and C++ queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C or C++ when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/c-cpp-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing C and C++ code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/csharp-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/csharp-built-in-queries.md index bd121030973a..e4d4503d7a94 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/csharp-built-in-queries.md @@ -1,17 +1,20 @@ --- title: C# queries for CodeQL analysis -shortTitle: C# CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C# when you select the `default` or the `security-extended` query suite.' +shortTitle: C# queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C# when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/csharp-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing C# code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/go-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/go-built-in-queries.md index 085e813158c7..118754e7c7eb 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/go-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Go queries for CodeQL analysis -shortTitle: Go CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Go (Golang) when you select the `default` or the `security-extended` query suite.' +shortTitle: Go queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Go (Golang) when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/go-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Go code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/reference/code-scanning/codeql/codeql-queries/index.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/index.md new file mode 100644 index 000000000000..097e3814c552 --- /dev/null +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/index.md @@ -0,0 +1,30 @@ +--- +title: Queries for CodeQL analysis +shortTitle: CodeQL queries +intro: Explore the CodeQL queries that code scanning uses to analyze code. +product: '{% data reusables.gated-features.code-scanning %}' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Code Security + - Code scanning + - CodeQL +children: + - /about-built-in-queries + - /actions-built-in-queries + - /c-cpp-built-in-queries + - /csharp-built-in-queries + - /go-built-in-queries + - /java-kotlin-built-in-queries + - /javascript-typescript-built-in-queries + - /python-built-in-queries + - /ruby-built-in-queries + - /rust-built-in-queries + - /swift-built-in-queries +redirect_from: + - /code-security/code-scanning/reference/code-ql-built-in-queries +contentType: reference +--- + diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/java-kotlin-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/java-kotlin-built-in-queries.md index 5dda274ca115..ca4848e02011 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/java-kotlin-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Java and Kotlin queries for CodeQL analysis -shortTitle: Java and Kotlin CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Java or Kotlin when you select the `default` or the `security-extended` query suite.' +shortTitle: Java and Kotlin queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Java or Kotlin when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/java-kotlin-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Java and Kotlin code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/javascript-typescript-built-in-queries.md similarity index 59% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/javascript-typescript-built-in-queries.md index 257194e74686..0204ed788ce5 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/javascript-typescript-built-in-queries.md @@ -1,17 +1,20 @@ --- title: JavaScript and TypeScript queries for CodeQL analysis shortTitle: JavaScript and TypeScript queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in JavaScript or TypeScript when you select the `default` or the `security-extended` query suite.' +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in JavaScript or TypeScript when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/javascript-typescript-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing JavaScript and TypeScript code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/python-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/python-built-in-queries.md index 5e03709a5685..9f29fdb83297 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/python-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Python queries for CodeQL analysis -shortTitle: Python CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Python when you select the `default` or the `security-extended` query suite.' +shortTitle: Python queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Python when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/python-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Python code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/ruby-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/ruby-built-in-queries.md index cdbf2198f068..6f2561721cfd 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/ruby-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Ruby queries for CodeQL analysis -shortTitle: Ruby CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Ruby when you select the `default` or the `security-extended` query suite.' +shortTitle: Ruby queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Ruby when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/ruby-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Ruby code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/rust-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/rust-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/rust-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/rust-built-in-queries.md index c64f6e232b50..fd3b4df26c6d 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/rust-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/rust-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Rust queries for CodeQL analysis -shortTitle: Rust CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Rust when you select the `default` or the `security-extended` query suite.' +shortTitle: Rust queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Rust when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/rust-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/rust-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Rust code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md b/content/code-security/reference/code-scanning/codeql/codeql-queries/swift-built-in-queries.md similarity index 56% rename from content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md rename to content/code-security/reference/code-scanning/codeql/codeql-queries/swift-built-in-queries.md index 21279052a81d..e46c00c592d1 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md +++ b/content/code-security/reference/code-scanning/codeql/codeql-queries/swift-built-in-queries.md @@ -1,17 +1,20 @@ --- title: Swift queries for CodeQL analysis -shortTitle: Swift CodeQL queries -intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Swift when you select the `default` or the `security-extended` query suite.' +shortTitle: Swift queries +intro: Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Swift when you select the `default` or the `security-extended` query suite. product: '{% data reusables.gated-features.codeql %}' allowTitleToDifferFromFilename: true versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code scanning - CodeQL +redirect_from: + - /code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries + - /code-security/code-scanning/reference/code-ql-built-in-queries/swift-built-in-queries +contentType: reference --- {% data variables.product.prodname_codeql %} includes many queries for analyzing Swift code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %} diff --git a/content/code-security/reference/code-scanning/codeql/index.md b/content/code-security/reference/code-scanning/codeql/index.md new file mode 100644 index 000000000000..40ebebe78077 --- /dev/null +++ b/content/code-security/reference/code-scanning/codeql/index.md @@ -0,0 +1,20 @@ +--- +title: Reference for code scanning with CodeQL +shortTitle: CodeQL +intro: Find information to apply to your work with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Code scanning + - Vulnerabilities +contentType: reference +children: + - /recommended-hardware-resources-for-running-codeql + - /telemetry-in-codeql-for-visual-studio-code + - /codeql-queries + - /codeql-cli + - /codeql-cli-manual +--- diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md b/content/code-security/reference/code-scanning/codeql/recommended-hardware-resources-for-running-codeql.md similarity index 85% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md rename to content/code-security/reference/code-scanning/codeql/recommended-hardware-resources-for-running-codeql.md index 04482500a648..a319964a2d60 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md +++ b/content/code-security/reference/code-scanning/codeql/recommended-hardware-resources-for-running-codeql.md @@ -1,10 +1,11 @@ --- title: Recommended hardware resources for running CodeQL shortTitle: Hardware resources for CodeQL -intro: 'Recommended specifications (RAM, CPU cores, and disk) for running {% data variables.product.prodname_codeql %} analysis on self-hosted machines, based on the size of your codebase.' +intro: Recommended specifications (RAM, CPU cores, and disk) for running {% data variables.product.prodname_codeql %} analysis on self-hosted machines, based on the size of your codebase. product: '{% data reusables.gated-features.codeql %}' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/recommended-hardware-resources-for-running-codeql + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql versions: fpt: '*' ghes: '*' @@ -16,6 +17,7 @@ topics: - Repositories - Integration - CI +contentType: reference --- You can configure {% data variables.product.prodname_codeql %} on {% data variables.product.prodname_actions %} or on an external CI system. {% data variables.product.prodname_codeql %} is fully compatible with {% data variables.product.prodname_dotcom %}-hosted runners on {% data variables.product.prodname_actions %}. diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md b/content/code-security/reference/code-scanning/codeql/telemetry-in-codeql-for-visual-studio-code.md similarity index 89% rename from content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md rename to content/code-security/reference/code-scanning/codeql/telemetry-in-codeql-for-visual-studio-code.md index 541b115081d2..277842903c69 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code.md +++ b/content/code-security/reference/code-scanning/codeql/telemetry-in-codeql-for-visual-studio-code.md @@ -9,11 +9,12 @@ topics: - Code Security - Code scanning - CodeQL -type: reference allowTitleToDifferFromFilename: true -intro: 'If {% data variables.product.prodname_vscode_shortname %} telemetry is enabled, {% data variables.product.company_short %} will collect usage data and metrics for the purposes of helping the core developers to improve the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode_shortname %}.' +intro: If {% data variables.product.prodname_vscode_shortname %} telemetry is enabled, {% data variables.product.company_short %} will collect usage data and metrics for the purposes of helping the core developers to improve the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode_shortname %}. redirect_from: - /code-security/codeql-for-vs-code/about-telemetry-in-codeql-for-visual-studio-code + - /code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code +contentType: reference --- This data will not be shared with any parties outside of {% data variables.product.company_short %}. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days. diff --git a/content/code-security/reference/code-scanning/index.md b/content/code-security/reference/code-scanning/index.md new file mode 100644 index 000000000000..b03d848a4c50 --- /dev/null +++ b/content/code-security/reference/code-scanning/index.md @@ -0,0 +1,19 @@ +--- +title: Reference for code scanning +shortTitle: Code scanning +intro: Find information to apply to your work with {% data variables.product.prodname_code_scanning %}. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Code scanning + - Vulnerabilities +contentType: reference +redirect_from: + - /code-security/code-scanning/reference +children: + - sarif-support-for-code-scanning + - codeql +--- diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/reference/code-scanning/sarif-support-for-code-scanning.md similarity index 86% rename from content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md rename to content/code-security/reference/code-scanning/sarif-support-for-code-scanning.md index 2c99fca036ee..322550b6ed43 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/reference/code-scanning/sarif-support-for-code-scanning.md @@ -1,7 +1,7 @@ --- title: SARIF support for code scanning shortTitle: SARIF support -intro: 'To display results from a third-party static analysis tool in your repository on {% data variables.product.prodname_dotcom %}, you''ll need your results stored in a SARIF file that supports a specific subset of the SARIF 2.1.0 JSON schema for {% data variables.product.prodname_code_scanning %}. If you use the default {% data variables.product.prodname_codeql %} static analysis engine, then your results will display in your repository on {% data variables.product.prodname_dotcom %} automatically.' +intro: Ensure your SARIF files from third-party tools comply with {% data variables.product.github %}'s standards. product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/about-sarif-support-for-code-scanning @@ -9,39 +9,34 @@ redirect_from: - /code-security/secure-coding/sarif-support-for-code-scanning - /code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning/sarif-support-for-code-scanning + - /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Code Security - Code scanning - Integration - SARIF +contentType: reference --- -## About SARIF support +{% data variables.product.github %} can parse SARIF files produced by third-party tools to display {% data variables.product.prodname_code_scanning %} alerts in repositories. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/sarif-files). -SARIF (Static Analysis Results Interchange Format) is an [OASIS Standard](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html) that defines an output file format. The SARIF standard is used to streamline how static analysis tools share their results. {% data variables.product.prodname_code_scanning_caps %} supports a subset of the SARIF 2.1.0 JSON schema. +This article highlights key properties of SARIF files to help you upload SARIF files that meet {% data variables.product.github %}'s requirements and can be converted into useful alerts. -To upload a SARIF file from a third-party static code analysis engine, you'll need to ensure that uploaded files use the SARIF 2.1.0 version. {% data variables.product.prodname_dotcom %} will parse the SARIF file and show alerts using the results in your repository as a part of the {% data variables.product.prodname_code_scanning %} experience. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github). For more information about the SARIF 2.1.0 JSON schema, see [`sarif-schema-2.1.0.json`](https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json). +If you're using {% data variables.product.prodname_actions %} with the {% data variables.code-scanning.codeql_workflow %} or using the {% data variables.product.prodname_codeql_cli %}, then the {% data variables.product.prodname_code_scanning %} results will automatically use the supported subset of SARIF 2.1.0. -If you're using {% data variables.product.prodname_actions %} with the {% data variables.code-scanning.codeql_workflow %} or using the {% data variables.product.prodname_codeql_cli %}, then the {% data variables.product.prodname_code_scanning %} results will automatically use the supported subset of SARIF 2.1.0. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning) or [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system). - -{% data variables.product.prodname_dotcom %} uses properties in the SARIF file to display alerts. For example, the `shortDescription` and `fullDescription` appear at the top of a {% data variables.product.prodname_code_scanning %} alert. The `location` allows {% data variables.product.prodname_dotcom %} to show annotations in your code file. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts). - -If you're new to SARIF and want to learn more, see Microsoft's [`SARIF tutorials`](https://github.com/microsoft/sarif-tutorials) repository. - -## Providing data to track {% data variables.product.prodname_code_scanning %} alerts across runs +## Data for preventing duplicated alerts Each time the results of a new code scan are uploaded, the results are processed and alerts are added to the repository. To prevent duplicate alerts for the same problem, {% data variables.product.prodname_code_scanning %} uses fingerprints to match results across various runs so they only appear once in the latest run for the selected branch. This makes it possible to match alerts to the correct line of code when files are edited. The `ruleId` for a result has to be the same across analysis. -### Reporting consistent filepaths +### Consistent filepaths The filepath has to be consistent across the runs to enable a computation of a stable fingerprint. If the filepaths differ for the same result, each time there is a new analysis a new alert will be created, and the old one will be closed. This will cause having multiple alerts for the same result. -### Including data for fingerprint generation +### Fingerprint generation {% data variables.product.prodname_dotcom %} uses the `partialFingerprints` property in the OASIS standard to detect when two results are logically identical. For more information, see the [partialFingerprints property](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012611) entry in the OASIS documentation. @@ -49,17 +44,16 @@ SARIF files created by the {% data variables.code-scanning.codeql_workflow %}, o If you upload a SARIF file without fingerprint data using the `/code-scanning/sarifs` API endpoint, the {% data variables.product.prodname_code_scanning %} alerts will be processed and displayed, but users may see duplicate alerts. To avoid seeing duplicate alerts, you should calculate fingerprint data and populate the `partialFingerprints` property before you upload the SARIF file. You may find the script that the `upload-sarif` action uses a helpful starting point: https://github.com/github/codeql-action/blob/main/src/fingerprints.ts. For more information about the API, see [AUTOTITLE](/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data). -## Understanding rules and results +## Rules and results SARIF files support both rules and results. The information stored in these elements is similar but serves different purposes. * Rules are an array of `reportingDescriptor` objects that are included in the `toolComponent` object. This is where you store details of the rules that are run during analysis. Information in these objects should change infrequently, typically when you update the tool. - * Results are stored as a series of `result` objects under `results` in the `run` object. Each `result` object contains details for one alert in the codebase. Within the `results` object, you can reference the rule that detected the alert. When you compare SARIF files generated by analyzing different codebases with the same tool and rules, you should see differences in the results of the analyses but not in the rules. -## Specifying the location for source files +## Source file locations Specifying source file locations and lines of code ensures code scanning alerts are displayed accurately within the file containing the identified problem, allowing for targeted issue resolution. @@ -74,7 +68,7 @@ For display in a pull request check, an alert must meet all the following condit The `physicalLocation` object in a submitted SARIF file identifies the lines of code for an alert. For more information, see [`physicalLocation` object](#physicallocation-object). -### Specifying the root for source files +### Root location for source files {% data variables.product.prodname_code_scanning_caps %} interprets results that are reported with relative paths as relative to the root of the repository analyzed. If a result contains an absolute URI, the URI is converted to a relative URI. The relative URI can then be matched against a file committed to the repository. @@ -97,35 +91,25 @@ file:///tmp/go-build/tmp.go -> file:///tmp/go-build/tmp.go The file is successfully uploaded as both absolute URIs use the same URI scheme as the source root. -### Resolving symlinks before generating SARIF results +### Symlink resolution If the relative URI for a result is matched against a file defined using a symlink, code scanning is unable to display the result. So you need to resolve any symlinked files, and report any results in those files using the resolved URI. -## Validating your SARIF file +## File compatibility You can check a SARIF file is compatible with {% data variables.product.prodname_code_scanning %} by testing it against the {% data variables.product.prodname_dotcom %} ingestion rules. For more information, visit the [Microsoft SARIF validator](https://sarifweb.azurewebsites.net/). -For each gzip-compressed SARIF file, SARIF upload supports a maximum size of 10 MB. Any uploads over this limit will be rejected. If your SARIF file is too large because it contains too many results, you should update the configuration to focus on results for the most important rules or queries. For more information, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/file-too-large). +For each gzip-compressed SARIF file, SARIF upload supports a maximum size of 10 MB. Any uploads over this limit will be rejected. If your SARIF file is too large because it contains too many results, you should update the configuration to focus on results for the most important rules or queries. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/file-too-large). -{% data variables.product.prodname_code_scanning_caps %} supports uploading a maximum number of entries for the data objects in the following table. If any of these objects exceeds its maximum value the SARIF file is rejected. For some objects, there is also an additional limit on the number of values that will be displayed. Whenever possible the most important values are shown. To get the most out of your analysis when it includes data above the supported limits, try to optimize the analysis configuration (for example, for the {% data variables.product.prodname_codeql %} tool, identify and disable the most noisy queries). For more information, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit). +{% data variables.product.prodname_code_scanning_caps %} supports uploading a maximum number of entries for the data objects in the following table. If any of these objects exceeds its maximum value the SARIF file is rejected. For some objects, there is also an additional limit on the number of values that will be displayed. Whenever possible the most important values are shown. To get the most out of your analysis when it includes data above the supported limits, try to optimize the analysis configuration (for example, for the {% data variables.product.prodname_codeql %} tool, identify and disable the most noisy queries). For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads/results-exceed-limit). {% data reusables.code-scanning.sarif-limits %} -For information about other errors, see [AUTOTITLE](/code-security/code-scanning/troubleshooting-sarif-uploads) - -## Uploading more than one SARIF file for a commit - -You can upload multiple SARIF files for the same commit, and display the data from each file as {% data variables.product.prodname_code_scanning %} results. When you upload multiple SARIF files for a commit, you must indicate a "category" for each analysis. The way to specify a category varies according to the analysis method: -* Using the {% data variables.product.prodname_codeql_cli %} directly, pass the `--sarif-category` argument to the `codeql database analyze` command when you generate SARIF files. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli#about-generating-code-scanning-results-with-the-codeql-cli). -* Using {% data variables.product.prodname_actions %} with `codeql-action/analyze`, the category is set automatically from the workflow name and any matrix variables (typically, `language`). You can override this by specifying a `category` input for the action, which is useful when you analyze different sections of a monorepo in a single workflow. -* Using {% data variables.product.prodname_actions %} to upload results from other static analysis tools, then you must specify a `category` input if you upload more than one file of results for the same tool in one workflow. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions). -* If you are not using either of these approaches, you must specify a unique `runAutomationDetails.id` in each SARIF file to upload. For more information about this property, see [`runAutomationDetails` object](#runautomationdetails-object). - -If you upload a second SARIF file for a commit with the same category and from the same tool, the earlier results are overwritten. However, if you try to upload multiple SARIF files for the same tool and category in a single {% data variables.product.prodname_actions %} workflow run, the misconfiguration is detected and the run will fail. +For information about other errors, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-sarif-uploads). -## Supported SARIF output file properties +## Supported properties If you use a code analysis engine other than {% data variables.product.prodname_codeql %}, you can review the supported SARIF properties to optimize how your analysis results will appear on {% data variables.product.prodname_dotcom %}. @@ -150,7 +134,7 @@ Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.pr |----|----|----| | `tool.driver` | {% octicon "check" aria-label="Required" %} | A `toolComponent` object that describes the analysis tool. For more information, see the [`toolComponent` object](#toolcomponent-object). | | `tool.extensions[]` | {% octicon "x" aria-label="Optional" %} | An array of `toolComponent` objects that represent any plugins or extensions used by the tool during analysis. For more information, see the [`toolComponent` object](#toolcomponent-object). | -| `invocation.workingDirectory.uri` | {% octicon "x" aria-label="Optional" %} | This field is used only when `checkout_uri` (SARIF upload API only) or `checkout_path` ({% data variables.product.prodname_actions %} only) are not provided. The value is used to convert absolute URIs used in [`physicalLocation` objects](#physicallocation-object) to relative URIs. For more information, see [Specifying the root for source files](#specifying-the-root-for-source-files).| +| `invocation.workingDirectory.uri` | {% octicon "x" aria-label="Optional" %} | This field is used only when `checkout_uri` (SARIF upload API only) or `checkout_path` ({% data variables.product.prodname_actions %} only) are not provided. The value is used to convert absolute URIs used in [`physicalLocation` objects](#physicallocation-object) to relative URIs. For more information, see [Specifying the root for source files](#root-location-for-source-files).| | `results[]` | {% octicon "check" aria-label="Required" %} | The results of the analysis tool. {% data variables.product.prodname_code_scanning_caps %} displays the results on {% data variables.product.prodname_dotcom %}. For more information, see the [`result` object](#result-object). ### `toolComponent` object @@ -164,7 +148,7 @@ Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.pr ### `reportingDescriptor` object -This is where you store details of the rules that are run during analysis. Information in these objects should change infrequently, typically when you update the tool. For more information, see [Understanding rules and results](#understanding-rules-and-results) above. +This is where you store details of the rules that are run during analysis. Information in these objects should change infrequently, typically when you update the tool. For more information, see [Rules and results](#rules-and-results) above. | Name | Required | Description | |----|----|----| @@ -182,7 +166,7 @@ This is where you store details of the rules that are run during analysis. Infor ### `result` object -Each `result` object contains details for one alert in the codebase. Within the `results` object, you can reference the rule that detected the alert. For more information, see [Understanding rules and results](#understanding-rules-and-results) above. +Each `result` object contains details for one alert in the codebase. Within the `results` object, you can reference the rule that detected the alert. For more information, see [Rules and results](#rules-and-results) above. {% data reusables.code-scanning.upload-sarif-alert-limit %} @@ -194,7 +178,7 @@ Each `result` object contains details for one alert in the codebase. Within the | `level`| {% octicon "x" aria-label="Optional" %} | The severity of the result. This level overrides the default severity defined by the rule. {% data variables.product.prodname_code_scanning_caps %} uses the level to filter results by severity on {% data variables.product.prodname_dotcom %}. | `message.text`| {% octicon "check" aria-label="Required" %} | A message that describes the result. {% data variables.product.prodname_code_scanning_caps %} displays the message text as the title of the result. Only the first sentence of the message will be displayed when visible space is limited. | `locations[]`| {% octicon "check" aria-label="Required" %} | The set of locations where the result was detected up to a maximum of 10. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_caps %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored. -| `partialFingerprints`| {% octicon "check" aria-label="Required" %} | A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_caps %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_caps %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see [Providing data to track code scanning alerts across runs](#providing-data-to-track-code-scanning-alerts-across-runs). **Note:** {% data variables.product.prodname_code_scanning_caps %} only uses the `primaryLocationLineHash`. +| `partialFingerprints`| {% octicon "check" aria-label="Required" %} | A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_caps %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_caps %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see [Providing data to track code scanning alerts across runs](#data-for-preventing-duplicated-alerts). **Note:** {% data variables.product.prodname_code_scanning_caps %} only uses the `primaryLocationLineHash`. | `codeFlows[].threadFlows[].locations[]`| {% octicon "x" aria-label="Optional" %} | An array of `location` objects for a `threadFlow` object, which describes the progress of a program through a thread of execution. A `codeFlow` object describes a pattern of code execution used to detect a result. If code flows are provided, {% data variables.product.prodname_code_scanning %} will expand code flows on {% data variables.product.prodname_dotcom %} for the relevant result. For more information, see the [`location` object](#location-object). | `relatedLocations[]`| {% octicon "x" aria-label="Optional" %} | A set of locations relevant to this result. {% data variables.product.prodname_code_scanning_caps %} will link to related locations when they are embedded in the result message. For more information, see the [`location` object](#location-object). @@ -212,7 +196,7 @@ A location within a programming artifact, such as a file in the repository or a | Name | Required | Description | |----|----|----| -| `artifactLocation.uri`| {% octicon "check" aria-label="Required" %} | A URI indicating the location of an artifact, usually a file either in the repository or generated during a build. For the best results we recommend that this is a relative path from the root of the GitHub repository being analyzed. For example, `src/main.js`. For more information about artifact URIs, see [Specifying the root for source files](#specifying-the-root-for-source-files).| +| `artifactLocation.uri`| {% octicon "check" aria-label="Required" %} | A URI indicating the location of an artifact, usually a file either in the repository or generated during a build. For the best results we recommend that this is a relative path from the root of the GitHub repository being analyzed. For example, `src/main.js`. For more information about artifact URIs, see [Specifying the root for source files](#root-location-for-source-files).| | `region.startLine` | {% octicon "check" aria-label="Required" %} | The line number of the first character in the region. | `region.startColumn` | {% octicon "check" aria-label="Required" %} | The column number of the first character in the region. | `region.endLine` | {% octicon "check" aria-label="Required" %} | The line number of the last character in the region. diff --git a/content/code-security/reference/index.md b/content/code-security/reference/index.md new file mode 100644 index 000000000000..f925be0650ba --- /dev/null +++ b/content/code-security/reference/index.md @@ -0,0 +1,24 @@ +--- +title: Reference for security and code quality +shortTitle: Reference +intro: Find information to apply to your work with {% data variables.product.github %}'s security and code quality features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: reference +children: + - /secret-security + - /code-scanning + - /supply-chain-security + - /code-quality + - /permissions +--- diff --git a/content/code-security/reference/permissions/index.md b/content/code-security/reference/permissions/index.md new file mode 100644 index 000000000000..642485a6b1da --- /dev/null +++ b/content/code-security/reference/permissions/index.md @@ -0,0 +1,12 @@ +--- +title: Permissions for security features +intro: Find information about permissions related to {% data variables.product.github %}'s security features. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: reference +children: + - /permission-levels-for-repository-security-advisories + - /security-overview-permissions +--- \ No newline at end of file diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories.md b/content/code-security/reference/permissions/permission-levels-for-repository-security-advisories.md similarity index 94% rename from content/code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories.md rename to content/code-security/reference/permissions/permission-levels-for-repository-security-advisories.md index ce706b933421..5c003b97180a 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories.md +++ b/content/code-security/reference/permissions/permission-levels-for-repository-security-advisories.md @@ -1,6 +1,7 @@ --- -title: Permission levels for repository security advisories +title: Repository security advisories intro: The actions you can take in a repository security advisory depend on whether you have admin or write permissions to the security advisory. +allowTitleToDifferFromFilename: true redirect_from: - /articles/permission-levels-for-maintainer-security-advisories - /github/managing-security-vulnerabilities/permission-levels-for-maintainer-security-advisories @@ -8,15 +9,16 @@ redirect_from: - /code-security/security-advisories/permission-levels-for-security-advisories - /code-security/repository-security-advisories/permission-levels-for-repository-security-advisories - /code-security/security-advisories/repository-security-advisories/permission-levels-for-repository-security-advisories + - /code-security/security-advisories/working-with-repository-security-advisories/permission-levels-for-repository-security-advisories + - /code-security/reference/permission-levels-for-repository-security-advisories versions: fpt: '*' ghec: '*' -type: reference topics: - Security advisories - Vulnerabilities - Permissions -shortTitle: Permission levels +contentType: reference --- ## Permissions overview diff --git a/content/code-security/reference/permissions/security-overview-permissions.md b/content/code-security/reference/permissions/security-overview-permissions.md new file mode 100644 index 000000000000..9d8100d4ea58 --- /dev/null +++ b/content/code-security/reference/permissions/security-overview-permissions.md @@ -0,0 +1,56 @@ +--- +title: Security overview permissions +shortTitle: Security overview +intro: The actions you can take in security overview depend on your permissions for the repositories in your organization or enterprise. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Security advisories + - Vulnerabilities + - Permissions +contentType: reference +--- + +The actions you can take in the security overview depend on your permissions for the repositories in your organization or enterprise. + +## Organization-level overview + +If you are an **owner or security manager** for an organization, you can see data for all the repositories in the organization in all views. + +If you are an **organization or team member**, you can view security overview for the organization and see data for repositories where you have an appropriate level of access. + +{% ifversion secret-risk-assessment %} + +> [!TIP] The Assessments view, which is not shown in the table below, is only available to organization owners and security managers. + +{% endif %} + +{% rowheaders %} + +| Organization or team member with | Overview dashboard view | Risk and alerts views | Coverage view | +|--------------------|-------------|---------------------|---------| +| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories{% ifversion pre-security-configurations %}, and enable and disable security features{% endif %} | +| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access | +| `read` or `triage` access for one or more repositories | No access | No access | No access | +| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access | +| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories | View allowed alert data for all repositories in all views | No access | + +{% endrowheaders %} + +> [!NOTE] +> To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories. + +For more information about access to security alerts and related views, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security). + +## Enterprise-level overview + +> [!NOTE] +> If you are an **enterprise owner**, you will need to join an organization as an organization owner to view data for the organization's repositories in both the organization-level and enterprise-level overview.{% ifversion secret-scanning-user-owned-repos %} {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}{% endif %} For more information, see [AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise). + +In the enterprise-level security overview, you can see data for all organizations where you are an **organization owner or security manager**. + +{% ifversion ghec %} +If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can view data from user-owned repositories in security overview and filter by repository owner type. For more information on {% data variables.enterprise.prodname_managed_users %}, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users). +{% endif %} diff --git a/content/code-security/reference/secret-security/index.md b/content/code-security/reference/secret-security/index.md new file mode 100644 index 000000000000..9e05b4611de0 --- /dev/null +++ b/content/code-security/reference/secret-security/index.md @@ -0,0 +1,19 @@ +--- +title: Secret security +intro: Learn about secret scanning patterns, risk report CSV contents, and {% data variables.product.github %} secrets. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning +contentType: reference +children: + - /understanding-github-secret-types + - /supported-secret-scanning-patterns + - /secret-scanning-detection-scope + - /risk-report-csv-contents + - /secret-scanning-pattern-configuration-data +--- + diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md b/content/code-security/reference/secret-security/risk-report-csv-contents.md similarity index 84% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md rename to content/code-security/reference/secret-security/risk-report-csv-contents.md index bd1cd264107a..3c4cd9ee7728 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md +++ b/content/code-security/reference/secret-security/risk-report-csv-contents.md @@ -1,7 +1,7 @@ --- -title: 'Contents of the secret risk assessment report CSV' -shortTitle: 'Risk report CSV contents' -intro: 'Understand the data included in the CSV export of the {% data variables.product.prodname_secret_risk_assessment %} report.' +title: Contents of the secret risk assessment report CSV +shortTitle: Risk report CSV contents +intro: Understand the data included in the CSV export of the {% data variables.product.prodname_secret_risk_assessment %} report. product: '{% data reusables.gated-features.secret-risk-assessment-report %}' permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}' type: reference @@ -13,6 +13,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents +contentType: reference --- The {% data variables.product.prodname_secret_risk_assessment %} report CSV file includes the following information: diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md b/content/code-security/reference/secret-security/secret-scanning-detection-scope.md similarity index 86% rename from content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md rename to content/code-security/reference/secret-security/secret-scanning-detection-scope.md index 39590d586217..28036c2b5fb7 100644 --- a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning.md +++ b/content/code-security/reference/secret-security/secret-scanning-detection-scope.md @@ -1,19 +1,22 @@ --- -title: Troubleshooting secret scanning -shortTitle: Troubleshoot secret scanning -intro: 'When using {% data variables.product.prodname_secret_scanning %} to detect secrets in your repository, or secrets about to be committed into your repository, you may need to troubleshoot unexpected issues.' +title: Secret scanning detection scope +shortTitle: Secret scanning scope +intro: Secret scanning uses pattern matching and validation to detect secrets. Detection varies based on pattern pairs, token types, and push protection settings. product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Secret scanning - Secret Protection - Troubleshooting redirect_from: - /code-security/secret-scanning/troubleshooting-secret-scanning + - /code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning + - /code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection + - /code-security/how-tos/secure-your-secrets/troubleshooting-secret-scanning +contentType: reference --- {% data reusables.secret-scanning.enterprise-enable-secret-scanning %} diff --git a/content/code-security/reference/secret-security/secret-scanning-pattern-configuration-data.md b/content/code-security/reference/secret-security/secret-scanning-pattern-configuration-data.md new file mode 100644 index 000000000000..3d99e0889688 --- /dev/null +++ b/content/code-security/reference/secret-security/secret-scanning-pattern-configuration-data.md @@ -0,0 +1,23 @@ +--- +title: Secret scanning pattern configuration data +shortTitle: Secret pattern data +intro: Understand the data displayed in the {% data variables.product.prodname_secret_scanning %} pattern configuration page to make informed decisions about push protection settings. +permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}' +versions: + feature: security-configurations +topics: + - Code Security + - Secret scanning + - Secret Protection + - Organizations + - Security + - Advanced Security + - Enterprise +contentType: reference + +--- + +When configuring push protection, you can view performance data for each secret pattern to make informed enablement decisions. Use metrics like alert volume and false positive rates to balance security with developer experience. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization#specifying-patterns-to-include-in-push-protection){% ifversion security-configuration-enterprise-level %} or [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise#specifying-patterns-to-include-in-push-protection-for-your-enterprise){% endif %}. + +{% data reusables.secret-scanning.pattern-enablement-org-enterprise-chart %} + \ No newline at end of file diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/reference/secret-security/supported-secret-scanning-patterns.md similarity index 89% rename from content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md rename to content/code-security/reference/secret-security/supported-secret-scanning-patterns.md index 0f74e6878078..286920ddaafb 100644 --- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md +++ b/content/code-security/reference/secret-security/supported-secret-scanning-patterns.md @@ -1,20 +1,22 @@ --- title: Supported secret scanning patterns -intro: 'Lists of supported secrets and the partners that {% data variables.product.company_short %} works with to prevent fraudulent use of secrets that were committed accidentally.' +intro: Lists of supported secrets and the partners that {% data variables.product.company_short %} works with to prevent fraudulent use of secrets that were committed accidentally. product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: reference topics: - Secret scanning - Secret Protection redirect_from: - /code-security/secret-scanning/secret-scanning-partners - /code-security/secret-scanning/secret-scanning-patterns + - /code-security/secret-scanning/introduction/supported-secret-scanning-patterns layout: inline shortTitle: Supported patterns +autogenerated: secret-scanning +contentType: reference --- ## About {% data variables.product.prodname_secret_scanning %} patterns @@ -31,7 +33,7 @@ If you believe that {% data variables.product.prodname_secret_scanning %} should ## Supported secrets -This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token. +The tables list the secrets supported by {% data variables.product.prodname_secret_scanning %} for each secret type. Information in the tables may include this data: * **Provider:** Name of the token provider.{% ifversion fpt or ghec %} * **Partner:** Token for which leaks are reported to the relevant token partner. Applies to public repositories and all gists, including secret gists. Secret gists are not private and can be accessed by anyone with the URL. See [About gists](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists#about-gists). @@ -44,8 +46,9 @@ This table lists the secrets supported by {% data variables.product.prodname_sec * Applies to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% endif %} * **Push protection:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. - * **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see [{% data variables.product.prodname_AS %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) in the Site Policy documentation.{% else %} Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} +* **Metadata check:** Token for which extended metadata is available, providing additional context about the detected secret. +* **Base64:** Token for which Base64-encoded versions are supported. ### Non-provider patterns @@ -115,12 +118,12 @@ Precision levels are estimated based on the pattern type's typical false positiv {% ifversion fpt or ghec %} > [!NOTE] -> Validity checks are only available to users with {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} who enable the feature as part of {% data variables.product.prodname_GH_secret_protection %}. +> Validity and extended metadata checks are only available to users with {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} who enable the feature as part of {% data variables.product.prodname_GH_secret_protection %}. -| Provider | Token | Partner | User | Push protection | Validity check | Base64 | -|----|:----|:----:|:----:|:----:|:----:|:----:| +| Provider | Token | Partner | User | Push protection | Validity check | Metadata check | Base64 | +|----|:----|:----:|:----:|:----:|:----:|:----:|:----:| {%- for entry in secretScanningData %} -| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% else %}{% endif %} | {% if entry.isPrivateWithGhas %}{% else %}{% endif %} | {% if entry.hasPushProtection %}{% else %}{% endif %} | {% if entry.hasValidityCheck %}{% else %}{% endif %} | {% if entry.base64Supported %}{% else %}{% endif %} | +| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% else %}{% endif %} | {% if entry.isPrivateWithGhas %}{% else %}{% endif %} | {% if entry.hasPushProtection %}{% else %}{% endif %} | {% if entry.hasValidityCheck %}{% else %}{% endif %} | {% if entry.hasExtendedMetadata %}{% else %}{% endif %} | {% if entry.base64Supported %}{% else %}{% endif %} | {%- endfor %} {% endif %} diff --git a/content/code-security/getting-started/understanding-github-secret-types.md b/content/code-security/reference/secret-security/understanding-github-secret-types.md similarity index 87% rename from content/code-security/getting-started/understanding-github-secret-types.md rename to content/code-security/reference/secret-security/understanding-github-secret-types.md index c4877ffa27f8..a21a2e65fd10 100644 --- a/content/code-security/getting-started/understanding-github-secret-types.md +++ b/content/code-security/reference/secret-security/understanding-github-secret-types.md @@ -1,38 +1,26 @@ --- title: Understanding GitHub secret types -intro: 'Learn about the usage, scope, and access permissions for {% data variables.product.github %} secrets.' +intro: Learn about the usage, scope, and access permissions for {% data variables.product.github %} secrets. versions: fpt: '*' ghes: '*' ghec: '*' -type: overview topics: - Repositories - Dependencies - Vulnerabilities - Advanced Security shortTitle: GitHub secret types +redirect_from: + - /code-security/getting-started/understanding-github-secret-types +contentType: reference --- -## About {% data variables.product.github %}'s secret types - -{% data variables.product.github %} secrets are used to securely store sensitive information like API keys, tokens, and passwords in repositories. - -When you store the sensitive information as a {% data variables.product.github %} secret, you remove the need to hardcode the credential or key, and prevent exposure of it in your code or logs. The secret can then be used to authenticate services, manage credentials, and securely pass sensitive data in workflows. - -There are {% ifversion fpt or ghec %}three {% else %}two {% endif %}types of secrets used by {% data variables.product.github %}: - -* [{% data variables.product.prodname_dependabot %} secrets](#dependabot-secrets) -* [Actions secrets](#actions-secrets){% ifversion fpt or ghec %} -* [{% data variables.product.prodname_codespaces %} secrets](#codespaces-secrets){% endif %} - -Depending on the {% data variables.product.github %} secret type, you can create and manage secrets under your repository, organization, or personal account security settings page. - {% ifversion fpt or ghec %} -### Understanding how {% data variables.product.github %} stores secrets +## How {% data variables.product.github %} stores secrets -{% data variables.product.github %} uses [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets. A secret is encrypted before reaching {% data variables.product.github %} and remains encrypted until it's used by the relevant service ({% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_actions %}, or {% data variables.product.prodname_codespaces %}). +{% data variables.product.github %} uses [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets. A secret is encrypted before reaching {% data variables.product.github %} and remains encrypted until it's used by {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_actions %}, or {% data variables.product.prodname_codespaces %}. {% endif %} diff --git a/content/code-security/reference/supply-chain-security/dependabot-alerts-filters.md b/content/code-security/reference/supply-chain-security/dependabot-alerts-filters.md new file mode 100644 index 000000000000..243054efc3d0 --- /dev/null +++ b/content/code-security/reference/supply-chain-security/dependabot-alerts-filters.md @@ -0,0 +1,19 @@ +--- +title: Dependabot alert filters +intro: '{% data variables.product.prodname_dependabot_alerts %} filters help you prioritize and manage alerts for vulnerable dependencies in your repositories.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Dependabot alerts filters +contentType: reference +--- + +{% data reusables.dependabot.dependabot-alerts-filters %} \ No newline at end of file diff --git a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/reference/supply-chain-security/dependabot-errors.md similarity index 93% rename from content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors.md rename to content/code-security/reference/supply-chain-security/dependabot-errors.md index d550a5f5a164..42676bb23f26 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors.md +++ b/content/code-security/reference/supply-chain-security/dependabot-errors.md @@ -1,18 +1,19 @@ --- -title: Troubleshooting Dependabot errors -intro: 'Sometimes {% data variables.product.prodname_dependabot %} is unable to raise a pull request to update your dependencies. You can review the error and unblock {% data variables.product.prodname_dependabot %}.' -shortTitle: Troubleshoot errors +title: Dependabot errors +intro: '{% data variables.product.prodname_dependabot %} automatically maintains your dependencies, keeping your code secure and current. This reference helps you diagnose and resolve issues so automated updates can continue.' +shortTitle: Troubleshoot Dependabot errors redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors - /code-security/supply-chain-security/troubleshooting-dependabot-errors - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors + - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors + - /code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-dependabot-errors versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Dependabot - Security updates @@ -22,23 +23,10 @@ topics: - Troubleshooting - Errors - Dependencies +contentType: reference --- -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} errors - -{% data reusables.dependabot.pull-request-introduction %} - -If anything prevents {% data variables.product.prodname_dependabot %} from raising a pull request, this is reported as an error. - -> [!NOTE] -> {% data variables.product.prodname_dependabot %} doesn't create pull requests for inactive repositories. For information about inactivity criteria, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates), for security and version updates, respectively. - -{% ifversion dependabot-on-actions-opt-in %} -For more information about troubleshooting when running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners). - -{% endif %} +This article provides troubleshooting information to help you resolve issues when {% data variables.product.prodname_dependabot %} doesn't work as expected. If you encounter errors when {% data variables.product.prodname_dependabot %} tries to update your dependencies, you can use this guidance to diagnose and fix common problems. ## Investigating errors with {% data variables.product.prodname_dependabot_security_updates %} diff --git a/content/code-security/reference/supply-chain-security/dependabot-on-actions.md b/content/code-security/reference/supply-chain-security/dependabot-on-actions.md new file mode 100644 index 000000000000..8c9329a4afe4 --- /dev/null +++ b/content/code-security/reference/supply-chain-security/dependabot-on-actions.md @@ -0,0 +1,46 @@ +--- +title: Dependabot on GitHub Actions +shortTitle: Dependabot on Actions +intro: Detailed information on using {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Actions + - Version updates + - Dependencies +contentType: reference +--- + +## Restrictions when {% data variables.product.prodname_dependabot %} triggers events + +{% data reusables.dependabot.working-with-actions-considerations %} + +For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment`, and `deployment_status` events, these restrictions apply: + +* `GITHUB_TOKEN` has read-only permissions by default. +* Secrets are populated from {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. + +For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.event.pull_request.user.login == 'dependabot[bot]'`), the `GITHUB_TOKEN` will be read-only and secrets are not available. + +These restrictions apply even if the workflow is re-run by a different actor. + +For more information, see [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). + +## Requirements for using {% data variables.product.prodname_dependabot %} with self-hosted runners + +To generate {% data variables.product.prodname_dependabot_updates %} using self-hosted runners, you need to properly configure your system, network, and certificates. + +### System requirements + +{% data reusables.dependabot.dependabot-runners-system-requirements %} + +### Network requirements + +{% data reusables.dependabot.dependabot-runners-network-requirements %} + +### Certificate configuration + +If {% data variables.product.prodname_dependabot %} needs to interact with registries that use self-signed certificates, those certificates must also be installed on the self-hosted runners that run {% data variables.product.prodname_dependabot %} jobs. This security hardens the connection. You must also configure Node.js to use the certificate, because most actions are written in JavaScript and run using Node.js, which does not use the operating system certificate store. diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/reference/supply-chain-security/dependabot-options-reference.md similarity index 90% rename from content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md rename to content/code-security/reference/supply-chain-security/dependabot-options-reference.md index 0f26ff5ab3d5..49d4a24ff91a 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/reference/supply-chain-security/dependabot-options-reference.md @@ -1,6 +1,6 @@ --- title: Dependabot options reference -intro: 'Detailed information for all the options you can use to customize how {% data variables.product.prodname_dependabot %} maintains your repositories.' +intro: Detailed information for all the options you can use to customize how {% data variables.product.prodname_dependabot %} maintains your repositories. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' allowTitleToDifferFromFilename: true redirect_from: @@ -8,30 +8,24 @@ redirect_from: - /code-security/supply-chain-security/configuration-options-for-dependency-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + - /code-security/dependabot/working-with-dependabot/dependabot-options-reference versions: fpt: '*' ghec: '*' ghes: '*' -type: reference topics: - Dependabot - Version updates - Repositories - Dependencies - Pull requests -shortTitle: Dependabot options reference +shortTitle: Dependabot options +contentType: reference --- -## About the `dependabot.yml` file +This article provides reference information for the configuration options available in the `dependabot.yml` file. Use these options to customize how {% data variables.product.prodname_dependabot %} monitors package ecosystems, schedules updates, and creates pull requests. For an overview of the `dependabot.yml` file and how it works, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file). -The `dependabot.yml` file defines how {% data variables.product.prodname_dependabot %} maintains dependencies using version updates. In addition, all options marked with a {% octicon "shield-check" aria-label="Security updates" height="16" %} icon also change how {% data variables.product.prodname_dependabot %} creates pull requests for security updates, except where `target-branch` is used. - -The {% data variables.product.prodname_dependabot %} configuration file, `dependabot.yml`, uses YAML syntax. If you're new to YAML and want to learn more, see [Learn YAML in five minutes](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes). - -You must store this file in the `.github` directory of your repository in the default branch. When you add or update the `dependabot.yml` file, this triggers an immediate check for version updates. For more information and an example, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates). - -> [!NOTE] -> {% data variables.product.prodname_dependabot_alerts %} are configured in the repository or organization "Settings" tab and not in the `dependabot.yml` file, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). +All options marked with a {% octicon "shield-check" aria-label="Security updates" height="16" %} icon also change how {% data variables.product.prodname_dependabot %} creates pull requests for security updates, except where `target-branch` is used. ### Required keys @@ -106,10 +100,10 @@ For most package managers, you should define a value that will match the depende | Dependency types | Supported by package managers | Allow updates | |------------------|-------------------------------|--------| | `direct` | All | All explicitly defined dependencies. | -| `indirect` | `bundler`, `pip`, `composer`, `cargo`, `gomod` | Dependencies of direct dependencies (also known as sub-dependencies, or transitive dependencies).| -| `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`, `gomod`, also the dependencies of direct dependencies.| -| `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` (not all managers) | Only to dependencies defined by the package manager as production dependencies. | -| `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` (not all managers) | Only to dependencies defined by the package manager as development dependencies. | +| `indirect` | `bundler`, `pip`, `composer`, `cargo`, `gomod`{% ifversion dependabot-uv-support %}, `uv`{% endif %} | Dependencies of direct dependencies (also known as sub-dependencies, or transitive dependencies).| +| `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`, `gomod`{% ifversion dependabot-uv-support %}, `uv`{% endif %}, also the dependencies of direct dependencies.| +| `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip`{% ifversion dependabot-uv-support %}, `uv`{% endif %} (not all managers) | Only to dependencies defined by the package manager as production dependencies. | +| `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip`{% ifversion dependabot-uv-support %}, `uv`{% endif %} (not all managers) | Only to dependencies defined by the package manager as development dependencies. | ## `assignees` {% octicon "versions" aria-label="Version updates" height="24" %} {% octicon "shield-check" aria-label="Security updates" height="24" %} @@ -157,7 +151,11 @@ When `commit-message` is defined: ### `prefix-development` +{% ifversion dependabot-uv-support %} +Supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, `pip`, and `uv`. +{% else %} Supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`. +{% endif %} * Used only for commit messages that update dependencies in the Development dependency group. * Otherwise, the parameter behaves exactly as the `prefix` parameter. @@ -223,9 +221,15 @@ The table below shows the package managers for which SemVer is supported. | Gradle | {% octicon "check" aria-label="Supported" %} | | Helm | {% octicon "x" aria-label="Not supported" %} | | Hex (Hex) | {% octicon "check" aria-label="Supported" %} | +| {% ifversion dependabot-julia-support %} | +| Julia | {% octicon "check" aria-label="Supported" %} | +| {% endif %} | | Maven | {% octicon "check" aria-label="Supported" %} | | NPM and Yarn | {% octicon "check" aria-label="Supported" %} | | NuGet | {% octicon "check" aria-label="Supported" %} | +| {% ifversion dependabot-opentofu-support %} | +| OpenTofu | {% octicon "check" aria-label="Supported" %} | +| {% endif %} | | Pip | {% octicon "check" aria-label="Supported" %} | | Pub | {% octicon "check" aria-label="Supported" %} | | Swift | {% octicon "check" aria-label="Supported" %} | @@ -359,7 +363,7 @@ Specify which semantic versions (SemVer) to ignore. SemVer is an accepted standa Supported by: `bundler`, `mix`, and `pip`. -Allow {% data variables.product.prodname_dependabot %} to execute external code in the manifest during updates. For examples, see [Allowing external code execution](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#allowing-external-code-execution). +Allow {% data variables.product.prodname_dependabot %} to execute external code in the manifest during updates. For examples, see [Allowing external code execution](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#allowing-external-code-execution). {% data variables.product.prodname_dependabot %} default behavior: @@ -431,7 +435,7 @@ When `multi-ecosystem-groups` is used: Assign individual package ecosystems to a multi-ecosystem group using the `multi-ecosystem-group` parameter in your `updates` configuration. > [!IMPORTANT] -> Multi-ecosystem updates require specific configuration patterns and have unique parameter merging behavior. For complete setup instructions, configuration examples, and detailed parameter reference, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates). +> Multi-ecosystem updates require specific configuration patterns and have unique parameter merging behavior. For complete setup instructions, configuration examples, and detailed parameter reference, see [AUTOTITLE](/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates). ```yaml copy # Basic `dependabot.yml` file defining a multi-ecosystem-group @@ -467,7 +471,7 @@ Change the limit on the maximum number of pull requests for version updates open When `open-pull-requests-limit` is defined: -* {% data variables.product.prodname_dependabot %} opens pull requests up to the defined integer value. +* {% data variables.product.prodname_dependabot %} opens pull requests up to the defined integer value. A large value can be set to effectively remove the open pull request limit. * You can temporarily disable version updates for a package manager by setting this option to zero, see [Disabling {% data variables.product.prodname_dependabot_version_updates %}](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#disabling-dependabot-version-updates). ## `package-ecosystem` {% octicon "versions" aria-label="Version updates only" height="24" %} @@ -502,6 +506,9 @@ Package manager | YAML value | Supported versions | | Helm Charts | `helm` | v3 | | {% endif %} | | Hex | `mix` | v1 | +| {% ifversion dependabot-julia-support %} | +| Julia | `julia` | >=v1.10 | +| {% endif %} | | elm-package | `elm` | v0.19 | | git submodule | `gitsubmodule` | Not applicable | | {% data variables.product.prodname_actions %} | `github-actions` | Not applicable | @@ -510,6 +517,9 @@ Package manager | YAML value | Supported versions | | Maven | `maven` | Not applicable | | npm | `npm` | v7, v8, v9, v10 | | NuGet | `nuget` | {% ifversion fpt or ghec or ghes > 3.14 %}<=6.12.0{% endif %} | +| {% ifversion dependabot-opentofu-support %} | +| OpenTofu | `opentofu` | Not applicable | +| {% endif %} | | pip| `pip` | v24.2 | | pip-compile | `pip` | 7.4.1 | | pipenv | `pip` | <= 2024.4.1 | @@ -521,7 +531,9 @@ Package manager | YAML value | Supported versions | | {% endif %} | | Swift | `swift` | v5 | | Terraform | `terraform` | >= 0.13, <= 1.10.x | +| {% ifversion dependabot-uv-support %} | | uv | `uv` | v0 | +| {% endif %} | | {% ifversion dependabot-vcpkg-support %} | | vcpkg | `vcpkg` | Not applicable | | {% endif %} | @@ -562,11 +574,11 @@ When `rebase-strategy` is set to `disabled`, {% data variables.product.prodname_ ## `registries` {% octicon "versions" aria-label="Version updates" height="24" %} {% octicon "shield-check" aria-label="Security updates" height="24" %} -Configure access to private package registries to allow {% data variables.product.prodname_dependabot %} to update a wider range of dependencies, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot). +Configure access to private package registries to allow {% data variables.product.prodname_dependabot %} to update a wider range of dependencies, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/guidance-for-the-configuration-of-private-registries-for-dependabot). There are 2 locations in the `dependabot.yml` file where you can use the `registries` key: -1. At the top level, where you define the private registries you want to use and their access information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). +1. At the top level, where you define the private registries you want to use and their access information, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot). 1. Within the `updates` blocks, where you can specify which private registries each package manager should use. {% data variables.product.prodname_dependabot %} default behavior is to raise pull requests only to update dependencies stored in publicly accessible registries. @@ -610,13 +622,13 @@ Reviewers must have at least read access to the repository. | Parameters | Purpose | |------------|---------| -| `interval` | **Required.** Defines the frequency for {% data variables.product.prodname_dependabot %}. | -| `day` | Specify the day to run for a **weekly** interval. | -| `time` | Specify the time to run. | +| [`interval`](#interval) | **Required.** Defines the frequency for {% data variables.product.prodname_dependabot %}. | +| [`day`](#day) | Specify the day to run for a **weekly** interval. | +| [`time`](#time) | Specify the time to run. | | {% ifversion dependabot-schedule-updates %} | -| `cronjob` | Defines the cron expression if the interval type is `cron`. | +| [`cronjob`](#cronjob) | Defines the cron expression if the interval type is `cron`. | | {% endif %} | -| `timezone` | Specify the timezone of the `time` value. | +| [`timezone`](#timezone) | Specify the timezone of the `time` value. | {% ifversion fpt or ghec %} @@ -676,7 +688,8 @@ Examples : `0 9 * * *`, `every day at 5pm` `0 9 * * *` is equivalent to "every day at 9am". `every day at 5pm` is equivalent to `0 17 * * *`. > [!NOTE] -> A `cronjob` type schedule is required to use a `cron` interval. +> * Timezones must be specified in the [`timezone`](#timezone) parameter and not in the `cronjob`. +> * A `cronjob` type schedule is required to use a `cron` interval. ```yaml copy @@ -698,7 +711,7 @@ updates: ### `timezone` -Specify a time zone for the `time` value. +Specify a time zone for the `time` value. The default time zone is `UTC`. The time zone identifier must match a timezone in the database maintained by [iana](https://www.iana.org/time-zones), see [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). @@ -799,7 +812,11 @@ Supported values: `true` or `false` ## `versioning-strategy` {% octicon "versions" aria-label="Version updates" height="24" %} {% octicon "shield-check" aria-label="Security updates" height="24" %} -Supported by: `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip`, `pub` +{% ifversion dependabot-uv-support %} +Supported by: `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip`, `pub`, and `uv` +{% else %} +Supported by: `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip`, and `pub` +{% endif %} Define how {% data variables.product.prodname_dependabot %} should edit manifest files. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#defining-a-versioning-strategy). @@ -925,24 +942,26 @@ The parameters used to provide authentication details for access to a private re | Registry `type` | Required authentication parameters | |--|--| | `cargo-registry` | `token` | -| `composer-repository` | `username` and `password` | -| `docker-registry` | `username` and `password` | -| `git` | `username` and `password` | +| `composer-repository` | `username` and `password`
or OIDC with `tenant-id` and `client-id` | +| `docker-registry` | `username` and `password`
or OIDC with `tenant-id` and `client-id` | +| `git` | `username` and `password`
or OIDC with `tenant-id` and `client-id` | | `hex-organization` | `organization` and `key` | | `hex-repository` | `repo` and `auth-key` optionally with the corresponding `public-key-fingerprint` | -| `maven-repository` | `username` and `password` | -| `npm-registry` | `username` and `password`
or `token` | -| `nuget-feed` | `username` and `password`
or `token` | +| `maven-repository` | `username` and `password`
or OIDC with `tenant-id` and `client-id` | +| `npm-registry` | `username` and `password`
or `token`
or OIDC with `tenant-id` and `client-id` | +| `nuget-feed` | `username` and `password`
or `token`
or OIDC with `tenant-id` and `client-id` | | `pub-registry` | `token` | -| `python-index` | `username` and `password`
or `token` | -| `rubygems-server` | `username` and `password`
or `token` | +| `python-index` | `username` and `password`
or `token`
or OIDC with `tenant-id` and `client-id` | +| `rubygems-server` | `username` and `password`
or `token`
or OIDC with `tenant-id` and `client-id` | | `terraform-registry` | `token` | -All sensitive data used for authentication should be stored securely and referenced from that secure location, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). +All sensitive data used for authentication should be stored securely and referenced from that secure location, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot). > [!TIP] > {% data reusables.dependabot.password-definition %} +For more information about OIDC support for {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/actions/concepts/security/openid-connect#oidc-support-for-dependabot) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication). + ### `url` and `replaces-base` The `url` parameter defines where to access a registry. When the optional `replaces-base` parameter is enabled (`true`), {% data variables.product.prodname_dependabot %} resolves dependencies using the value of `url` rather than the base URL of that specific ecosystem. diff --git a/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md b/content/code-security/reference/supply-chain-security/dependabot-pull-request-comment-commands.md similarity index 56% rename from content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md rename to content/code-security/reference/supply-chain-security/dependabot-pull-request-comment-commands.md index 800a9948285e..2fc985ed6242 100644 --- a/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md +++ b/content/code-security/reference/supply-chain-security/dependabot-pull-request-comment-commands.md @@ -1,60 +1,25 @@ --- -title: Managing pull requests for dependency updates -intro: 'You manage pull requests raised by {% data variables.product.prodname_dependabot %} in much the same way as other pull requests, but there are some extra options.' -permissions: '{% data reusables.permissions.dependabot-various-tasks %}' -redirect_from: - - /github/administering-a-repository/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates +title: Dependabot pull request comment commands +intro: '{% data variables.product.prodname_dependabot %} responds to commands in comments on its pull requests, making it easy to triage and manage dependency updates.' +allowTitleToDifferFromFilename: true versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - - Repositories + - Dependabot - Version updates - - Security updates - - Pull requests + - Repositories - Dependencies - - Vulnerabilities -shortTitle: Manage Dependabot PRs + - Pull requests +shortTitle: Dependabot PR comment commands +contentType: reference --- -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} pull requests - -{% data reusables.dependabot.pull-request-introduction %} - -When {% data variables.product.prodname_dependabot %} raises a pull request, you're notified by your chosen method for the repository. Each pull request contains detailed information about the proposed change, taken from the package manager. These pull requests follow the normal checks and tests defined in your repository. -{% ifversion fpt or ghec %}In addition, where enough information is available, you'll see a compatibility score. This may also help you decide whether or not to merge the change. For information about this score, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% endif %} - -If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific assignees and labels. You may also want to group sets of dependencies together, so that multiple dependencies are updated in a single pull request. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs) and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-updates-into-a-single-pull-request). - -> [!NOTE] -> If you don't interact with {% data variables.product.prodname_dependabot %} pull requests for a repository during a 90-day time period, {% data variables.product.prodname_dependabot %} considers your repository as inactive, and will automatically pause {% data variables.product.prodname_dependabot_updates %}. For more information about inactivity criteria, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates). - -## Viewing {% data variables.product.prodname_dependabot %} pull requests - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-pr %} -1. Any pull requests for security or version updates are easy to identify. - * The author is {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, the bot account used by {% data variables.product.prodname_dependabot %}. - * By default, they have the `dependencies` label. - -## Changing the rebase strategy for {% data variables.product.prodname_dependabot %} pull requests - -By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. {% data reusables.dependabot.pull-requests-30-days-cutoff %} If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#rebase-strategy--). - -## Allowing {% data variables.product.prodname_dependabot %} to rebase and force push over extra commits - -By default, {% data variables.product.prodname_dependabot %} will stop rebasing a pull request once extra commits have been pushed to it. To allow {% data variables.product.prodname_dependabot %} to force push over commits added to its branches, include any of the following strings: `[dependabot skip]` , `[skip dependabot]`, `[dependabot-skip]`, or `[skip-dependabot]`, in either lower or uppercase, to the commit message. - -## Managing {% data variables.product.prodname_dependabot %} pull requests with comment commands - {% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request (for example: to merge, squash, reopen, close, or rebase the pull request) under the "{% data variables.product.prodname_dependabot %} commands and options" section. The aim is to make it as easy as possible for you to triage these automatically generated pull requests. +## Commands for {% data variables.product.prodname_dependabot %} pull requests + You can use any of the following commands on a {% data variables.product.prodname_dependabot %} pull request. | Command | Description | @@ -72,13 +37,7 @@ You can use any of the following commands on a {% data variables.product.prodnam | `@dependabot show DEPENDENCY_NAME ignore conditions` | Retrieves information on the ignore conditions for the specified dependency, and comments on the pull request with a table that displays all ignore conditions for the dependency. For example, `@dependabot show express ignore conditions` would find all `ignore` conditions stored for the Express dependency, and comment on the pull request with that information. | | `@dependabot squash and merge` | Squashes and merges the pull request once your CI tests have passed. | -{% data variables.product.prodname_dependabot %} will react with a "thumbs up" emoji to acknowledge the command, and may respond with a comment on the pull request. While {% data variables.product.prodname_dependabot %} usually responds quickly, some commands may take several minutes to complete if {% data variables.product.prodname_dependabot %} is busy processing other updates or commands. - -If you run any of the commands for ignoring dependencies or versions, {% data variables.product.prodname_dependabot %} stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. - -For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--). - -### Managing {% data variables.product.prodname_dependabot %} pull requests for grouped updates with comment commands +## Commands for grouped version updates In {% data variables.product.prodname_dependabot %} pull requests for grouped version updates and security updates, you can use comment commands to ignore and un-ignore updates for specific dependencies and versions. You can use any of the following commands to manage ignore conditions for grouped updates. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md b/content/code-security/reference/supply-chain-security/dependency-graph-supported-package-ecosystems.md similarity index 93% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md rename to content/code-security/reference/supply-chain-security/dependency-graph-supported-package-ecosystems.md index 75ebf0467b91..13e6e74681c6 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md +++ b/content/code-security/reference/supply-chain-security/dependency-graph-supported-package-ecosystems.md @@ -1,9 +1,8 @@ --- title: Dependency graph supported package ecosystems -shortTitle: Dependency graph ecosystem support # Max 31 characters -intro: 'Dependency graph supports a variety of ecosystems.' +shortTitle: Dependency graph ecosystems +intro: Dependency graph supports a variety of ecosystems. allowTitleToDifferFromFilename: true -type: reference topics: - Dependency graph - Dependencies @@ -14,6 +13,9 @@ versions: fpt: '*' ghec: '*' ghes: '*' +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems +contentType: reference --- ## About the dependency graph diff --git a/content/code-security/reference/supply-chain-security/index.md b/content/code-security/reference/supply-chain-security/index.md new file mode 100644 index 000000000000..a65b132567bb --- /dev/null +++ b/content/code-security/reference/supply-chain-security/index.md @@ -0,0 +1,30 @@ +--- +title: Reference for supply chain security +shortTitle: Supply chain security +intro: Find information to apply to your work with {% data variables.product.prodname_dependabot %} and the dependency graph. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests + - Dependency graph + - Alerts + - Vulnerabilities +contentType: reference +children: + - /dependabot-options-reference + - /dependabot-alerts-filters + - /supported-ecosystems-and-manifests-for-dependency-scope + - /dependabot-pull-request-comment-commands + - /supported-ecosystems-and-repositories + - /dependency-graph-supported-package-ecosystems + - /dependabot-on-actions + - /dependabot-errors +redirect_from: + - /code-security/dependabot/ecosystems-supported-by-dependabot +--- diff --git a/content/code-security/reference/supply-chain-security/supported-ecosystems-and-manifests-for-dependency-scope.md b/content/code-security/reference/supply-chain-security/supported-ecosystems-and-manifests-for-dependency-scope.md new file mode 100644 index 000000000000..a58b4fa177b2 --- /dev/null +++ b/content/code-security/reference/supply-chain-security/supported-ecosystems-and-manifests-for-dependency-scope.md @@ -0,0 +1,19 @@ +--- +title: Supported ecosystems and manifests for dependency scope +intro: '{% data variables.product.prodname_dependabot_alerts %} supports a variety of ecosystems and manifests for dependency scope.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Dependency scope +contentType: reference +--- + +{% data reusables.dependabot.dependabot-alerts-dependency-scope %} diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories.md similarity index 72% rename from content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md rename to content/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories.md index 60e66b2aabbb..a1fadf658c60 100644 --- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md +++ b/content/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories.md @@ -1,9 +1,8 @@ --- title: Dependabot supported ecosystems and repositories -shortTitle: Dependabot ecosystem support # Max 31 characters +shortTitle: Dependabot ecosystems intro: '{% data variables.product.prodname_dependabot %} supports a variety of ecosystems and repositories' allowTitleToDifferFromFilename: true -type: reference topics: - Dependabot - Dependencies @@ -14,19 +13,16 @@ versions: fpt: '*' ghec: '*' ghes: '*' +redirect_from: + - /code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories +contentType: reference --- -## About {% data variables.product.prodname_dependabot %} +This article provides reference information about the package ecosystems and repository types that {% data variables.product.prodname_dependabot %} supports. -{% data variables.product.prodname_dependabot %} helps you stay on top of your dependency ecosystems. With {% data variables.product.prodname_dependabot %}, you can keep the dependencies you rely on up-to-date, addressing any potential security issues in your supply chain. +{% data variables.product.prodname_dependabot %} is a {% data variables.product.github %} tool that helps keep your dependencies secure and up to date. It automatically detects vulnerable or outdated dependencies in your repositories and creates pull requests to update them, making it easier to maintain your software supply chain security. For more information, see [AUTOTITLE](/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide). -{% data reusables.dependabot.dependabot-overview %} - -For more information about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/getting-started/dependabot-quickstart-guide). - -In this article, you can see what the supported ecosystems and repositories are. - -## Supported ecosystems and repositories +## Supported ecosystems maintained by {% data variables.product.github %} You can configure updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see [`vendor`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#vendor--). diff --git a/content/code-security/code-quality/responsible-use/code-quality.md b/content/code-security/responsible-use/code-quality.md similarity index 97% rename from content/code-security/code-quality/responsible-use/code-quality.md rename to content/code-security/responsible-use/code-quality.md index 5d514ee04f90..9b7d811c18f1 100644 --- a/content/code-security/code-quality/responsible-use/code-quality.md +++ b/content/code-security/responsible-use/code-quality.md @@ -1,7 +1,7 @@ --- title: Responsible use of GitHub Code Quality shortTitle: Code quality -intro: 'Use {% data variables.product.prodname_code_quality %} responsibly by understanding its purposes, capabilities, and limitations.' +intro: Use {% data variables.product.prodname_code_quality %} responsibly by understanding its purposes, capabilities, and limitations. versions: feature: code-quality topics: @@ -9,6 +9,8 @@ topics: - CodeQL - AI contentType: rai +redirect_from: + - /code-security/code-quality/responsible-use/code-quality --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/responsible-use/index.md b/content/code-security/responsible-use/index.md new file mode 100644 index 000000000000..9ecbc347ac92 --- /dev/null +++ b/content/code-security/responsible-use/index.md @@ -0,0 +1,24 @@ +--- +title: Responsible use of {% data variables.product.github %}'s security and code quality features +shortTitle: Responsible use +intro: Use {% data variables.product.github %}'s security and code quality features responsibly by understanding their purposes, capabilities, and limitations. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Code Quality +contentType: rai +children: + - /responsible-use-autofix-code-scanning + - /responsible-ai-generic-secrets + - /responsible-ai-regex-generator + - /code-quality +redirect_from: + - /code-security/code-quality/responsible-use +--- diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md b/content/code-security/responsible-use/responsible-ai-generic-secrets.md similarity index 95% rename from content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md rename to content/code-security/responsible-use/responsible-ai-generic-secrets.md index 7f82b8e44c95..cfbf6517d102 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets.md +++ b/content/code-security/responsible-use/responsible-ai-generic-secrets.md @@ -1,13 +1,12 @@ --- title: Responsible detection of generic secrets with Copilot secret scanning -shortTitle: Generic secret detection -intro: 'Learn how {% data variables.secret-scanning.copilot-secret-scanning %} uses AI responsibly to scan and create alerts for unstructured secrets, such as passwords.' +shortTitle: Copilot secret scanning +intro: Learn how {% data variables.secret-scanning.copilot-secret-scanning %} uses AI responsibly to scan and create alerts for unstructured secrets, such as passwords. allowTitleToDifferFromFilename: true product: '{% data reusables.rai.secret-scanning.copilot-secret-scanning-gated-feature %}' versions: feature: secret-scanning-ai-generic-secret-detection fpt: '*' -type: rai topics: - Secret scanning - Secret Protection @@ -17,6 +16,9 @@ redirect_from: - /code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/about-the-detection-of-generic-secrets-with-secret-scanning - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets + - /code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets + - /code-security/secret-scanning/copilot-secret-scanning +contentType: rai --- diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md b/content/code-security/responsible-use/responsible-ai-regex-generator.md similarity index 94% rename from content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md rename to content/code-security/responsible-use/responsible-ai-regex-generator.md index b22bad0c63a3..863eb49f5ec2 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md +++ b/content/code-security/responsible-use/responsible-ai-regex-generator.md @@ -1,12 +1,11 @@ --- title: Responsible generation of regular expressions with Copilot secret scanning -shortTitle: Generate regular expressions with AI -intro: 'Learn about the capabilities and limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} in helping you to define custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %}.' +shortTitle: Regular expressions generator +intro: Learn about the capabilities and limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} in helping you to define custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %}. product: '{% data reusables.rai.secret-scanning.copilot-secret-scanning-gated-feature %}' allowTitleToDifferFromFilename: true versions: feature: secret-scanning-custom-pattern-ai-generated -type: rai topics: - Secret Protection - Secret scanning @@ -18,6 +17,8 @@ redirect_from: - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/about-generating-regular-expressions-with-ai - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/responsible-use-ai-regex-generator - /code-security/secret-scanning/copilot-secret-scanning/responsible-use-ai-regex-generator + - /code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator +contentType: rai --- diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md b/content/code-security/responsible-use/responsible-use-autofix-code-scanning.md similarity index 97% rename from content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md rename to content/code-security/responsible-use/responsible-use-autofix-code-scanning.md index 5612ab6dcb32..0c4e2bffd82a 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md +++ b/content/code-security/responsible-use/responsible-use-autofix-code-scanning.md @@ -1,12 +1,11 @@ --- title: Responsible use of Copilot Autofix for code scanning shortTitle: Copilot Autofix for code scanning -intro: Learn how GitHub uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts and find out how best to mitigate limitations in the AI suggestions. +intro: Learn how {% data variables.product.github %} uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts and find out how best to mitigate limitations in the AI suggestions. allowTitleToDifferFromFilename: true product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}' versions: feature: code-scanning-autofix -type: rai topics: - Code Security - Code scanning @@ -14,6 +13,8 @@ topics: - AI redirect_from: - /code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning + - /code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning +contentType: rai --- ## About {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} @@ -22,7 +23,7 @@ redirect_from: {% data reusables.rai.code-scanning.copilot-autofix-note %} -{% data variables.copilot.copilot_autofix_short %} generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. {% data variables.copilot.copilot_autofix_short %} uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model {% data variables.copilot.copilot_gpt_41 %} from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes. +{% data variables.copilot.copilot_autofix_short %} generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. {% data variables.copilot.copilot_autofix_short %} uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model {% data variables.copilot.copilot_gpt_51 %} from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes. {% data variables.copilot.copilot_autofix_short %} is allowed by default and enabled for every repository using {% data variables.product.prodname_codeql %}, but you can choose to opt out and disable {% data variables.copilot.copilot_autofix_short %}. To learn how to disable {% data variables.copilot.copilot_autofix_short %} at the enterprise, organization and repository levels, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning). diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/index.md b/content/code-security/secret-scanning/copilot-secret-scanning/index.md deleted file mode 100644 index 0ca6512eaf93..000000000000 --- a/content/code-security/secret-scanning/copilot-secret-scanning/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Enhance your secret detection capabilities with Copilot secret scanning -shortTitle: Copilot secret scanning -allowTitleToDifferFromFilename: true -intro: 'Learn how {% data variables.product.prodname_secret_scanning %} uses AI to detect generic secrets in your code, and generate regular expressions for your custom patterns.' -product: '{% data reusables.rai.secret-scanning.copilot-secret-scanning-gated-feature %}' -versions: - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories - - Copilot -children: - - /responsible-ai-generic-secrets - - /enabling-ai-powered-generic-secret-detection - - /responsible-ai-regex-generator - - /generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning -redirect_from: - - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection ---- diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md deleted file mode 100644 index b74848ca9bec..000000000000 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Enabling push protection for your repository -shortTitle: Enable push protection -intro: 'With push protection, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.' -permissions: '{% data reusables.permissions.push-protection %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Secret scanning - - Secret Protection - - Alerts ---- - -## About enabling push protection - -To enable push protection for a repository, you must first enable {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article. - -{% ifversion secret-scanning-push-protection-for-users %} - -You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users). - -{% endif %} - -{% ifversion security-configurations %} - -If you're an organization owner, you can enable push protection for multiple repositories at a time using {% data variables.product.prodname_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). - -{% else %} - -If you're an organization owner, you can enable push protection for multiple repositories at a time. For more information, see [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization). - -{% endif %} - -Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see [AUTOTITLE](/rest/repos#update-a-repository) and expand the "Properties of the `security_and_analysis` object" section. - -{% ifversion security-configuration-enterprise-level %} - -If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). - -{% elsif ghes < 3.16 %} - -If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). - -{% endif %} - -## Enabling push protection for a repository - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %} -1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Push Protection", click **Enable**.{% else %} -{% data reusables.repositories.navigate-to-ghas-settings %} -{% data reusables.advanced-security.secret-scanning-push-protection-repo %}{% endif %} - -## Further reading - -* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection) -* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning) -* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md deleted file mode 100644 index 1f89d98525a8..000000000000 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Enabling secret scanning features -shortTitle: Enable features -allowTitleToDifferFromFilename: true -intro: 'Learn how to enable {% data variables.product.prodname_secret_scanning %} to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /enabling-secret-scanning-for-your-repository - - /enabling-push-protection-for-your-repository - - /enabling-validity-checks-for-your-repository - - /enabling-extended-metadata-checks-for-your-repository -redirect_from: - - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories - - /github/administering-a-repository/configuring-secret-scanning-for-your-repositories - - /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories ---- diff --git a/content/code-security/secret-scanning/index.md b/content/code-security/secret-scanning/index.md deleted file mode 100644 index 3af8406c0ed3..000000000000 --- a/content/code-security/secret-scanning/index.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Keeping secrets secure with secret scanning -shortTitle: Secret scanning -allowTitleToDifferFromFilename: true -intro: 'Let {% data variables.product.company_short %} do the hard work of ensuring that tokens, private keys, and other code secrets are not exposed in your repository.' -product: '{% data reusables.gated-features.secret-scanning %}' -redirect_from: - - /code-security/secret-security -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /introduction - - /enabling-secret-scanning-features - - /managing-alerts-from-secret-scanning - - /working-with-secret-scanning-and-push-protection - - /using-advanced-secret-scanning-and-push-protection-features - - /copilot-secret-scanning - - /troubleshooting-secret-scanning-and-push-protection - - /secret-scanning-partnership-program ---- diff --git a/content/code-security/secret-scanning/introduction/index.md b/content/code-security/secret-scanning/introduction/index.md deleted file mode 100644 index 286b2a482c96..000000000000 --- a/content/code-security/secret-scanning/introduction/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Introduction to secret scanning -shortTitle: Introduction -allowTitleToDifferFromFilename: true -intro: 'Learn how {% data variables.product.prodname_secret_scanning %} detects secrets in existing content and new commits, helping you to avoid exposing sensitive data that could be exploited.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: overview -topics: - - Secret scanning - - Secret Protection -children: - - /about-secret-scanning - - /about-push-protection - - /about-secret-scanning-for-partners - - /supported-secret-scanning-patterns ---- diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md deleted file mode 100644 index dfcebdae2a61..000000000000 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Managing alerts from secret scanning -intro: 'Learn how to find, evaluate, and resolve alerts for secrets stored in your repository.' -product: '{% data reusables.gated-features.secret-scanning %}' -redirect_from: - - /github/administering-a-repository/managing-alerts-from-secret-scanning - - /code-security/secret-security/managing-alerts-from-secret-scanning - -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Secret scanning - - Secret Protection - - Alerts - - Repositories -shortTitle: Manage alerts -children: - - /about-alerts - - /viewing-alerts - - /evaluating-alerts - - /resolving-alerts - - /monitoring-alerts ---- diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md deleted file mode 100644 index 57bcb2517409..000000000000 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Resolving alerts from secret scanning -intro: 'After reviewing the details of a secret scanning alert, you should fix and then close the alert.' -permissions: 'Repository owners, organization owners, security managers, users assigned to {% data variables.secret-scanning.alerts %}, commit authors, and users with the **admin** role' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Secret scanning - - Secret Protection - - Alerts - - Repositories -shortTitle: Resolve alerts -allowTitleToDifferFromFilename: true ---- - -## Fixing alerts - -Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.github %} recommends the following actions for compromised secrets: - -* Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghec %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion secret-scanning-validity-check-partner-patterns %}See [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %} -* For secrets detected in private repositories, report the leaked secret to {% data variables.product.github %}, who will treat it like any publicly leaked secret and revoke it. **Applies to {% data variables.product.github %} {% data variables.product.pat_generic %}s only**. See [Reporting a leaked secret](#reporting-a-leaked-secret). {% endif %} -* Review and update any services that use the old token. For {% data variables.product.github %} {% data variables.product.pat_generic %}s, delete the compromised token and create a new token. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). -* Depending on the secret provider, check your security logs for any unauthorized activity. - -{% ifversion secret-scanning-report-secret-github-pat %} - -### Reporting a leaked secret - -> [!NOTE] -> {% data reusables.secret-scanning.report-secret-pat-beta-note %} The feature is currently only available for {% data variables.product.github %} {% data variables.product.pat_generic %}s (v1 and v2). - -{% endif %} - -{% ifversion fpt or ghec %} - -If a secret is detected in a **public** repository on {% data variables.product.github %} and the secret also matches a supported partner pattern, the potential secret is **automatically reported** to the service provider. For details of all supported partner patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). - -{% endif %} - -{% ifversion secret-scanning-report-secret-github-pat %} - -For secrets detected in **private** repositories, anyone who can view {% data variables.secret-scanning.alerts %} for a repository can choose to report the privately exposed secret directly to {% data variables.product.github %}. - -By reporting the secret, the token provider will treat the privately exposed secret as if it had been publicly leaked. This means the token provider may revoke the secret, so you should first consider reviewing and updating any services that use the secret. If possible, you should also consider notifying the token owner before reporting the token, so that the token owner is aware that the secret may get revoked. - -You will only see the option to report a privately exposed secret to {% data variables.product.github %} if the following conditions are met: - -* The secret is a {% data variables.product.github %} {% data variables.product.pat_generic %}. -* The secret's validity has not been confirmed, or the secret's validity has been confirmed as `active`. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. -1. From the alert list, click the alert you want to view. -1. In the alert view for the leaked secret, click **Report leak**. - - > [!NOTE] In order to prevent breaking workflows, consider first rotating the secret before continuing, as disclosing it could lead to the secret being revoked. If possible, you should also reach out to the token owner to let them know about the leak and coordinate a remediation plan. - -1. Review the information in the dialog box, then click **I understand the consequence, report this secret**. - -{% endif %} - -## Closing alerts - -> [!NOTE] ->{% data variables.product.prodname_secret_scanning_caps %} doesn't automatically close alerts when the corresponding token has been removed from the repository. You must manually close these alerts in the alert list on {% data variables.product.prodname_dotcom %}. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. -1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view. -1. To dismiss an alert, select the "Close as" dropdown menu and click a reason for resolving an alert. - - ![Screenshot of a {% data variables.product.prodname_secret_scanning %} alert. A dropdown menu, titled "Close as", is expanded and highlighted in a dark orange outline.](/assets/images/help/repository/secret-scanning-dismiss-alert-web-ui-link-partner-documentation.png) - -1. Optionally, in the "Comment" field, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting. You can view the history of all dismissed alerts and dismissal comments in the alert timeline. You can also retrieve or set a comment by using the {% data variables.product.prodname_secret_scanning_caps %} API. The comment is contained in the `resolution_comment` field. For more information, see [AUTOTITLE](/rest/secret-scanning#update-a-secret-scanning-alert) in the REST API documentation. -1. Click **Close alert**. - -## Next steps - -* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts) diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md deleted file mode 100644 index cdf66c1e9353..000000000000 --- a/content/code-security/secret-scanning/secret-scanning-partnership-program/index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Secret scanning partnership program -intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.' -versions: - fpt: '*' - ghec: '*' -topics: - - API -shortTitle: Partner program -children: - - /secret-scanning-partner-program ---- - diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md deleted file mode 100644 index 1bbb095f9e4e..000000000000 --- a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Troubleshooting secret scanning and push protection -shortTitle: Troubleshoot -intro: 'If you have problems with {% data variables.product.prodname_secret_scanning %} or push protection, you can use these tips to help resolve issues.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Secret scanning - - Secret Protection - - Troubleshooting -children: - - /troubleshooting-secret-scanning ---- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md deleted file mode 100644 index 97aa6ed566ab..000000000000 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Custom patterns -shortTitle: Custom patterns -allowTitleToDifferFromFilename: true -intro: 'You can extend the capabilities of {% data variables.product.prodname_secret_scanning %} to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.' -product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /defining-custom-patterns-for-secret-scanning - - /managing-custom-patterns - - /metrics-for-custom-patterns ---- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md deleted file mode 100644 index 2812f66d7470..000000000000 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Delegated bypass for push protection -shortTitle: Delegated bypass -allowTitleToDifferFromFilename: true -intro: 'You can control the ability to bypass push protection by setting up a reviewers group to assess requests. When a contributor proposes bypassing protections, any member of the bypass list can approve or block the request.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - feature: push-protection-delegated-bypass -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /about-delegated-bypass-for-push-protection - - /enabling-delegated-bypass-for-push-protection - - /managing-requests-to-bypass-push-protection ---- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md deleted file mode 100644 index 16cda4669c97..000000000000 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Using advanced secret scanning and push protection features -shortTitle: Advanced features -allowTitleToDifferFromFilename: true -intro: 'Learn how you can customize {% data variables.product.prodname_secret_scanning %} to meet the needs of your company.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /excluding-folders-and-files-from-secret-scanning - - /non-provider-patterns - - /custom-patterns - - /delegated-bypass-for-push-protection - - /enabling-delegated-alert-dismissal-for-secret-scanning ---- diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md deleted file mode 100644 index f1ec83a2e10f..000000000000 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/index.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Non-provider patterns -shortTitle: Non-provider patterns -allowTitleToDifferFromFilename: true -intro: '{% data variables.product.prodname_secret_scanning_caps %} can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.' -product: '{% data reusables.gated-features.secret-scanning-non-provider-patterns %}' -versions: - feature: secret-scanning-non-provider-patterns -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /enabling-secret-scanning-for-non-provider-patterns ---- diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md deleted file mode 100644 index e29f0415305d..000000000000 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Working with secret scanning and push protection -shortTitle: Work with secret scanning -allowTitleToDifferFromFilename: true -intro: 'Avoid leaking sensitive data by blocking pushes containing tokens and other secrets.' -product: '{% data reusables.gated-features.secret-scanning %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Secret scanning - - Secret Protection - - Repositories -children: - - /remediating-a-leaked-secret - - /push-protection-for-users - - /working-with-push-protection-from-the-command-line - - /working-with-push-protection-from-the-rest-api - - /working-with-push-protection-in-the-github-ui - - /working-with-push-protection-and-the-github-mcp-server -redirect_from: - - /code-security/secret-scanning/working-with-push-protection - - /code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection ---- diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/index.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/index.md deleted file mode 100644 index f896dc82111c..000000000000 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Enabling security features in your organization -shortTitle: Enable security features -intro: '{% ifversion security-configurations-cloud %}Enable the {% data variables.product.prodname_github_security_configuration %} or c{% elsif security-configurations-ghes-only %}C{% endif %}reate and apply {% data variables.product.prodname_custom_security_configurations %} to quickly secure your organization.' -versions: - feature: security-configurations -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /applying-the-github-recommended-security-configuration-in-your-organization - - /creating-a-custom-security-configuration - - /applying-a-custom-security-configuration - - /configuring-global-security-settings-for-your-organization - - /giving-org-access-private-registries -redirect_from: - - /code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations ---- diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/index.md b/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/index.md deleted file mode 100644 index 5c3294e7563d..000000000000 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Fixing security alerts at scale -shortTitle: Fix alerts at scale -intro: 'Once you detect security alerts across your organization, you will want to create security campaigns to engage with developers and collaborate on fixing alerts.' -versions: - feature: security-campaigns -audience: - - driver -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /about-security-campaigns - - /best-practice-fix-alerts-at-scale - - /creating-managing-security-campaigns - - /tracking-security-campaigns ---- diff --git a/content/code-security/securing-your-organization/index.md b/content/code-security/securing-your-organization/index.md deleted file mode 100644 index 3176ebc37ba3..000000000000 --- a/content/code-security/securing-your-organization/index.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: Securing your organization -shortTitle: Secure your organization -intro: 'Secure your organization at scale with {% data variables.product.company_short %}''s security products{% ifversion security-configurations %} through {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}{% endif %}.{% ifversion secret-risk-assessment %}
{% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /introduction-to-securing-your-organization-at-scale - - /enabling-security-features-in-your-organization - - /managing-the-security-of-your-organization - - /understanding-your-organizations-exposure-to-leaked-secrets - - /understanding-your-organizations-exposure-to-vulnerabilities - - /fixing-security-alerts-at-scale - - /troubleshooting-security-configurations ---- diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md deleted file mode 100644 index 0711ce802aa5..000000000000 --- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Choosing a security configuration for your repositories -shortTitle: Choose security configuration -intro: 'Find out which type of {% data variables.product.prodname_security_configuration %} will meet the security needs of the repositories in your organization.' -permissions: '{% data reusables.permissions.security-org-enable %}' -versions: - feature: security-configurations-cloud -topics: - - Code Security - - Secret Protection - - Organizations - - Security ---- - -## About choosing a {% data variables.product.prodname_security_configuration %} - -{% data reusables.security-configurations.define-security-configurations %} {% data variables.product.company_short %} offers two types of {% data variables.product.prodname_security_configurations %}: - -* The {% data variables.product.prodname_github_security_configuration %} -* {% data variables.product.prodname_custom_security_configurations_caps %} - -_We recommend that organizations initially apply the {% data variables.product.prodname_github_security_configuration %}_. After you have applied the {% data variables.product.prodname_github_security_configuration %} to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a {% data variables.product.prodname_custom_security_configuration %}. - -Currently, only one {% data variables.product.prodname_security_configuration %} can be applied to a repository at a time. - -## Choosing the {% data variables.product.prodname_github_security_configuration %} - -The {% data variables.product.prodname_github_security_configuration %} offers a number of benefits: - -* It is created and managed by {% data variables.product.company_short %}'s subject matter experts. -* It is the quickest {% data variables.product.prodname_security_configuration %} to apply to all repositories in your organization. -* It is designed to effectively secure both low- and high-impact repositories. - -The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses. - -To start securing repositories in your organization with the {% data variables.product.prodname_github_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization). - -## Choosing a {% data variables.product.prodname_custom_security_configuration %} - -If you are familiar with {% data variables.product.company_short %}'s security products, and you have specific security needs that the {% data variables.product.prodname_github_security_configuration %} can't meet, you can create and apply {% data variables.product.prodname_custom_security_configurations %}. With {% data variables.product.prodname_custom_security_configurations %}, you can: - -* Edit the enablement settings for different security features -* Create several configurations for repositories with different security needs -* Control your usage and costs by including or excluding {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features for a particular configuration - -To start securing repositories in your organization with {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/index.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/index.md deleted file mode 100644 index 6e3cede7ec92..000000000000 --- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/index.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Introduction to securing your organization at scale -shortTitle: Introduction -intro: 'Learn about securing your organization with {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}.' -versions: - feature: security-configurations -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /about-enabling-security-features-at-scale - - /choosing-a-security-configuration-for-your-repositories ---- diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md deleted file mode 100644 index 6b3f51f5dc72..000000000000 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Managing the security of your organization -shortTitle: Manage organization security -intro: 'You can interpret security findings and manage your security enablement settings to better secure your organization.' -versions: - feature: security-configurations -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /interpreting-security-findings - - /filtering-repositories-in-your-organization-using-the-repository-table - - /editing-a-custom-security-configuration - - /managing-your-github-advanced-security-license-usage - - /detaching-repositories-from-their-security-configurations - - /finding-repositories-with-attachment-failures - - /deleting-a-custom-security-configuration ---- diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md deleted file mode 100644 index 76de4e969f01..000000000000 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Troubleshooting security configurations -shortTitle: Troubleshoot configurations -intro: 'To successfully apply a {% data variables.product.prodname_security_configuration %}, you may need to troubleshoot unexpected issues.' -versions: - feature: security-configurations -topics: - - Code Security - - Secret Protection - - Organizations - - Security -children: - - /a-repository-is-using-advanced-setup-for-code-scanning - - /unexpected-default-setup - - /not-enough-github-advanced-security-licenses - - /feature-disappears ---- diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md deleted file mode 100644 index c91f18311cb3..000000000000 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: 'About the secret risk assessment' -shortTitle: 'Secret risk assessment' -intro: 'Learn why it''s so important to understand your organization''s exposure to data leaks and how the {% data variables.product.prodname_secret_risk_assessment %} report gives an overview of your organization’s secret leak footprint.' -product: '{% data reusables.gated-features.secret-risk-assessment-report %}
{% data variables.secret-scanning.secret-risk-assessment-cta-product %}' -allowTitleToDifferFromFilename: true -type: overview -versions: - feature: secret-risk-assessment -topics: - - Secret scanning - - Secret Protection - - Code Security - - Organizations - - Security ---- - -## About exposure to leaked secrets - -Assessing your exposure to leaked secrets is crucial if you want to prevent: - -* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. Leaked secrets can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage. - -* **Regulatory problems**. Many industries have strict regulatory requirements for data protection, and leaked secrets can result in non-compliance with regulations, leading to legal penalties and fines. - -* **Service disruptions**. Unauthorized access to systems can lead to service disruptions, impacting the availability and reliability of services provided to users. - -* **Loss of trust**. Customers expect robust security measures to protect their data, and exposure to leaked secrets can erode trust and confidence in your organization's ability to safeguard information. - -* **Costly fallout**. Addressing the fallout from leaked secrets can be costly, involving incident response efforts, security audits, and potential compensation for affected parties. - -Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated. See industry examples and in-depth discussion in [Understanding your organization's exposure to secret leaks](https://resources.github.com/enterprise/understanding-secret-leak-exposure) in {% data variables.product.github %} Executive Insights. - -## About {% data variables.product.prodname_secret_risk_assessment %} - -{% ifversion fpt %} - ->[!TIP] This report is only available if you are on the {% data variables.product.prodname_team %} plan. For information about the plan and how to upgrade, see [{% data variables.product.prodname_team %}](/get-started/learning-about-github/githubs-plans#github-team) and [Upgrading your organization's plan](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan). - -{% endif %} - -{% data reusables.secret-risk-assessment.report-intro %} - -The {% data variables.product.prodname_secret_risk_assessment %} report provides the following insights: - -* **Total secrets**—Aggregate count of exposed secrets detected within the organization. -* **Public leaks**—Distinct secrets found in your organization's public repositories. -* **Preventable leaks**—Secrets that could have been protected, using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection. -* **Secret locations**—Locations that are scanned for the report. {% data reusables.secret-risk-assessment.what-is-scanned %} -* **Secret categories**—Distribution of the types of secrets that are leaked. Secrets can be partner secrets, which are strings that match secrets issued by service providers in our partner program, or generic secrets, which are non-provider patterns such as SSH keys, database connection strings, and JSON web tokens. -* **Repositories with leaks**—Repositories where leaked secrets were detected, out of all the repositories scanned. - -{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %} - -Because the {% data variables.product.prodname_secret_risk_assessment %} report is based on **your repositories**, regardless of the enablement status of {% data variables.product.prodname_GH_secret_protection %} features, you can see your current exposure to leaked secrets, and understand better how {% data variables.product.github %} can help you prevent future secret leaks. - -## Next steps - -To start analyzing your organization's secret risk, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk). diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md deleted file mode 100644 index 471180cbef4e..000000000000 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: 'Choosing {% data variables.product.prodname_GH_secret_protection %}' -shortTitle: 'Secret protection' -intro: 'Learn how {% data variables.product.prodname_GH_secret_protection %} can help you detect secrets in your codebases and prevent leaks before they happen using continuous monitoring and prevention tools.' -product: '{% data reusables.gated-features.secret-protection %}' -allowTitleToDifferFromFilename: true -type: overview -versions: - feature: secret-risk-assessment -topics: - - Secret scanning - - Secret Protection - - Code Security - - Organizations - - Security ---- - -## About {% data variables.product.prodname_GH_secret_protection %} - -{% data variables.product.prodname_secret_protection %} includes the following features to help you detect and prevent secret leaks, allowing continuous monitoring and detection. For details about the features and their availability, see [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection). - -{% data reusables.secret-protection.product-list %} - -In addition, {% data variables.product.prodname_secret_protection %} includes a free scanning feature, the **risk assessment** report, to help organizations understand their secret leak footprint across their {% data variables.product.github %} perimeter. - -To generate a {% data variables.product.prodname_secret_risk_assessment %} report, navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}. - -{% data variables.product.prodname_secret_protection %} is billed per active committer to the repositories where it is enabled. It is available to users with a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). - -{% ifversion fpt or ghec or ghes > 3.19 %} - -{% data variables.product.github %} provides two calculators to help you budget, justify rollout scope, and prioritize which repositories to enable {% data variables.product.prodname_secret_protection %} on first while optimizing license usage. You can estimate: -* How much you can save by using push protection in repositories in your organization **with the {% data variables.secret-scanning.roi-calculator %}**. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection). -* How much {% data variables.product.prodname_secret_protection %} will cost you monthly for repositories in your organization **with the {% data variables.secret-scanning.pricing-calculator %}**. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection). - -{% endif %} - -## Why you should enable {% data variables.product.prodname_secret_protection %} for 100% of your organization's repositories - -{% data variables.product.github %} recommends enabling {% data variables.product.prodname_GH_secret_protection %} products for all repositories, in order to protect your organization from the risk of secret leaks and exposures. {% data variables.product.prodname_GH_secret_protection %} is free to enable for public repositories, and available as a purchasable add-on for private and internal repositories. - -* {% data reusables.secret-risk-assessment.what-is-scanned %}. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). - -* The {% data variables.product.prodname_secret_risk_assessment %} and {% data variables.product.prodname_secret_scanning %} _scan code that has already been committed_ into your repositories. With **push protection**, your code is scanned for secrets _before_ commits are saved on {% data variables.product.github %}, during the push process, and the push is blocked if any secrets are detected. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection). - -* If you have one or more secret patterns that are internal to your organization, these will not be detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. You can define **custom patterns** that are only valid in your organization, and extend the {% data variables.product.prodname_secret_scanning %} capabilities to detect these patterns. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). - -* Knowing which secrets could be exploited makes it easy to prioritize remediation of leaked secrets found by {% data variables.product.prodname_secret_scanning %}. **Validity checks** tell you if an active secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority. See [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository) in the {% data variables.product.prodname_ghe_cloud %} documentation. - -* You may also want to detect leaks of unstructured secrets such as passwords. This is possible with our AI-powered **{% data variables.secret-scanning.copilot-secret-scanning %}**. See [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets) in the {% data variables.product.prodname_ghe_cloud %} documentation. - -* Visualizing the prevention, detection, and remediation of security data is critical to understanding where to direct effort and where security initiatives are having an impact. **Security overview** has dedicated views that allow you to dig deep into the current state of your codebases at the organization and enterprise level. See [AUTOTITLE](/code-security/security-overview/about-security-overview). - -In addition to detecting and preventing secret leaks, you should consider building code security into all of your organization workflows to secure your software supply chain. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). - -If you require help evaluating your security needs or options, contact [GitHub's Sales team](https://github.com/security/contact-sales). - -{% ifversion fpt or ghec %} - -Alternatively, you can trial {% data variables.product.prodname_GHAS %} for free to assess your needs. See [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas). - -{% endif %} - -## Enabling {% data variables.product.prodname_secret_protection %} - -{% ifversion ghes %} -A site administrator must enable {% data variables.product.prodname_AS %} for {% data variables.location.product_location %} before you can use these security features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise). -{% endif %} - -{% ifversion security-configurations %} -{% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% endif %} - -{% data variables.product.prodname_security_configurations_caps %} can be applied at enterprise and organization level. You can also configure additional security settings for your organization. These settings, called {% data variables.product.prodname_global_settings %}, are then inherited by all repositories in the organization. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization). - -In addition, repository administrators can enable security features at the repository level. - -## Enabling {% data variables.product.prodname_secret_protection %} from the {% data variables.product.prodname_secret_risk_assessment %} - -{% data reusables.organizations.navigate-to-org %} -{% data reusables.organizations.security-overview %} -{% data reusables.security-overview.open-assessments-view %} -1. Click the **Enable Secret Protection** dropdown in the banner display, and then select one of the options for enabling the feature in your organization's repositories. - * **For public repositories for free**: Click to enable for _only_ public repositories in your organization. - * **For all repositories**: Click **Enable Secret Protection** to enable both {% data variables.product.prodname_secret_scanning %} and push protection for all repositories in your organization, at the estimated cost displayed. You will incur usage costs or need to purchase {% data variables.product.prodname_GH_secret_protection %} licenses. - - Alternatively, click **Configure in settings** to customize which repositories you want to enable {% data variables.product.prodname_secret_protection %} for. See {% ifversion fpt or ghec %}[AUTOTITLE](/code-security/securing-your-organization\enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization) and {% endif %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md deleted file mode 100644 index 9c133af6d461..000000000000 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: 'Understanding your organization''s exposure to leaked secrets' -shortTitle: Exposure to leaked secrets -intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.
{% data variables.secret-scanning.secret-risk-assessment-cta-product %}' -versions: - feature: secret-risk-assessment -topics: - - Organizations - - Secret scanning - - Secret Protection - - Code Security - - Security -children: - - /about-secret-risk-assessment - - /assess-your-secret-risk - - /viewing-the-secret-risk-assessment-report-for-your-organization - - /export-risk-report-csv - - /risk-report-csv-contents - - /interpreting-secret-risk-assessment-results - - /choosing-github-secret-protection - - /calculating-the-cost-savings-of-push-protection - - /estimating-the-price-of-secret-protection ---- diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code.md deleted file mode 100644 index c4e21a5ee2fc..000000000000 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Prioritizing Dependabot and code scanning alerts using production context -shortTitle: Alerts in production code -intro: 'Focus remediation on real risk by targeting {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts in artifacts deployed to production, using metadata from external registries like JFrog Artifactory, your own CI/CD workflows, or from {% data variables.product.prodname_microsoft_defender %}.' -versions: - fpt: '*' - ghec: '*' -contentType: tutorials -topics: - - Code Security - - Dependabot - - Code scanning - - Organizations - - Security -redirect_from: - - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-production-context ---- - -{% data reusables.security.production-context-mdc-preview %} - -## Prioritizing alerts using production context - -Application Security (AppSec) managers are often overwhelmed by a high volume of alerts, many of which may not represent real risk because the affected code never makes it to production. By associating production context with your alerts, you can filter and prioritize vulnerabilities that impact artifacts actually approved for production environments. This enables your team to focus remediation efforts on the vulnerabilities that matter most, reducing noise and improving your security posture. - -## Associating production context with alerts - -{% data variables.product.github %} enables you to provide production context for {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts using the REST API: - -* [Storage Record](/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record) -* [Deployment Record](/rest/orgs/artifact-metadata#create-an-artifact-deployment-record) - -### Storage Record API - -This API allows package registries or GitOps workflows to send artifact lifecycle data to {% data variables.product.github %}. You should configure your system to call the endpoint whenever an artifact is promoted to a production-approved package repository. - -{% data variables.product.github %} processes this metadata and uses it to power new alert filters, such as `artifact-registry-url` and `artifact-registry`. For more information, see [Create artifact metadata storage record](/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record) in the REST API documentation. - -> [!TIP] -> If you use JFrog Artifactory, you do not need to perform any custom integration. Artifactory natively integrates with the Storage Record API. You only need to enable the integration in your Artifactory settings, and Artifactory will automatically emit production promotion events to {% data variables.product.github %}. For setup instructions, see [JFrog and GitHub Integration: JFrog for {% data variables.product.github %} {% data variables.product.prodname_dependabot %}](https://jfrog.com/help/r/jfrog-and-github-integration-guide/jfrog-for-github-dependabot) in the JFrog documentation. - -### Deployment Record API - -This API allows systems to send deployment data for a specific artifact to {% data variables.product.github %}, such as its name, digest, environments, cluster, and deployment. - -{% data variables.product.github %} processes this metadata and uses it to power new alert filters, such as `has:deployment` and `runtime-risk`. For more information, see [Create an artifact deployment record](/rest/orgs/artifact-metadata#create-an-artifact-deployment-record) in the REST API documentation. - -> [!TIP] -> If you use {% data variables.product.prodname_mdc_definition %} and connect your instance to a {% data variables.product.github %} organization, {% data variables.product.prodname_mdc %} will automatically send deployment and runtime data to {% data variables.product.github %}. For more information, see [Quick Start: Connect your {% data variables.product.github %} Environment to {% data variables.product.prodname_microsoft_defender %}](https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github) in the documentation for {% data variables.product.prodname_mdc %}. - -## Enable and use production context for alert prioritization - -### 1. Detect and report production artifact promotions and deployments - -In your CI/CD or GitOps workflow, whenever an artifact is promoted to a production-approved package repository, call the Storage Record API to send the artifact's metadata to {% data variables.product.github %}. Whenever an artifact is deployed to production, call the Deployment Record API to send additional metadata for the artifact to {% data variables.product.github %}. - -### 2. Use production context filters - -Production context filters are made available in alert views and security campaign views under the **Security** tab. - -* **{% data variables.product.prodname_dependabot_alerts %} view**: See [Viewing {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts). -* **{% data variables.product.prodname_code_scanning_caps %} alerts view**: See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). -* **Security campaign view**: See [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns). - -Once the alert list is displayed, use the `artifact-registry-url` or `artifact-registry` filters in organization views to focus on vulnerabilities affecting artifacts present in production. - -* For your own artifact repository that is hosted at `my-registry.example.com`, you would use: - - ```text copy - artifact-registry-url:my-registry.example.com - ``` - -* If you use JFrog Artifactory, you can use `artifact-registry` with no further setup in {% data variables.product.github %}: - - ```text copy - artifact-registry:jfrog-artifactory - ``` - -You can also use the `has:deployment` and `runtime-risk` filters to focus on vulnerabilites that deployment metadata shows as in deployment or at risk of runtime vulnerabilities. This data is populated automatically if you have connected {% data variables.product.prodname_mdc %}. For example: - -* To focus on alerts in deployed code that is exposed to the internet, you would use: - - ```text copy - has:deployment AND runtime-risk:internet-exposed - ``` - -You can also combine these production context filters with other filters, such as EPSS: - -```text copy -epss > 0.5 AND artifact-registry-url:my-registry.example.com -``` - -### 3. Remediate alerts in production code - -Now you have identified the alerts that put your production code at risk of exploitation, you need to remediate them as a matter of urgency. Where possible use automation to lower the barrier to remediation. - -* **{% data variables.product.prodname_dependabot_alerts %}:** Use automated pull requests for security fixes. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). -* **{% data variables.product.prodname_code_scanning_caps %} alerts:** Create targeted campaigns with {% data variables.copilot.copilot_autofix_short %}. See [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns). - -## Further reading - -* [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics) diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/index.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/index.md deleted file mode 100644 index a43170bef68a..000000000000 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: 'Understanding your organization''s exposure to vulnerabilities' -shortTitle: Exposure to vulnerabilities -intro: 'Understanding your organization''s exposure to vulnerable code and dependencies is crucial for identifying and prioritizing security risks. This awareness allows you to prioritize remediation efforts, reduce the likelihood of security breaches, protect sensitive data, and maintain the overall integrity and reputation of the organization.' -versions: - feature: dependabot-metrics -topics: - - Code Security - - Dependabot - - Code scanning - - Organizations - - Security -children: - - /about-your-exposure-to-vulnerable-dependencies - - /prioritizing-dependabot-alerts-using-metrics - - /alerts-in-production-code -redirect_from: - - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilites ---- diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/index.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/index.md deleted file mode 100644 index 5bfb16d09c67..000000000000 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Guidance on reporting and writing information about vulnerabilities -shortTitle: Guidance on reporting and writing -intro: Best practices for writing security advisories and managing privately reported security vulnerabilities. -redirect_from: - - /code-security/security-advisories/guidance-on-reporting-and-writing -versions: - fpt: '*' - ghec: '*' -topics: - - Security advisories - - Vulnerabilities - - Repositories - - CVEs -children: - - /about-coordinated-disclosure-of-security-vulnerabilities - - /best-practices-for-writing-repository-security-advisories - - /privately-reporting-a-security-vulnerability - - /managing-privately-reported-security-vulnerabilities ---- diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md deleted file mode 100644 index 021dcddb7382..000000000000 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Privately reporting a security vulnerability -intro: Some public repositories configure security advisories so that anyone can report security vulnerabilities directly and privately to the maintainers. -versions: - fpt: '*' - ghec: '*' -type: how_to -topics: - - Security advisories - - Vulnerabilities -permissions: '**Anyone** can privately report a security vulnerability to repository maintainers.' -shortTitle: Privately reporting -redirect_from: - - /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability ---- - -{% data reusables.security-advisory.private-vulnerability-reporting-enable %} - -> [!NOTE] -> * If you have admin or security permissions for a public repository, you don't need to submit a vulnerability report. Instead, you can create a draft security advisory directly. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory). -> * The ability to privately report a vulnerability in a repository is not related to the presence of a `SECURITY.md` file in that repository's root or `docs` directory. -> * The `SECURITY.md` file contains the security policy for the repository. Repository administrators can add and use this file to provide _public_ instructions for how to report a security vulnerability in their repository. For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository). -> * You can only report a vulnerability privately for repositories where private vulnerability reporting is enabled, and you don't have to follow the instructions in the `SECURITY.md` file. This reporting process is fully private, and {% data variables.product.prodname_dotcom %} notifies the repository administrators directly about your submission. - -## About privately reporting a security vulnerability - -Security researchers often feel responsible for alerting users to a vulnerability that could be exploited. If there are no clear instructions about contacting maintainers of the repository containing the vulnerability, security researchers may have no other choice but to post about the vulnerability on social media, send direct messages to the maintainer, or even create public issues. This situation can potentially lead to a public disclosure of the vulnerability details. - -Private vulnerability reporting makes it easy for security researchers to report vulnerabilities directly to the repository maintainer using a simple form. - -For security researchers, the benefits of using private vulnerability reporting are: -* Less frustration, and less time spent trying to figure out how to contact the maintainer. -* A smoother process for disclosing and discussing vulnerability details. -* The opportunity to discuss vulnerability details privately with the repository maintainer. - -{% data reusables.security-advisory.private-vulnerability-reporting-disabled %} - -## Privately reporting a security vulnerability - -If a public repository has private vulnerability reporting enabled, anyone can privately report a security vulnerability to repository maintainers. Users can also evaluate the general security of a public repository and suggest a security policy. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository). - -{% data reusables.security-advisory.reporting-a-vulnerability-non-admin %} - -The next steps depend on the action taken by the repository maintainer. For more information, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities). diff --git a/content/code-security/security-advisories/index.md b/content/code-security/security-advisories/index.md deleted file mode 100644 index 6f8e62ecc91a..000000000000 --- a/content/code-security/security-advisories/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Working with security advisories -shortTitle: Security advisories -allowTitleToDifferFromFilename: true -intro: 'Learn how to work with security advisories on {% data variables.product.prodname_dotcom %},{% ifversion fpt or ghec %} whether you want to contribute to an existing global advisory, or create a security advisory for a repository,{% endif %} improving collaboration between repository maintainers and security researchers.' -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Security advisories - - Vulnerabilities - - Repositories - - CVEs -children: - - /working-with-global-security-advisories-from-the-github-advisory-database - - /working-with-repository-security-advisories - - /guidance-on-reporting-and-writing-information-about-vulnerabilities ---- diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/index.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/index.md deleted file mode 100644 index 3212095636ff..000000000000 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Working with global security advisories from the GitHub Advisory Database -shortTitle: Global security advisories -intro: 'Browse the {% data variables.product.prodname_advisory_database %} and submit improvements to any global security advisory.' -redirect_from: - - /code-security/security-advisories/global-security-advisories -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Security advisories - - Vulnerabilities - - Repositories - - CVEs -children: - - /about-the-github-advisory-database - - /about-global-security-advisories - - /browsing-security-advisories-in-the-github-advisory-database - - /editing-security-advisories-in-the-github-advisory-database ---- diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/index.md b/content/code-security/security-advisories/working-with-repository-security-advisories/index.md deleted file mode 100644 index b391f0fa8f54..000000000000 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/index.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Working with repository security advisories -shortTitle: Repository security advisories -intro: 'Discuss, fix, and disclose security vulnerabilities in your public repositories using repository security advisories.' -redirect_from: - - /articles/managing-security-vulnerabilities-in-your-project - - /github/managing-security-vulnerabilities/managing-security-vulnerabilities-in-your-project - - /code-security/repository-security-advisories - - /code-security/security-advisories/repository-security-advisories -versions: - fpt: '*' - ghec: '*' -topics: - - Security advisories - - Vulnerabilities - - Repositories - - CVEs -children: - - /about-repository-security-advisories - - /permission-levels-for-repository-security-advisories - - /configuring-private-vulnerability-reporting-for-a-repository - - /configuring-private-vulnerability-reporting-for-an-organization - - /creating-a-repository-security-advisory - - /editing-a-repository-security-advisory - - /evaluating-the-security-settings-of-a-repository - - /collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability - - /publishing-a-repository-security-advisory - - /adding-a-collaborator-to-a-repository-security-advisory - - /removing-a-collaborator-from-a-repository-security-advisory - - /deleting-a-repository-security-advisory ---- diff --git a/content/code-security/security-overview/index.md b/content/code-security/security-overview/index.md deleted file mode 100644 index a43bb2c8b4a2..000000000000 --- a/content/code-security/security-overview/index.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Viewing security information for your organization or enterprise -shortTitle: Security overview -allowTitleToDifferFromFilename: true -intro: 'Visualize adoption rates for {% data variables.product.prodname_GHAS %} features, alert discovery, and remediation for your organization or enterprise.' -product: '{% data reusables.gated-features.security-overview-general %}' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Security overview - - Code Security - - Secret Protection -children: - - /about-security-overview - - /viewing-security-insights - - /assessing-adoption-code-security - - /assessing-code-security-risk - - /filtering-alerts-in-security-overview - - /enabling-security-features-for-multiple-repositories - - /exporting-data-from-security-overview - - /viewing-metrics-for-dependabot-alerts - - /viewing-metrics-for-secret-scanning-push-protection - - /viewing-metrics-for-pull-request-alerts - - /reviewing-requests-to-bypass-push-protection ---- diff --git a/content/code-security/security-overview/viewing-metrics-for-dependabot-alerts.md b/content/code-security/security-overview/viewing-metrics-for-dependabot-alerts.md deleted file mode 100644 index f191c65b111d..000000000000 --- a/content/code-security/security-overview/viewing-metrics-for-dependabot-alerts.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Viewing metrics for Dependabot alerts -shortTitle: View Dependabot metrics -allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see how many {% data variables.product.prodname_dependabot_alerts %} are in repositories across your organization, to prioritize the most critical alerts to fix, and to identify repositories where you may need to take action.' -versions: - feature: dependabot-metrics -permissions: '{% data reusables.permissions.security-overview %}' -product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' -type: how_to -topics: - - Security overview - - Code Security - - Dependabot - - Organizations - - Alerts - - Vulnerabilities ---- - -## About metrics for {% data variables.product.prodname_dependabot %} - -The metrics overview for {% data variables.product.prodname_dependabot %} provides valuable insights for both developers and application security (AppSec) managers. The data in the {% data variables.product.prodname_dependabot %} dashboard page contains a vulnerability prioritization funnel that helps with efficiently prioritizing, remediating, and tracking vulnerabilities across multiple repositories. This ensures that the most critical risks are addressed first and that security improvements can be measured over time. - -For more information about how AppSec managers can best use these metrics to optimize alert fixing, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics). - -You can see {% data variables.product.prodname_dependabot %} metrics if you have: - -* The `admin` role for the repository. -* A custom repository role with the "View {% data variables.product.prodname_dependabot_alerts %}" fine-grained permissions for the repository. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security). -* Access to alerts for the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). - -The available metrics combine severity, exploitability, and patch availability, and help in the following ways: - -* **Alert prioritization:** the chart shows the number of **open {% data variables.product.prodname_dependabot_alerts %}**. You can use filters, such as availability of patches, severity, EPSS score to narrow down the list of alerts to those matching the criteria. {% data reusables.security-overview.dependabot-filters-link %} - -* **Remediation tracking:** The “Alerts closed” tile shows the number of alerts fixed with {% data variables.product.prodname_dependabot %}, manually dismissed, and auto dismissed, providing visibility into remediation performance and trends. The tile also shows the percent increase in the number of alerts closed in the last 30 days. - -* **Highest-risk package:** The "Most vulnerabilities" tile shows the dependency that has the most vulnerabilities in the organization. The tile also provides a link to the related alerts across all your repositories. - -* **Repository-level breakdown:** The table shows a breakdown of open alerts by repository, including counts by severity (critical, high, medium, low) and by exploitability (for example, EPSS > 1%), and can be sorted by each column. This helps you identify which projects are most at risk, prioritize remediation efforts where they matter most, and track progress over time at a granular level. - -These metrics help managers measure the effectiveness of their vulnerability management and ensure compliance with organizational or regulatory timelines. - -* **Actionable context for developers:** Developers can use the severity and patch availability filters to identify vulnerabilities they can fix immediately, reducing noise and focusing attention on issues they can address. These metrics help them understand the risk profile of their dependencies, enabling informed prioritization of work. - -## Viewing metrics for {% data variables.product.prodname_dependabot %} for an organization - -{% data reusables.organizations.navigate-to-org %} -{% data reusables.organizations.security-overview %} -1. In the sidebar, under "Metrics", click **{% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} {% data variables.product.prodname_dependabot %} dashboard**. -1. Optionally, use the filters at your disposal, or build your own filters. {% data reusables.security-overview.dependabot-filters-link %} -1. Optionally, click on a number on the x-axis of the chart to filter the alert list by the relevant criteria (for example `has:patch severity:critical,high epss_percentage:>=0.01`). -1. Optionally, click on an individual repository to see the associated {% data variables.product.prodname_dependabot_alerts %}. - -## Configuring funnel categories - -The default funnel order is `has:patch, severity:critical,high, epss_percentage>=0.01`. By tailoring the funnel’s order, you and your teams can focus on the vulnerabilities that matter most to your organization, environments, or regulatory obligations, making remediation efforts more effective and aligned with your specific needs. - -{% data reusables.organizations.navigate-to-org %} -{% data reusables.organizations.security-overview %} -1. In the sidebar, under "Metrics", click **{% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} {% data variables.product.prodname_dependabot %} dashboard**. -1. On the top right of the "Alert prioritization" graph, click {% octicon "gear" aria-label="Configure funnel categories" %}. -1. In the "Configure funnel order" dialog, move the criteria as desired. -1. Once you're done, click **Move** to save your changes. - ->[!TIP] You can reset the funnel order back to the default settings by clicking **Reset to default** to the right of the graph. diff --git a/content/code-security/supply-chain-security/index.md b/content/code-security/supply-chain-security/index.md deleted file mode 100644 index f14e6bb758a3..000000000000 --- a/content/code-security/supply-chain-security/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Securing your software supply chain -shortTitle: Supply chain security -allowTitleToDifferFromFilename: true -intro: 'Visualize, maintain, and secure the dependencies in your software supply chain.' -redirect_from: - - /categories/managing-security-vulnerabilities - - /github/managing-security-vulnerabilities -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Dependabot - - Dependencies - - Repositories -children: - - /understanding-your-software-supply-chain - - /end-to-end-supply-chain ---- diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md deleted file mode 100644 index 66cb634258d3..000000000000 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Configuring the dependency graph -intro: You can allow users to identify their projects' dependencies by enabling the dependency graph. -permissions: '{% data reusables.permissions.dependency-graph %}' -redirect_from: - - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph -versions: - fpt: '*' - ghes: '*' - ghec: '*' -type: how_to -topics: - - Dependency graph - - Dependencies - - Repositories -shortTitle: Configure dependency graph ---- -## About the dependency graph - -{% data reusables.dependabot.about-the-dependency-graph %} - -For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). - -{% ifversion ghes %} - -## Enabling the dependency graph - -{% data reusables.dependabot.ghes-enabling-dependency-graph %} - -{% endif %} - -{% ifversion fpt or ghec %} - -## Configuring the dependency graph - -To generate a dependency graph, {% data variables.product.github %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph can be enabled or disabled for all repositories. For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). - -{% data reusables.dependency-submission.dependency-submission-link %} - -### Enabling and disabling the dependency graph - -{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo-public-fork %} - -{% endif %} - -When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% ifversion fpt or ghec %} and every push to other repositories in the graph{% endif %}. - -## Further reading - -{%- ifversion maven-transitive-dependencies %} -* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository){%- endif %} -{%- ifversion fpt or ghec %} -* [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization){%- endif %} -* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts) -* [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md deleted file mode 100644 index 10402c12f2aa..000000000000 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Understanding your software supply chain -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Dependency graph - - Dependencies - - Repositories -shortTitle: Understand your supply chain -children: - - /about-supply-chain-security - - /about-the-dependency-graph - - /dependency-graph-supported-package-ecosystems - - /configuring-the-dependency-graph - - /configuring-automatic-dependency-submission-for-your-repository - - /exporting-a-software-bill-of-materials-for-your-repository - - /using-the-dependency-submission-api - - /about-dependency-review - - /configuring-the-dependency-review-action - - /customizing-your-dependency-review-action-configuration - - /enforcing-dependency-review-across-an-organization - - /exploring-the-dependencies-of-a-repository - - /troubleshooting-the-dependency-graph - - /immutable-releases - - /preventing-changes-to-your-releases - - /verifying-the-integrity-of-a-release ---- diff --git a/content/code-security/adopting-github-advanced-security-at-scale/index.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/index.md similarity index 78% rename from content/code-security/adopting-github-advanced-security-at-scale/index.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/index.md index 851f649edbba..c41b7d3e7253 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/index.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/index.md @@ -1,5 +1,5 @@ --- -title: 'Adopting {% data variables.product.prodname_GHAS %} at scale' +title: Adopting {% data variables.product.prodname_GHAS %} at scale shortTitle: Adopt GHAS at scale intro: A phased approach to rolling out {% data variables.product.prodname_GHAS %} at your company using industry and GitHub best practices. versions: @@ -18,4 +18,8 @@ children: - /phase-4-create-internal-documentation - /phase-5-rollout-and-scale-code-scanning - /phase-6-rollout-and-scale-secret-scanning +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale +contentType: tutorials --- + diff --git a/content/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md similarity index 88% rename from content/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md index e27939d99691..b1f856f4f6b5 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md @@ -1,6 +1,6 @@ --- -title: 'Introduction to adopting {% data variables.product.prodname_GHAS %} at scale' -intro: 'You can adopt {% data variables.product.prodname_GHAS %} at scale in your company following industry and {% data variables.product.github %} best practices.' +title: Introduction to adopting {% data variables.product.prodname_GHAS %} at scale +intro: You can adopt {% data variables.product.prodname_GHAS %} at scale in your company following industry and {% data variables.product.github %} best practices. allowTitleToDifferFromFilename: true versions: ghes: '*' @@ -14,6 +14,8 @@ redirect_from: - /admin/code-security/managing-github-advanced-security-for-your-enterprise/overview-of-github-advanced-security-deployment - /admin/advanced-security/deploying-github-advanced-security-in-your-enterprise - /admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise + - /code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale +contentType: tutorials --- ## About these articles @@ -46,5 +48,6 @@ If you prefer to have guidance throughout the rollout process, {% data variables Speak with your sales representative for more information about all the {% data variables.product.prodname_professional_services %} options available. For more information, contact {% data variables.contact.contact_enterprise_sales %}. ->[!TIP] -> For the first article in this series, see [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals). +## Next steps + +* To begin your rollout, start with the first phase of the adoption process. See [AUTOTITLE](/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals). diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md similarity index 97% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md index a991d592136f..7735b7d6e379 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 1. Align on strategy +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals +contentType: tutorials --- > [!TIP] diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md similarity index 95% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md index 898c9292a642..b0d27d88efa2 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md @@ -1,6 +1,6 @@ --- title: 'Phase 2: Preparing to enable at scale' -intro: 'In this phase you will prepare developers and collect data about your repositories to ensure your teams are ready and you have everything you need for pilot programs and rolling out {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}.' +intro: In this phase you will prepare developers and collect data about your repositories to ensure your teams are ready and you have everything you need for pilot programs and rolling out {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}. versions: ghes: '*' ghec: '*' @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 2. Preparation +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale +contentType: tutorials --- > [!TIP] diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md similarity index 93% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md index ed0256735419..787f5716b39c 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md @@ -1,6 +1,6 @@ --- title: 'Phase 3: Pilot programs' -intro: 'You may benefit from beginning with a few high-impact projects and teams with which to pilot an initial rollout. This will allow an initial group within your company to get familiar with GHAS, learn how to enable and configure GHAS, and build a solid foundation on GHAS before rolling out to the remainder of your company.' +intro: You may benefit from beginning with a few high-impact projects and teams with which to pilot an initial rollout. This will allow an initial group within your company to get familiar with GHAS, learn how to enable and configure GHAS, and build a solid foundation on GHAS before rolling out to the remainder of your company. versions: ghes: '*' ghec: '*' @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 3. Pilot programs +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs +contentType: tutorials --- >[!TIP] diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md similarity index 88% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md index b1b459a738bf..721810850dde 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md @@ -1,6 +1,6 @@ --- title: 'Phase 4: Create internal documentation' -intro: 'You will create internal documentation and then communicate this to the consumers of {% data variables.product.prodname_GHAS %}.' +intro: You will create internal documentation and then communicate this to the consumers of {% data variables.product.prodname_GHAS %}. versions: ghes: '*' ghec: '*' @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 4. Create internal documentation +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation +contentType: tutorials --- >[!TIP] diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md similarity index 88% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md index befbe3610d18..8d79e782de21 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md @@ -1,6 +1,6 @@ --- title: 'Phase 5: Rollout and scale code scanning' -intro: 'You can {% ifversion security-configuration-enterprise-level %}use security configurations{% else %}leverage the available APIs{% endif %} to rollout {% data variables.product.prodname_code_scanning %} across your enterprise{% ifversion security-configurations %}{% else %} using the repository data you collected earlier{% endif %}.' +intro: You can {% ifversion security-configuration-enterprise-level %}use security configurations{% else %}leverage the available APIs{% endif %} to rollout {% data variables.product.prodname_code_scanning %} across your enterprise{% ifversion security-configurations %}{% else %} using the repository data you collected earlier{% endif %}. versions: ghes: '*' ghec: '*' @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 5. Rollout code scanning +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning +contentType: tutorials --- >[!TIP] diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md similarity index 95% rename from content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md rename to content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md index 29aa4e4a9402..57ba27fdec09 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md @@ -1,6 +1,6 @@ --- title: 'Phase 6: Rollout and scale secret scanning' -intro: 'For the final phase, you will focus on the rollout of {% data variables.product.prodname_secret_scanning %}. {% data variables.product.prodname_secret_scanning_caps %} is a more straightforward tool to rollout than {% data variables.product.prodname_code_scanning %}, as it involves less configuration, but it''s critical to have a strategy for handling new and old results.' +intro: For the final phase, you will focus on the rollout of {% data variables.product.prodname_secret_scanning %}. {% data variables.product.prodname_secret_scanning_caps %} is a more straightforward tool to rollout than {% data variables.product.prodname_code_scanning %}, as it involves less configuration, but it's critical to have a strategy for handling new and old results. versions: ghes: '*' ghec: '*' @@ -8,6 +8,9 @@ topics: - Code Security - Secret Protection shortTitle: 6. Rollout secret scanning +redirect_from: + - /code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning +contentType: tutorials --- >[!TIP] diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md b/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md similarity index 98% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md rename to content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md index d93491335667..f1c4f1c8211e 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md +++ b/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md @@ -1,6 +1,6 @@ --- title: Analyzing your code with CodeQL queries -intro: 'You can run queries against a {% data variables.product.prodname_codeql %} database extracted from a codebase.' +intro: You can run queries against a {% data variables.product.prodname_codeql %} database extracted from a codebase. product: '{% data reusables.gated-features.codeql %}' shortTitle: Analyzing code versions: @@ -14,6 +14,8 @@ topics: redirect_from: - /code-security/codeql-cli/analyzing-databases-with-the-codeql-cli - /code-security/codeql-cli/using-the-codeql-cli/analyzing-databases-with-the-codeql-cli + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries +contentType: tutorials --- ## About analyzing databases with the {% data variables.product.prodname_codeql_cli %} @@ -250,7 +252,7 @@ codeql database analyze codeql/cpp-queries:codeql-suites/cpp-code This command downloads the `codeql/cpp-queries` {% data variables.product.prodname_codeql %} query pack, runs the analysis, and generates a file in the SARIF version 2.1.0 format that is supported by all versions of {% data variables.product.prodname_dotcom %}. This file can be uploaded to {% data variables.product.prodname_dotcom %} by executing `codeql github upload-results` or the code scanning API. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github) -or [AUTOTITLE](/rest/code-scanning). +or [AUTOTITLE](/rest/code-scanning/code-scanning). {% data variables.product.prodname_codeql %} query suites are `.qls` files that use directives to select queries to run based on certain metadata properties. The standard {% data variables.product.prodname_codeql %} packs have metadata that specify diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md b/content/code-security/tutorials/customize-code-scanning/creating-and-working-with-codeql-packs.md similarity index 71% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md rename to content/code-security/tutorials/customize-code-scanning/creating-and-working-with-codeql-packs.md index 40f61d290d41..db28c15daa57 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md +++ b/content/code-security/tutorials/customize-code-scanning/creating-and-working-with-codeql-packs.md @@ -1,6 +1,6 @@ --- title: Creating and working with CodeQL packs -intro: 'You can use {% data variables.product.prodname_codeql %} packs to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries.' +intro: You can use {% data variables.product.prodname_codeql %} packs to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,46 +13,17 @@ topics: redirect_from: - /code-security/codeql-cli/creating-and-working-with-codeql-packs - /code-security/codeql-cli/using-the-codeql-cli/creating-and-working-with-codeql-packs + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs +contentType: tutorials --- ## About {% data variables.product.prodname_codeql %} packs and the {% data variables.product.prodname_codeql_cli %} {% data reusables.code-scanning.codeql-cli-version-ghes %} -{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. {% data variables.product.prodname_codeql %} packs contain queries, library files, query suites, and metadata. With {% data variables.product.prodname_codeql %} packs and the package management commands in the {% data variables.product.prodname_codeql_cli %}, you can publish your custom queries and integrate them into your codebase analysis. +{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. -There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs. - -* Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. - -* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. - -* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [Creating a {% data variables.product.prodname_codeql %} model pack](#creating-a-codeql-model-pack). - -You can use the `pack` command in the {% data variables.product.prodname_codeql_cli %} to create {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. You can also publish and download {% data variables.product.prodname_codeql %} packs using the `pack` command. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs). - -For more information about compatibility between published query packs and different {% data variables.product.prodname_codeql %} releases, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-codeql-pack-compatibility). - -The standard {% data variables.product.prodname_codeql %} packages for all supported languages are published in the [{% data variables.product.prodname_container_registry %}](https://github.com/orgs/codeql/packages). The [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql) contains source files for the standard {% data variables.product.prodname_codeql %} packs for all supported languages. The core query packs, which are included in the {% data variables.product.prodname_codeql %} CLI bundle, but you can otherwise download, are: - - * `codeql/cpp-queries` - * `codeql/csharp-queries` - * `codeql/go-queries` - * `codeql/java-queries` - * `codeql/javascript-queries` - * `codeql/python-queries` - * `codeql/ruby-queries` - -## {% data variables.product.prodname_codeql %} pack structure - -A {% data variables.product.prodname_codeql %} pack must contain a file called `qlpack.yml` in its root directory. In the `qlpack.yml` file, the `name:` field must have a value that follows the format of `/`, where `` is the {% data variables.product.prodname_dotcom %} organization or user account that the pack will be published to and `` is the name of the pack. Additionally, query packs and library packs with {% data variables.product.prodname_codeql %} tests contain a `codeql-pack.lock.yml` file that contains the resolved dependencies of the pack. This file is generated during a call to the `codeql pack install` command, is not meant to be edited by hand, and should be added to your version control system. - -The other files and directories within the pack should be logically organized. For example, typically: - -* Queries are organized into directories for specific categories. - -* Queries for specific products, libraries, and frameworks are organized into -their own top-level directories. +You can use the `pack` command in the {% data variables.product.prodname_codeql_cli %} to create {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. You can also publish and download {% data variables.product.prodname_codeql %} packs using the `pack` command. ## Creating a {% data variables.product.prodname_codeql %} pack @@ -126,6 +97,18 @@ This command downloads all dependencies to the shared cache on the local disk. > * Running the `codeql pack add` and `codeql pack install` commands will generate or update the `codeql-pack.lock.yml` file. This file should be checked-in to version control. The `codeql-pack.lock.yml` file contains the precise version numbers used by the pack. For more information, see [About codeql-pack.lock.yml files](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs##about-codeql-packlockyml-files). > * By default `codeql pack install` will install dependencies from the {% data variables.product.prodname_container_registry %} on {% data variables.product.prodname_dotcom_the_website %}. You can install dependencies from a {% data variables.product.prodname_ghe_server %} {% data variables.product.prodname_container_registry %} by creating a `qlconfig.yml` file. For more information, see [AUTOTITLE](/enterprise-server@latest/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs) in the {% data variables.product.prodname_ghe_server %} documentation. +## Organizing a {% data variables.product.prodname_codeql %} pack's directory structure + +A {% data variables.product.prodname_codeql %} pack must contain a file called `qlpack.yml` in its root directory. In the `qlpack.yml` file, the `name:` field must have a value that follows the format of `/`, where `` is the {% data variables.product.prodname_dotcom %} organization or user account that the pack will be published to and `` is the name of the pack. + +Additionally, query packs and library packs with {% data variables.product.prodname_codeql %} tests contain a `codeql-pack.lock.yml` file that contains the resolved dependencies of the pack. This file is generated during a call to the `codeql pack install` command, is not meant to be edited by hand, and should be added to your version control system. + +The other files and directories within the pack should be logically organized. For example, typically: + +* Queries are organized into directories for specific categories. +* Queries for specific products, libraries, and frameworks are organized into +their own top-level directories. + ## Customizing a downloaded {% data variables.product.prodname_codeql %} pack The recommended way to experiment with changes to a pack is to clone the repository containing its source code. diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md b/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md similarity index 92% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md rename to content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md index 61ade5aa67be..a0f1ac713d4c 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md +++ b/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md @@ -1,6 +1,6 @@ --- title: Creating CodeQL query suites -intro: 'You can create query suites for queries you frequently use in your {% data variables.product.prodname_codeql %} analyses.' +intro: You can create query suites for queries you frequently use in your {% data variables.product.prodname_codeql %} analyses. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,21 +13,13 @@ topics: redirect_from: - /code-security/codeql-cli/creating-codeql-query-suites - /code-security/codeql-cli/using-the-codeql-cli/creating-codeql-query-suites + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites +contentType: tutorials --- -## About creating {% data variables.product.prodname_codeql %} query suites - {% data reusables.code-scanning.codeql-cli-version-ghes %} -{% data variables.product.prodname_codeql %} query suites provide a way of selecting queries, based on their -filename, location on disk or in a {% data variables.product.prodname_codeql %} pack, or metadata properties. -Create query suites for the queries that you want to frequently use in -your {% data variables.product.prodname_codeql %} analyses. - -Query suites allow you to pass multiple queries to {% data variables.product.prodname_codeql %} without having to specify the path to each query file individually. Query suite definitions are stored in YAML files with the extension `.qls`. A suite definition is a sequence of instructions, where each instruction is a YAML -mapping with (usually) a single key. The instructions are executed in the order -they appear in the query suite definition. After all the instructions in the -suite definition have been executed, the result is a set of selected queries. +You can create query suites for the queries that you want to frequently use in your {% data variables.product.prodname_codeql %} analyses. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-suites). > [!NOTE] > Any custom queries that you want to add to a query suite must be in a [{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs) and contain the correct query metadata. For more information, see [Using custom queries with the {% data variables.product.prodname_codeql_cli %}](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli). diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md b/content/code-security/tutorials/customize-code-scanning/customizing-analysis-with-codeql-packs.md similarity index 71% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md rename to content/code-security/tutorials/customize-code-scanning/customizing-analysis-with-codeql-packs.md index 94f4b969366c..5e00cd146905 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md +++ b/content/code-security/tutorials/customize-code-scanning/customizing-analysis-with-codeql-packs.md @@ -1,6 +1,6 @@ --- title: Customizing analysis with CodeQL packs -intro: 'You can use {% data variables.product.prodname_codeql %} packs to run {% data variables.product.prodname_codeql %} queries maintained by other people, or to share {% data variables.product.prodname_codeql %} queries that you''ve developed.' +intro: You can use {% data variables.product.prodname_codeql %} packs to run {% data variables.product.prodname_codeql %} queries maintained by other people, or to share {% data variables.product.prodname_codeql %} queries that you've developed. shortTitle: Customizing analysis product: '{% data reusables.gated-features.codeql %}' versions: @@ -14,41 +14,14 @@ topics: redirect_from: - /code-security/codeql-cli/about-codeql-packs - /code-security/codeql-cli/codeql-cli-reference/about-codeql-packs + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs +contentType: tutorials --- -## About {% data variables.product.prodname_codeql %} packs - -{% data reusables.code-scanning.codeql-cli-version-ghes %} - - {% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. {% data variables.product.prodname_codeql %} packs contain queries, library files, query suites, and metadata. You can customize your {% data variables.product.prodname_codeql %} analysis by downloading packs created by others and running them on your codebase. - -There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs. - -* Query packs contain a set of pre-compiled queries that can be evaluated on a {% data variables.product.prodname_codeql %} database. Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. - -* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. - -* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack). - -The standard {% data variables.product.prodname_codeql %} packs for all supported languages are published in the [{% data variables.product.prodname_container_registry %}](https://github.com/orgs/codeql/packages). If you installed the {% data variables.product.prodname_codeql_cli %} in the standard way, using the {% data variables.product.prodname_codeql_cli %} bundle, the core query packs are already downloaded and available to you. They are: - - * `codeql/cpp-queries` - * `codeql/csharp-queries` - * `codeql/go-queries` - * `codeql/java-queries` - * `codeql/javascript-queries` - * `codeql/python-queries` - * `codeql/ruby-queries` - * `codeql/swift-queries` - -You can also use the {% data variables.product.prodname_codeql_cli %} to create your own {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-and-working-with-codeql-packs). - -You can publish {% data variables.product.prodname_codeql %} packs that you have created, using the {% data variables.product.prodname_codeql_cli %}. For more information on publishing and downloading {% data variables.product.prodname_codeql %} packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs). +You can customize your {% data variables.product.prodname_codeql %} analysis by downloading packs created by others and running them on your codebase. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-packs). ## Downloading and using {% data variables.product.prodname_codeql %} query packs -The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. For more information about query packs, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries). For information about writing your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack). - Before you can use a {% data variables.product.prodname_codeql %} query pack to analyze a database, you must download any packages you require from the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}. This can be done either by using the `--download` flag as part of the `codeql database analyze` command, or running `codeql pack download`. If a package is not publicly available, you will need to use a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} to authenticate. For more information and an example, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github#uploading-results-to-github). | Option | Required | Usage | diff --git a/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md b/content/code-security/tutorials/customize-code-scanning/evaluating-default-setup-for-code-scanning.md similarity index 92% rename from content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md rename to content/code-security/tutorials/customize-code-scanning/evaluating-default-setup-for-code-scanning.md index e4f8d1d72ef1..d96885f910e4 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md +++ b/content/code-security/tutorials/customize-code-scanning/evaluating-default-setup-for-code-scanning.md @@ -1,9 +1,8 @@ --- title: Evaluating default setup for code scanning -shortTitle: Evaluate code scanning -intro: 'Learn how to assess how code scanning is working for you, and how you can customize your setup to best meet your needs.' +shortTitle: Evaluate default setup +intro: Learn how to assess how code scanning is working for you, and how you can customize your setup to best meet your needs. permissions: '{% data reusables.permissions.security-repo-enable %}' -type: how_to topics: - Code Security - Code scanning @@ -11,6 +10,9 @@ versions: fpt: '*' ghes: '*' ghec: '*' +redirect_from: + - /code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning +contentType: concepts --- When you first start using {% data variables.product.prodname_code_scanning %}, you'll likely use default setup. This guide describes how to evaluate how default setup for {% data variables.product.prodname_code_scanning %} is working for you, and what steps to take if something isn't working as you expect. This guide also describes how you can customize {% data variables.product.prodname_code_scanning %} if you find that you have a specific use case that your new configuration doesn't fit. diff --git a/content/code-security/tutorials/customize-code-scanning/index.md b/content/code-security/tutorials/customize-code-scanning/index.md new file mode 100644 index 000000000000..088e51c8a266 --- /dev/null +++ b/content/code-security/tutorials/customize-code-scanning/index.md @@ -0,0 +1,26 @@ +--- +title: Customize code scanning +intro: Learn how to customize code scanning to meet your project's unique security needs by creating and using CodeQL packs and custom queries. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Code Security + - Code scanning + - CodeQL +contentType: tutorials +redirect_from: + - /code-security/how-tos/scan-code-for-vulnerabilities/customize-code-scanning +children: + - /evaluating-default-setup-for-code-scanning + - /preparing-your-code-for-codeql-analysis + - /analyzing-your-code-with-codeql-queries + - /uploading-codeql-analysis-results-to-github + - /running-codeql-code-scanning-in-a-container + - /customizing-analysis-with-codeql-packs + - /creating-codeql-query-suites + - /testing-custom-queries + - /creating-and-working-with-codeql-packs + - /publishing-and-using-codeql-packs +--- diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md b/content/code-security/tutorials/customize-code-scanning/preparing-your-code-for-codeql-analysis.md similarity index 99% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md rename to content/code-security/tutorials/customize-code-scanning/preparing-your-code-for-codeql-analysis.md index 39d3a7e08239..1d94a6f999d7 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md +++ b/content/code-security/tutorials/customize-code-scanning/preparing-your-code-for-codeql-analysis.md @@ -1,6 +1,6 @@ --- title: Preparing your code for CodeQL analysis -intro: 'You can build a {% data variables.product.prodname_codeql %} database containing the data needed to analyze your code.' +intro: You can build a {% data variables.product.prodname_codeql %} database containing the data needed to analyze your code. shortTitle: Preparing code for analysis permissions: '{% data reusables.permissions.repo-checkout %}' product: '{% data reusables.gated-features.codeql %}' @@ -19,6 +19,8 @@ redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-code-scanning-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis +contentType: tutorials --- diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md b/content/code-security/tutorials/customize-code-scanning/publishing-and-using-codeql-packs.md similarity index 99% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md rename to content/code-security/tutorials/customize-code-scanning/publishing-and-using-codeql-packs.md index 6a0952b94bf2..c356ed620f3a 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md +++ b/content/code-security/tutorials/customize-code-scanning/publishing-and-using-codeql-packs.md @@ -1,6 +1,6 @@ --- title: Publishing and using CodeQL packs -intro: 'You can publish your own {% data variables.product.prodname_codeql %} packs and use packs published by other people.' +intro: You can publish your own {% data variables.product.prodname_codeql %} packs and use packs published by other people. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +13,8 @@ topics: redirect_from: - /code-security/codeql-cli/publishing-and-using-codeql-packs - /code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs +contentType: tutorials --- {% ifversion ghec or ghes %} diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md b/content/code-security/tutorials/customize-code-scanning/running-codeql-code-scanning-in-a-container.md similarity index 94% rename from content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md rename to content/code-security/tutorials/customize-code-scanning/running-codeql-code-scanning-in-a-container.md index f34d0e7c3052..8c276b4003af 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md +++ b/content/code-security/tutorials/customize-code-scanning/running-codeql-code-scanning-in-a-container.md @@ -1,7 +1,7 @@ --- title: Running CodeQL code scanning in a container shortTitle: '{% data variables.product.prodname_code_scanning_caps %} in a container' -intro: 'You can run {% data variables.product.prodname_code_scanning %} in a container by ensuring that all processes run in the same container.' +intro: You can run {% data variables.product.prodname_code_scanning %} in a container by ensuring that all processes run in the same container. product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container @@ -9,11 +9,11 @@ redirect_from: - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container + - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Code Security - Code scanning @@ -22,6 +22,7 @@ topics: - Repositories - Containers - Java +contentType: tutorials --- ## About {% data variables.product.prodname_code_scanning %} with a containerized build diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md b/content/code-security/tutorials/customize-code-scanning/testing-custom-queries.md similarity index 97% rename from content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md rename to content/code-security/tutorials/customize-code-scanning/testing-custom-queries.md index 448bfa67c7a6..4459b2a6ed93 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries.md +++ b/content/code-security/tutorials/customize-code-scanning/testing-custom-queries.md @@ -1,6 +1,6 @@ --- title: Testing custom queries -intro: 'You can set up tests for your {% data variables.product.prodname_codeql %} queries to ensure that they continue to return the expected results with new releases of the {% data variables.product.prodname_codeql_cli %}.' +intro: You can set up tests for your {% data variables.product.prodname_codeql %} queries to ensure that they continue to return the expected results with new releases of the {% data variables.product.prodname_codeql_cli %}. product: '{% data reusables.gated-features.codeql %}' versions: fpt: '*' @@ -13,6 +13,8 @@ topics: redirect_from: - /code-security/codeql-cli/testing-custom-queries - /code-security/codeql-cli/using-the-codeql-cli/testing-custom-queries + - /code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries +contentType: tutorials --- ## About testing custom queries diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md similarity index 97% rename from content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md rename to content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md index 585de6fcccbc..c0a90c2bab4e 100644 --- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md +++ b/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md @@ -1,7 +1,7 @@ --- title: Uploading CodeQL analysis results to GitHub shortTitle: Uploading results to GitHub -intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to upload {% data variables.product.prodname_codeql %} analysis results to {% data variables.product.github %}.' +intro: You can use the {% data variables.product.prodname_codeql_cli %} to upload {% data variables.product.prodname_codeql %} analysis results to {% data variables.product.github %}. permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.codeql %}' versions: @@ -12,6 +12,9 @@ topics: - Code Security - Code scanning - CodeQL +redirect_from: + - /code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github +contentType: tutorials --- ## About SARIF output diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md b/content/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork.md similarity index 97% rename from content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md rename to content/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork.md index 63a5c228fede..372f5f85d2e4 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md +++ b/content/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork.md @@ -8,16 +8,17 @@ redirect_from: - /code-security/security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability - /code-security/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability - /code-security/security-advisories/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability + - /code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability versions: fpt: '*' ghec: '*' -type: how_to topics: - Security advisories - Vulnerabilities - Collaboration - Forks -shortTitle: Temporary private forks +shortTitle: Collaborate in a fork +contentType: tutorials --- {% data reusables.security-advisory.repository-level-advisory-note %} diff --git a/content/code-security/tutorials/fix-reported-vulnerabilities/index.md b/content/code-security/tutorials/fix-reported-vulnerabilities/index.md new file mode 100644 index 000000000000..0dfe0622fff8 --- /dev/null +++ b/content/code-security/tutorials/fix-reported-vulnerabilities/index.md @@ -0,0 +1,12 @@ +--- +title: Fixing reported vulnerabilities +shortTitle: Fix reported vulnerabilities +intro: Build skills in collaborating on fixing security vulnerabilities in repositories. +versions: + fpt: '*' + ghec: '*' +contentType: tutorials +children: + - collaborate-in-a-fork + - write-security-advisories +--- diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md b/content/code-security/tutorials/fix-reported-vulnerabilities/write-security-advisories.md similarity index 97% rename from content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md rename to content/code-security/tutorials/fix-reported-vulnerabilities/write-security-advisories.md index 36ff38b19a68..8743ca38802a 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md +++ b/content/code-security/tutorials/fix-reported-vulnerabilities/write-security-advisories.md @@ -5,14 +5,16 @@ versions: fpt: '*' ghec: '*' permissions: '{% data reusables.permissions.security-repo-enable %}' -type: how_to +contentType: tutorials topics: - Security advisories - Vulnerabilities -shortTitle: Best practices +shortTitle: Write security advisories redirect_from: - /code-security/repository-security-advisories/best-practices-for-writing-repository-security-advisories - /code-security/security-advisories/guidance-on-reporting-and-writing/best-practices-for-writing-repository-security-advisories + - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories + - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities --- {% data reusables.security-advisory.security-researcher-cannot-create-advisory %} diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md b/content/code-security/tutorials/implement-supply-chain-best-practices/end-to-end-supply-chain-overview.md similarity index 89% rename from content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md rename to content/code-security/tutorials/implement-supply-chain-best-practices/end-to-end-supply-chain-overview.md index 296cada673dd..e713b8865a1f 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md +++ b/content/code-security/tutorials/implement-supply-chain-best-practices/end-to-end-supply-chain-overview.md @@ -2,17 +2,19 @@ title: Securing your end-to-end supply chain shortTitle: Overview allowTitleToDifferFromFilename: true -intro: 'Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes.' +intro: Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes. versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Organizations - Teams - Dependencies - Code Security +redirect_from: + - /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview +contentType: tutorials --- ## What is the end-to-end supply chain? diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/index.md b/content/code-security/tutorials/implement-supply-chain-best-practices/index.md similarity index 51% rename from content/code-security/supply-chain-security/end-to-end-supply-chain/index.md rename to content/code-security/tutorials/implement-supply-chain-best-practices/index.md index 598d609e0452..fc1afaae7c8b 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/index.md +++ b/content/code-security/tutorials/implement-supply-chain-best-practices/index.md @@ -1,6 +1,6 @@ --- -title: End-to-end supply chain -intro: 'How to think about securing your user accounts, your code, and your build process' +title: Implement supply chain best practices +intro: How to think about securing your user accounts, your code, and your build process versions: fpt: '*' ghec: '*' @@ -16,4 +16,8 @@ children: - /securing-accounts - /securing-code - /securing-builds +redirect_from: + - /code-security/supply-chain-security/end-to-end-supply-chain +contentType: tutorials --- + diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-accounts.md similarity index 99% rename from content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md rename to content/code-security/tutorials/implement-supply-chain-best-practices/securing-accounts.md index 51884a55312c..0e56b685aa43 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md +++ b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-accounts.md @@ -7,13 +7,15 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Organizations - Teams - SSH - Security - Accounts +redirect_from: + - /code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts +contentType: tutorials --- ## About this guide diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-builds.md similarity index 98% rename from content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md rename to content/code-security/tutorials/implement-supply-chain-best-practices/securing-builds.md index 2c83c9acb40e..57cfd1cc171a 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds.md +++ b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-builds.md @@ -7,12 +7,14 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Fundamentals - Security - CI - CD +redirect_from: + - /code-security/supply-chain-security/end-to-end-supply-chain/securing-builds +contentType: tutorials --- ## About this guide diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-code.md similarity index 98% rename from content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md rename to content/code-security/tutorials/implement-supply-chain-best-practices/securing-code.md index 278daddd6761..0cdc432e1dd2 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md +++ b/content/code-security/tutorials/implement-supply-chain-best-practices/securing-code.md @@ -7,7 +7,6 @@ versions: fpt: '*' ghec: '*' ghes: '*' -type: overview topics: - Dependabot - Security updates @@ -15,6 +14,9 @@ topics: - Code Security - Secret Protection - Secret scanning +redirect_from: + - /code-security/supply-chain-security/end-to-end-supply-chain/securing-code +contentType: tutorials --- ## About this guide diff --git a/content/code-security/code-quality/tutorials/fix-findings-in-prs.md b/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md similarity index 94% rename from content/code-security/code-quality/tutorials/fix-findings-in-prs.md rename to content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md index 3a9ffe17c743..557c6b5593b9 100644 --- a/content/code-security/code-quality/tutorials/fix-findings-in-prs.md +++ b/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md @@ -1,7 +1,7 @@ --- title: Fixing code quality findings before merging your pull request shortTitle: Fix findings in PRs -intro: 'Catch quality issues before they reach your default branch and fix them with {% data variables.copilot.copilot_autofix_short %} and {% data variables.copilot.copilot_coding_agent %}.' +intro: Catch quality issues before they reach your default branch and fix them with {% data variables.copilot.copilot_autofix_short %} and {% data variables.copilot.copilot_coding_agent %}. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -9,6 +9,8 @@ permissions: '{% data reusables.permissions.code-quality-see-repo-findings %}' topics: - Code Quality contentType: tutorials +redirect_from: + - /code-security/code-quality/tutorials/fix-findings-in-prs --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/code-quality/tutorials/improve-recent-merges.md b/content/code-security/tutorials/improve-code-quality/improve-recent-merges.md similarity index 96% rename from content/code-security/code-quality/tutorials/improve-recent-merges.md rename to content/code-security/tutorials/improve-code-quality/improve-recent-merges.md index 221ada52a503..79ae15497de9 100644 --- a/content/code-security/code-quality/tutorials/improve-recent-merges.md +++ b/content/code-security/tutorials/improve-code-quality/improve-recent-merges.md @@ -1,7 +1,7 @@ --- title: Improving the quality of recently merged code with AI shortTitle: Improve recent merges -intro: 'Explore {% data variables.product.prodname_code_quality %} findings for recently merged code and fix with {% data variables.copilot.copilot_autofix_short %} or delegate remediation work to {% data variables.copilot.copilot_coding_agent %}.' +intro: Explore {% data variables.product.prodname_code_quality %} findings for recently merged code and fix with {% data variables.copilot.copilot_autofix_short %} or delegate remediation work to {% data variables.copilot.copilot_coding_agent %}. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -11,6 +11,7 @@ topics: contentType: tutorials redirect_from: - /code-security/code-quality/tutorials/improve-active-code + - /code-security/code-quality/tutorials/improve-recent-merges --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/code-quality/tutorials/improve-your-codebase.md b/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md similarity index 96% rename from content/code-security/code-quality/tutorials/improve-your-codebase.md rename to content/code-security/tutorials/improve-code-quality/improve-your-codebase.md index fe1e7c19e29a..1c000054ddac 100644 --- a/content/code-security/code-quality/tutorials/improve-your-codebase.md +++ b/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md @@ -1,7 +1,7 @@ --- title: Improving the quality of your repository's code shortTitle: Improve your codebase -intro: 'Assess and remediate code quality issues detected on your default branch so you can improve the quality of your codebase. As you progress, you''ll see your repository''s code quality rating rise as a result.' +intro: Assess and remediate code quality issues detected on your default branch so you can improve the quality of your codebase. As you progress, you'll see your repository's code quality rating rise as a result. versions: feature: code-quality product: '{% data reusables.gated-features.code-quality-availability %}' @@ -9,6 +9,8 @@ permissions: '{% data reusables.permissions.code-quality-see-repo-findings %}' topics: - Code Quality contentType: tutorials +redirect_from: + - /code-security/code-quality/tutorials/improve-your-codebase --- {% data reusables.code-quality.code-quality-preview-note %} diff --git a/content/code-security/tutorials/improve-code-quality/index.md b/content/code-security/tutorials/improve-code-quality/index.md new file mode 100644 index 000000000000..3a08f87c5960 --- /dev/null +++ b/content/code-security/tutorials/improve-code-quality/index.md @@ -0,0 +1,18 @@ +--- +title: Improving the quality of your code +shortTitle: Improve code quality +intro: Build skills and knowledge about {% data variables.product.prodname_code_quality %} through examples. +versions: + feature: code-quality +topics: + - Code Quality +contentType: tutorials +children: + - /quickstart + - /fix-findings-in-prs + - /improve-your-codebase + - /improve-recent-merges +redirect_from: + - /code-security/code-quality/tutorials +--- + diff --git a/content/code-security/code-quality/get-started/quickstart.md b/content/code-security/tutorials/improve-code-quality/quickstart.md similarity index 93% rename from content/code-security/code-quality/get-started/quickstart.md rename to content/code-security/tutorials/improve-code-quality/quickstart.md index d83df156c546..4e07d7ba7b84 100644 --- a/content/code-security/code-quality/get-started/quickstart.md +++ b/content/code-security/tutorials/improve-code-quality/quickstart.md @@ -1,6 +1,6 @@ --- title: Quickstart for GitHub Code Quality -intro: 'Review code quality findings, generate a {% data variables.copilot.copilot_autofix_short %}, and merge a pull request to improve reliability and maintainability with {% data variables.product.prodname_code_quality %}.' +intro: Review code quality findings, generate a {% data variables.copilot.copilot_autofix_short %}, and merge a pull request to improve reliability and maintainability with {% data variables.product.prodname_code_quality %}. allowTitleToDifferFromFilename: true versions: feature: code-quality @@ -9,7 +9,10 @@ product: '{% data reusables.gated-features.code-quality-availability %}' permissions: '{% data reusables.permissions.code-quality-see-repo-findings %}' topics: - Code Quality -contentType: get-started +contentType: tutorials +redirect_from: + - /code-security/code-quality/get-started/quickstart + - /code-security/code-quality/get-started --- ## Introduction diff --git a/content/code-security/tutorials/index.md b/content/code-security/tutorials/index.md new file mode 100644 index 000000000000..d68285311f25 --- /dev/null +++ b/content/code-security/tutorials/index.md @@ -0,0 +1,30 @@ +--- +title: Tutorials for security and code quality +shortTitle: Tutorials +intro: Build skills and knowledge about {% data variables.product.github %}'s security and code quality features through examples and hands-on activities. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: tutorials +children: + - /trialing-github-advanced-security + - /adopting-github-advanced-security-at-scale + - /secure-your-organization + - /remediate-leaked-secrets + - /secret-scanning-partner-program + - /customize-code-scanning + - /secure-your-dependencies + - /implement-supply-chain-best-practices + - /manage-security-alerts + - /improve-code-quality + - /fix-reported-vulnerabilities +--- diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/best-practices-for-participating-in-a-security-campaign.md b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md similarity index 93% rename from content/code-security/code-scanning/managing-code-scanning-alerts/best-practices-for-participating-in-a-security-campaign.md rename to content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md index fdbe9ff4e022..548fb5cfd15d 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/best-practices-for-participating-in-a-security-campaign.md +++ b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md @@ -1,11 +1,11 @@ --- title: Best practices for participating in a code security campaign shortTitle: Best practices for campaigns -intro: 'Learn how you can successfully take part in a security campaign for {% data variables.product.prodname_code_scanning %} alerts and how it can benefit your career as well as your code.' +intro: Learn how you can successfully take part in a security campaign for {% data variables.product.prodname_code_scanning %} alerts and how it can benefit your career as well as your code. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.security-campaigns %}' -type: how_to +contentType: tutorials versions: feature: security-campaigns topics: @@ -13,6 +13,8 @@ topics: - Code scanning - Alerts - Repositories +redirect_from: + - /code-security/code-scanning/managing-code-scanning-alerts/best-practices-for-participating-in-a-security-campaign --- ## What is a code security campaign @@ -97,7 +99,7 @@ By assigning multiple alerts, {% data variables.copilot.copilot_coding_agent %} {% endif %} -You can ask {% data variables.copilot.copilot_chat_short %} for help in understanding the vulnerability, the suggested fix, and how to test that the fix is comprehensive. To access {% data variables.copilot.copilot_chat_short %}, navigate to https://github.com/copilot. +You can ask {% data variables.copilot.copilot_chat_short %} for help in understanding the vulnerability, the suggested fix, and how to test that the fix is comprehensive. To access {% data variables.copilot.copilot_chat_short %}, navigate to [https://github.com/copilot](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text). Alternatively, when viewing a specific alert, in the top right corner of the page, click the {% data variables.copilot.copilot_chat_short %} icon ({% octicon "copilot" aria-hidden="true" aria-label="copilot" %}) to open a chat window, and ask {% data variables.product.prodname_copilot_short %} questions about the alert. diff --git a/content/code-security/tutorials/manage-security-alerts/index.md b/content/code-security/tutorials/manage-security-alerts/index.md new file mode 100644 index 000000000000..aa77103748bf --- /dev/null +++ b/content/code-security/tutorials/manage-security-alerts/index.md @@ -0,0 +1,21 @@ +--- +title: Manage security alerts +shortTitle: Manage security alerts +intro: Build skills and knowledge about {% data variables.product.github %}'s security and code quality features through examples and hands-on activities. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Secret Protection + - Secret scanning + - Code Security + - Code scanning + - Vulnerabilities + - Dependencies + - Dependabot +contentType: tutorials +children: + - prioritizing-dependabot-alerts-using-metrics + - best-practices-for-participating-in-a-security-campaign +--- diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics.md b/content/code-security/tutorials/manage-security-alerts/prioritizing-dependabot-alerts-using-metrics.md similarity index 91% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics.md rename to content/code-security/tutorials/manage-security-alerts/prioritizing-dependabot-alerts-using-metrics.md index d1c58040742d..7ebc7b009693 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics.md +++ b/content/code-security/tutorials/manage-security-alerts/prioritizing-dependabot-alerts-using-metrics.md @@ -1,7 +1,7 @@ --- title: Prioritizing Dependabot alerts using metrics shortTitle: Prioritize Dependabot alerts using metrics -intro: 'You can prioritize {% data variables.product.prodname_dependabot_alerts %} in your organization by analyzing the provided metrics. Using this approach, you can tell your developers to focus on the most important vulnerabilities first.' +intro: You can prioritize {% data variables.product.prodname_dependabot_alerts %} in your organization by analyzing the provided metrics. Using this approach, you can tell your developers to focus on the most important vulnerabilities first. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' permissions: '{% data reusables.permissions.security-org-enable %}' @@ -16,6 +16,8 @@ topics: - Security redirect_from: - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilites/prioritizing-dependabot-alerts-using-metrics + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities --- ## Prioritizing {% data variables.product.prodname_dependabot_alerts %} using metrics @@ -33,7 +35,7 @@ Application Security (AppSec) managers often face a flood of {% data variables.p * **Alerts closed in the last 30 days, including the number of alerts fixed by {% data variables.product.prodname_dependabot %}, manually dismissed, and auto dismissed**: Tracks alert resolution progress. Illustrates how {% data variables.product.prodname_GH_code_security %} can help you detect vulnerabilities early. * **Table showing the total number of open alerts for each repository, as well as severity and expoitability data**: Allows you to dig deeper at the repository level. -For more information about these metrics, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-dependabot-alerts). +For more information about these metrics, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts). Additionally, you can specify complex filters, which are combinations of the individual filters that are available. For more information about filters, see [{% data variables.product.prodname_dependabot %} dashboard view filters](/code-security/security-overview/filtering-alerts-in-security-overview#dependabot-dashboard-view-filters). diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md similarity index 97% rename from content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md rename to content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md index 2b3b29a2465e..712c6c941aac 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md +++ b/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md @@ -1,12 +1,11 @@ --- title: Evaluating alerts from secret scanning -intro: 'Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret''s validity.' +intro: Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret's validity. permissions: '{% data reusables.permissions.secret-scanning-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: how_to topics: - Secret scanning - Secret Protection @@ -14,6 +13,9 @@ topics: - Repositories shortTitle: Evaluate alerts allowTitleToDifferFromFilename: true +redirect_from: + - /code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts +contentType: tutorials --- ## About evaluating alerts diff --git a/content/code-security/tutorials/remediate-leaked-secrets/index.md b/content/code-security/tutorials/remediate-leaked-secrets/index.md new file mode 100644 index 000000000000..39f59c330cc0 --- /dev/null +++ b/content/code-security/tutorials/remediate-leaked-secrets/index.md @@ -0,0 +1,12 @@ +--- +title: Remediate leaked secrets +intro: Learn how to identify and remediate leaked secrets in your codebase. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: tutorials +children: + - /evaluating-alerts + - /remediating-a-leaked-secret +--- diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md b/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md similarity index 98% rename from content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md rename to content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md index 8bc4a2f89512..2c8d9650d3b5 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md +++ b/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md @@ -3,7 +3,6 @@ title: Remediating a leaked secret in your repository shortTitle: Remediate a leaked secret allowTitleToDifferFromFilename: true intro: Learn how to respond effectively to a leaked secret in your {% data variables.product.github %} repository. -type: how_to topics: - Secret scanning - Secret Protection @@ -13,6 +12,9 @@ versions: fpt: '*' ghec: '*' ghes: '*' +redirect_from: + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret +contentType: tutorials --- ## Introduction @@ -21,7 +23,7 @@ Secrets, such as API keys, tokens and credentials, can pose significant security You should consider any leaked secret to be immediately compromised and it is essential that you undertake proper remediation steps, such as revoking the secret. Simply removing the secret from the codebase, pushing a new commit, or deleting and recreating the repository do not prevent the secret from being exploited. -This how-to walks you through what to do if you've accidentally committed a secret to your repository, or if you've been alerted to a secret leak in your repository. +This tutorial walks you through what to do if you've accidentally committed a secret to your repository, or if you've been alerted to a secret leak in your repository. ### Prerequisites diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md b/content/code-security/tutorials/secret-scanning-partner-program.md similarity index 97% rename from content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md rename to content/code-security/tutorials/secret-scanning-partner-program.md index 92cddfced8cf..027c96d3f2a1 100644 --- a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md +++ b/content/code-security/tutorials/secret-scanning-partner-program.md @@ -1,6 +1,6 @@ --- title: Secret scanning partner program -intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.' +intro: As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider's verify endpoint. product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}' redirect_from: - /partnerships/token-scanning @@ -8,6 +8,8 @@ redirect_from: - /developers/overview/secret-scanning - /developers/overview/secret-scanning-partner-program - /code-security/secret-scanning/secret-scanning-partner-program + - /code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program + - /code-security/secret-scanning/secret-scanning-partnership-program versions: fpt: '*' ghec: '*' @@ -16,6 +18,7 @@ topics: - Secret scanning - Secret Protection shortTitle: Partner program +contentType: tutorials --- {% data variables.product.prodname_dotcom %} scans repositories for known secret formats to prevent fraudulent use of credentials that were committed accidentally. {% data variables.product.prodname_secret_scanning_caps %} happens by default on public repositories and public npm packages. Repository administrators and organization owners can also enable {% data variables.product.prodname_secret_scanning %} on private repositories. As a service provider, you can partner with {% data variables.product.prodname_dotcom %} so that your secret formats are included in our {% data variables.product.prodname_secret_scanning %}. @@ -106,6 +109,7 @@ The list of valid values for `source` are: * Wiki_content * Wiki_commit * Npm +* Manual_submission * Unknown ### Implement signature verification in your secret alert service diff --git a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md similarity index 91% rename from content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md rename to content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md index 8cf6baf132a5..1a165b93b82f 100644 --- a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md +++ b/content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md @@ -1,12 +1,12 @@ --- title: Automating Dependabot with GitHub Actions -intro: 'Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks.' +intro: Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks. permissions: '{% data reusables.permissions.dependabot-various-tasks %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Actions - Dependabot @@ -18,6 +18,7 @@ topics: shortTitle: Use Dependabot with Actions redirect_from: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions --- {% ifversion dependabot-on-actions-opt-in %} @@ -50,7 +51,7 @@ Most automation requires you to know information about the contents of the pull Example: -{% raw %} + ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} @@ -70,15 +71,13 @@ jobs: id: metadata uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "{% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}" # The following properties are now available: # - steps.metadata.outputs.dependency-names # - steps.metadata.outputs.dependency-type # - steps.metadata.outputs.update-type ``` -{% endraw %} - For more information, see the [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata) repository. ## Labeling a pull request @@ -87,7 +86,7 @@ If you have other automation or triage workflows based on {% data variables.prod Example that flags all production dependency updates with a label: -{% raw %} + ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} @@ -107,23 +106,21 @@ jobs: id: metadata uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "{% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}" - name: Add a label for all production dependencies if: steps.metadata.outputs.dependency-type == 'direct:production' run: gh pr edit "$PR_URL" --add-label "production" env: - PR_URL: ${{github.event.pull_request.html_url}} + PR_URL: {% raw %}${{github.event.pull_request.html_url}}{% endraw %} ``` -{% endraw %} - ## Automatically approving a pull request You can automatically approve {% data variables.product.prodname_dependabot %} pull requests by using the {% data variables.product.prodname_cli %} in a workflow. Example: -{% raw %} + ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} @@ -142,16 +139,14 @@ jobs: id: metadata uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "{% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}" - name: Approve a PR run: gh pr review --approve "$PR_URL" env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} + PR_URL: {% raw %}${{github.event.pull_request.html_url}}{% endraw %} + GH_TOKEN: {% raw %}${{secrets.GITHUB_TOKEN}}{% endraw %} ``` -{% endraw %} - ## Enabling automerge on a pull request If you want to allow maintainers to mark certain pull requests for automerge, you can use {% data variables.product.prodname_dotcom %}'s automerge functionality. This enables the pull request to be merged when any tests and approvals required by the branch protection rules are successfully met. @@ -160,7 +155,6 @@ For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-req You can instead use {% data variables.product.prodname_actions %} and the {% data variables.product.prodname_cli %}. Here is an example that automerges all patch updates to `my-dependency`: -{% raw %} ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} @@ -180,17 +174,15 @@ jobs: id: metadata uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: "{% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}" - name: Enable auto-merge for Dependabot PRs if: contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch' run: gh pr merge --auto --merge "$PR_URL" env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} + PR_URL: {% raw %}${{github.event.pull_request.html_url}}{% endraw %} + GH_TOKEN: {% raw %}${{secrets.GITHUB_TOKEN}}{% endraw %} ``` -{% endraw %} - > [!NOTE] > If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless **all the required status checks pass**. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule). diff --git a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md b/content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md similarity index 97% rename from content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md rename to content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md index 504723d8c1cc..91137c4edd70 100644 --- a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md +++ b/content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md @@ -1,9 +1,9 @@ --- title: Configuring multi-ecosystem updates for Dependabot -intro: 'Learn how to configure {% data variables.product.prodname_dependabot %} to group updates across different ecosystems so that you receive a single, consolidated pull request per group instead of one pull request for each ecosystem.' +intro: Learn how to configure {% data variables.product.prodname_dependabot %} to group updates across different ecosystems so that you receive a single, consolidated pull request per group instead of one pull request for each ecosystem. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' allowTitleToDifferFromFilename: true -type: how_to +contentType: tutorials versions: fpt: '*' ghec: '*' @@ -14,7 +14,9 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: Multi-ecosystem updates +shortTitle: Configure multi-ecosystem updates +redirect_from: + - /code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates --- ## About multi-ecosystem updates diff --git a/content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md b/content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md similarity index 98% rename from content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md rename to content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md index c4a310f400a4..4ee29eab82ce 100644 --- a/content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md +++ b/content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md @@ -1,13 +1,13 @@ --- title: Customizing Dependabot pull requests to fit your processes -intro: 'Learn how to tailor your Dependabot pull requests to better suit your own internal workflows.' +intro: Learn how to tailor your Dependabot pull requests to better suit your own internal workflows. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Dependabot - Version updates @@ -15,6 +15,8 @@ topics: - Dependencies - Pull requests shortTitle: Customize Dependabot PRs +redirect_from: + - /code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs --- There are various ways to customize your {% data variables.product.prodname_dependabot %} pull requests so that they better suit your own internal processes. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md b/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md similarity index 95% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md rename to content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md index 39e2ae2893ae..ff950fbf4b71 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md +++ b/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md @@ -1,17 +1,19 @@ --- title: Customizing your dependency review action configuration shortTitle: Customize dependency review action -intro: 'Learn how to add a basic customization to your dependency review action configuration.' +intro: Learn how to add a basic customization to your dependency review action configuration. permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: tutorial +contentType: tutorials topics: - Dependency graph - Dependencies - Repositories +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration --- ## Introduction diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md similarity index 97% rename from content/code-security/getting-started/dependabot-quickstart-guide.md rename to content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md index 492a4ede1bd9..822668393633 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md @@ -1,12 +1,12 @@ --- title: Dependabot quickstart guide -intro: 'Find and fix vulnerable dependencies you rely on with {% data variables.product.prodname_dependabot %}.' +intro: Find and fix vulnerable dependencies you rely on with {% data variables.product.prodname_dependabot %}. product: '{% data reusables.gated-features.dependabot-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: quick_start +contentType: tutorials topics: - Dependabot - Alerts @@ -14,6 +14,8 @@ topics: - Repositories - Dependencies shortTitle: Dependabot quickstart +redirect_from: + - /code-security/getting-started/dependabot-quickstart-guide --- ## About {% data variables.product.prodname_dependabot %} @@ -32,7 +34,7 @@ For the purpose of this guide, we're going to use a demo repository to illustrat You need to start by forking the demo repository. -1. Navigate to [https://github.com/dependabot/demo](https://github.com/dependabot/demo). +1. Navigate to [https://github.com/dependabot/demo](https://github.com/dependabot/demo?ref_product=supply-chain-security&ref_type=engagement&ref_style=text). 1. At the top of the page, on the right, click **{% octicon "repo-forked" aria-hidden="true" aria-label="repo-forked" %} Fork**. 1. Select an owner (you can select your {% data variables.product.prodname_dotcom %} personal account) and type a repository name. For more information about forking repositories, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo#forking-a-repository). 1. Click **Create fork**. diff --git a/content/code-security/tutorials/secure-your-dependencies/index.md b/content/code-security/tutorials/secure-your-dependencies/index.md new file mode 100644 index 000000000000..d5b67dcd3dad --- /dev/null +++ b/content/code-security/tutorials/secure-your-dependencies/index.md @@ -0,0 +1,18 @@ +--- +title: Secure your dependencies +shortTitle: Secure your dependencies +intro: Build skills to help you keep your dependencies up to date and protected from vulnerabilities using automated tools and workflows. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: tutorials +children: + - /dependabot-quickstart-guide + - /automating-dependabot-with-github-actions + - /optimizing-pr-creation-version-updates + - /setting-dependabot-to-run-on-self-hosted-runners-using-arc + - /configuring-multi-ecosystem-updates + - /customizing-dependabot-prs + - /customizing-your-dependency-review-action-configuration +--- diff --git a/content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md b/content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md similarity index 96% rename from content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md rename to content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md index 409b9d7d9b4e..89c75b22f00e 100644 --- a/content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md +++ b/content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md @@ -1,13 +1,13 @@ --- title: Optimizing the creation of pull requests for Dependabot version updates -intro: 'Learn how to streamline and efficiently manage your {% data variables.product.prodname_dependabot %} pull requests.' +intro: Learn how to streamline and efficiently manage your {% data variables.product.prodname_dependabot %} pull requests. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Dependabot - Version updates @@ -15,6 +15,8 @@ topics: - Dependencies - Pull requests shortTitle: Optimize PR creation +redirect_from: + - /code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates --- By default, {% data variables.product.prodname_dependabot %} opens a new pull request to update each dependency. When you enable security updates, new pull requests are opened when a vulnerable dependency is found. When you configure version updates for one or more ecosystems, new pull requests are opened when new versions of dependencies are available, with the frequency defined in the `dependabot.yml` file. diff --git a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md b/content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md similarity index 98% rename from content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md rename to content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md index 4d5b45cacf0a..1884bae5defd 100644 --- a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md +++ b/content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md @@ -11,8 +11,11 @@ topics: - Security updates - Dependencies - Pull requests +contentType: tutorials allowTitleToDifferFromFilename: true shortTitle: Configure ARC +redirect_from: + - /code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc --- ## Working with the {% data variables.product.prodname_actions_runner_controller %} (ARC) diff --git a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale.md b/content/code-security/tutorials/secure-your-organization/best-practice-fix-alerts-at-scale.md similarity index 96% rename from content/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale.md rename to content/code-security/tutorials/secure-your-organization/best-practice-fix-alerts-at-scale.md index 5afb721b2457..9b467c0f544b 100644 --- a/content/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale.md +++ b/content/code-security/tutorials/secure-your-organization/best-practice-fix-alerts-at-scale.md @@ -1,10 +1,9 @@ --- title: Best practices for fixing security alerts at scale -shortTitle: Best practices -intro: 'Guidance on how to create successful security campaigns that engage developers and help them grow their understanding of secure coding.' +shortTitle: Fix alerts at scale +intro: Guidance on how to create successful security campaigns that engage developers and help them grow their understanding of secure coding. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.security-campaigns %}' -type: reference audience: - driver contentType: tutorials @@ -15,6 +14,9 @@ topics: - Secret Protection - Organizations - Security +redirect_from: + - /code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale + - /code-security/securing-your-organization/fixing-security-alerts-at-scale --- ## Elements of a successful security campaign diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md similarity index 98% rename from content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md rename to content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md index 719089e68df5..5a41edc73c19 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -1,17 +1,19 @@ --- title: Best practices for preventing data leaks in your organization -intro: 'Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed.' +intro: Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed. versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to topics: - Organizations - Vulnerabilities - Secret scanning - Secret Protection shortTitle: Prevent data leaks +redirect_from: + - /code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization +contentType: tutorials --- ## About this guide diff --git a/content/code-security/tutorials/secure-your-organization/index.md b/content/code-security/tutorials/secure-your-organization/index.md new file mode 100644 index 000000000000..5ca7639433d9 --- /dev/null +++ b/content/code-security/tutorials/secure-your-organization/index.md @@ -0,0 +1,16 @@ +--- +title: Securing your organization +shortTitle: Secure your organization +intro: Build skills to help you prevent vulnerabilities and address alerts in your organization. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: tutorials +children: + - /best-practices-for-preventing-data-leaks-in-your-organization + - /best-practice-fix-alerts-at-scale + - /prioritize-alerts-in-production-code + - /interpreting-secret-risk-assessment-results + - /organizing-remediation-efforts-for-leaked-secrets +--- diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md b/content/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results.md similarity index 83% rename from content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md rename to content/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results.md index 90b87d45503f..a67e21356540 100644 --- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md +++ b/content/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results.md @@ -1,8 +1,8 @@ --- -title: 'Interpreting secret risk assessment results' -shortTitle: 'Interpret results' -intro: 'Understand the results from your {% data variables.product.prodname_secret_risk_assessment %} and prioritize leak remediation.' -permissions: 'Organization owners, security managers, and users with the **admin** role' +title: Interpreting secret risk assessment results +shortTitle: Interpret secret risk assessment +intro: Understand the results from your {% data variables.product.prodname_secret_risk_assessment %} and prioritize leak remediation. +permissions: Organization owners, security managers, and users with the **admin** role allowTitleToDifferFromFilename: true versions: feature: secret-risk-assessment @@ -11,6 +11,8 @@ topics: - Organizations - Security contentType: tutorials +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results --- ## Introduction @@ -93,4 +95,4 @@ Finally, look for the following indicators, which may require additional prevent ## Next steps -{% data variables.product.prodname_GH_secret_protection %} provides continuous monitoring and push protection to help remediate any remaining secrets and prevent future leaks. To help you evaluate whether {% data variables.product.prodname_GH_secret_protection %} is right for your organization, you can estimate the cost before enabling it. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/estimating-the-price-of-secret-protection). +For stronger secret security and additional insights, {% data variables.product.github %} recommends enabling {% data variables.product.prodname_GH_secret_protection %} for all of your repositories. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/protect-your-secrets). diff --git a/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md b/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md new file mode 100644 index 000000000000..9acf69ab2b99 --- /dev/null +++ b/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md @@ -0,0 +1,121 @@ +--- +title: Organizing remediation efforts for leaked secrets +shortTitle: Organize leak remediation +intro: Systematically organize and manage the remediation of leaked secrets using security campaigns and alert assignments. +permissions: Organization owners, security managers, and users with the **admin** role +allowTitleToDifferFromFilename: true +versions: + feature: security-campaigns +topics: + - Secret scanning + - Secret Protection + - Organizations + - Security +contentType: tutorials +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/organizing-remediation-efforts-for-leaked-secrets +--- + +## Introduction + +In this tutorial, you'll organize remediation efforts for leaked secrets. You'll learn how to: + +* Create security campaigns to track remediation work +* Assign alerts based on ownership +* Monitor remediation progress +* Communicate with stakeholders + +## Prerequisites + +* You must have both {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} enabled for your organization. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/protect-your-secrets). +* You must have existing {% data variables.product.prodname_secret_scanning %} alerts available. + +## Step 1: Review your {% data variables.secret-scanning.alerts %} + +Before taking action, you need to understand the current state of your organization's security alerts. + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.security-overview %} +1. In the left sidebar, under "Alerts", click the {% octicon "chevron-down" aria-hidden="true" aria-label="chevron-down" %} symbol to the right of **{% data variables.product.prodname_secret_scanning_caps %}**. +1. In the dropdown list, select `Default`. `Default` relates to supported patterns and specified custom patterns. +1. Alternatively, you can select `Generic` to review unstructured secrets like passwords. However, generic patterns typically produce more false positives than default patterns, so consider reviewing these alerts after addressing higher-priority leaks. +1. Review the total number of open alerts and repositories affected. +1. Use filters to identify the most urgent alerts and prioritize your remediation efforts. + * To show leaks in **public** repositories, use `publicly-leaked`. + * To show secret leaks found in **more than one repository** within the same organization or enterprise, use `is:multi-repository`. + * To show secrets that are still **valid**, use `validity:active`. + * To filter by specific **service** credentials (AWS, Azure, {% data variables.product.github %}), use `provider:`. + * To filter by specific **token types**, use `secret-type:`. + +1. Optionally, in the sidebar under "Metrics," click **{% data variables.product.prodname_secret_scanning_caps %}** to see: + * Secret types that have been blocked or bypassed most frequently + * Repositories with the most blocked pushes or bypasses + +## Step 2: Create a security campaign + +You can set up a security campaign to organize and track your remediation work across repositories. + +1. Navigate to your organization and click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. +1. On the left panel, select **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. +1. Click **Create campaign {% octicon "triangle-down" aria-hidden="true" %}**, then either: + * Select a pre-defined Secrets campaign template. + * Use custom filters to target specific alerts (for example, `is:open provider:azure` or `is:open validity:active`). +1. Review the alerts (maximum 1000) and adjust filters if needed. +1. Click **Save as** and choose **Publish campaign**. +1. Fill out your campaign information, then click **Publish campaign**. + +## Step 3: Assign alerts to team members + +After creating your campaign, you'll want to assign individual alerts to the developers responsible for fixing them. + +1. On your campaign page, click {% octicon "chevron-right" aria-label="Toggle to expand or collapse the repository view" aria-hidden="true" %} to expand a repository and view its alerts. +1. Click an alert to open its details page. +1. In the right sidebar, click **Assignees**. +1. Select a developer you want to fix the alert. Typically, this is the person who committed the secret or the repository administrator where the leak is detected. They must have write access. + +## Step 4: Monitor remediation progress + +Once alerts are assigned, you need to regularly track your campaign's progress to ensure timely completion. + +1. On your campaign page, review the campaign summary. You'll see: + * **Campaign progress**: How many alerts are closed (fixed or dismissed) or still left to review + * **Status**: How many days until the campaign's due date +1. You can explore campaign details: + * Expand any repository to see its progress in alert remediation. + * Set **Group by** to **None** to show a list of all alerts. + * Use filters to focus on specific repositories or alerts. +1. Identify areas needing attention based on repositories with the most open alerts or no recent progress, then reach out to support those repository maintainers or assignees. + +## Step 5: Communicate with stakeholders + +Throughout the remediation process, you should keep stakeholders informed with regular progress updates. You can use information from your campaign dashboard to help you generate these updates. + +1. Navigate to the campaign dashboard. +1. Identify the information you want to include in your reports. Consider these key metrics: + * Alerts resolved this week + * Remaining open alerts + * On-track vs. at-risk items + * Notable achievements or blockers +1. Incorporate the metrics into your update, then distribute via email, Slack, Teams, or security meetings. + +## Step 6: Document remediation procedures + +Finally, you should create standardized procedures to make future remediation efforts more efficient. + +1. Develop secret-type-specific guides. For example: + * **AWS credentials**: How to rotate access keys and update services + * **{% data variables.product.github %} tokens**: How to revoke and regenerate {% data variables.product.pat_generic_title_case_plural %} + * **API keys**: Service-specific rotation procedures + * **Database credentials**: Safe rotation without service disruption +1. Create a remediation checklist. + 1. Verify the secret is actually leaked. + 1. Determine if the secret is still active. + 1. Revoke or rotate the compromised secret. + 1. Update all systems using the old secret. + 1. Test that systems function with new credentials. + 1. Document the incident and remediation steps. + 1. Mark the alert as resolved. +1. Establish escalation paths. + * Define when to escalate to security leadership. + * Identify subject matter experts for different secret types. + * Create incident response procedures for critical leaks. diff --git a/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md b/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md new file mode 100644 index 000000000000..010aceb5701e --- /dev/null +++ b/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md @@ -0,0 +1,81 @@ +--- +title: Prioritizing Dependabot and code scanning alerts using production context +shortTitle: Prioritize alerts in production code +intro: Focus remediation on real risk by targeting {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts in artifacts deployed to production, using metadata from external registries like JFrog Artifactory, your own CI/CD workflows, or from {% data variables.product.prodname_microsoft_defender %}. +versions: + fpt: '*' + ghec: '*' +contentType: tutorials +topics: + - Code Security + - Dependabot + - Code scanning + - Organizations + - Security +redirect_from: + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-production-context + - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code + - /code-security/tutorials/secure-your-organization/alerts-in-production-code +--- + +Application Security (AppSec) managers are often overwhelmed by a high volume of alerts, many of which may not represent real risk because the affected code never makes it to production. By associating production context with your alerts, you can filter and prioritize vulnerabilities that impact artifacts actually approved for production environments. This enables your team to focus remediation efforts on the vulnerabilities that matter most, reducing noise and improving your security posture. + +## 1. Associate artifacts with production context + +{% data variables.product.github %}'s {% data variables.product.virtual_registry %} allows you to provide production context for your company's builds using the REST API or a partner integration. Teams can then use this context to prioritize {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). + +To provide production context, you should configure your system to: + +* Update **storage records** in the {% data variables.product.virtual_registry %} whenever an artifact is promoted to a production-approved package repository. +* Update **deployment records** when an artifact is deployed to a production environment. + +{% data variables.product.github %} processes this metadata and uses it to power alert filters, such as `artifact-registry-url` and `artifact-registry` from storage records, and `has:deployment` and `runtime-risk` from deployment records. + +For more information on updating records, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/upload-linked-artifacts). + +## 2. Use production context filters + +Production context filters are made available in alert views and security campaign views under the **Security** tab. + +* **{% data variables.product.prodname_dependabot_alerts %} view**: See [Viewing {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts). +* **{% data variables.product.prodname_code_scanning_caps %} alerts view**: See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). +* **Security campaign view**: See [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns). + +Once the alert list is displayed, use the `artifact-registry-url` or `artifact-registry` filters in organization views to focus on vulnerabilities affecting artifacts present in production. + +* For your own artifact repository that is hosted at `my-registry.example.com`, you would use: + + ```text copy + artifact-registry-url:my-registry.example.com + ``` + +* If you use JFrog Artifactory, you can use `artifact-registry` with no further setup in {% data variables.product.github %}: + + ```text copy + artifact-registry:jfrog-artifactory + ``` + +You can also use the `has:deployment` and `runtime-risk` filters to focus on vulnerabilites that deployment metadata shows as in deployment or at risk of runtime vulnerabilities. This data is populated automatically if you have connected {% data variables.product.prodname_mdc %}. For example: + +* To focus on alerts in deployed code that is exposed to the internet, you would use: + + ```text copy + has:deployment AND runtime-risk:internet-exposed + ``` + +You can also combine these production context filters with other filters, such as EPSS: + +```text copy +epss > 0.5 AND artifact-registry-url:my-registry.example.com +``` + +## 3. Remediate alerts in production code + +Now you have identified the alerts that put your production code at risk of exploitation, you need to remediate them as a matter of urgency. Where possible use automation to lower the barrier to remediation. + +* **{% data variables.product.prodname_dependabot_alerts %}:** Use automated pull requests for security fixes. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). +* **{% data variables.product.prodname_code_scanning_caps %} alerts:** Create targeted campaigns with {% data variables.copilot.copilot_autofix_short %}. See [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns). + +## Further reading + +* [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics) diff --git a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md b/content/code-security/tutorials/trialing-github-advanced-security/enable-security-features-trial.md similarity index 95% rename from content/code-security/trialing-github-advanced-security/enable-security-features-trial.md rename to content/code-security/tutorials/trialing-github-advanced-security/enable-security-features-trial.md index 171c0da1581a..3c0aacb6f6f5 100644 --- a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/enable-security-features-trial.md @@ -2,8 +2,7 @@ title: Enabling security features in your trial enterprise shortTitle: Enable security features in trial allowTitleToDifferFromFilename: true -intro: 'Quickly create an enterprise-level configuration and apply {% data variables.product.prodname_cs_and_sp %} features across all repositories in your trial enterprise.' -type: quick_start +intro: Quickly create an enterprise-level configuration and apply {% data variables.product.prodname_cs_and_sp %} features across all repositories in your trial enterprise. permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}' topics: - Code Security @@ -12,6 +11,9 @@ versions: fpt: '*' ghec: '*' ghes: '> 3.15' +redirect_from: + - /code-security/trialing-github-advanced-security/enable-security-features-trial +contentType: tutorials --- This article assumes that you have planned and then started a trial of {% data variables.product.prodname_GHAS %}. For more information, see [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas). diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md similarity index 96% rename from content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md rename to content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md index df27727b9b65..b2181850b424 100644 --- a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md @@ -1,15 +1,17 @@ --- -title: 'Exploring your enterprise trial of {% data variables.product.prodname_GH_code_security_always %}' -shortTitle: 'Trial {% data variables.product.prodname_code_security %}' +title: Exploring your enterprise trial of {% data variables.product.prodname_GH_code_security_always %} +shortTitle: Trial {% data variables.product.prodname_code_security %} allowTitleToDifferFromFilename: true -intro: 'Introduction to the features of code and dependency scanning available with {% data variables.product.prodname_GH_code_security_always %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs.' -type: quick_start +intro: Introduction to the features of code and dependency scanning available with {% data variables.product.prodname_GH_code_security_always %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs. topics: - Code Security versions: fpt: '*' ghec: '*' ghes: '> 3.15' +redirect_from: + - /code-security/trialing-github-advanced-security/explore-trial-code-scanning +contentType: tutorials --- This guide assumes that you have planned and started a trial of {% data variables.product.prodname_GHAS %} for an existing or trial {% data variables.product.github %} enterprise account, see [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas). diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md similarity index 94% rename from content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md rename to content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md index b310ef8275b9..4f5f50f14a1b 100644 --- a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md @@ -1,15 +1,17 @@ --- -title: 'Exploring your enterprise trial of {% data variables.product.prodname_GH_secret_protection_always %}' -shortTitle: 'Trial Secret Protection' +title: Exploring your enterprise trial of {% data variables.product.prodname_GH_secret_protection_always %} +shortTitle: Trial Secret Protection allowTitleToDifferFromFilename: true -intro: 'Introduction to the features available with {% data variables.product.prodname_GH_secret_protection_always %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs.' -type: quick_start +intro: Introduction to the features available with {% data variables.product.prodname_GH_secret_protection_always %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs. topics: - Secret Protection versions: fpt: '*' ghec: '*' ghes: '> 3.15' +redirect_from: + - /code-security/trialing-github-advanced-security/explore-trial-secret-scanning +contentType: tutorials --- This guide assumes that you have planned and started a trial of {% data variables.product.prodname_GHAS %} for an existing or trial {% data variables.product.github %} enterprise account. See [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas). diff --git a/content/code-security/trialing-github-advanced-security/index.md b/content/code-security/tutorials/trialing-github-advanced-security/index.md similarity index 72% rename from content/code-security/trialing-github-advanced-security/index.md rename to content/code-security/tutorials/trialing-github-advanced-security/index.md index d5a3eefe4830..d6d2d82f1225 100644 --- a/content/code-security/trialing-github-advanced-security/index.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/index.md @@ -1,7 +1,7 @@ --- title: Trialing {% data variables.product.prodname_GHAS %} shortTitle: Trial {% data variables.product.prodname_GHAS %} -intro: 'Determine how you can meet your security goals using {% data variables.product.prodname_GH_cs_and_sp %}.' +intro: Determine how you can meet your security goals using {% data variables.product.prodname_GH_cs_and_sp %}. permissions: '{% data reusables.advanced-security.ghas-trial-permission %}' product: '{% data reusables.gated-features.ghas-trial %}' versions: @@ -18,4 +18,8 @@ children: - /enable-security-features-trial - /explore-trial-secret-scanning - /explore-trial-code-scanning +redirect_from: + - /code-security/trialing-github-advanced-security +contentType: tutorials --- + diff --git a/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md b/content/code-security/tutorials/trialing-github-advanced-security/planning-a-trial-of-ghas.md similarity index 96% rename from content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md rename to content/code-security/tutorials/trialing-github-advanced-security/planning-a-trial-of-ghas.md index 34b2876e1a02..9148231df654 100644 --- a/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/planning-a-trial-of-ghas.md @@ -1,9 +1,8 @@ --- -title: 'Planning a trial of {% data variables.product.prodname_GHAS %}' -shortTitle: 'Plan GHAS trial' +title: Planning a trial of {% data variables.product.prodname_GHAS %} +shortTitle: Plan GHAS trial allowTitleToDifferFromFilename: true -intro: 'Learn how to prepare for a successful trial of {% data variables.product.prodname_AS %}.' -type: overview +intro: Learn how to prepare for a successful trial of {% data variables.product.prodname_AS %}. topics: - Code Security - Secret Protection @@ -11,6 +10,9 @@ versions: fpt: '*' ghec: '*' ghes: '> 3.15' +redirect_from: + - /code-security/trialing-github-advanced-security/planning-a-trial-of-ghas +contentType: tutorials --- ## Is a self-serve trial right for you? diff --git a/content/code-security/trialing-github-advanced-security/trial-advanced-security.md b/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md similarity index 80% rename from content/code-security/trialing-github-advanced-security/trial-advanced-security.md rename to content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md index 94e62537fd29..379c4269112b 100644 --- a/content/code-security/trialing-github-advanced-security/trial-advanced-security.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md @@ -1,6 +1,6 @@ --- title: Setting up a trial of GitHub Advanced Security -intro: 'You can try the full set of {% data variables.product.prodname_GHAS %} features for free.' +intro: You can try the full set of {% data variables.product.prodname_GHAS %} features for free. permissions: '{% data reusables.advanced-security.ghas-trial-permission %}' product: '{% data reusables.gated-features.ghas-trial %}' versions: @@ -11,22 +11,24 @@ redirect_from: - /billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security - /billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security - /billing/how-tos/products/trial-advanced-security + - /code-security/trialing-github-advanced-security/trial-advanced-security topics: - Billing - Advanced Security - Enterprise shortTitle: Trial Advanced Security -contentType: how-tos +contentType: tutorials --- ## Prerequisites To set up a trial of {% data variables.product.prodname_GHAS %} using this method, you must meet the following criteria: -1. Be an owner of an enterprise account. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts). -1. Pay by credit card or PayPal. -1. Have not previously purchased or had a trial of {% data variables.product.prodname_GHAS %}. +1. You are an owner of an enterprise account. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts). +1. You pay by credit card or PayPal. +1. You have not previously purchased {% data variables.product.prodname_GHAS %} (that is, you do not currently or in the past have a paid license for {% data variables.product.prodname_GHAS %}). 1. You are not already using metered billing for {% data variables.product.prodname_GHAS %}. +1. If you have had a previous {% data variables.product.prodname_GHAS %} trial, you are eligible only if you have had no more than one previous trial and it ended at least 180 days ago. > [!TIP] > * **No enterprise account?** Start a trial of {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GHAS %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud). diff --git a/content/codespaces/about-codespaces/what-are-codespaces.md b/content/codespaces/about-codespaces/what-are-codespaces.md index f0e23903b5bb..a66ae0890227 100644 --- a/content/codespaces/about-codespaces/what-are-codespaces.md +++ b/content/codespaces/about-codespaces/what-are-codespaces.md @@ -13,12 +13,6 @@ redirect_from: - /codespaces/overview --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - ## Introduction A codespace is a development environment that's hosted in the cloud. You can customize your project for {% data variables.product.prodname_github_codespaces %} by committing configuration files to your repository (often known as Configuration-as-Code), which creates a repeatable codespace configuration for all users of your project. See [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers). diff --git a/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md b/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md index ed11fec5eb01..8e6df81ce887 100644 --- a/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md +++ b/content/codespaces/developing-in-a-codespace/creating-a-codespace-for-a-repository.md @@ -17,12 +17,6 @@ topics: shortTitle: Create a codespace for a repo --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - ## About creating a codespace for a repository {% data reusables.codespaces.ways-to-create-a-codespace %} Use the tabs in this article to display instructions for each of these ways of creating a codespace. diff --git a/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md b/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md index a241c6973483..de68d441f2e2 100644 --- a/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md +++ b/content/codespaces/developing-in-a-codespace/creating-a-codespace-from-a-template.md @@ -14,13 +14,7 @@ redirect_from: - /codespaces/developing-in-codespaces/creating-a-codespace-from-a-template --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - -## About templates for {% data variables.product.prodname_github_codespaces %} +# About templates for {% data variables.product.prodname_github_codespaces %} If you're starting a new project, you can get started with development work quickly by creating a codespace from a template. You'll be able to work on your project in a cloud-based development environment, save your files in the cloud, and publish your work to a new remote repository that you can share with others or clone to your local machine. diff --git a/content/codespaces/developing-in-a-codespace/developing-in-a-codespace.md b/content/codespaces/developing-in-a-codespace/developing-in-a-codespace.md index 0bc22bcfd116..7b05fbcb2a92 100644 --- a/content/codespaces/developing-in-a-codespace/developing-in-a-codespace.md +++ b/content/codespaces/developing-in-a-codespace/developing-in-a-codespace.md @@ -18,12 +18,6 @@ shortTitle: Develop in a codespace ## About development with {% data variables.product.prodname_github_codespaces %} -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - You can develop code in a codespace using your choice of tool: * A command shell, via an SSH connection initiated using {% data variables.product.prodname_cli %} diff --git a/content/codespaces/developing-in-a-codespace/index.md b/content/codespaces/developing-in-a-codespace/index.md index f8f54b7daa68..e7490804005e 100644 --- a/content/codespaces/developing-in-a-codespace/index.md +++ b/content/codespaces/developing-in-a-codespace/index.md @@ -27,9 +27,3 @@ children: redirect_from: - /codespaces/developing-in-codespaces --- - -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} diff --git a/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md b/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md index c379774d1c3d..e4c5d757fdc9 100644 --- a/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md +++ b/content/codespaces/developing-in-a-codespace/opening-an-existing-codespace.md @@ -14,12 +14,6 @@ redirect_from: - /codespaces/developing-in-codespaces/opening-an-existing-codespace --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - You can reopen any of your active or stopped codespaces on {% data variables.product.github %}, in {% data variables.product.prodname_vscode %}, or by using {% data variables.product.prodname_cli %}. You can't reopen a codespace that has been deleted. See [AUTOTITLE](/codespaces/about-codespaces/understanding-the-codespace-lifecycle). You can view all your codespaces on the "Your codespaces" page at [github.com/codespaces](https://github.com/codespaces). From this page, you can: diff --git a/content/codespaces/quickstart.md b/content/codespaces/quickstart.md index 15cc25f21967..072cac076d0d 100644 --- a/content/codespaces/quickstart.md +++ b/content/codespaces/quickstart.md @@ -16,12 +16,6 @@ topics: - Codespaces --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - ## Introduction In this guide, you'll create a codespace from a template repository and explore some of the essential features available to you within the codespace. You'll work in the browser version of {% data variables.product.prodname_vscode %}, which is initially the default editor for {% data variables.product.prodname_github_codespaces %}. After trying out this quickstart you can use {% data variables.product.prodname_codespaces %} in other editors, and you can change the default editor. Links are provided at the end of this guide. diff --git a/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md b/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md index 38c3a7b5a6f4..23061ca05bc6 100644 --- a/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md +++ b/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md @@ -10,12 +10,6 @@ topics: shortTitle: Creation and deletion --- -{% ifversion ghec %} - -{% data reusables.codespaces.data-residency-availability %} - -{% endif %} - ## Creating codespaces ### No access to create a codespace diff --git a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md index fec470812352..73364497072b 100644 --- a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md +++ b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md @@ -26,7 +26,7 @@ You can add default community health files to a **public**{% ifversion ghec or g If no corresponding file is found in the current repository, {% data variables.product.github %} will use the default file from the `.github` repository, following the same order of precedence. -**Note:** The `.github` repository must be **public**{% ifversion ghec or ghes %} or **internal**{% endif %} for templates to be applied organization-wide. Private `.github` repositories are not supported. +>[!NOTE] The `.github` repository must be **public**{% ifversion ghec or ghes %} or **internal**{% endif %} for templates to be applied organization-wide. Private `.github` repositories are not supported. For example, anyone who creates an issue or pull request in a repository that does not have its own `CONTRIBUTING.md` file will see a link to the default `CONTRIBUTING.md` from the `.github` repository. However, if a repository has any files in its own `.github/ISSUE_TEMPLATE` folder, such as issue templates or a `_config.yml` file, none of the contents of the default `.github/ISSUE_TEMPLATE` folder will be used. This allows repository maintainers to override the default files with specific templates or content on per-repository basis. @@ -38,6 +38,19 @@ As a repository maintainer, you can use the community standards checklist to see {% endif %} +## About security policies + +{% ifversion fpt or ghec %} +After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github). For more information about repository security advisories, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories). +{% endif %} + +{% ifversion ghes %} + +By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel. +{% endif %} + +For an example of a real `SECURITY.md` file, see [https://github.com/electron/electron/blob/main/SECURITY.md](https://github.com/electron/electron/blob/main/SECURITY.md). + ## Supported file types You can create defaults in your organization or personal account for the following community health files: diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md index 64935afb94d3..8e49c7488c6c 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md @@ -37,8 +37,6 @@ With issue forms, you can create templates that have web form fields using the { Issue templates are stored on the repository's default branch, in a hidden `.github/ISSUE_TEMPLATE` directory. If you create a template in another branch, it will not be available for collaborators to use. Issue template filenames are not case sensitive, and need a _.md_ extension. Issue templates created with issue forms need a _.yml_ extension. {% data reusables.repositories.valid-community-issues %} -It is possible to manually create a single issue template in Markdown using the legacy issue template workflow, and project contributors will automatically see the template's contents in the issue body. However, we recommend using the upgraded multiple issue template builder or issue forms to create issue templates. For more information about the legacy workflow, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository). - {% data reusables.repositories.security-guidelines %} ## Pull request templates diff --git a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md index f9bc7ad955e3..2450d4750e76 100644 --- a/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md +++ b/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md @@ -102,4 +102,3 @@ If you have 10 or more templates, alphanumeric ordering means that `11-bug.yml` ## Further reading * [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates) -* [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository) diff --git a/content/contributing/style-guide-and-content-model/about-the-content-model.md b/content/contributing/style-guide-and-content-model/about-the-content-model.md index d07db0d92859..85736888bc74 100644 --- a/content/contributing/style-guide-and-content-model/about-the-content-model.md +++ b/content/contributing/style-guide-and-content-model/about-the-content-model.md @@ -43,8 +43,6 @@ If a new top-level doc set is created, it is added to the homepage. If a category serves as the starting point for using a {% data variables.product.prodname_dotcom %} product or feature, it can be added to the homepage. -For example, under the "Security" grouping on the homepage, in addition to the [Code security](/code-security) top-level doc set, the [Supply chain security](/code-security/supply-chain-security), [Security advisories](/code-security/security-advisories), [{% data variables.product.prodname_dependabot %}](/code-security/dependabot), [{% data variables.product.prodname_code_scanning_caps %}](/code-security/code-scanning), and [{% data variables.product.prodname_secret_scanning_caps %}](/code-security/secret-scanning) categories are included because each of those categories are the entry point to {% data variables.product.prodname_dotcom %} products and features. [Security overview](/code-security/security-overview) is not included on the homepage because it provides additional information for using secure coding features and is not an introduction to a product or feature. - ## Top-level doc set Top-level doc sets are organized around a {% data variables.product.prodname_dotcom %} product, feature, or core workflow. All top-level doc sets appear on the {% data variables.product.prodname_docs %} homepage. You should only create a top-level doc set when there is a large amount of content to be contained in the new doc set, multiple categories that are broken down into map topics, and the topic applies across products, features, or account types. If the content could fit in any existing top-level doc set, it probably belongs in that existing doc set. diff --git a/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md b/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md index d66fafb3d19e..764cb95acb00 100644 --- a/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md +++ b/content/contributing/writing-for-github-docs/using-yaml-frontmatter.md @@ -257,7 +257,9 @@ includeGuides: * `id` (required): Unique identifier for the journey. The id only needs to be unique for journeys within a single journey landing page. * `title` (required): Display title for the journey (supports Liquid variables) * `description` (optional): Description of the journey (supports Liquid variables) - * `guides` (required): Array of article paths that make up this journey + * `guides` (required): Array of guide objects that make up this journey. Each guide object has: + * `href` (required): Path to the article + * `alternativeNextStep` (optional): Custom text to guide users to alternative paths in the journey. Supports Liquid variables and `[AUTOTITLE]`. * Only applicable when used with `layout: journey-landing`. * Optional. @@ -269,15 +271,16 @@ journeyTracks: title: 'Getting started with {% data variables.product.prodname_actions %}' description: 'Learn the basics of GitHub Actions.' guides: - - '/actions/quickstart' - - '/actions/learn-github-actions' - - '/actions/using-workflows' + - href: '/actions/quickstart' + - href: '/actions/learn-github-actions' + alternativeNextStep: 'Want to skip ahead? See [AUTOTITLE](/actions/using-workflows).' + - href: '/actions/using-workflows' - id: 'advanced' title: 'Advanced {% data variables.product.prodname_actions %}' description: 'Dive deeper into advanced features.' guides: - - '/actions/using-workflows/workflow-syntax-for-github-actions' - - '/actions/deployment/deploying-with-github-actions' + - href: '/actions/using-workflows/workflow-syntax-for-github-actions' + - href: '/actions/deployment/deploying-with-github-actions' ``` ### `type` diff --git a/content/copilot/concepts/about-enterprise-accounts-for-copilot-business.md b/content/copilot/concepts/about-enterprise-accounts-for-copilot-business.md index 28c43fac7926..e2c9d15f7f23 100644 --- a/content/copilot/concepts/about-enterprise-accounts-for-copilot-business.md +++ b/content/copilot/concepts/about-enterprise-accounts-for-copilot-business.md @@ -14,6 +14,8 @@ redirect_from: - /early-access/copilot/managing-copilot-business-licenses-with-an-enterprise-account - /early-access/copilot/managing-copilot-business-licenses-with-an-enterprise-account contentType: concepts +category: + - Learn about Copilot --- ## How can my enterprise use {% data variables.product.prodname_copilot %} only? diff --git a/content/copilot/concepts/agents/about-agent-skills.md b/content/copilot/concepts/agents/about-agent-skills.md new file mode 100644 index 000000000000..81bf82fb1930 --- /dev/null +++ b/content/copilot/concepts/agents/about-agent-skills.md @@ -0,0 +1,88 @@ +--- +title: About Agent Skills +shortTitle: Agent Skills +intro: 'Agent Skills enhance the ability of {% data variables.copilot.copilot_coding_agent %}, the {% data variables.copilot.copilot_cli %} and {% data variables.product.prodname_vscode %} Insiders to perform specialized tasks.' +product: '{% data reusables.gated-features.copilot-coding-agent %}

{% data reusables.gated-features.copilot-cli %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +category: + - Learn about Copilot +--- + +## About Agent Skills + +Agent Skills are folders of instructions, scripts, and resources that {% data variables.product.prodname_copilot_short %} can load when relevant to improve its performance in specialized tasks. Agent Skills is an [open standard](https://github.com/agentskills/agentskills), used by a range of different agents. + +Agent Skills work with {% data variables.copilot.copilot_coding_agent %}, the {% data variables.copilot.copilot_cli %} and agent mode in {% data variables.product.prodname_vscode %} Insiders. Support in the stable version of {% data variables.product.prodname_vscode_shortname %} is coming soon. + +You can create your own skills to teach {% data variables.product.prodname_copilot_short %} to perform tasks in a specific, repeatable way—or use skills shared online, for example in the [`anthropics/skills`](https://github.com/anthropics/skills) repository or {% data variables.product.company_short %}'s community created [`github/awesome-copilot`](https://github.com/github/awesome-copilot) collection. + +{% data variables.product.prodname_copilot_short %} supports: + +* Project skills, stored in your repository (`.github/skills` or `.claude/skills`) +* Personal skills, stored in your home directory and shared across projects (`~/.copilot/skills` or `~/.claude/skills`) ({% data variables.copilot.copilot_coding_agent %} and {% data variables.copilot.copilot_cli %} only) + +Support for organization-level and enterprise-level skills is coming soon. + +> [!NOTE] +> {% data reusables.cli.preview-note-cli-body %} + +## Creating and adding skills + +1. Create a subdirectory for your new skill. Each skill should have its own directory (for example, `.github/skills/webapp-testing`). Skill directory names should be lowercase, use hyphens for spaces, and typically match the `name` in the `SKILL.md` frontmatter. + + For project skills, specific to a single repository, store your skill under `.github/skills` or `.claude/skills`. + + For personal skills, shared across projects, store your skill under `~/.copilot/skills` or `~/.claude/skills`. + +1. Create a `SKILL.md` file with your skill's instructions. + + > [!NOTE] + > Skill files must be named `SKILL.md`. + + `SKILL.md` files are Markdown files with YAML frontmatter. In their simplest form, they include: + + * YAML frontmatter + * **name** (required): A unique identifier for the skill. This must be lowercase, using hyphens for spaces. + * **description** (required): A description of what the skill does, and when {% data variables.product.prodname_copilot_short %} should use it. + * **license** (optional): A description of the license that applies to this skill. + * A Markdown body, with the instructions, examples and guidelines for {% data variables.product.prodname_copilot_short %} to follow. + +1. Optionally, add scripts, examples or other resources to your skill's directory. For example, if you were writing a skill for converting images between different formats, you might include a script for converting SVG images to PNG. + +### Example `SKILL.md` file + +For a project skill, this file would be located in the `/path/to/repository/.github/skills/github-actions-failure-debugging` directory. + +For a personal skill, this file would be located in the `~/.copilot/skills/github-actions-failure-debugging` directory. + +```markdown copy +--- +name: github-actions-failure-debugging +description: Guide for debugging failing GitHub Actions workflows. Use this when asked to debug failing GitHub Actions workflows. +--- + +To debug failing GitHub Actions workflows in a pull request, follow this process, using tools provided from the GitHub MCP Server: + +1. Use the `list_workflow_runs` tool to look up recent workflow runs for the pull request and their status +2. Use the `summarize_job_log_failures` tool to get an AI summary of the logs for failed jobs, to understand what went wrong without filling your context windows with thousands of lines of logs +3. If you still need more information, use the `get_job_logs` or `get_workflow_run_logs` tool to get the full, detailed failure logs +4. Try to reproduce the failure yourself in your own environment. +5. Fix the failing build. If you were able to reproduce the failure yourself, make sure it is fixed before committing your changes. +``` + +## How {% data variables.product.prodname_copilot_short %} uses skills + +When performing tasks, {% data variables.product.prodname_copilot_short %} will decide when to use your skills based on your prompt and the skill's description. + +When {% data variables.product.prodname_copilot_short %} chooses to use a skill, the `SKILL.md` file will be injected in the agent's context, giving the agent access to your instructions. It can then follow those instructions, and use any scripts or examples you may have included in the skill's directory. + +## Skills versus custom instructions + +You can use both skills and custom instructions to teach {% data variables.product.prodname_copilot_short %} how to work in your repository and how to perform specific tasks. + +We recommend using custom instructions for simple instructions relevant to almost every task (for example information about your repository's coding standards), and skills for more detailed instructions that {% data variables.product.prodname_copilot_short %} should access when relevant. + +To learn more about repository custom instructions, see [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions). diff --git a/content/copilot/concepts/agents/about-copilot-cli.md b/content/copilot/concepts/agents/about-copilot-cli.md index aef7cfab0bf6..f79a6471a123 100644 --- a/content/copilot/concepts/agents/about-copilot-cli.md +++ b/content/copilot/concepts/agents/about-copilot-cli.md @@ -9,7 +9,7 @@ versions: topics: - Copilot contentType: concepts -category: +category: - Learn about Copilot --- @@ -25,19 +25,21 @@ The command-line interface (CLI) for {% data variables.product.prodname_copilot * Linux * macOS -* Windows from within [Windows Subsystem for Linux (WSL)](https://learn.microsoft.com/en-us/windows/wsl/about). Native Windows support in Powershell is available, but experimental. +* Windows from within Powershell and [Windows Subsystem for Linux (WSL)](https://learn.microsoft.com/en-us/windows/wsl/about) For installation instructions, see [AUTOTITLE](/copilot/how-tos/set-up/install-copilot-cli). ## Modes of use -{% data variables.copilot.copilot_cli %} can be used in two modes: +{% data variables.copilot.copilot_cli %} can be used in three modes: * **Interactive mode**: Start an interactive session by using the `copilot` command. This is the default mode for working with the CLI. In this mode, you can prompt {% data variables.product.prodname_copilot_short %} to answer a question, or perform a task. You can react to {% data variables.product.prodname_copilot_short %}'s responses in the same session. ![Screenshot of the Welcome message in the interactive mode of {% data variables.product.prodname_copilot_short %}.](/assets/images/help/copilot/copilot-cli-welcome.png) +* **Plan mode**: Press Shift+Tab to cycle in and out of plan mode. In plan mode, {% data variables.product.prodname_copilot_short %} analyzes your request, asks clarifying questions to understand scope and requirements, and builds a structured implementation plan before writing any code. This helps you catch misunderstandings before any code is written, and stay in control of complex, multi-step tasks. + * **Programmatic mode**: You can also pass the CLI a single prompt directly on the command line. You do this by using the `-p` or `--prompt` command-line option. To allow {% data variables.product.prodname_copilot_short %} to modify and execute files you should also use one of the approval options (see [Allowing tools to be used without manual approval](#allowing-tools-to-be-used-without-manual-approval) later in this article). For example: ```bash copy @@ -47,7 +49,7 @@ For installation instructions, see [AUTOTITLE](/copilot/how-tos/set-up/install-c Alternatively, you can use a script to output command-line options and pipe this to `copilot`. For example: ```bash copy - echo ./script-outputting-options.sh | copilot + ./script-outputting-options.sh | copilot ``` > [!CAUTION] @@ -142,6 +144,32 @@ The following sections provide examples of tasks you can complete with {% data v `Branch off from main and create a {% data variables.product.prodname_actions %} workflow that will run on pull requests, or can be run manually. The workflow should run eslint to check for problems in the changes made in the PR. If warnings or errors are found these should be shown as messages in the diff view of the PR. I want to prevent code with errors from being merged into main so, if any errors are found, the workflow should cause the PR check to fail. Push the new branch and create a pull request.` +## Steering the conversation + +You can interact with {% data variables.product.prodname_copilot_short %} while it's thinking to steer the conversation: + +* **Enqueue additional messages**: Send follow-up messages to steer the conversation in a different direction, or queue additional instructions for {% data variables.product.prodname_copilot_short %} to process after it finishes its current response. This makes conversations feel more natural and keeps you in control. +* **Inline feedback on rejection**: When you reject a tool permission request, you can give {% data variables.product.prodname_copilot_short %} inline feedback about the rejection so it can adapt its approach without stopping entirely. This makes the conversation flow more naturally when you want to guide {% data variables.product.prodname_copilot_short %} away from certain actions. + +## Automatic context management + +{% data variables.copilot.copilot_cli %} automatically manages your conversation context: + +* **Auto-compaction**: When your conversation approaches 95% of the token limit, {% data variables.product.prodname_copilot_short %} automatically compresses your history in the background without interrupting your workflow. This enables virtually infinite sessions. +* **Manual control**: Use `/compact` to manually compress context anytime. Press Escape to cancel if you change your mind. +* **Visualize usage**: The `/context` command shows a detailed token usage breakdown so you can understand how your context window is being used. + +## Customizing {% data variables.copilot.copilot_cli %} + +You can customize {% data variables.copilot.copilot_cli %} in a number of ways: + +* **Custom instructions**: Custom instructions allow you to give {% data variables.product.prodname_copilot_short %} additional context on your project and how to build, test and validate its changes. All custom instruction files now combine instead of using priority-based fallbacks. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#use-custom-instructions). +* **Model Context Protocol (MCP) servers**: MCP servers allow you to give {% data variables.product.prodname_copilot_short %} access to different data sources and tools. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#add-an-mcp-server). +* **{% data variables.copilot.custom_agents_caps_short %}**: {% data variables.copilot.custom_agents_caps_short %} allow you to create different specialized versions of {% data variables.product.prodname_copilot_short %} for different tasks. For example, you could customize {% data variables.product.prodname_copilot_short %} to be an expert frontend engineer following your team's guidelines. {% data variables.copilot.copilot_cli %} includes specialized {% data variables.copilot.custom_agents_short %} that it automatically delegates common tasks to. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#use-custom-agents). +* **Hooks**: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks). +* **Skills**: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills). +* **{% data variables.copilot.copilot_memory %}**: {% data variables.copilot.copilot_memory %} allows {% data variables.product.prodname_copilot_short %} to build a persistent understanding of your repository by storing "memories", which are pieces of information about coding conventions, patterns, and preferences that {% data variables.product.prodname_copilot_short %} deduces as it works. This reduces the need to repeatedly explain context in your prompts and makes future sessions more productive. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-memory). + ## Security considerations When you use {% data variables.copilot.copilot_cli_short %}, {% data variables.product.prodname_copilot_short %} can perform tasks on your behalf, such as executing or modifying files, or running shell commands. @@ -265,9 +293,15 @@ You can mitigate the risks associated with using the automatic approval options The default model used by {% data variables.copilot.copilot_cli %} is {% data variables.copilot.copilot_claude_sonnet_45 %}. {% data variables.product.github %} reserves the right to change this model. -You can change the model used by {% data variables.copilot.copilot_cli %} by using the `/model` slash command. Enter this command, then select a model from the list. +You can change the model used by {% data variables.copilot.copilot_cli %} by using the `/model` slash command or the `--model` command-line option. Enter this command, then select a model from the list. + +Each time you submit a prompt to {% data variables.product.prodname_copilot_short %} in {% data variables.copilot.copilot_cli_short %}'s interactive mode, and each time you use {% data variables.copilot.copilot_cli_short %} in programmatic mode, your monthly quota of {% data variables.product.prodname_copilot_short %} premium requests is reduced by one, multiplied by the multiplier shown in parentheses in the model list. For example, `Claude Sonnet 4.5 (1x)` indicates that with this model each time you submit a prompt your quota of premium requests is reduced by one. For information about premium requests, see [AUTOTITLE](/copilot/concepts/billing/copilot-requests). + +## Use {% data variables.copilot.copilot_cli_short %} via ACP + +ACP (the Agent Client Protocol) is an open standard for interacting with AI agents. It allows you to use {% data variables.copilot.copilot_cli_short %} as an agent in any third-party tools, IDEs, or automation systems that support this protocol. -Each time you submit a prompt to {% data variables.product.prodname_copilot_short %} in {% data variables.copilot.copilot_cli_short %}'s interactive mode, and each time you use {% data variables.copilot.copilot_cli_short %} in programmatic mode, your monthly quota of {% data variables.product.prodname_copilot_short %} premium requests is reduced by one, multiplied by the multiplier shown in parentheses in the model list. For example, `Claude Sonnet 4.5 (1x)` indicates that with this model each time you submit a prompt your quota of premium requests is reduced by one. For information about premium requests, see [AUTOTITLE](/copilot/managing-copilot/monitoring-usage-and-entitlements/about-premium-requests). +For more information, see [AUTOTITLE](/copilot/reference/acp-server). {% data reusables.cli.feedback %} diff --git a/content/copilot/concepts/agents/about-third-party-agents.md b/content/copilot/concepts/agents/about-third-party-agents.md new file mode 100644 index 000000000000..6cf4e25673f8 --- /dev/null +++ b/content/copilot/concepts/agents/about-third-party-agents.md @@ -0,0 +1,60 @@ +--- +title: About third-party agents +shortTitle: Third-party agents +intro: 'You can incorporate coding agents into your development workflows on {% data variables.product.github %}.' +product: '{% data reusables.gated-features.third-party-agents %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: concepts +--- + +> [!NOTE] Third-party coding agents are currently in {% data variables.release-phases.public_preview %}. + +## Introduction + +You can use third-party coding agents alongside {% data variables.copilot.copilot_coding_agent %} to work asynchronously on your development tasks. You can assign an existing issue or give a prompt to an agent, which will work on the required changes and create a pull request. When the agent finishes, it will request a review from you, and you can leave pull request comments to ask the agent to iterate. + +Coding agents are subject to the same security protections, mitigations, and limitations as {% data variables.copilot.copilot_coding_agent %}. To learn more about how you can use coding agents, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent). + +### Where you can use coding agents + +You can kick off tasks with coding agents in the following locations: + +* **The Agents tab**: Select an agent under the prompt box in the [Agents tab](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text&utm_source=docs-3p-agents-tab-cta&utm_medium=docs&utm_campaign=agent-3p-platform-feb-2026), then kick off a new task and watch the agent get to work on a pull request. +* **Issues**: Assign the agent to an existing issue in a repository. +* **Pull requests**: Mention `@AGENT_NAME` in a comment on an existing pull request to ask it to make changes. +* On [**{% data variables.product.prodname_mobile %}**](/copilot/how-tos/chat-with-copilot/chat-in-mobile): From the **Home** view, click {% octicon "plus" aria-hidden="true" aria-label="plus" %} to start a new agent session. +* In [**{% data variables.product.prodname_vscode %}**](https://code.visualstudio.com/docs/copilot/agents/overview#_create-an-agent-session): Start a new session in the chat view, or delegate an existing session to a different agent. + +### Making coding agents available + +> [!NOTE] +> * {% data reusables.gated-features.third-party-agents %} + +Before you can assign tasks to coding agents, they must be enabled. If you are a {% data variables.copilot.copilot_pro_plus %} subscriber, see [AUTOTITLE](/copilot/how-tos/manage-your-account/manage-policies#enabling-or-disabling-third-party-agents-in-your-repositories). + +For {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} subscribers, the ability to use {% data variables.copilot.copilot_coding_agent %} is controlled by policy settings defined at the organization level. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies). + +If the organization is owned by an enterprise, enablement may be controlled at the enterprise level. See [AUTOTITLE](/enterprise-cloud@latest/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies). + +## Supported coding agents + +The following third-party agents are supported on {% data variables.product.github %}: + +* [{% data variables.product.prodname_anthropic_claude %}](/copilot/concepts/agents/anthropic-claude) +* [{% data variables.product.prodname_openai_codex %}](/copilot/concepts/agents/openai-codex) + +## Usage costs + +Coding agents consume **{% data variables.product.prodname_actions %} minutes** and **{% data variables.product.prodname_copilot %} premium requests**. Each agent **session** consumes one premium request. + +Within your monthly usage allowance for {% data variables.product.prodname_actions %} and premium requests, you can ask agents to work on coding tasks without incurring any additional costs. + +For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-copilot/about-billing-for-github-copilot). + +## Next steps + +* To start managing agents, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/manage-agents). +* To learn how AI models are hosted and served, see [AUTOTITLE](/copilot/reference/ai-models/model-hosting). \ No newline at end of file diff --git a/content/copilot/concepts/agents/anthropic-claude.md b/content/copilot/concepts/agents/anthropic-claude.md new file mode 100644 index 000000000000..50cc23935a45 --- /dev/null +++ b/content/copilot/concepts/agents/anthropic-claude.md @@ -0,0 +1,23 @@ +--- +title: Anthropic Claude +shortTitle: Anthropic Claude +intro: 'Use the {% data variables.product.prodname_anthropic_claude %} coding agent powered by {% data variables.product.prodname_copilot_short %}.' +product: '{% data reusables.gated-features.anthropic-claude %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: concepts +--- + +> [!NOTE] The {% data variables.product.prodname_anthropic_claude %} coding agent is currently in {% data variables.release-phases.public_preview %}. + +## Introduction + +The {% data variables.product.prodname_anthropic_claude %} coding agent uses the Claude Agent SDK and can be powered by your existing {% data variables.product.prodname_copilot_short %} subscription. For information about {% data variables.product.prodname_anthropic_claude %}, see the [{% data variables.product.prodname_anthropic_claude %} documentation](https://platform.claude.com/docs/en/agent-sdk/overview). + +## {% data variables.product.prodname_anthropic_claude %} coding agent + +Before you can assign tasks to {% data variables.product.prodname_anthropic_claude %} coding agent, it must be enabled. See [AUTOTITLE](/copilot/how-tos/manage-your-account/manage-policies#enabling-or-disabling-third-party-agents-in-your-repositories). + +To learn more about using third-party coding agents, see [AUTOTITLE](/copilot/concepts/agents/about-third-party-agents). diff --git a/content/copilot/concepts/agents/code-review.md b/content/copilot/concepts/agents/code-review.md index 5d428c67f997..e84b81e61830 100644 --- a/content/copilot/concepts/agents/code-review.md +++ b/content/copilot/concepts/agents/code-review.md @@ -18,13 +18,9 @@ category: ## Introduction -{% data variables.product.prodname_copilot %} can review your code and provide feedback. Where possible, {% data variables.product.prodname_copilot_short %}'s feedback includes suggested changes which you can apply with a couple of clicks. +{% data variables.copilot.copilot_code-review_short %} reviews code written in any language, and provides feedback. It reviews your code from multiple angles to identify issues and suggest fixes. You can apply suggested changes with a couple of clicks. -{% data variables.product.prodname_copilot_short %} can review code written in any programming language. - -{% data variables.copilot.copilot_code-review_short %} acts as an intelligent agent, reviewing your code from various angles—such as planning, customizing, and deduplicating—to systematically uncover insights, identify issues, and suggest fixes. - -This article provides an overview of {% data variables.copilot.copilot_code-review_short %}. For instructions on how to request a code review from {% data variables.product.prodname_copilot_short %}, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/using-copilot-code-review). +This article provides an overview of {% data variables.copilot.copilot_code-review_short %}. To learn how to request a code review from {% data variables.product.prodname_copilot_short %}, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/using-copilot-code-review). ## Availability @@ -37,13 +33,51 @@ This article provides an overview of {% data variables.copilot.copilot_code-revi * Xcode * JetBrains IDEs -{% data variables.copilot.copilot_code-review_short %} is a premium feature, available with the {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, and {% data variables.copilot.copilot_enterprise_short %} plans. See [Copilot plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=purchase&ref_style=text). +{% data variables.copilot.copilot_code-review_short %} is a premium feature available with these plans: + +* {% data variables.copilot.copilot_pro_short %} +* {% data variables.copilot.copilot_pro_plus_short %} +* {% data variables.copilot.copilot_business_short %} +* {% data variables.copilot.copilot_enterprise_short %} + +See [{% data variables.product.prodname_copilot_short %} plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=purchase&ref_style=text). + +If you receive {% data variables.product.prodname_copilot_short %} from an organization, your organization must enable the **{% data variables.copilot.copilot_code-review_short %}** option in the {% data variables.product.prodname_copilot_short %} policy settings. This applies to reviews on {% data variables.product.prodname_dotcom_the_website %} or in {% data variables.product.prodname_mobile %}. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization). + +## {% data variables.copilot.copilot_code-review_short %} without a {% data variables.product.prodname_copilot_short %} license + +Organization members **without a {% data variables.product.prodname_copilot_short %} license** can use {% data variables.copilot.copilot_code-review_short %} on {% data variables.product.prodname_dotcom_the_website %}. An enterprise administrator or organization owner must enable it. This capability is available to organizations on **{% data variables.copilot.copilot_business_short %}** and **{% data variables.copilot.copilot_enterprise_short %}** plans. + +### Enabling code review for users without a license + +To allow organization members without a {% data variables.product.prodname_copilot_short %} license to use {% data variables.copilot.copilot_code-review_short %}, you must enable two policies: -If you receive {% data variables.product.prodname_copilot_short %} from an organization then, to be able to request a pull request review from {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %} or in {% data variables.product.prodname_mobile %}, the **{% data variables.copilot.copilot_code-review_short %}** option must be enabled in the {% data variables.product.prodname_copilot_short %} policy settings for the organization. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization). +1. **Premium request paid usage**. Enable this policy first. It allows the enterprise or organization to incur charges for {% data variables.copilot.copilot_code-review_short %} premium request usage. +1. **Allow members without a {% data variables.product.prodname_copilot_short %} license to use {% data variables.copilot.copilot_code-review_short %} in {% data variables.product.prodname_dotcom_the_website %}**. This sub-policy enables {% data variables.copilot.copilot_code-review_short %} for users without a license. + +The second policy has these characteristics: + +* It is disabled by default. +* Once this policy is set it at the enterprise level, it becomes **visible, but not editable** at the organization level. +* The policy is **most restrictive**. {% data variables.copilot.copilot_code-review_short %} is only available in repositories where you explicitly enable the policy. + +### How it works for users without a license + +When both policies are enabled, users without a {% data variables.product.prodname_copilot_short %} license can request a review from {% data variables.copilot.copilot_code-review_short %} on their pull requests in the organization's repositories. + +In repositories where automatic code review is enabled, {% data variables.product.prodname_copilot_short %} automatically reviews all pull requests. This happens regardless of whether the author has a {% data variables.product.prodname_copilot_short %} license. + +{% data variables.copilot.copilot_code-review_short %} for users without a license is not available in IDEs. ## Excluded files -Dependency management files (such as package.json and Gemfile.lock) and certain other types of files (such as log files and SVGs) are excluded from {% data variables.copilot.copilot_code-review_short %}. If you include any of these files in a pull request, {% data variables.copilot.copilot_code-review_short %} will not consider the file when carrying out the review. Similarly, using {% data variables.copilot.copilot_code-review_short %} on one of these files in your IDE, will not generate review comments. +Some file types are excluded from {% data variables.copilot.copilot_code-review_short %}: + +* Dependency management files, such as package.json and Gemfile.lock +* Log files +* SVG files + +If you include these file types in a pull request, {% data variables.copilot.copilot_code-review_short %} will not review the file. For more information, see [AUTOTITLE](/copilot/reference/review-excluded-files). @@ -52,18 +86,19 @@ For more information, see [AUTOTITLE](/copilot/reference/review-excluded-files). > [!NOTE] > > * The [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) apply to your use of this product. -> * These tools are enabled automatically for {% data variables.copilot.copilot_pro %} or {% data variables.copilot.copilot_pro_plus %} plans. -> * If you get a {% data variables.product.prodname_copilot_short %} subscription from an organization, you will only be able to participate in the {% data variables.release-phases.public_preview %} on the {% data variables.product.github %} website if an owner of your organization or enterprise has enabled **Copilot in GitHub.com > Opt in to preview features** in the **{% data variables.product.prodname_copilot %} policies** page of the organization or enterprise settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies). +> * {% data variables.copilot.copilot_code-review_short %} has several new tools that are in {% data variables.release-phases.public_preview %} and subject to change. + +If you get a {% data variables.product.prodname_copilot_short %} subscription from an organization, you can only participate in the {% data variables.release-phases.public_preview %} on the {% data variables.product.github %} website if an owner of your organization or enterprise has enabled using preview features. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies). -{% data variables.copilot.copilot_code-review_short %} has several new tools that are in {% data variables.release-phases.public_preview %} and subject to change. +These new tools are enabled automatically for {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plans. -* **Full project context gathering** to provide more specific, accurate, and contextually aware code reviews. -* **Support for static analysis tools like {% data variables.product.prodname_codeql %}, ESLint, and PMD** to deliver more high-signal, consistent findings for security and quality. -* **The ability to pass suggestions to {% data variables.copilot.copilot_coding_agent %}**, for automated creation of a new pull request against your branch with the suggested fixes applied. +* **Full project context gathering**. This provides more specific, accurate, and contextually aware code reviews. +* **Support for static analysis tools like {% data variables.product.prodname_codeql %}, ESLint, and PMD**. This delivers more high-signal, consistent findings for security and quality. +* **The ability to pass suggestions to {% data variables.copilot.copilot_coding_agent %}**. This automates creation of a new pull request against your branch with the suggested fixes applied. -You are not required to have {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_actions %} enabled in your organization or enterprise to use the {% data variables.copilot.copilot_code-review-tools_short %}. +You do not need to have {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_actions %} enabled in your organization or enterprise to use the {% data variables.copilot.copilot_code-review-tools_short %}. -In the event that {% data variables.product.prodname_actions %} is unavailable or if Actions workflows used by {% data variables.copilot.copilot_code-review_short %} fail, reviews will still be generated but without the additional features provided by the {% data variables.copilot.copilot_code-review-tools_short %}. +If {% data variables.product.prodname_actions %} is unavailable or if Actions workflows used by {% data variables.copilot.copilot_code-review_short %} fail, reviews will still be generated. However, they will not include the additional features provided by the {% data variables.copilot.copilot_code-review-tools_short %}. > [!NOTE] > @@ -73,11 +108,24 @@ In the event that {% data variables.product.prodname_actions %} is unavailable o ## Code review monthly quota -Each time {% data variables.product.prodname_copilot_short %} reviews a pull request, or reviews code in your IDE, your monthly quota of Copilot premium requests is reduced by one. +Each time {% data variables.product.prodname_copilot_short %} reviews a pull request or reviews code in your IDE, your monthly quota of {% data variables.product.prodname_copilot_short %} premium requests is reduced by one. -If a repository is configured to automatically request a code review from {% data variables.product.prodname_copilot_short %} for all new pull requests, the premium request usage is applied to the quota of the pull request author. If a pull request is created by {% data variables.product.prodname_actions %} or by a bot, the usage will apply to the user who triggered the workflow (if identifiable), or to a designated billing owner. +If a repository is configured to automatically request a code review from {% data variables.product.prodname_copilot_short %} for all new pull requests, the premium request usage is applied to the pull request author's quota. -When you reach your monthly quota you will not be able to get a code review from {% data variables.product.prodname_copilot_short %} until your quota resets—unless you upgrade your {% data variables.product.prodname_copilot_short %} plan or enable additional premium requests. +If a pull request is created by {% data variables.product.prodname_actions %} or by a bot, the usage will apply to: + +* The user who triggered the workflow, if that user can be identified. +* A designated billing owner. + +### What happens when you reach your quota + +When you reach your monthly quota, you will not be able to get a code review from {% data variables.product.prodname_copilot_short %} until your quota resets. To continue to use code reviews before your quota resets, you will need to upgrade your {% data variables.product.prodname_copilot_short %} plan or enable additional premium requests. + +### Quota for users without a {% data variables.product.prodname_copilot_short %} license + +Users without a {% data variables.product.prodname_copilot_short %} license do not have a monthly premium request quota. When {% data variables.copilot.copilot_code-review_short %} is enabled for these users, any premium requests they generate are billed directly to the organization or enterprise as paid overage usage. This applies to both manually requested reviews and automatic code reviews. + +Premium requests generated by users without a license are not attributed to any {% data variables.product.prodname_copilot_short %} plan quota. They appear as overage usage in billing reports and premium request analytics. Users with a {% data variables.product.prodname_copilot_short %} license continue to consume premium requests from their assigned plan quota. ## Model usage @@ -85,59 +133,62 @@ When you reach your monthly quota you will not be able to get a code review from {% data reusables.copilot.ccr-model-settings %} -## Providing instructions for {% data variables.product.prodname_copilot_short %} code reviews - -You can tailor the reviews that {% data variables.product.prodname_copilot_short %} generates by providing custom instructions. This helps {% data variables.product.prodname_copilot_short %} to review the code in a way that matches your team's coding standards, tools, and practices. See [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions?tool=webui) and [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-organization-instructions). - ## Validating {% data variables.product.prodname_copilot_short %} code reviews -{% data variables.product.prodname_copilot_short %} isn't guaranteed to spot all problems or issues in a pull request, and sometimes it will make mistakes. Always validate {% data variables.product.prodname_copilot_short %}'s feedback carefully, and supplement {% data variables.product.prodname_copilot_short %}'s feedback with a human review. +{% data variables.product.prodname_copilot_short %} is not guaranteed to spot all problems or issues in a pull request. Sometimes it will make mistakes. Always validate {% data variables.product.prodname_copilot_short %}'s feedback carefully. Supplement {% data variables.product.prodname_copilot_short %}'s feedback with a human review. For more information, see [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review). -## About automatic pull request reviews +## Enhancing {% data variables.product.prodname_copilot_short %}'s knowledge of a repository -By default, {% data variables.product.prodname_copilot_short %} will only review a pull request if it's assigned to the pull request in the same way you would assign a human reviewer. However: +The more {% data variables.product.prodname_copilot_short %} knows about the code in your repository, the tools you use, and your coding standards and practices, the more accurate and useful its reviews will become. You can enhance {% data variables.product.prodname_copilot_short %}'s knowledge of your repositories in two ways. -* Individual users on the {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests they create. -* Repository owners can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in the repository that are created by people with access to {% data variables.product.prodname_copilot_short %}. -* Organization owners can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in some or all of the repositories in the organization where the pull request is created by a {% data variables.product.prodname_copilot_short %} user. +### Custom instructions -### Triggering an automatic pull request review +These are short, natural-language statements that you write and store as one or more files in a repository. If you are the owner of an organization on {% data variables.product.github %}, you can also define custom instructions in the settings for your organization. For more information, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=webui#about-repository-custom-instructions). -The triggers for automatic code review depend on the configuration settings: +### {% data variables.copilot.copilot_memory %} ({% data variables.release-phases.public_preview %}) -* **Basic setting**: - * When a pull request is created as an "Open" pull request. - * The first time a "Draft" pull request is switched to "Open". -* **Review new pushes**: - * Every time a new commit is pushed to the pull request. -* **Review draft pull requests**: - * Pull requests are automatically reviewed while they are still drafts—before being switched to "Open". +If you have a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan, you can enable {% data variables.copilot.copilot_memory %}. This allows {% data variables.product.prodname_copilot_short %} to store useful details it has learned about a repository. {% data variables.product.prodname_copilot_short %} can then use this information when it reviews pull requests in that repository. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-memory). -> [!NOTE] -> Unless {% data variables.product.prodname_copilot_short %} has been configured to review each push to a pull request, it will only review the pull request once. If you make changes to the pull request after it has been automatically reviewed and you want {% data variables.product.prodname_copilot_short %} to re-review the pull request, you can request this manually. To do this, click the {% octicon "sync" aria-label="Re-request review" %} button next to {% data variables.product.prodname_copilot_short %}'s name in the **Reviewers** menu. +## About automatic pull request reviews -### Limits on automatic pull request reviews +By default, {% data variables.product.prodname_copilot_short %} only reviews a pull request if you assign it to the pull request. However, you can configure automatic reviews. -{% data variables.copilot.copilot_code-review_short %} is a premium feature with a per-person monthly quota. When {% data variables.product.prodname_copilot_short %} carries out an automatic review, it uses one premium request from the quota of the user who created the pull request. For more information, see [AUTOTITLE](/copilot/concepts/agents/code-review#code-review-monthly-quota). +* **Individual users** on the {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests they create. +* **Repository owners** can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in the repository that are created by people with access to {% data variables.product.prodname_copilot_short %}. +* **Organization owners** can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in some or all of the repositories in the organization where the pull request is created by a {% data variables.product.prodname_copilot_short %} user. + +### Triggering an automatic pull request review -## Configuring automatic pull request reviews +The triggers for automatic code review depend on the configuration settings. -For details of how to configure {% data variables.product.prodname_copilot_short %} to automatically review new pull requests, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/configuring-automatic-code-review-by-copilot). +* Basic setting: + * When you create a pull request as an "Open" pull request. + * The first time you switch a "Draft" pull request to "Open". +* Review new pushes: + * Every time you push a new commit to the pull request. +* Review draft pull requests: + * Pull requests are automatically reviewed while they are still drafts, before you switch them to "Open". + +For full instructions, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/configuring-automatic-code-review-by-copilot). + +> [!NOTE] +> Unless {% data variables.product.prodname_copilot_short %} has been configured to review each push to a pull request, it will only review a pull request once. If you make changes to the pull request after it has been automatically reviewed and you want {% data variables.product.prodname_copilot_short %} to re-review it, you can request this manually. Click the {% octicon "sync" aria-label="Re-request review" %} button next to {% data variables.product.prodname_copilot_short %}'s name in the **Reviewers** menu. ## About static analysis tools -You can enable static analysis tools in {% data variables.copilot.copilot_code-review_short %} to enhance its ability to identify and fix issues. Available tools include: +Enable static analysis tools in {% data variables.copilot.copilot_code-review_short %} to enhance its ability to identify and fix issues. Available tools include: + * **{% data variables.product.prodname_codeql %}**: A code analysis engine that identifies security vulnerabilities. For more information, see [About {% data variables.product.prodname_codeql %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql). -* **ESLint**: A linter designed specifically for JavaScript. For more information, see [Core Concepts](https://eslint.org/docs/latest/use/core-concepts/) in the the ESLint documentation. -* **PMD**: A static code analyzer that focuses on Java and Apex, but also supports many other languages. For more information, see the [PMD documentation](https://docs.pmd-code.org/latest/). +* **ESLint**: A linter designed specifically for JavaScript. See [Core Concepts](https://eslint.org/docs/latest/use/core-concepts/) in the the ESLint documentation. +* **PMD**: A static code analyzer that focuses on Java and Apex. It also supports many other languages. See the [PMD documentation](https://docs.pmd-code.org/latest/). -If you have access to {% data variables.copilot.copilot_code-review-tools_short %}, {% data variables.product.prodname_codeql %} is enabled by default, while ESLint and PMD are disabled. Additionally, if you have access to rulesets, you can change your selected tools. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/request-a-code-review/manage-tools). +If you have access to {% data variables.copilot.copilot_code-review-tools_short %}, {% data variables.product.prodname_codeql %} is enabled by default. ESLint and PMD are disabled. If you have access to rulesets, you can change your selected tools. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/request-a-code-review/manage-tools). ## Getting detailed code quality feedback for your whole repository -{% data variables.copilot.copilot_code-review %} reviews your code in pull requests and provides feedback. If you want to surface actionable feedback on the reliability and maintainability of your whole repository, enable {% data variables.product.prodname_code_quality %}. See [AUTOTITLE](/code-security/code-quality/concepts/about-code-quality). +{% data variables.copilot.copilot_code-review %} reviews your code in pull requests and provides feedback. If you want actionable feedback on the reliability and maintainability of your whole repository, enable {% data variables.product.prodname_code_quality %}. See [AUTOTITLE](/code-security/code-quality/concepts/about-code-quality). ## Further reading diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md index df708bbd3410..b3f0a3d9b17f 100644 --- a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md +++ b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md @@ -17,7 +17,7 @@ redirect_from: - /copilot/concepts/coding-agent/about-copilot-coding-agent - /copilot/concepts/coding-agent/coding-agent contentType: concepts -category: +category: - Learn about Copilot --- @@ -43,8 +43,6 @@ To delegate tasks to {% data variables.copilot.copilot_coding_agent %}, you can: While working on a coding task, {% data variables.copilot.copilot_coding_agent %} has access to its own ephemeral development environment, powered by {% data variables.product.prodname_actions %}, where it can explore your code, make changes, execute automated tests and linters and more. -You can also create {% data variables.copilot.custom_agents_short %} to tailor {% data variables.product.prodname_copilot_short %}'s behavior for specific workflows, coding conventions, or specialized tasks. {% data variables.copilot.custom_agents_caps_short %} allow you to define multiple specialized versions of the coding agent—such as a frontend reviewer, test generator, or security auditor—each with their own prompts, tools, and capabilities. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). - ### Benefits over traditional AI workflows When used effectively, {% data variables.copilot.copilot_coding_agent %} offers productivity benefits over traditional AI assistants in IDEs: @@ -53,11 +51,11 @@ When used effectively, {% data variables.copilot.copilot_coding_agent %} offers * With **{% data variables.copilot.copilot_coding_agent %}**, all coding and iterating happens **on {% data variables.product.github %}** as part of the pull request workflow. You can create multiple {% data variables.copilot.custom_agents_short %} that specialize in different types of tasks. {% data variables.product.prodname_copilot_short %} **automates** branch creation, commit message writing and pushing, PR opening, and PR description writing. Developers let the agents **work in the background** and then steer {% data variables.product.prodname_copilot_short %} to a final solution using PR reviews. Working on {% data variables.product.github %} adds **transparency**, with every step happening in a commit and being viewable in logs, and opens up **collaboration** opportunities for the entire team. -### {% data variables.copilot.copilot_coding_agent %} versus agent mode +## {% data variables.copilot.copilot_coding_agent %} versus agent mode {% data variables.copilot.copilot_coding_agent %} is distinct from the "agent mode" feature available in your IDE. {% data variables.copilot.copilot_coding_agent %} works autonomously in a {% data variables.product.prodname_actions %}-powered environment to complete development tasks assigned through {% data variables.product.github %} issues or {% data variables.copilot.copilot_chat %} prompts, and creates pull requests with the results. In contrast, agent mode in your IDE makes autonomous edits directly in your local development environment. For more information about agent mode, see [AUTOTITLE](/copilot/using-github-copilot/copilot-chat/asking-github-copilot-questions-in-your-ide). -### Streamlining software development with {% data variables.copilot.copilot_coding_agent %} +## Streamlining software development with {% data variables.copilot.copilot_coding_agent %} Assigning tasks to {% data variables.copilot.copilot_coding_agent %} can enhance your software development workflow. @@ -69,11 +67,11 @@ Having {% data variables.copilot.copilot_coding_agent %} as an additional coding You can create specialized {% data variables.copilot.custom_agents_short %} for different tasks. For example, you might create a {% data variables.copilot.copilot_custom_agent_short %} specialized for frontend development that focuses on React components and styling, a documentation agent that excels at writing and updating technical documentation, or a testing agent that specializes in generating comprehensive unit tests. Each {% data variables.copilot.copilot_custom_agent_short %} can be tailored with specific prompts and tools suited to its particular task. -### Integrating {% data variables.copilot.copilot_coding_agent %} with third-party tools +## Integrating {% data variables.copilot.copilot_coding_agent %} with third-party tools You can also invoke {% data variables.copilot.copilot_coding_agent %} from external tools, allowing you to assign tasks to {% data variables.product.prodname_copilot_short %}, provide context, and open pull requests without leaving your workflow. See [AUTOTITLE](/copilot/concepts/tools/about-copilot-integrations) -### Making {% data variables.copilot.copilot_coding_agent %} available +## Making {% data variables.copilot.copilot_coding_agent %} available Before you can assign tasks to {% data variables.copilot.copilot_coding_agent %}, it must be enabled. @@ -85,6 +83,26 @@ Repository owners can choose to opt out some or all repositories from {% data va For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/managing-access). +## AI models for {% data variables.copilot.copilot_coding_agent %} + +{% data variables.copilot.copilot_pro %} and {% data variables.copilot.copilot_pro_plus %} users can select the model used by {% data variables.copilot.copilot_coding_agent %}. You may find that different models perform better, or provide more useful responses, depending on the type of tasks you give {% data variables.product.prodname_copilot_short %}. + +Support for selecting a model is coming soon for {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} users. Until then, for these users, {% data variables.copilot.copilot_coding_agent %} will use {% data variables.copilot.copilot_claude_sonnet_45 %}. {% data variables.product.company_short %} reserves the right to change the model used at any time. + +For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model). + +## Enhancing {% data variables.copilot.copilot_coding_agent %}'s knowledge of a repository + +The more {% data variables.copilot.copilot_coding_agent %} knows about the code in your repository, the tools you use, and your coding standards and practices, the more effective it will become. There are two ways you can enhance {% data variables.copilot.copilot_coding_agent %}'s knowledge of a repository. + +* **Custom instructions** + + These are short, natural‑language statements that you write and store as one or more files in a repository. If you are the owner of an organization on {% data variables.product.github %} you can also define custom instructions in the settings for your organization. For more information, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=webui#about-repository-custom-instructions). + +* **{% data variables.copilot.copilot_memory %}** ({% data variables.release-phases.public_preview %}) + + If you have a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan, you can enable {% data variables.copilot.copilot_memory %}. This allows {% data variables.product.prodname_copilot_short %} to store useful details it has worked out for itself about a repository. {% data variables.copilot.copilot_coding_agent %} can then use this information when it is working in that repository. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-memory). + ## {% data variables.copilot.copilot_coding_agent %} usage costs {% data variables.copilot.copilot_coding_agent %} uses {% data variables.product.prodname_actions %} minutes and {% data variables.product.prodname_copilot_short %} premium requests. @@ -93,6 +111,16 @@ Within your monthly usage allowance for {% data variables.product.prodname_actio For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-copilot/about-billing-for-github-copilot#allowance-usage-for-copilot-coding-agent). +## Customizing {% data variables.copilot.copilot_coding_agent %} + +You can customize {% data variables.copilot.copilot_coding_agent %} in a number of ways: + +* **Custom instructions**: Custom instructions allow you to give {% data variables.product.prodname_copilot_short %} additional context on your project and how to build, test and validate its changes. For more information, see [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions). +* **Model Context Protocol (MCP) servers**: MCP servers allow you to give {% data variables.product.prodname_copilot_short %} access to different data sources and tools. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp). +* **{% data variables.copilot.custom_agents_caps_short %}**: {% data variables.copilot.custom_agents_caps_short %} allow you to create different specialized versions of {% data variables.product.prodname_copilot_short %} for different tasks. For example, you could customize {% data variables.product.prodname_copilot_short %} to be an expert frontend engineer following your team's guidelines. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). +* **Hooks**: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks). +* **Skills**: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills). + ## Built-in security protections Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.copilot.copilot_coding_agent %} has a strong base of built-in security protections that you can supplement by following best practice guidance. @@ -146,19 +174,15 @@ Users can include hidden messages in issues assigned to {% data variables.copilo ### Limitations in {% data variables.copilot.copilot_coding_agent %}'s software development workflow -* **{% data variables.product.prodname_copilot_short %} can only make changes in the same repository where it is creating its pull request**. When {% data variables.product.prodname_copilot_short %} is assigned an issue, it can only make changes in the repository where that issue is located. In addition, {% data variables.product.prodname_copilot_short %} cannot make changes across multiple repositories in one run. -* **{% data variables.product.prodname_copilot_short %} can only access context in the same repository as the assigned issue**. By default, an integration with the {% data variables.product.prodname_copilot_short %} MCP server provides {% data variables.product.prodname_copilot_short %} access to one repository at a time. You can, however, configure broader access. See [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp). +* **{% data variables.product.prodname_copilot_short %} can only make changes in the repository specified when you start a task**. {% data variables.product.prodname_copilot_short %} cannot make changes across multiple repositories in one run. +* **By default, {% data variables.product.prodname_copilot_short %} can only access context in the repository specified when you start a task**. The {% data variables.product.prodname_copilot_short %} MCP server is configured by default to allow {% data variables.product.prodname_copilot_short %} to access context (for example issues and historic pull requests) in the repository where it is working. You can, however, configure broader access. See [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp). * **{% data variables.product.prodname_copilot_short %} can only open one pull request at a time**. {% data variables.product.prodname_copilot_short %} will open exactly one pull request to address each task it is assigned. ### Limitations in {% data variables.copilot.copilot_coding_agent %}'s compatibility with other features * **{% data variables.product.prodname_copilot_short %} isn't able to comply with certain rules that may be configured for your repository**. If you have configured a ruleset or branch protection rule that isn't compatible with {% data variables.copilot.copilot_coding_agent %} (for example the "Require signed commits" rule), access to the agent will be blocked. If the rule is configured using rulesets, you can add {% data variables.product.prodname_copilot_short %} as a bypass actor to enable access. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset). -* **{% data variables.copilot.copilot_coding_agent %} does not work in personal repositories owned by {% data variables.enterprise.prodname_managed_users %}**. This is because {% data variables.copilot.copilot_coding_agent %} requires {% data variables.product.company_short %}-hosted runners, which are not available to personal repositories owned by {% data variables.enterprise.prodname_managed_users %}. See [AUTOTITLE](/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners). * **{% data variables.copilot.copilot_coding_agent %} doesn't account for content exclusions**. Content exclusions allow administrators to configure {% data variables.product.prodname_copilot_short %} to ignore certain files. When using {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot_short %} will not ignore these files, and will be able to see and update them. See [AUTOTITLE](/copilot/managing-copilot/configuring-and-auditing-content-exclusion/excluding-content-from-github-copilot). * **{% data variables.copilot.copilot_coding_agent %} only works with repositories hosted on {% data variables.product.github %}**. If your repository is stored using a different code hosting platform, {% data variables.product.prodname_copilot_short %} won't be able to work on it. -* **You cannot select the AI model used by {% data variables.copilot.copilot_coding_agent %}**. A model picker is not available to switch between models, and {% data variables.product.company_short %} reserves the right to change models at any time. - - Currently, {% data variables.copilot.copilot_coding_agent %} uses {% data variables.copilot.copilot_claude_sonnet_45 %}. ## Hands-on practice diff --git a/content/copilot/concepts/agents/coding-agent/about-custom-agents.md b/content/copilot/concepts/agents/coding-agent/about-custom-agents.md index e0f0f3964ec6..74a30030372d 100644 --- a/content/copilot/concepts/agents/coding-agent/about-custom-agents.md +++ b/content/copilot/concepts/agents/coding-agent/about-custom-agents.md @@ -1,34 +1,38 @@ --- title: About custom agents shortTitle: Custom agents -intro: '{% data variables.copilot.custom_agents_caps_short %} enhance {% data variables.copilot.copilot_coding_agent %} with specialized assistance tailored to your needs.' +intro: '{% data variables.copilot.custom_agents_caps_short %} enhance {% data variables.copilot.copilot_coding_agent %} with assistance tailored to your needs.' product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' versions: feature: copilot topics: - Copilot +category: + - Learn about Copilot --- ## About {% data variables.copilot.custom_agents_short %} -{% data variables.copilot.custom_agents_caps_short %} are specialized versions of {% data variables.copilot.copilot_coding_agent %} that you can tailor to your unique workflows, coding conventions, and use cases. Instead of repeatedly providing the same instructions and context, {% data variables.copilot.custom_agents_short %} allow you to define specialized agents that act like tailored teammates—following standards, using the right tools, and implementing team-specific practices. +{% data variables.copilot.custom_agents_caps_short %} are specialized versions of {% data variables.copilot.copilot_coding_agent %} that you can tailor to your unique workflows, coding conventions, and use cases. They act like tailored teammates that follow your standards, use the right tools, and implement team-specific practices. You define these agents once instead of repeatedly providing the same instructions and context. -{% data variables.copilot.custom_agents_caps_short %} are defined using Markdown files, called {% data variables.copilot.agent_profiles %}, that specify prompts, tools, and MCP servers. This allows individuals and teams to encode their conventions, frameworks, and desired outcomes directly into {% data variables.product.prodname_copilot_short %}. The {% data variables.copilot.agent_profile %} serves as the artifact that defines the {% data variables.copilot.copilot_custom_agent_short %}'s behavior, and assigning the agent to a task or issue instantiates the {% data variables.copilot.copilot_custom_agent_short %}. +You define {% data variables.copilot.custom_agents_short %} using Markdown files called {% data variables.copilot.agent_profiles %}. These files specify prompts, tools, and MCP servers. This allows you to encode your conventions, frameworks, and desired outcomes directly into {% data variables.product.prodname_copilot_short %}. + +The {% data variables.copilot.agent_profile %} defines the {% data variables.copilot.copilot_custom_agent_short %}'s behavior. When you assign the agent to a task or issue, it instantiates the {% data variables.copilot.copilot_custom_agent_short %}. ## {% data variables.copilot.agent_profile_caps %} format {% data variables.copilot.agent_profiles_caps %} are Markdown files with YAML frontmatter. In their simplest form, they include: -* **Name**: A unique identifier for the {% data variables.copilot.copilot_custom_agent_short %} -* **Description**: Explains the agent's purpose and capabilities -* **Prompt**: Custom instructions that define the agent's behavior and expertise -* **Tools**: Specific tools the agent can access. This is optional, and the default is access to all available tools, including built-in tools and MCP server tools. +* **Name**: A unique identifier for the {% data variables.copilot.copilot_custom_agent_short %}. +* **Description**: Explains the agent's purpose and capabilities. +* **Prompt**: Custom instructions that define the agent's behavior and expertise. +* **Tools** (optional): Specific tools the agent can access. By default, agents can access all available tools, including built-in tools and MCP server tools. -Organization and enterprise-level {% data variables.copilot.agent_profiles %} can also include MCP server configurations within the {% data variables.copilot.agent_profile %}, using the `mcp-server` property. +Organization and enterprise-level {% data variables.copilot.agent_profiles %} can also include MCP server configurations using the `mcp-server` property. ### Example {% data variables.copilot.agent_profile %} -This is a basic {% data variables.copilot.agent_profile %} with name, description, and prompt configured. +This example is a basic {% data variables.copilot.agent_profile %} with name, description, and prompt configured. ```text --- @@ -49,18 +53,27 @@ Focus on the following instructions: ## Where you can configure {% data variables.copilot.custom_agents_short %} -You can define {% data variables.copilot.agent_profiles %} at the repository level (`.github/agents/CUSTOM-AGENT-NAME.md` in your repository) for project-specific agents, or at the organization or enterprise level (`/agents/CUSTOM-AGENT-NAME.md` in a `.github-private` repository) for broader availability. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents). +You can define {% data variables.copilot.agent_profiles %} at different levels: + +* **Repository level**: Create `.github/agents/CUSTOM-AGENT-NAME.md` in your repository for project-specific agents. +* **Organization or enterprise level**: Create `/agents/CUSTOM-AGENT-NAME.md` in a `.github-private` repository for broader availability. + +For more information, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents). ## Where you can use {% data variables.copilot.custom_agents_short %} {% data reusables.copilot.custom-agents-ide-preview %} -Once created, your {% data variables.copilot.custom_agents_short %} are available wherever you can use {% data variables.copilot.copilot_coding_agent %}, including {% data variables.product.prodname_dotcom_the_website %} (the agents tab and panel, issue assignment, pull requests), the {% data variables.copilot.copilot_cli %}, and in {% data variables.product.prodname_vscode %}, JetBrains IDEs, Eclipse, and Xcode. +Once you create {% data variables.copilot.custom_agents_short %}, you can use them wherever {% data variables.copilot.copilot_coding_agent %} is available: + +* {% data variables.product.prodname_dotcom_the_website %}: The agents tab and panel, issue assignment, and pull requests +* {% data variables.copilot.copilot_cli %} +* IDEs: {% data variables.product.prodname_vscode %}, JetBrains IDEs, Eclipse, and Xcode -{% data variables.copilot.agent_profiles_caps %} can be used directly in {% data variables.product.prodname_vscode %}, JetBrains IDEs, Eclipse, and Xcode, though some properties may function differently, or be ignored, between environments. +You can use {% data variables.copilot.agent_profiles %} directly in {% data variables.product.prodname_vscode %}, JetBrains IDEs, Eclipse, and Xcode. Some properties may function differently or be ignored between environments. -For more information on using {% data variables.copilot.custom_agents_short %} in {% data variables.product.prodname_vscode %} specifically, see [{% data variables.copilot.custom_agents_caps_short %} in {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/docs/copilot/customization/custom-agents) in the {% data variables.product.prodname_vscode_shortname %} documentation. +For more information on using {% data variables.copilot.custom_agents_short %} in {% data variables.product.prodname_vscode %}, see [{% data variables.copilot.custom_agents_caps_short %} in {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/docs/copilot/customization/custom-agents). ## Next steps -To start creating your own {% data variables.copilot.custom_agents_short %}, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). +To create your own {% data variables.copilot.custom_agents_short %}, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). diff --git a/content/copilot/concepts/agents/coding-agent/about-hooks.md b/content/copilot/concepts/agents/coding-agent/about-hooks.md new file mode 100644 index 000000000000..b0004f92764f --- /dev/null +++ b/content/copilot/concepts/agents/coding-agent/about-hooks.md @@ -0,0 +1,164 @@ +--- +title: About hooks +shortTitle: Hooks +intro: 'Extend and customize {% data variables.product.prodname_copilot %} agent behavior by executing custom shell commands at key points during agent execution.' +product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: concepts +category: + - Configure Copilot +--- + +## About hooks + +Hooks enable you to execute custom shell commands at strategic points in an agent's workflow, such as when an agent session starts or ends, or before and after a prompt is entered or a tool is called. + +Hooks receive detailed information about agent actions via JSON input, enabling context-aware automation. For example, you can use hooks to: + +* Programmatically approve or deny tool executions. +* Utilize built-in security features like secret scanning to prevent credential leaks. +* Implement custom validation rules and audit logging for compliance. + +{% data variables.product.prodname_copilot_short %} agents support hooks stored in JSON files in your repository at `.github/hooks/*.json`. + +Hooks are available for use with: + +* {% data variables.copilot.copilot_coding_agent %} on {% data variables.product.github %} +* {% data variables.copilot.copilot_cli %} in the terminal + +## Types of hooks + +The following types of hooks are available: + +* **sessionStart**: Executed when a new agent session begins or when resuming an existing session. Can be used to initialize environments, log session starts for auditing, validate project state, and set up temporary resources. +* **sessionEnd**: Executed when the agent session completes or is terminated. Can be used to cleanup temporary resources, generate and archive session reports and logs, or send notifications about session completion. +* **userPromptSubmitted**: Executed when the user submits a prompt to the agent. Can be used to log user requests for auditing and usage analysis. +* **preToolUse**: Executed before the agent uses any tool (such as `bash`, `edit`, `view`). This is the most powerful hook as it can **approve or deny tool executions**. Use this hook to block dangerous commands, enforce security policies and coding standards, require approval for sensitive operations, or log tool usage for compliance. +* **postToolUse**: Executed after a tool completes execution (whether successful or failed). Can be used to log execution results, track usage statistics, generate audit trails, monitor performance metrics, and send failure alerts. +* **errorOccurred**: Executed when an error occurs during agent execution. Can be used to log errors for debugging, send notifications, track error patterns, and generate reports. + +To see a complete reference of hook types with example use cases, best practices, and advanced patterns, see [AUTOTITLE](/copilot/reference/hooks-configuration). + +## Hook configuration format + +You configure hooks using a special JSON format. The JSON must contain a `version` field with a value of `1` and a `hooks` object containing arrays of hook definitions. + +```json copy +{ + "version": 1, + "hooks": { + "sessionStart": [ + { + "type": "command", + "bash": "string (optional)", + "powershell": "string (optional)", + "cwd": "string (optional)", + "env": { "KEY": "value" }, + "timeoutSec": 30 + } + ], + } +} +``` + +The hook object can contain the following keys: + +| Property | Required | Description | +| --- | --- | --- | +| `type` | Yes | Must be `"command"` | +| `bash` | Yes (on Unix systems) | Path to the bash script to execute | +| `powershell` | Yes (on Windows) | Path to the PowerShell script to execute | +| `cwd` | No | Working directory for the script (relative to repository root) | +| `env` | No | Additional environment variables that are merged with the existing environment | +| `timeoutSec` | No | Maximum execution time in seconds (default: 30) | + +## Example hook configuration file + +This is an example configuration file that lives in `~/.github/hooks/project-hooks.json` within a repository. + +```json copy +{ + "version": 1, + "hooks": { + "sessionStart": [ + { + "type": "command", + "bash": "echo \"Session started: $(date)\" >> logs/session.log", + "powershell": "Add-Content -Path logs/session.log -Value \"Session started: $(Get-Date)\"", + "cwd": ".", + "timeoutSec": 10 + } + ], + "userPromptSubmitted": [ + { + "type": "command", + "bash": "./scripts/log-prompt.sh", + "powershell": "./scripts/log-prompt.ps1", + "cwd": "scripts", + "env": { + "LOG_LEVEL": "INFO" + } + } + ], + "preToolUse": [ + { + "type": "command", + "bash": "./scripts/security-check.sh", + "powershell": "./scripts/security-check.ps1", + "cwd": "scripts", + "timeoutSec": 15 + }, + { + "type": "command", + "bash": "./scripts/log-tool-use.sh", + "powershell": "./scripts/log-tool-use.ps1", + "cwd": "scripts" + } + ], + "postToolUse": [ + { + "type": "command", + "bash": "cat >> logs/tool-results.jsonl", + "powershell": "$input | Add-Content -Path logs/tool-results.jsonl" + } + ], + "sessionEnd": [ + { + "type": "command", + "bash": "./scripts/cleanup.sh", + "powershell": "./scripts/cleanup.ps1", + "cwd": "scripts", + "timeoutSec": 60 + } + ] + } +} +``` + +## Performance considerations + +Hooks run synchronously and block agent execution. To ensure a responsive experience, keep the following considerations in mind: + +* **Minimize execution time**: Keep hook execution time under 5 seconds when possible. +* **Optimize logging**: Use asynchronous logging, like appending to files, rather than synchronous I/O. +* **Use background processing**: For expensive operations, consider background processing. +* **Cache results**: Cache expensive computations when possible. + +## Security considerations + +To ensure security is maintained when using hooks, keep the following considerations in mind: + +* **Always validate and sanitize the input processed by hooks**. Untrusted input could lead to unexpected behavior. +* **Use proper shell escaping when constructing commands**. This prevents command injection vulnerabilities. +* **Never log sensitive data, such as tokens or passwords**. +* **Ensure hook scripts and logs have the appropriate permissions**. +* **Be cautious with hooks that make external network calls**. These can introduce latency, failures, or expose data to third parties. +* **Set appropriate timeouts to prevent resource exhaustion**. Long-running hooks can block agent execution and degrade performance. + +## Next steps + +To start creating hooks, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks). + diff --git a/content/copilot/concepts/agents/coding-agent/agent-management.md b/content/copilot/concepts/agents/coding-agent/agent-management.md index acedeaa85039..7186ffa9ef42 100644 --- a/content/copilot/concepts/agents/coding-agent/agent-management.md +++ b/content/copilot/concepts/agents/coding-agent/agent-management.md @@ -1,7 +1,7 @@ --- title: About agent management shortTitle: Agent management -intro: 'Use one centralized control page to jump between {% data variables.copilot.copilot_coding_agent %} sessions, check progress, and stay in control without losing your place.' +intro: 'Use one centralized control page to jump between agent sessions, check progress, and stay in control without losing your place.' product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' versions: feature: copilot @@ -10,13 +10,22 @@ topics: redirect_from: - /copilot/concepts/agents/coding-agent/managing-agents contentType: concepts +category: + - Learn about Copilot + - Author and optimize with Copilot --- ## About agents AI agents are autonomous systems that can evaluate their environment, make decisions, and take actions to complete tasks. Agents can break down complex tasks into steps, use various tools and resources, plan their approach, and adapt based on human feedback until they accomplish their assigned objective. -{% data variables.copilot.copilot_coding_agent %} brings automation and assistance to every stage of the software development process on {% data variables.product.github %}. You can run multiple sessions of {% data variables.copilot.copilot_coding_agent %} concurrently, allowing you to efficiently delegate work items. Utilizing {% data variables.copilot.custom_agents_short %} you can build out a team of task-specific agents with customized system prompts to handle simpler tasks like writing tests and refactoring, giving you bandwidth to prioritize problem-solving and collaboration. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). +Agents bring automation and assistance to every stage of the software development process on {% data variables.product.github %}. You can run multiple agent sessions concurrently, allowing you to efficiently delegate work items. + +Alongside {% data variables.product.prodname_copilot_short %}, you can use {% data variables.product.prodname_anthropic_claude %} and {% data variables.product.prodname_openai_codex %}, giving you more flexibility and choice to find the right agent for a task. See [AUTOTITLE](/copilot/concepts/agents/about-third-party-agents). + +Utilizing {% data variables.copilot.custom_agents_short %} you can build out a team of task-specific agents with customized system prompts to handle simpler tasks like writing tests and refactoring, giving you bandwidth to prioritize problem-solving and collaboration. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). + +Model choice allows you to choose from a selection of AI models to use with your agents, each with its own particular strengths. See [AUTOTITLE](/copilot/reference/ai-models/supported-models). To learn more about {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent). @@ -26,12 +35,13 @@ To learn more about {% data variables.copilot.copilot_coding_agent %}, see [AUTO From the Agents tab, you can: -* **Kick off new agent tasks**: Select any repository you have write access to, and optionally choose from {% data variables.copilot.custom_agents_short %} best suited for the task. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr). -* **Review the live session log, diff, and overview of changes**: Once {% data variables.product.prodname_copilot_short %} starts working, you can open the agent session to monitor agent activity. -* **Steer agents mid-session**: If you realize you didn't scope a request correctly, or want {% data variables.product.prodname_copilot_short %} to use a specific tool or service, you can step in and provide **steering input** without stopping the run. Steering uses **one premium request** per message. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions#steering-a-copilot-session-from-the-agents-tab). -* **Open a session in {% data variables.product.prodname_vscode_shortname %}**: When you want to start working on changes to an agent session in your local development environment, click the "Open in {% data variables.product.prodname_vscode_shortname %} Insiders" button to open the session in {% data variables.product.prodname_vscode_shortname %}. +* **Kick off new agent tasks**: Select an AI model of your choice, and optionally choose from third-party agents or {% data variables.copilot.custom_agents_short %} best suited for the task. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr). +* **Monitor live session logs**: Once the agent starts working, you can click any agent session to open the session log and follow its progress and thought process in real time. +* **Track active sessions**: You can view all active agent sessions that have been started in the repository. +* **Steer agents mid-session**: If you realize you didn't scope a request correctly, or want the agent to use a specific tool or service, you can step in and provide **steering input** without stopping the run. Steering uses **one premium request** per message. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions#steering-a-copilot-session-from-the-agents-tab). +* **Open a session in {% data variables.product.prodname_vscode_shortname %} or {% data variables.copilot.copilot_cli %}**: When you want to start working on changes to an agent session in your local development environment, click **{% octicon "vscode" aria-label="VS Code" %} Open in {% data variables.product.prodname_vscode_shortname %}** or **{% octicon "agent" aria-label="Agent" %} Continue in {% data variables.copilot.copilot_cli %}** to bring the session to your local machine. {% data reusables.copilot.coding-agent.use-latest-vscode %} -* **Review and merge agent code**: Once {% data variables.product.prodname_copilot_short %} completes a session, you can read a summary of the changes it made and scan the diff of the pull request to see if you want to request further improvements. If the changes look ready for a final review, you can jump right into the pull request from the agent session view to approve and merge. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs). +* **Review and merge agent code**: Once the agent completes a session, you can jump to the pull request to review the changes, request further improvements, or approve and merge. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs). ## Next steps diff --git a/content/copilot/concepts/agents/coding-agent/index.md b/content/copilot/concepts/agents/coding-agent/index.md index f295144cabd6..891b75fd423e 100644 --- a/content/copilot/concepts/agents/coding-agent/index.md +++ b/content/copilot/concepts/agents/coding-agent/index.md @@ -11,6 +11,7 @@ children: - /about-coding-agent - /agent-management - /about-custom-agents + - /about-hooks - /access-management - /mcp-and-coding-agent contentType: concepts diff --git a/content/copilot/concepts/agents/copilot-memory.md b/content/copilot/concepts/agents/copilot-memory.md new file mode 100644 index 000000000000..0e882182d1ff --- /dev/null +++ b/content/copilot/concepts/agents/copilot-memory.md @@ -0,0 +1,73 @@ +--- +title: About agentic memory for GitHub Copilot +shortTitle: Copilot Memory +allowTitleToDifferFromFilename: true +intro: 'Find out how {% data variables.product.prodname_copilot_short %} can store details it has learned about a codebase and use that knowledge for future work in a repository.' +product: '{% data reusables.gated-features.copilot-memory %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: concepts +category: + - Learn about Copilot +--- + +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. + +## Introduction + +As a developer, when you start working on an existing codebase—perhaps as a new member of the development team—you can read the README for the repository, the coding conventions documentation, and other information to help you understand the repository and how you should work when updating or adding code. This will help you submit good quality pull requests. However, the quality of work you're able to deliver will steadily improve as you work on the codebase and learn more about it. In the same way, by allowing {% data variables.product.prodname_copilot_short %} to build its own understanding of your repository, you can enable it to become increasingly effective over time. + +Copilot can develop a persistent understanding of a repository by storing "memories." + +Memories are tightly scoped pieces of information about a repository, that are deduced by Copilot as it works on the repository. Memories are: + +* Repository-specific. +* Only created in response to {% data variables.product.prodname_copilot_short %} activity initiated by users who have had {% data variables.copilot.copilot_memory %} enabled. + +Memories created by one part of {% data variables.product.prodname_copilot_short %} can be used by another part of {% data variables.product.prodname_copilot_short %}. So, for example, if {% data variables.copilot.copilot_coding_agent %} discovers how your repository handles database connections, {% data variables.copilot.copilot_code-review_short %} can later apply that knowledge to spot inconsistent patterns in a pull request it is reviewing. Similarly, if {% data variables.copilot.copilot_code-review_short %} learns about settings that must stay synchronized in two separate files, then {% data variables.copilot.copilot_coding_agent %} will know that if it alters the settings in one of those files it must update the other file accordingly. + +## Benefits of using {% data variables.copilot.copilot_memory %} + +AI that is stateless and doesn't retain an understanding of a codebase between separate human/AI interactions, requires you either to repeatedly explain coding conventions and important details about specific code in your prompts, or to create detailed custom instructions files, which you must then maintain. + +{% data variables.copilot.copilot_memory %}: + +* Reduces the burden of repeatedly providing the same details in your prompts. +* Reduces the need for regular, manual maintenance of custom instruction files. + +By building and maintaining a persistent, repository-level memory, {% data variables.product.prodname_copilot_short %} develops its own knowledge of your codebase, adapts to your coding requirements, and increases the value it can deliver over time. + +## Where is {% data variables.copilot.copilot_memory %} used? + +Currently {% data variables.copilot.copilot_memory %} is used by {% data variables.copilot.copilot_coding_agent %} and {% data variables.copilot.copilot_code-review_short %} when these features are working on pull requests on the {% data variables.product.github %} website, and by {% data variables.copilot.copilot_cli_short %}. Memories are only created and used by {% data variables.product.prodname_copilot_short %} when {% data variables.copilot.copilot_memory %} has been enabled for the user initiating the {% data variables.product.prodname_copilot_short %} operation. + +Agentic memory will be extended to other parts of {% data variables.product.prodname_copilot_short %}, and for personal and organizational scopes, in future releases. + +## How memories are stored, retained and used + +Each memory that {% data variables.product.prodname_copilot_short %} generates is stored with citations. These are references to specific code locations that support the memory. When {% data variables.product.prodname_copilot_short %} finds a memory that relates to the work it is doing, it checks the citations against the current codebase to validate that the information is still accurate and is relevant to the current branch. The memory is only used if it is successfully validated. + +To avoid stale memories being retained, resulting in outdated information adversely affecting {% data variables.product.prodname_copilot_short %}'s decision making, memories are automatically deleted after 28 days. + +If a memory is validated and used by {% data variables.product.prodname_copilot_short %}, then a new memory with the same details may be stored, which increases the longevity of that memory. + +Memories can be created from code in pull requests that were closed without being merged. However, the validation mechanism ensures that such memories will not affect {% data variables.product.prodname_copilot_short %}'s behavior if there is no substantiating evidence in the current codebase. + +{% data variables.product.prodname_copilot_short %} only creates memories in a repository in response to actions taken within that repository by people who have write permission for the repository, and for whom {% data variables.copilot.copilot_memory %} has been enabled. Memories are repository scoped, not user scoped, so all memories stored for a repository are available for use in {% data variables.product.prodname_copilot_short %} operations initiated by any user who has access to {% data variables.copilot.copilot_memory %} for that repository. The memories stored for a repository can only be used in {% data variables.product.prodname_copilot_short %} operations on that same repository. In this way, what {% data variables.product.prodname_copilot_short %} learns about a repository stays within that repository, ensuring privacy and security. + +If you are the owner of a repository where {% data variables.copilot.copilot_memory %} is being used, you can review and manually delete the memories for that repository. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/copilot-memory). + +## About enabling {% data variables.copilot.copilot_memory %} + +{% data variables.copilot.copilot_memory %} is turned off by default and can be enabled in the enterprise, organization, and personal settings. + +The ability to use {% data variables.copilot.copilot_memory %} is granted to users, rather than being enabled for repositories. After {% data variables.copilot.copilot_memory %} has been enabled for a user, {% data variables.product.prodname_copilot_short %} will be able to use agentic memory in any repository in which that person uses {% data variables.product.prodname_copilot %}. + +When enabled at the enterprise or organization level, {% data variables.copilot.copilot_memory %} will be available to all organization members who receive a {% data variables.product.prodname_copilot_short %} subscription from that organization. + +Users who have an individual {% data variables.product.prodname_copilot_short %} subscription, from a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan, must enable {% data variables.copilot.copilot_memory %} in their personal {% data variables.product.prodname_copilot_short %} settings on {% data variables.product.github %}. + +For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/copilot-memory). diff --git a/content/copilot/concepts/agents/enterprise-management.md b/content/copilot/concepts/agents/enterprise-management.md index ce4d31c7a990..9e0334a5e522 100644 --- a/content/copilot/concepts/agents/enterprise-management.md +++ b/content/copilot/concepts/agents/enterprise-management.md @@ -7,6 +7,8 @@ versions: topics: - Copilot contentType: concepts +category: + - Learn about Copilot --- {% data reusables.enterprise-accounts.ai-controls-preview-note %} diff --git a/content/copilot/concepts/agents/index.md b/content/copilot/concepts/agents/index.md index 5b5fabbb7ee7..098d22a8124e 100644 --- a/content/copilot/concepts/agents/index.md +++ b/content/copilot/concepts/agents/index.md @@ -11,7 +11,11 @@ children: - /coding-agent - /code-review - /about-copilot-cli + - /copilot-memory + - /about-third-party-agents - /openai-codex + - /anthropic-claude + - /about-agent-skills - /enterprise-management contentType: concepts --- diff --git a/content/copilot/concepts/agents/openai-codex.md b/content/copilot/concepts/agents/openai-codex.md index 8dca61751e3b..1c4717bf47b2 100644 --- a/content/copilot/concepts/agents/openai-codex.md +++ b/content/copilot/concepts/agents/openai-codex.md @@ -2,21 +2,33 @@ title: OpenAI Codex shortTitle: OpenAI Codex allowTitleToDifferFromFilename: true -intro: 'Use the {% data variables.product.prodname_openai_codex %} Visual Studio Code extension powered by {% data variables.product.prodname_copilot_short %}.' -product: '{% data reusables.gated-features.openai-codex %}' +intro: 'Use the {% data variables.product.prodname_openai_codex %} coding agent and Visual Studio Code extension powered by {% data variables.product.prodname_copilot_short %}.' +product: '{% data reusables.gated-features.openai-codex %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' versions: feature: copilot topics: - Copilot contentType: concepts +category: + - Learn about Copilot --- > [!NOTE] {% data variables.product.prodname_openai_codex %} integration is currently in {% data variables.release-phases.public_preview %}. ## Introduction -The {% data variables.product.prodname_openai_codex %} {% data variables.product.prodname_vscode_shortname %} extension can be powered by your existing {% data variables.product.prodname_copilot_short %} subscription. Use "Sign in with {% data variables.product.prodname_copilot_short %}" when launching the extension. {% data variables.product.prodname_copilot_short %} users can see this integration in the [Agent Sessions view](https://code.visualstudio.com/docs/copilot/chat/chat-sessions#_agent-sessions-view?ref_product=copilot&ref_type=engagement&ref_style=text) in {% data variables.product.prodname_vscode_shortname %} Insiders along with progress on their running tasks. All usage is subect to GitHub rate limits and billing. See [AUTOTITLE](/copilot/concepts/billing/copilot-requests#premium-features). +The {% data variables.product.prodname_openai_codex %} coding agent and the {% data variables.product.prodname_vscode_shortname %} {% data variables.product.prodname_openai_codex %} integration use the Codex SDK and can be powered by your existing {% data variables.product.prodname_copilot_short %} subscription. For more information about how {% data variables.product.prodname_openai_codex %} works, see the [{% data variables.product.prodname_openai_codex %} documentation](https://developers.openai.com/codex). -## Model availability +## {% data variables.product.prodname_openai_codex %} coding agent -A subset of available models may only be available in the OpenAI Codex extension. Model availability and visibility is not governed by {% data variables.product.prodname_copilot_short %} model configuration policies. +Before you can assign tasks to {% data variables.product.prodname_openai_codex %} coding agent, it must be enabled. See [AUTOTITLE](/copilot/how-tos/manage-your-account/manage-policies#enabling-or-disabling-third-party-agents-in-your-repositories). + +To learn more about using third-party agents on {% data variables.product.github %}, see [AUTOTITLE](/free-pro-team@latest/copilot/concepts/agents/about-third-party-agents). + +## {% data variables.product.prodname_vscode_shortname %} extension + + Use "Sign in with {% data variables.product.prodname_copilot_short %}" when launching the extension. {% data variables.product.prodname_copilot_short %} users can see this integration in the [Agent Sessions view](https://code.visualstudio.com/docs/copilot/chat/chat-sessions#_agent-sessions-view) in {% data variables.product.prodname_vscode_shortname %} Insiders along with progress on their running tasks. All usage is subject to {% data variables.product.github %} rate limits and billing. See [AUTOTITLE](/copilot/concepts/billing/copilot-requests#premium-features). + +### Model availability + +A subset of available models may only be available in the {% data variables.product.prodname_openai_codex %} extension. Model availability and visibility is not governed by {% data variables.product.prodname_copilot_short %} model configuration policies. diff --git a/content/copilot/concepts/auto-model-selection.md b/content/copilot/concepts/auto-model-selection.md index 99d2221e3a7e..b9fc161de7c2 100644 --- a/content/copilot/concepts/auto-model-selection.md +++ b/content/copilot/concepts/auto-model-selection.md @@ -2,8 +2,8 @@ title: 'About {% data variables.product.prodname_copilot_short %} auto model selection' allowTitleToDifferFromFilename: true shortTitle: 'Auto model selection' -intro: 'Automatically select models for {% data variables.copilot.copilot_chat_short %}.' -product: '{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} is in {% data variables.release-phases.public_preview %} for supported IDEs with all {% data variables.product.prodname_copilot %} plans.' +intro: 'Automatically select models for {% data variables.copilot.copilot_chat_short %} and {% data variables.copilot.copilot_coding_agent %}.' +product: '{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} for {% data variables.copilot.copilot_chat_short %} is available with all {% data variables.product.prodname_copilot %} plans.
{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} for {% data variables.copilot.copilot_coding_agent %} is available for {% data variables.copilot.copilot_pro %} and {% data variables.copilot.copilot_pro_plus %} plans.' topics: - Copilot versions: @@ -17,36 +17,56 @@ category: Experience less rate limiting and reduce the mental load of choosing a model by letting {% data variables.copilot.copilot_auto_model_selection %} automatically choose the best available model on your behalf. -{% data variables.copilot.copilot_auto_model_selection %} is currently optimized for model availability, choosing from a list of models that may change over time. It currently chooses from {% data variables.copilot.copilot_gpt_41 %}, {% data variables.copilot.copilot_gpt_5_mini %}, {% data variables.copilot.copilot_gpt_51_codex_max %}, {% data variables.copilot.copilot_claude_haiku_45 %}, {% data variables.copilot.copilot_claude_sonnet_45 %}, and {% data variables.copilot.copilot_gemini_3_pro %}, based on your subscription type. +{% data variables.copilot.copilot_auto_model_selection %} is currently optimized for model availability, choosing from a list of models that may change over time. With {% data variables.copilot.copilot_auto_model_selection %}, you benefit from: * Reduced chances of rate limiting - * Discounted multipliers for paid plans + * Discounted multipliers for paid plans ({% data variables.copilot.copilot_chat_short %} only) + +{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} **won't** include these models: +* Models excluded by administrator policies. See [AUTOTITLE](/copilot/how-tos/use-ai-models/configure-access-to-ai-models). +* Models with premium request multipliers greater than one. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#model-multipliers). +* Models not available in your plan. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#supported-ai-models-per-copilot-plan). > [!NOTE] Soon {% data variables.copilot.copilot_auto_model_selection %} will choose the best model for you by taking into account both model availability and your task. - -> [!TIP] To see which model was used for each response, hover over the response in {% data variables.copilot.copilot_chat_short %}. -{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} is available in the following IDEs: +## {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} in {% data variables.copilot.copilot_chat_short %} + +{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} is generally available in the following IDEs: * {% data variables.product.prodname_vscode_shortname %} + +{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} is in public preview for the following IDEs: * {% data variables.product.prodname_vs %} * Eclipse * JetBrains IDEs * Xcode -{% data variables.copilot.copilot_auto_model_selection_short_cap_a %} **won't** include these models: -* Models excluded by individual or administrator policies. See [AUTOTITLE](/copilot/how-tos/use-ai-models/configure-access-to-ai-models). -* Models with premium request multipliers greater than one. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#model-multipliers). -* Models not available in your plan. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#supported-ai-models-per-copilot-plan). +When you select **Auto** in {% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} may choose from the following list of models, subject to your policies and subscription type. Models may change over time. + * {% data variables.copilot.copilot_gpt_41 %} + * {% data variables.copilot.copilot_gpt_5_mini %} + * {% data variables.copilot.copilot_gpt_52_codex %} + * {% data variables.copilot.copilot_claude_haiku_45 %} + * {% data variables.copilot.copilot_claude_sonnet_45 %} -## AI models for {% data variables.copilot.copilot_chat_short %} +> [!TIP] To see which model was used for each response, hover over the response in {% data variables.copilot.copilot_chat_short %}. While {% data variables.copilot.copilot_auto_model_selection_short %} is an option for {% data variables.copilot.copilot_chat_short %}, you can manually choose a different model to override this selection. {% data reusables.copilot.change-the-ai-model %} -## Multiplier discounts +### Multiplier discounts {% data reusables.copilot.auto-model-multiplier-discount %} See [AUTOTITLE](/copilot/concepts/billing/copilot-requests#model-multipliers). -## Enabling access during {% data variables.release-phases.public_preview %} +### Enabling access during {% data variables.release-phases.public_preview %} During the {% data variables.release-phases.public_preview %}, if you're using a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan, the organization or enterprise that provides your plan must have the **Editor preview features** policy enabled. See [AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization) or [AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#copilot-in-githubcom). + +## {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} in {% data variables.copilot.copilot_coding_agent %} + +> [!NOTE] {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} for {% data variables.copilot.copilot_coding_agent %} is generally available and currently only available for {% data variables.copilot.copilot_pro %} and {% data variables.copilot.copilot_pro_plus %} plans. + +When you select **Auto** in {% data variables.copilot.copilot_coding_agent %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} currently chooses from the following list of models, subject to your policies and subscription type: + {% data reusables.copilot.copilot-coding-agent-auto-models %} + +While {% data variables.copilot.copilot_auto_model_selection_short %} is an option for {% data variables.copilot.copilot_coding_agent %}, you can manually choose a different model to override this selection. + +{% data reusables.copilot.change-the-ai-model-copilot-coding-agent %} diff --git a/content/copilot/concepts/billing/copilot-requests.md b/content/copilot/concepts/billing/copilot-requests.md index e6ffa9fc4d40..99ffd02044b9 100644 --- a/content/copilot/concepts/billing/copilot-requests.md +++ b/content/copilot/concepts/billing/copilot-requests.md @@ -42,10 +42,12 @@ The following {% data variables.product.prodname_copilot_short %} features can u | [{% data variables.copilot.copilot_chat_short %}](/copilot/using-github-copilot/copilot-chat) | {% data variables.copilot.copilot_chat_short %} uses **one premium request** per user prompt, multiplied by the model's rate. This includes ask, edit, agent, and plan modes in {% data variables.copilot.copilot_chat_short %} in an IDE. | {% data variables.product.prodname_copilot_short %} premium requests | | [{% data variables.copilot.copilot_cli_short %}](/copilot/concepts/agents/about-copilot-cli) | Each prompt to {% data variables.copilot.copilot_cli_short %} uses **one premium request** with the default model. For other models, this is multiplied by the model's rate. | {% data variables.product.prodname_copilot_short %} premium requests | | [{% data variables.product.prodname_copilot_short %} code review](/copilot/using-github-copilot/code-review/using-copilot-code-review) | Each time {% data variables.product.prodname_copilot_short %} reviews a pull request (when assigned as a reviewer) or reviews code in your IDE, **one premium request** is consumed. | {% data variables.product.prodname_copilot_short %} premium requests | -| [{% data variables.copilot.copilot_coding_agent %}](/copilot/concepts/about-copilot-coding-agent) | {% data variables.copilot.copilot_coding_agent %} uses **one premium request** per session, plus **one premium request** for each real-time steering comment made during an active session. A session begins when you ask {% data variables.product.prodname_copilot_short %} to create a pull request or make one or more changes to an existing pull request. | {% data variables.copilot.copilot_coding_agent %} premium requests | +| [{% data variables.copilot.copilot_coding_agent %}](/copilot/concepts/about-copilot-coding-agent) | {% data variables.copilot.copilot_coding_agent %} uses **one premium request** per session, multiplied by the model's rate. A session begins when you ask {% data variables.product.prodname_copilot_short %} to create a pull request or make one or more changes to an existing pull request. In addition, each real-time steering comment made during an active session uses **one premium request** per session, multiplied by the model's rate. | {% data variables.copilot.copilot_coding_agent %} premium requests | | [{% data variables.copilot.copilot_spaces %}](/copilot/using-github-copilot/copilot-spaces/about-organizing-and-sharing-context-with-copilot-spaces) | {% data variables.copilot.copilot_spaces %} uses **one premium request** per user prompt, multiplied by the model's rate. | {% data variables.product.prodname_copilot_short %} premium requests | | [{% data variables.product.prodname_spark_short %}](/copilot/tutorials/building-ai-app-prototypes) | Each prompt to {% data variables.product.prodname_spark_short %} uses a fixed rate of **four premium requests**. | {% data variables.product.prodname_spark_short %} premium requests | -| [{% data variables.product.prodname_openai_codex %} integration](/copilot/concepts/agents/openai-codex) | While in preview, each prompt to {% data variables.product.prodname_openai_codex %} uses **one premium request** multiplied by the model multiplier rates. | {% data variables.product.prodname_copilot_short %} premium requests | +| [{% data variables.product.prodname_openai_codex %} {% data variables.product.prodname_vscode %} integration](/copilot/concepts/agents/openai-codex) | While in preview, each prompt to {% data variables.product.prodname_openai_codex %} uses **one premium request** multiplied by the model multiplier rates. | {% data variables.product.prodname_copilot_short %} premium requests | +| [Third-party coding agents](/free-pro-team@latest/copilot/concepts/agents/about-third-party-agents) | While in preview, each prompt to a third-party coding agent uses **one premium request**. | {% data variables.product.prodname_copilot_short %} premium requests | + > [!TIP] > For instructions on viewing how many premium requests you have used and advice on how to optimize usage, see [AUTOTITLE](/copilot/how-tos/manage-and-track-spending/monitor-premium-requests). @@ -90,6 +92,7 @@ The available models vary depending on your {% data variables.product.prodname_c > * Discounted multipliers are available for using {% data variables.copilot.copilot_auto_model_selection %} in {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vscode_shortname %}. See [AUTOTITLE](/copilot/concepts/auto-model-selection). > * {% data reusables.copilot.auto-model-multiplier-discount %} For example, Sonnet 4 would be billed at .9x rather than 1x when using {% data variables.copilot.copilot_auto_model_selection_short %}. > * Discounted multipliers are not available for {% data variables.copilot.copilot_free_short %}. +> * Promotional pricing for {% data variables.copilot.copilot_claude_opus_46_fast %} is available from February 7, 2026 through February 16, 2026. During this period, {% data variables.copilot.copilot_claude_opus_46_fast %} uses a 9x premium request multiplier. Each model has a premium request multiplier, based on its complexity and resource usage. If you are on a paid {% data variables.product.prodname_copilot_short %} plan, your premium request allowance is deducted according to this multiplier. @@ -103,6 +106,6 @@ If you use **{% data variables.copilot.copilot_free_short %}**, you have access Premium request usage is based on the model’s multiplier and the feature you’re using. For example: -* **Using {% data variables.copilot.copilot_claude_opus_41 %} in {% data variables.copilot.copilot_chat_short %}**: With a 10× multiplier, one interaction counts as 10 premium requests. +* **Using {% data variables.copilot.copilot_claude_opus_45 %} in {% data variables.copilot.copilot_chat_short %}**: With a 3× multiplier, one interaction counts as 3 premium requests. * **Using {% data variables.copilot.copilot_gpt_5_mini %} on {% data variables.copilot.copilot_free_short %}**: Each interaction counts as 1 premium request. * **Using {% data variables.copilot.copilot_gpt_5_mini %} on a paid plan**: No premium requests are consumed. diff --git a/content/copilot/concepts/billing/index.md b/content/copilot/concepts/billing/index.md index 71da8663b21f..4cbec6b93e59 100644 --- a/content/copilot/concepts/billing/index.md +++ b/content/copilot/concepts/billing/index.md @@ -11,10 +11,10 @@ children: - /individual-plans - /billing-for-individuals - /organizations-and-enterprises + - /premium-request-management redirect_from: - /managing-copilot/managing-copilot-as-an-individual-subscriber/billing-and-payments - /copilot/managing-copilot/understanding-and-managing-copilot-usage - /copilot/concepts/copilot-billing contentType: concepts --- - diff --git a/content/copilot/concepts/billing/premium-request-management.md b/content/copilot/concepts/billing/premium-request-management.md new file mode 100644 index 000000000000..3de83e8002ad --- /dev/null +++ b/content/copilot/concepts/billing/premium-request-management.md @@ -0,0 +1,69 @@ +--- +title: Management methods for premium request usage in an enterprise +shortTitle: Premium request management +intro: 'Learn about organization and user-based control of premium requests for enterprises.' +permissions: Enterprise owners and organization owners +product: '{% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %}' +versions: + feature: copilot +topics: + - Copilot +contentType: concepts +category: + - Manage Copilot for a team +--- + +## Management methods + +The best way to control budgets for premium requests in an enterprise is to create cost centers and scope one or more budgets to each center. + +When you want to set different limits on additional premium requests for different subsets of users, there are two possible budget management approaches. + +* **Organization-based:** Each cost center is assigned one or more organizations. +* **User-based:** Each cost center is assigned one or more users. + +These options provide flexibility for managing the cost of premium requests, but involve tradeoffs and careful decision making. + +{% rowheaders %} + +| Considerations | Organization-based | User-based | +|----|----|----| +| Identity provider integration | SCIM supported | No support | +| {% data variables.product.prodname_copilot_short %} license assignment | Single organization only | Not relevant | +| REST API automation | Supported | Supported | + +{% endrowheaders %} + +See [AUTOTITLE](/billing/tutorials/use-cost-centers#creating-a-cost-center) and [AUTOTITLE](/rest/enterprise-admin/billing) or [open source utilities for automating cost center administration](https://github.com/github/cost-center-automation) in the `/github/cost-center-automation` repository on {% data variables.product.prodname_dotcom_the_website %}.. +With organization-based management, the costs of {% data variables.product.prodname_copilot_short %} and {% data variables.product.prodname_enterprise %} licenses are allocated to the cost center. With user-based management, the costs of all paid licenses are allocated to the cost center. See [AUTOTITLE](/billing/reference/cost-center-allocation). + +## Organization-based management example + +An enterprise with the following properties would be a good candidate for organization-based management: + +* Uses System for Cross-domain Identity Management (SCIM) to provision organization and team membership from the identity provider, which facilitates centralized management of {% data variables.product.prodname_copilot_short %} licenses. +* Users are already grouped into organizations that match the differential budgets planned. +* Most users are assigned a {% data variables.product.prodname_copilot_short %} license through a single organization. +* Any users who are currently assigned licenses through multiple organizations will be identified and their license assignment revised. + +For example, there are a total of 25 {% data variables.product.prodname_copilot_short %} users, and you want to permit additional premium requests for only 10 users. All 10 of those users must be assigned {% data variables.product.prodname_copilot_short %} licenses through a single organization, separate from the organization that assigns licenses to the remaining 15 users. + +For information about preparing your enterprise for organization-based management, see: + +* [AUTOTITLE](/copilot/reference/copilot-billing/seat-assignment) +* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations) +* [AUTOTITLE](/billing/tutorials/use-cost-centers) + +## User-based management example + +An enterprise with the following properties would be a good candidate for user-based management: + +* Organization membership does not align with the differential budgets planned. +* Many users are assigned a {% data variables.product.prodname_copilot_short %} license through multiple organizations. +* You want to allocate costs for {% data variables.product.prodname_enterprise %}, {% data variables.product.prodname_GH_cs_and_sp %} licenses using the same grouping of users. + +For example, organizations in your company represent workstreams and not users in different roles. You want to make additional premium requests available to a small subset of users across different organizations. There are a total of 25 {% data variables.product.prodname_copilot_short %} users, and you want to permit additional premium requests for only 10 users. You assign the 10 users directly to one cost center and the remaining 15 to a second cost center. You set a budget of $0 for premium requests to the second cost center, and a higher budget for the first cost center. + +## Next steps + +* [AUTOTITLE](/copilot/how-tos/manage-and-track-spending/manage-request-allowances) diff --git a/content/copilot/concepts/context/mcp.md b/content/copilot/concepts/context/mcp.md index e760130fdeb6..5b73f0555d6e 100644 --- a/content/copilot/concepts/context/mcp.md +++ b/content/copilot/concepts/context/mcp.md @@ -46,6 +46,14 @@ To learn how to configure and use MCP servers with {% data variables.copilot.cop {% data reusables.copilot.mcp.mcp-policy %} +## Availability + +There is currently broad support for local MCP servers in clients such as {% data variables.product.prodname_vscode %}, JetBrains IDEs, XCode, and others. + +Support for remote MCP servers is growing, with editors like {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Xcode, Eclipse, and Cursor providing this functionality with OAuth or PAT, and Windsurf supporting PAT only. + +To find out if your preferred editor supports remote MCP servers, check the documentation for your specific editor. + ## About the {% data variables.product.github %} MCP server The {% data variables.product.github %} MCP server is a Model Context Protocol (MCP) server provided and maintained by {% data variables.product.github %}. @@ -57,30 +65,37 @@ The {% data variables.product.github %} MCP server is a Model Context Protocol ( * Enable cloud-based workflows that work from any device, without local setup. * Invoke {% data variables.product.github %} tools, such as {% data variables.copilot.copilot_coding_agent %} (requires {% data variables.product.prodname_copilot %} subscription) and {% data variables.product.prodname_code_scanning %} (requires {% data variables.product.prodname_GHAS %} subscription), to assist with code generation and security analysis. -For all public repositories, and private repositories covered by {% data variables.product.prodname_GHAS %}, interactions with the {% data variables.product.github %} MCP server are secured by push protection, which blocks secrets from being included in AI-generated responses and prevents you from exposing secrets through any actions you perform using the server, such as creating an issue. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server). +To learn how to set up and use the {% data variables.product.github %} MCP server, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/using-the-github-mcp-server). -You can access the {% data variables.product.github %} MCP server remotely through {% data variables.copilot.copilot_chat_short %} in {% data variables.product.github %}, {% data variables.product.prodname_vscode %}, or other editors that support remote MCP; or you can run it locally in any MCP-compatible editor, allowing you to choose between the convenience of a hosted solution or the customizability of a self-hosted setup. +### Remote access -If you want to utilize the remote {% data variables.product.github %} MCP server, you can do so in a few steps, without any local setup. This is particularly useful for users who want to quickly leverage {% data variables.product.github %}’s AI capabilities without the overhead of managing a local MCP server. +You can access the {% data variables.product.github %} MCP server remotely through {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vscode %} without any local setup. The remote server has access to additional toolsets only available in the remote {% data variables.product.github %} MCP server. For a list of such tools, see [Additional toolsets](https://github.com/github/github-mcp-server?tab=readme-ov-file#additional-toolsets-in-remote-github-mcp-server) in the `github/github-mcp-server` repository. -Running the {% data variables.product.github %} MCP server locally requires a bit more setup, but it allows for greater customization and control over your AI interactions. +The {% data variables.product.github %} MCP server can also run locally in any MCP-compatible editor, if necessary. -To learn how to set up and use the {% data variables.product.github %} MCP server, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/using-the-github-mcp-server). +### Toolset customization -## About the {% data variables.product.github %} MCP Registry +> [!IMPORTANT] +> Always review the {% data variables.product.github %} MCP server repository at [github/github-mcp-server](https://github.com/github/github-mcp-server) for the latest toolsets and authoritative configuration guidance. -The {% data variables.product.github %} MCP Registry is a curated list of MCP servers from partners and the community. You can use the registry to discover new MCP servers and find ones that meet your specific needs. See [the {% data variables.product.github %} MCP Registry](https://github.com/mcp). +The {% data variables.product.github %} MCP server supports enabling or disabling specific groups of functionalities via toolsets. Toolsets allow you to control which {% data variables.product.github %} API capabilities are available to your AI tools. ->[!NOTE] -> The {% data variables.product.github %} MCP Registry is currently in {% data variables.release-phases.public_preview %} and subject to change. +Enabling only the toolsets you need improves your AI assistant's performance and security. Fewer tools means better tool selection accuracy and fewer errors. Disabling unused toolsets also frees up tokens in the AI's context window. -## Availability +Toolsets do not only include tools, but also relevant MCP resources and prompts where applicable. -There is currently broad support for local MCP servers in clients such as {% data variables.product.prodname_vscode %}, JetBrains IDEs, XCode, and others. +To learn how to configure toolsets for the {% data variables.product.github %} MCP server, see [AUTOTITLE](/copilot/how-tos/context/use-mcp/configure-toolsets). -Support for remote MCP servers is growing, with editors like {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Xcode, Eclipse, and Cursor providing this functionality with OAuth or PAT, and Windsurf supporting PAT only. +### Security -To find out if your preferred editor supports remote MCP servers, check the documentation for your specific editor. +For all public repositories, and private repositories covered by {% data variables.product.prodname_GHAS %}, interactions with the {% data variables.product.github %} MCP server are secured by push protection, which blocks secrets from being included in AI-generated responses and prevents you from exposing secrets through any actions you perform using the server, such as creating an issue. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server). + +## About the {% data variables.product.github %} MCP Registry + +The {% data variables.product.github %} MCP Registry is a curated list of MCP servers from partners and the community. You can use the registry to discover new MCP servers and find ones that meet your specific needs. See [the {% data variables.product.github %} MCP Registry](https://github.com/mcp). + +>[!NOTE] +> The {% data variables.product.github %} MCP Registry is currently in {% data variables.release-phases.public_preview %} and subject to change. ## Next steps diff --git a/content/copilot/concepts/copilot-metrics.md b/content/copilot/concepts/copilot-usage-metrics/copilot-metrics.md similarity index 52% rename from content/copilot/concepts/copilot-metrics.md rename to content/copilot/concepts/copilot-usage-metrics/copilot-metrics.md index 16cc2be83f7f..72b44aa23f2a 100644 --- a/content/copilot/concepts/copilot-metrics.md +++ b/content/copilot/concepts/copilot-usage-metrics/copilot-metrics.md @@ -1,7 +1,7 @@ --- title: GitHub Copilot usage metrics shortTitle: Copilot usage metrics -intro: 'Track how your teams are using and adopting {% data variables.product.prodname_copilot %} with detailed usage metrics.' +intro: '{% data variables.product.prodname_copilot %} usage metrics provide visibility into how {% data variables.product.prodname_copilot %} is adopted and used across your organization, including engagement, activity, and code generation trends.' versions: feature: copilot topics: @@ -15,19 +15,37 @@ redirect_from: - /early-access/copilot-metrics/apis/about-the-copilot-metrics-apis - /early-access/copilot-metrics/dashboards/about-the-copilot-metrics-dashboard - /early-access/copilot-metrics/apis/rest-api-endpoints-for-copilot-enterprise-and-user-usage-metrics + - /copilot/concepts/copilot-metrics +category: + - Copilot usage metrics + - Track Copilot usage + - Learn about Copilot + - Get started with metrics + - Manage Copilot for a team --- {% data reusables.copilot.usage-metrics-preview %} +## About {% data variables.product.prodname_copilot_short %} usage metrics + {% data variables.product.prodname_copilot_short %} usage metrics help key stakeholders and decision-makers understand how their teams are adopting and using {% data variables.product.prodname_copilot_short %}. By tracking usage patterns across the enterprise, you can measure engagement, identify opportunities to increase value, and make data-driven decisions about enablement and rollout. Metrics are available through: -* The {% data variables.product.prodname_copilot_short %} usage metrics APIs, which provide detailed, user-level data you can export for further analysis. +* The {% data variables.product.prodname_copilot_short %} usage metrics APIs, which provide detailed, exportable data at the enterprise, organization, and user levels. * The {% data variables.product.prodname_copilot_short %} usage metrics dashboard, which visualizes 28-day usage trends across your enterprise. * The code generation dashboard, which breaks down how code is being generated by users and agents across your enterprise. * The {% data variables.product.prodname_copilot_short %} usage metrics NDJSON export, which offers raw data for custom BI tools or long-term storage. +### Organization-level metrics + +Organization-level metrics are **only available through the APIs**. Both dashboards provide enterprise-level reporting. + +To access organization-level metrics, the "{% data variables.product.prodname_copilot_short %} usage metrics" policy must be enabled for the enterprise or organization: + +* For information on how to enable the "{% data variables.product.prodname_copilot_short %} usage metrics" policy at the enterprise level, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies#defining-policies-for-your-enterprise). +* For information on how to enable the "{% data variables.product.prodname_copilot_short %} usage metrics" policy for organizations on a {% data variables.product.prodname_free_team %} or {% data variables.product.prodname_team %} plan that do not belong to an enterprise, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies#enabling-copilot-features-and-models-in-your-organization). + For a complete list of available metrics and data fields, see [AUTOTITLE](/copilot/reference/copilot-usage-metrics). ## Which usage is included? @@ -43,6 +61,39 @@ This means the data **does not include** activity from other {% data variables.p License and seat management data are not included in {% data variables.product.prodname_copilot_short %} usage metrics reports. To view or manage license assignments, use the {% data variables.product.prodname_copilot_short %} user management API, which is the source of truth for license and seat information. See [AUTOTITLE](/rest/copilot/copilot-user-management). +## Why {% data variables.product.prodname_copilot_short %} usage metrics may differ across API resources + +The following API resources expose {% data variables.product.prodname_copilot_short %}-related data, but they are not interchangeable and should not be compared directly. Each API resource is designed for a specific use case and data model, and differences in totals or coverage are expected. Use this table to understand which API resource best fits your reporting needs. + +> [!NOTE] +> We strongly recommend using the {% data variables.product.prodname_copilot_short %} usage metrics API for new integrations and analyses, as it provides the most complete and future-facing view of {% data variables.product.prodname_copilot_short %} usage. + +| API resource | Scope | Key capabilities | +| --- | --- | --- | +| [AUTOTITLE](/rest/copilot/copilot-usage-metrics) | Advanced enterprise- and user-level event telemetry | Provides unified telemetry across completions, chat, and agent modes. Includes usage and lines of code metrics across all IDE modes, languages, and models. Supports detailed breakdowns by feature, IDE, language, model, and user, and is the primary API resource being actively developed and maintained. | +| [AUTOTITLE](/rest/copilot/copilot-user-management) | License and seat assignment | Lists assigned {% data variables.product.prodname_copilot_short %} seats for an organization or enterprise, including license state, user association, and `last_activity_at`. This API resource is the source of truth for license and seat information. | +| [AUTOTITLE](/rest/copilot/copilot-metrics) | Enterprise-, organization-, and team-level usage metrics | Provides aggregated usage data for {% data variables.product.prodname_copilot_short %} features on {% data variables.product.prodname_dotcom_the_website %} (such as pull request summaries) and some IDE-based completions and chat. Does not include Agent or Edit mode telemetry. Offers enterprise-wide and per-feature breakdowns by IDE and language. Does not include individual-level data. | + +## How are metrics attributed across organizations? + +> [!NOTE] +> You can grant **organization-only visibility** into {% data variables.product.prodname_copilot_short %} usage metrics without providing enterprise-level access. +> +> You can do this by creating an organization custom role that includes the "View organization {% data variables.product.prodname_copilot_short %} metrics" permission, and assigning that role to users who need visibility into metrics for a single organization. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles). + +Organization-level {% data variables.product.prodname_copilot_short %} usage metrics are based on organization membership, not on where individual actions occur. To appear in an enterprise’s metrics, a user must have an active {% data variables.product.prodname_copilot_short %} seat assigned within that enterprise (in any organization that belongs to the enterprise). As a result, a single user’s usage may appear in multiple organization dashboards, while that same user is counted only once in the enterprise-level total. Organization-level analytics are intended for visibility into adoption and usage within an organization and are not designed to be directly compared to enterprise-level totals. + +Organization-level {% data variables.product.prodname_copilot_short %} analytics are available starting December 12, 2025. This is the first date for which organization-level reports are provided. + +Once a user has a seat in the enterprise, their usage is attributed to **every organization they belong to**, regardless of where the seat is assigned. + +This means: + +* If licenses are assigned in a dedicated “shell” organization for administrative purposes within the enterprise, users still appear in the metrics for all other organizations in the enterprise they belong to. +* If a user also has a {% data variables.product.prodname_copilot_short %} seat in a **separate organization outside the enterprise**, their activity is still included in the enterprise’s organization-level metrics **as long as they have at least one seat within the enterprise**. + +In short: users must be licensed somewhere in the enterprise to appear in its metrics. Once they are, metrics reflect where they work (their organization membership), not which organization provides the {% data variables.product.prodname_copilot_short %} seat or where the activity originated. + ## Supported IDEs To be included in the {% data variables.product.prodname_copilot_short %} usage metrics, end users must use one of the following IDEs and {% data variables.copilot.copilot_chat_short %} extension versions. @@ -94,4 +145,4 @@ Now that you understand what each {% data variables.product.prodname_copilot_sho * To view adoption and usage trends across your enterprise, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption). * To analyze how code is being generated by users and agents, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation). -* To access these metrics programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). +* To access enterprise-, organization-, and user-level metrics programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). diff --git a/content/copilot/concepts/copilot-usage-metrics/index.md b/content/copilot/concepts/copilot-usage-metrics/index.md new file mode 100644 index 000000000000..16aa1b43927e --- /dev/null +++ b/content/copilot/concepts/copilot-usage-metrics/index.md @@ -0,0 +1,31 @@ +--- +title: GitHub Copilot usage metrics +shortTitle: Copilot usage metrics +intro: Track how your teams are using and adopting {% data variables.product.prodname_copilot %} with detailed usage metrics. +versions: + feature: copilot +topics: + - Copilot +heroImage: /assets/images/banner-images/hero-4 +layout: bespoke-landing +sidebarLink: + text: All articles + href: /copilot/concepts/copilot-usage-metrics +children: + - /copilot-metrics + - /content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption + - /content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation + - /content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics + - /content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics + - /content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics + - /content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics + - /content/copilot/tutorials/roll-out-at-scale/measure-success + - /content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption +includedCategories: + - Get started with metrics + - Understand metrics + - Reconcile and validate metrics + - Measure success + - View metrics + - Understand available data +--- diff --git a/content/copilot/concepts/index.md b/content/copilot/concepts/index.md index 346638cde30b..d0e04798002c 100644 --- a/content/copilot/concepts/index.md +++ b/content/copilot/concepts/index.md @@ -11,6 +11,7 @@ children: - /chat - /agents - /spark + - /copilot-usage-metrics - /prompting - /context - /tools @@ -21,6 +22,5 @@ children: - /policies - /mcp-management - /network-settings - - /copilot-metrics contentType: concepts --- diff --git a/content/copilot/concepts/mcp-management.md b/content/copilot/concepts/mcp-management.md index bcd284f24e54..4097a7ae1a2f 100644 --- a/content/copilot/concepts/mcp-management.md +++ b/content/copilot/concepts/mcp-management.md @@ -7,6 +7,9 @@ versions: topics: - Copilot contentType: concepts +category: + - Learn about Copilot + - Manage Copilot for a team --- You can manage Model Context Protocol (MCP) server usage in your organization or enterprise by configuring a series of MCP policies on {% data variables.product.prodname_dotcom_the_website %}. Through these policies, you can allow or block MCP server usage entirely, or restrict access to a list of servers that you define in an MCP registry. @@ -38,7 +41,7 @@ MCP management features are supported as follows: | {% data variables.copilot.copilot_coding_agent %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | | Eclipse | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | JetBrains | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | -| {% data variables.product.prodname_vs %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% data variables.product.prodname_vs %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | {% data variables.product.prodname_vscode_shortname %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | {% data variables.product.prodname_vscode_shortname %} Insiders | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | Xcode | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | diff --git a/content/copilot/concepts/prompting/response-customization.md b/content/copilot/concepts/prompting/response-customization.md index 47a72bca905b..7b98b54e6c19 100644 --- a/content/copilot/concepts/prompting/response-customization.md +++ b/content/copilot/concepts/prompting/response-customization.md @@ -48,8 +48,6 @@ You can use three types of repository custom instructions in {% data variables.p {% data reusables.copilot.custom-instructions-about %} -{% data reusables.copilot.repository-custom-instructions-support %} - ## About organization custom instructions {% data reusables.copilot.custom-instructions-org-support %} @@ -71,7 +69,7 @@ The following list shows the complete order of precedence, with instructions hig * **Personal** instructions * **Repository** custom instructions: - * **Path-specific** instructions in any applicable `.github/instructions/**/NAME.instructions.md` file + * **Path-specific** instructions in any applicable `.github/instructions/**/*.instructions.md` file * **Repository-wide** instructions in the `.github/copilot-instructions.md` file * **Agent** instructions (for example, in an `AGENTS.md` file) * **Organization** custom instructions @@ -103,6 +101,10 @@ Here are some common use cases and examples for each type of custom instructions * [AUTOTITLE](/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot) * [AUTOTITLE](/copilot/customizing-copilot/adding-organization-custom-instructions-for-github-copilot) +## Further reading + +* [AUTOTITLE](/copilot/concepts/agents/copilot-memory) + {% endwebui %} @@ -132,8 +134,6 @@ You can use three types of repository custom instructions in {% data variables.p {% data reusables.copilot.custom-instructions-about %} -{% data reusables.copilot.repository-custom-instructions-support %} - ## About prompt files > [!NOTE] Prompt files are {% data variables.release-phases.public_preview %} and subject to change. @@ -225,16 +225,14 @@ You can use two types of repository custom instructions in {% data variables.pro * **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. + These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory in the repository. By using path-specific instructions you can avoid overloading your repository-wide instructions with information that only applies to files of certain types, or in certain directories. -See the table below for details of support for each of these types of repository custom instructions across different {% data variables.product.prodname_copilot_short %} features. +For details of support for each of these types of repository custom instructions across different {% data variables.product.prodname_copilot_short %} features, see [AUTOTITLE](/copilot/reference/custom-instructions-support). For a curated collection of examples, see [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions). -{% data reusables.copilot.repository-custom-instructions-support %} - ## About prompt files Prompt files let you build and share reusable prompt instructions with additional context. A prompt file is a Markdown file, stored in your workspace, that mimics the existing format of writing prompts in {% data variables.copilot.copilot_chat_short %} (for example, `Rewrite #file:x.ts`). This allows blending natural language instructions, additional context, and even linking to other prompt files as dependencies. @@ -317,7 +315,9 @@ While custom instructions help to add codebase-wide context to each AI workflow, In JetBrains IDEs, repository custom instructions consist of a single file, `.github/copilot-instructions.md`, that you create in a repository. The instructions you add to the file should be short, self-contained statements that add context or relevant information to supplement a {% data variables.product.prodname_copilot_short %} prompt. -{% data reusables.copilot.repository-custom-instructions-support %} +### Support for repository custom instructions + +For details of which types of custom instructions are supported across various environments, see [AUTOTITLE](/copilot/reference/custom-instructions-support). ### Use cases for custom instructions @@ -411,7 +411,9 @@ For a curated collection of examples, see [AUTOTITLE](/copilot/tutorials/customi In Xcode, repository custom instructions consist of a single file, `.github/copilot-instructions.md`, that you create in a repository. The instructions you add to the file should be short, self-contained statements that add context or relevant information to supplement a {% data variables.product.prodname_copilot_short %} prompt. -{% data reusables.copilot.repository-custom-instructions-support %} +### Support for repository custom instructions + +For details of which types of custom instructions are supported across various environments, see [AUTOTITLE](/copilot/reference/custom-instructions-support). ### Use cases for custom instructions diff --git a/content/copilot/concepts/tools/about-copilot-integrations.md b/content/copilot/concepts/tools/about-copilot-integrations.md index 128ac385e585..60bbf096c490 100644 --- a/content/copilot/concepts/tools/about-copilot-integrations.md +++ b/content/copilot/concepts/tools/about-copilot-integrations.md @@ -8,6 +8,9 @@ topics: - Copilot product: '{% data reusables.gated-features.copilot-integrations %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' contentType: concepts +category: + - Learn about Copilot + - Integrate Copilot with your tools --- ## Overview @@ -23,7 +26,7 @@ Currently, {% data variables.copilot.copilot_coding_agent %} supports integratio * **Microsoft Teams**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-teams) - Learn how to set up the Microsoft Teams integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Teams channels. * **Slack**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack) - Learn how to set up the Slack integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Slack workspace. * **Linear**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear) - Learn how to set up the Linear integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Linear issues. -* **Azure Boards**: (currently in {% data variables.release-phases.private_preview %}). +* **Azure Boards**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards) - Learn how to set up the Azure Boards integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Azure Boards work items. ## Benefits of integrations diff --git a/content/copilot/concepts/tools/ai-tools.md b/content/copilot/concepts/tools/ai-tools.md index 5748e82c6bdd..8154c61bc734 100644 --- a/content/copilot/concepts/tools/ai-tools.md +++ b/content/copilot/concepts/tools/ai-tools.md @@ -18,7 +18,7 @@ category: ## Overview -The use of AI tools is increasingly becoming a standard part of a software developer's daily workflow. To be competitive in the job market, it's important to to know which AI tools to use for each task you face as a developer. +The use of AI tools is increasingly becoming a standard part of a software developer's daily workflow. To be competitive in the job market, it's important to know which AI tools to use for each task you face as a developer. {% data variables.product.github %}'s AI tools assist with every phase of the software development lifecycle (SDLC): diff --git a/content/copilot/get-started/features.md b/content/copilot/get-started/features.md index 6e67084c5da3..49afa8b00b38 100644 --- a/content/copilot/get-started/features.md +++ b/content/copilot/get-started/features.md @@ -33,6 +33,10 @@ A chat interface that lets you ask coding-related questions. {% data variables.c An autonomous AI agent that can make code changes for you. You can assign a {% data variables.product.github %} issue to {% data variables.product.prodname_copilot_short %} and the agent will work on making the required changes, and will create a pull request for you to review. You can also ask {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %}. See [AUTOTITLE](/copilot/using-github-copilot/coding-agent). +### Third-party coding agents ({% data variables.release-phases.public_preview %}) + +You can use third-party coding agents alongside {% data variables.copilot.copilot_coding_agent %}. See [AUTOTITLE](/free-pro-team@latest/copilot/concepts/agents/about-third-party-agents). + ### {% data variables.copilot.copilot_cli_short %} ({% data variables.release-phases.public_preview %}) A command line interface that lets you use {% data variables.product.prodname_copilot_short %} from within the terminal. You can get answers to questions, or you can ask {% data variables.product.prodname_copilot_short %} to make changes to your local files. You can also use {% data variables.copilot.copilot_cli_short %} to interact with {% data variables.product.prodname_dotcom_the_website %}—for example, listing your open pull requests, or asking {% data variables.product.prodname_copilot_short %} to create an issue. See [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli). @@ -59,6 +63,10 @@ AI-generated text completion to help you write pull request descriptions quickly Enhance {% data variables.copilot.copilot_chat_short %} responses by providing contextual details on your preferences, tools, and requirements. See [AUTOTITLE](/copilot/concepts/about-customizing-github-copilot-chat-responses). +### {% data variables.copilot.copilot_memory %} ({% data variables.release-phases.public_preview %}) + +{% data variables.product.prodname_copilot_short %} can deduce and store useful information about a repository, which {% data variables.copilot.copilot_coding_agent %} and {% data variables.copilot.copilot_code-review_short %} can use to improve the quality of their output when working in that repository. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-memory). + ### {% data variables.copilot.copilot_desktop_short %} Automatically generate commit messages and descriptions with {% data variables.copilot.copilot_desktop_short %} based on the changes you make to your project. diff --git a/content/copilot/get-started/what-is-github-copilot.md b/content/copilot/get-started/what-is-github-copilot.md index a188cb7254ae..8707d849287e 100644 --- a/content/copilot/get-started/what-is-github-copilot.md +++ b/content/copilot/get-started/what-is-github-copilot.md @@ -1,6 +1,6 @@ --- title: What is GitHub Copilot? -intro: 'Learn what {% data variables.product.prodname_copilot %} is and what you can do with it.' +intro: 'Learn what {% data variables.product.prodname_copilot_short %} is and what you can do with it.' versions: feature: copilot topics: @@ -29,55 +29,59 @@ category: - Learn about Copilot --- -{% data variables.product.prodname_copilot %} is an AI coding assistant that helps you write code faster and with less effort, allowing you to focus more energy on problem solving and collaboration. +{% data variables.product.prodname_copilot %} is an AI coding assistant that helps you write code faster and with less effort. Then, you can focus more energy on problem solving and collaboration. -{% data variables.product.prodname_copilot %} has been proven to increase developer productivity and accelerate the pace of software development. See [Research: quantifying {% data variables.product.prodname_copilot %}’s impact on developer productivity and happiness](https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/) in the {% data variables.product.prodname_dotcom %} blog. +Research shows that {% data variables.product.prodname_copilot_short %} increases developer productivity and accelerates software development. See [Research: quantifying {% data variables.product.prodname_copilot %}’s impact on developer productivity and happiness](https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/) in the {% data variables.product.prodname_dotcom %} blog. -## {% data variables.product.prodname_copilot_short %} features +## Features -{% data variables.product.prodname_copilot %} includes a suite of features. You can use {% data variables.product.prodname_copilot_short %} to: +You can use {% data variables.product.prodname_copilot_short %} to: -* Get code suggestions as you type in your IDE -* Chat with {% data variables.product.prodname_copilot_short %} to ask for help with your code -* Ask {% data variables.product.prodname_copilot_short %} for help using the command line -* Organize and share task-specific context with {% data variables.copilot.copilot_spaces %} to get more relevant answers -* Generate a description of the changes in a pull request -* Work on code changes and create a pull request for you to review _({% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, and {% data variables.copilot.copilot_enterprise_short %} only)_ +* Get code suggestions as you type in your IDE. +* Chat with {% data variables.product.prodname_copilot_short %} to get help with your code. +* Ask for help using the command line. +* Organize and share context with {% data variables.copilot.copilot_spaces %} to get more relevant answers. +* Generate descriptions of changes in a pull request. +* Work on code changes and create a pull request for you to review. Available in {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, and {% data variables.copilot.copilot_enterprise_short %} only. -{% data variables.product.prodname_copilot_short %} is available: +Use {% data variables.product.prodname_copilot_short %} in the following places: -* In your IDE -* In {% data variables.product.prodname_mobile %}, as a chat interface -* In {% data variables.product.prodname_windows_terminal %} Canary, through the Terminal Chat interface -* On the command line, through the {% data variables.product.prodname_cli %} -* On the {% data variables.product.github %} website +* Your IDE +* {% data variables.product.prodname_mobile %}, as a chat interface +* {% data variables.product.prodname_windows_terminal %} Canary, through the Terminal Chat interface +* The command line, through the {% data variables.product.prodname_cli %} +* The {% data variables.product.github %} website See [AUTOTITLE](/copilot/about-github-copilot/github-copilot-features). -## Getting access to {% data variables.product.prodname_copilot_short %} +## Get access -There are a few ways you can start using {% data variables.product.prodname_copilot_short %}, depending on your role and needs. +You can start using {% data variables.product.prodname_copilot_short %} in several ways, depending on your role and needs. -### For individuals +### Individuals -* **Try {% data variables.product.prodname_copilot_short %} for free**: Use {% data variables.copilot.copilot_free_short %} to explore core {% data variables.product.prodname_copilot_short %} features with no paid plan required. -* **Subscribe to a paid plan**: Upgrade to {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} for full access to premium features and more generous usage limits. You can try {% data variables.copilot.copilot_pro_short %} for free with a one-time 30-day trial. -* **Eligible for free {% data variables.copilot.copilot_pro_short %} access?** Students, teachers, and open source maintainers may qualify for {% data variables.copilot.copilot_pro_short %} at no cost. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer). -* **Organization members**: If your organization or enterprise has a {% data variables.product.prodname_copilot %} plan, you can request access to {% data variables.product.prodname_copilot_short %} by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get {% data variables.product.prodname_copilot_short %} from an organization." +* **Try {% data variables.product.prodname_copilot_short %} for free.** Use {% data variables.copilot.copilot_free_short %} to explore core features with no paid plan required. +* **Subscribe to a paid plan.** Upgrade to {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} for full access to premium features and more generous usage limits. + * Try {% data variables.copilot.copilot_pro_short %} for free with a one-time 30-day trial. +* **Get free access if you're eligible.** Students, teachers, and open source maintainers may qualify for {% data variables.copilot.copilot_pro_short %} at no cost. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer). +* **Request access from your organization.** If your organization or enterprise has a {% data variables.product.prodname_copilot %} plan, you can request access by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and request access under "Get {% data variables.product.prodname_copilot_short %} from an organization." See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/getting-started-with-copilot-on-your-personal-account/getting-started-with-a-copilot-plan) for more information. -### For organizations and enterprises +### Organizations and enterprises -* **Organization owners**: Purchase {% data variables.copilot.copilot_business_short %} for your team. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization). If your organization is owned by an enterprise that has a {% data variables.product.prodname_copilot_short %} subscription, you can ask your enterprise owner to enable {% data variables.product.prodname_copilot_short %} for your organization by going to [https://github.com/settings/copilot](https://github.com/settings/copilot) and requesting access under "Get {% data variables.product.prodname_copilot_short %} from an organization." -* **Enterprise owners**: Purchase {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} for your enterprise. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise). +**Organization owners** can purchase {% data variables.copilot.copilot_business_short %} for their team. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/subscribing-to-copilot-for-your-organization). -If you **don't need other {% data variables.product.github %} features**, you can create an enterprise account specifically for managing {% data variables.copilot.copilot_business_short %} licenses. This gives you enterprise-grade authentication options without charges for {% data variables.product.prodname_enterprise %} licenses. See [AUTOTITLE](/copilot/concepts/about-enterprise-accounts-for-copilot-business). +If your organization is owned by an enterprise that has a {% data variables.product.prodname_copilot_short %} subscription, you can ask your enterprise owner to enable {% data variables.product.prodname_copilot_short %} for your organization. Go to [https://github.com/settings/copilot](https://github.com/settings/copilot) and request access under "Get {% data variables.product.prodname_copilot_short %} from an organization." + +**Enterprise owners** can purchase {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} for your enterprise. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/subscribing-to-copilot-for-your-enterprise). + +If you don't need other {% data variables.product.github %} features, you can create an enterprise account specifically for managing {% data variables.copilot.copilot_business_short %} licenses. This gives you enterprise-grade authentication without charges for {% data variables.product.prodname_enterprise %} licenses. See [AUTOTITLE](/copilot/concepts/about-enterprise-accounts-for-copilot-business). ## Next steps -* To learn more about the {% data variables.product.prodname_copilot_short %} features, see [AUTOTITLE](/copilot/about-github-copilot/github-copilot-features). -* To start using {% data variables.product.prodname_copilot_short %}, see [AUTOTITLE](/copilot/setting-up-github-copilot). +* Learn more about {% data variables.product.prodname_copilot_short %} features. See [AUTOTITLE](/copilot/about-github-copilot/github-copilot-features). +* Start using {% data variables.product.prodname_copilot_short %}. See [AUTOTITLE](/copilot/setting-up-github-copilot). ## Further reading diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations.md index 1b21005d1a82..916049401d5b 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations.md @@ -16,10 +16,12 @@ redirect_from: - /copilot/how-tos/administer/enterprises/manage-access/disable-for-organizations - /copilot/how-tos/administer/manage-for-enterprise/manage-access/disable-for-organizations contentType: how-tos -category: +category: - Manage Copilot for a team --- +When you disable {% data variables.product.prodname_copilot %} for organizations, organization owners cannot assign {% data variables.product.prodname_copilot %} licenses to members of their organization. Enterprise owners will still be able to assign {% data variables.copilot.copilot_business_short %} licenses to users and teams in the enterprise settings. + {% data reusables.enterprise-accounts.copilot-licensing %} 1. Next to "Organization access", choose whether to disable {% data variables.product.prodname_copilot_short %} for all organizations or allow for specific organizations. @@ -33,6 +35,8 @@ category: * If your enterprise has a {% data variables.copilot.copilot_business_short %} plan, click **Disabled**. * If your enterprise has a {% data variables.copilot.copilot_enterprise_short %} plan, click **Remove access**. +Once {% data variables.product.prodname_copilot_short %} is disabled, licenses that are currently granted through the organization will be revoked at the end of the billing period. You will **not** be double-billed if a user also receives a license from your enterprise during this period. + ## Further reading * [AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot) diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/grant-access.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/grant-access.md index 19164bb48874..1a1636f9d224 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/grant-access.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/grant-access.md @@ -17,7 +17,7 @@ redirect_from: - /copilot/how-tos/administer/manage-for-enterprise/manage-access/enable-for-organizations - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/enable-for-organizations contentType: how-tos -category: +category: - Manage Copilot for a team --- @@ -47,6 +47,7 @@ When you assign licenses to an enterprise team, users receive or lose access to 1. Click the **All members** or **Enterprise Teams** tab. 1. Click **Assign licenses**. 1. Search for users or teams, then click **Add licenses**. +1. Optionally, disable {% data variables.product.prodname_copilot_short %} for organizations to prevent organization owners from assigning licenses. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/disable-for-organizations). ## Enabling {% data variables.product.prodname_copilot_short %} for organizations diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md index 66b589d519fc..51b6229be007 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md @@ -8,6 +8,8 @@ topics: - Copilot shortTitle: Monitor agentic activity contentType: how-tos +category: + - Manage Copilot for a team --- {% data reusables.enterprise-accounts.ai-controls-preview-note %} diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md index a21a96a6ed3c..9caafaae8f38 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md @@ -8,6 +8,9 @@ topics: - Copilot shortTitle: Prepare for custom agents contentType: how-tos +category: + - Configure Copilot + - Manage Copilot for a team --- {% data reusables.enterprise-accounts.ai-controls-preview-note %} diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md index 512389803d8d..5e81c6889bd5 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md @@ -8,6 +8,9 @@ topics: - Copilot contentType: how-tos allowTitleToDifferFromFilename: true +category: + - Configure Copilot + - Manage Copilot for a team --- {% data reusables.copilot.byok-intro %} diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation.md index 95af50ac41fa..277d9008fe7c 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation.md @@ -1,7 +1,7 @@ --- title: Viewing the code generation dashboard shortTitle: View code generation -intro: You can use the code generation dashboard to monitor how {% data variables.product.prodname_copilot_short %} generates code across your enterprise, including activity from both users and agents. +intro: The code generation dashboard shows how {% data variables.product.prodname_copilot_short %} generates code across your enterprise, including activity from both users and agents. permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -9,6 +9,10 @@ topics: - Copilot contentType: how-tos allowTitleToDifferFromFilename: true +category: + - Copilot usage metrics + - View metrics + - Track Copilot usage --- {% data reusables.copilot.usage-metrics-preview %} @@ -24,6 +28,8 @@ The code generation dashboard shows how {% data variables.product.prodname_copil {% data reusables.copilot.access-copilot-metrics-dashboard %} 1. In the left sidebar, click **Code generation**. +{% data reusables.copilot.org-copilot-usage-metrics %} + ## What you can view The dashboard shows aggregated code generation activity across your enterprise, including: @@ -39,4 +45,4 @@ For a full list of available metrics and definitions, see [AUTOTITLE](/copilot/r * To explore adoption and usage trends across your enterprise, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption). * To understand how Lines of Code (LoC) metrics are measured and what affects their accuracy and coverage, see [AUTOTITLE](/copilot/reference/copilot-usage-metrics/lines-of-code-metrics). -* To access usage data programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). +* To access enterprise-, organization-, and user-level usage data programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption.md index 776e0404230e..8fe926fad778 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption.md @@ -1,7 +1,7 @@ --- title: Viewing the Copilot usage metrics dashboard shortTitle: View usage and adoption -intro: You can use the {% data variables.product.prodname_copilot_short %} usage metrics dashboard to monitor how developers across your enterprise are adopting and using {% data variables.product.prodname_copilot_short %}. +intro: '{% data variables.product.prodname_copilot_short %} usage metrics dashboards provide a centralized view of adoption and usage across your enterprise, based on IDE telemetry from developers using {% data variables.product.prodname_copilot_short %}.' permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -9,6 +9,10 @@ topics: - Copilot contentType: how-tos allowTitleToDifferFromFilename: true +category: + - Copilot usage metrics + - View metrics + - Track Copilot usage --- {% data reusables.copilot.usage-metrics-preview %} @@ -24,7 +28,7 @@ After your initial rollout, the {% data variables.product.prodname_copilot_short {% data reusables.copilot.access-copilot-metrics-dashboard %} 1. In the left sidebar, click **{% data variables.product.prodname_copilot_short %} usage**. -Data in the dashboard is based only on IDE telemetry and may appear up to three full UTC days behind the current date. See [AUTOTITLE](/copilot/concepts/copilot-metrics#data-freshness). +Data in the dashboard reports data at the enterprise level, is based only on IDE telemetry, and may appear up to three full UTC days behind the current date. See [AUTOTITLE](/copilot/concepts/copilot-metrics). ## Using {% data variables.copilot.copilot_chat_short %} to analyze exported data @@ -32,7 +36,7 @@ For deeper analysis, you can export NDJSON reports from the dashboard and use {% ```copilot copy prompt * Which users have `user_initiated_interaction_count` > 0 but low `code_acceptance_activity_count`? -* Are there specific organizations or teams with lower adoption rates? +* Are there specific teams with lower adoption rates? ``` ## Next steps diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies.md index af7f21c89afa..64816c30047f 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies.md @@ -44,6 +44,26 @@ category: {% data reusables.copilot.mcp-servers-policy-note %} +## Enabling or disabling third-party coding agents in your repositories + +> [!NOTE] +> * {% data reusables.gated-features.third-party-agents %} + +You can choose whether to allow the following coding agents to be enabled in your organization: + +* {% data variables.product.prodname_anthropic_claude %} +* {% data variables.product.prodname_openai_codex %} + +Coding agents have access to the same repositories that {% data variables.copilot.copilot_coding_agent %} has been enabled in. + +To enable coding agents: + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.copilot.coding-agent-settings %} +1. In the sidebar, under **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, click **Coding agent**. +1. On the {% data variables.copilot.copilot_coding_agent %} page, under "Partner agents", click the toggle to enable the third-party agent you want to use. + ## Opting in to previews or feedback If your organization has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}", two additional options are displayed: diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents.md index 7d19226925d6..8e6ff5352fea 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents.md @@ -1,6 +1,6 @@ --- title: Preparing to use custom agents in your organization -intro: 'Configure the repository that will contain {% data variables.copilot.custom_agents_short %} for your organization.' +intro: 'Configure the repository that stores {% data variables.copilot.custom_agents_short %} for your organization.' permissions: Organization owners versions: feature: copilot @@ -8,28 +8,31 @@ topics: - Copilot shortTitle: Prepare for custom agents contentType: how-tos +category: + - Configure Copilot + - Manage Copilot for a team --- {% data reusables.copilot.custom-agents-preview-note %} ## Prerequisites -Before following this article, you should understand what {% data variables.copilot.copilot_custom_agents %} are and how they work. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). +You should understand what {% data variables.copilot.copilot_custom_agents %} are and how they work. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). + +> [!NOTE] +> If your organization is part of an enterprise, enterprise owners can configure a ruleset that restricts {% data variables.copilot.custom_agents_short %}. Contact your enterprise owners to check whether you can create and manage organization-level {% data variables.copilot.custom_agents_short %}. ## Preparing your organization for {% data variables.copilot.custom_agents_short %} -> [!NOTE] -> If your organization is part of an enterprise, your enterprise owners can configure a ruleset that restricts the creation and management of organization-level {% data variables.copilot.custom_agents_short %}. To understand the availability of {% data variables.copilot.custom_agents_short %} in your organization, contact your enterprise owners. - -1. Start creating your {% data variables.copilot.copilot_custom_agent_short %} repository using [{% data variables.product.github %}'s template repository](https://github.com/docs/custom-agents-template?ref_product=copilot&ref_type=engagement&ref_style=text). The template repository contains a starter README and the necessary file structure to speed up your configuration. -1. Select the **Choose an owner** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click your organization. -1. Name the repository `.github-private`, then write a brief description. -1. Select the visibility dropdown menu, then choose one of the following options: - * To grant **read access to all members** of your organization or enterprise, click {% octicon "organization" aria-hidden="true" aria-label="organization" %} **Internal**. - * To **manually grant access after creation**, or if internal visibility is not an option, click {% octicon "lock" aria-hidden="true" aria-label="lock" %} **Private**. +1. Create your {% data variables.copilot.copilot_custom_agent_short %} repository using [{% data variables.product.github %}'s template repository](https://github.com/docs/custom-agents-template?ref_product=copilot&ref_type=engagement&ref_style=text). The template includes a README and the file structure you need. +1. In the **Choose an owner** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, choose your organization. +1. Name the repository `.github-private` and write a brief description. +1. In the visibility dropdown menu, choose one of the following options: + * Click {% octicon "organization" aria-hidden="true" aria-label="organization" %} **Internal** to grant read access to all members of your organization or enterprise. + * Click {% octicon "lock" aria-hidden="true" aria-label="lock" %} **Private** to manually grant access after creation or if internal visibility is not an option. {% data reusables.repositories.create-repo %} -1. Update the template README as needed. Consider including creation guidelines for {% data variables.copilot.custom_agents_short %} or compliance considerations specific to your organization. +1. Update the template README. Include any creation guidelines for {% data variables.copilot.custom_agents_short %} or compliance considerations specific to your organization. ## Next steps -To implement {% data variables.copilot.custom_agents_short %} in your organization, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents). +To trial {% data variables.copilot.custom_agents_short %}, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents). diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md index 02dbed0d6bd4..823400a77ede 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md @@ -8,6 +8,9 @@ topics: - Copilot contentType: how-tos allowTitleToDifferFromFilename: true +category: + - Configure Copilot + - Manage Copilot for a team --- {% data reusables.copilot.byok-intro %} diff --git a/content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-registry.md b/content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-registry.md index b4e4f8428580..a608f664e577 100644 --- a/content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-registry.md +++ b/content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-registry.md @@ -10,6 +10,9 @@ topics: - Enterprise shortTitle: Configure MCP registry contentType: how-tos +category: + - Configure Copilot + - Manage Copilot for a team --- ## Prerequisites @@ -48,9 +51,9 @@ While the MCP registry launched using the v0 specification, that version is now | {% data variables.product.prodname_vscode_shortname %} Insiders | {% octicon "check" aria-label="Supported" %} | | {% data variables.product.prodname_vscode_shortname %} | {% octicon "check" aria-label="Supported" %} | | {% data variables.product.prodname_vs %} | {% octicon "check" aria-label="Supported" %} | -| Eclipse | Coming Dec 2025 | -| JetBrains IDEs | Coming Dec 2025 | -| Xcode | Coming Dec 2025 | +| Eclipse | {% octicon "check" aria-label="Supported" %} | +| JetBrains IDEs | {% octicon "check" aria-label="Supported" %} | +| Xcode | {% octicon "check" aria-label="Supported" %} | ### Cross-Origin Resource Sharing requirements diff --git a/content/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot.md b/content/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot.md index 07772924277a..ad47be253bd7 100644 --- a/content/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot.md +++ b/content/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot.md @@ -33,7 +33,7 @@ category: You can use your repository settings to specify content in your repository that {% data variables.product.prodname_copilot %} should ignore. > [!NOTE] -> {% data variables.copilot.copilot_cli %}, {% data variables.copilot.copilot_coding_agent %}, and Agent mode in {% data variables.copilot.copilot_chat_short %} in IDEs, do not support content exclusion. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent) and [AUTOTITLE](/copilot/how-tos/chat-with-copilot/chat-in-ide). +> {% data variables.copilot.copilot_cli %}, {% data variables.copilot.copilot_coding_agent %}, and Agent mode in {% data variables.copilot.copilot_chat_short %} in IDEs, do not support content exclusion. For more information about these {% data variables.product.prodname_copilot_short %} features, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli), [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent), and [AUTOTITLE](/copilot/how-tos/chat-with-copilot/chat-in-ide). {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} diff --git a/content/copilot/how-tos/configure-custom-instructions/add-personal-instructions.md b/content/copilot/how-tos/configure-custom-instructions/add-personal-instructions.md index fcf188eec351..bf666e075ae2 100644 --- a/content/copilot/how-tos/configure-custom-instructions/add-personal-instructions.md +++ b/content/copilot/how-tos/configure-custom-instructions/add-personal-instructions.md @@ -17,13 +17,16 @@ category: {% data reusables.copilot.personal-instructions-note %} -For an overview of the methods you can use to customize {% data variables.copilot.copilot_chat %} responses, see [AUTOTITLE](/copilot/concepts/about-customizing-github-copilot-chat-responses?tool=webui). +You can customize {% data variables.copilot.copilot_chat %} responses in several ways. For an overview, see [AUTOTITLE](/copilot/concepts/about-customizing-github-copilot-chat-responses?tool=webui). -## About personal custom instructions for {% data variables.copilot.copilot_chat %} +## About personal custom instructions for {% data variables.copilot.copilot_chat_short %} + +Add custom instructions to receive personalized chat responses. Your instructions apply to all your conversations on the {% data variables.product.github %} website. Custom instructions let you specify preferences such as your preferred language or response style. + +Examples of instructions you can add: -You can add custom instructions for {% data variables.copilot.copilot_chat %} in order to receive chat responses that are customized to your personal preferences, across your conversations on the {% data variables.product.github %} website. For example, you can choose to always have {% data variables.copilot.copilot_chat_short %} respond in a preferred language or with a particular style. Some examples of instructions you could add are: * `Always respond in Spanish.` -* `Your style is a helpful colleague, minimize explanations but provide enough context to understand the code.` +* `Use a helpful, collegial tone. Keep explanations brief, but provide enough context to understand the code.` * `Always provide examples in TypeScript.` > [!NOTE] @@ -32,15 +35,20 @@ You can add custom instructions for {% data variables.copilot.copilot_chat %} in ## Adding personal custom instructions -You can add personal custom instructions in {% data variables.copilot.copilot_chat_short %} in {% data variables.product.github %}. +To add personal custom instructions in {% data variables.copilot.copilot_chat_short %} on {% data variables.product.github %}: 1. Open [{% data variables.copilot.copilot_chat_short %}](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text). -1. In the bottom left corner, click your profile picture, then click **{% octicon "note" aria-hidden="true" aria-label="note" %} Personal instructions**. +1. In the bottom left corner, click your profile picture. Then click **{% octicon "note" aria-hidden="true" aria-label="note" %} Personal instructions**. 1. Add natural language instructions to the text box. + + Use any format. For example, a single block of text, each instruction on a new line, or instructions separated by blank lines. + +1. Optionally, use a template for common instructions. Click {% octicon "light-bulb" aria-label="The light-bulb icon" %} and select a template. + + When you select a template, placeholder text appears. Replace placeholders like `{format}` with your preferences. +1. Click **Save**. - You can write your instructions in any format you prefer. For example, you can write them as a single block of text, each on a new line, or separated by blank lines. -1. Optionally, click {% octicon "light-bulb" aria-label="The light-bulb icon" %} to view templates you can use for common instructions. If you click on one of the boxes, such as "Communication", instructions will be added to the text box with placeholders, such as `{format}` that you can replace with your preferences. -1. Click **Save**. Your instructions are now active, and will stay active until you change or remove them. +Your instructions are now active. They will remain active until you change or remove them. {% note %} diff --git a/content/copilot/how-tos/configure-custom-instructions/add-repository-instructions.md b/content/copilot/how-tos/configure-custom-instructions/add-repository-instructions.md index 785d8df97a86..ddf2b4549795 100644 --- a/content/copilot/how-tos/configure-custom-instructions/add-repository-instructions.md +++ b/content/copilot/how-tos/configure-custom-instructions/add-repository-instructions.md @@ -17,6 +17,8 @@ category: - Configure Copilot --- + + {% webui %} This version of this article is for using repository custom instructions on the {% data variables.product.github %} website. Click the tabs above for information on using custom instructions in other environments. @@ -25,293 +27,10 @@ This version of this article is for using repository custom instructions on the {% data reusables.copilot.repository-custom-instructions-prerequisites %} -{% endwebui %} - -{% vscode %} - -This version of this article is for using repository custom instructions and prompt files in {% data variables.product.prodname_vscode_shortname %}. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-about %} - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endvscode %} - -{% visualstudio %} - -This version of this article is for using repository custom instructions and prompt files in {% data variables.product.prodname_vs %}. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-about %} - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endvisualstudio %} - -{% jetbrains %} - -This version of this article is for using repository custom instructions in JetBrains IDEs. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-about %} - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endjetbrains %} - -{% xcode %} - -This version of this article is for using repository custom instructions in Xcode. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-about %} - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endxcode %} - -{% copilotcli %} - -This version of this article is for using repository custom instructions with the {% data variables.product.prodname_copilot %} CLI. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endcopilotcli %} - -{% eclipse %} - -> [!NOTE] This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. - -This version of this article is for using repository custom instructions in Eclipse. Click the tabs above for instructions on using custom instructions in other environments. - -{% data reusables.copilot.repository-custom-instructions-about %} - -{% data reusables.copilot.repository-custom-instructions-prerequisites %} - -{% endeclipse %} - -{% webui %} - -* Your personal choice of whether to use custom instructions must be set to enabled. This is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-repository-custom-instructions) later in this article. - -{% endwebui %} - -{% vscode %} - -* Custom instructions must be enabled. This feature is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-repository-custom-instructions-1) later in this article. - -{% endvscode %} - -{% visualstudio %} - -* The **Enable custom instructions...** option must be enabled in your settings. This is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-repository-custom-instructions-1) later in this article. - -{% endvisualstudio %} - -{% jetbrains %} - -* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in your JetBrains IDE. - -{% endjetbrains %} - -{% xcode %} - -* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in Xcode. - -{% endxcode %} - -{% eclipse %} - -* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in Eclipse. - -{% endeclipse %} +* For {% data variables.copilot.copilot_code-review_short %}, your personal choice of whether to use custom instructions must be set to enabled. This is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-custom-instructions-for-copilot-code-review) later in this article. ## Creating custom instructions -{% jetbrains %} - -JetBrains IDEs support a single `.github/copilot-instructions.md` custom instructions file stored in the repository, and a locally stored `global-copilot-instructions.md` file. - -You can create the `.github/copilot-instructions.md` file in your repository using the {% data variables.product.prodname_copilot_short %} settings page, or you can create the file manually. - -Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -### Using the settings page - -{% data reusables.copilot.jetbrains-settings %} -{% data reusables.copilot.jetbrains-tools %} -1. Under "{% data variables.product.prodname_copilot_short %} Instructions", click **Workspace** or **Global** to choose whether the custom instructions apply to the current workspace or all workspaces. - -### Manually creating a workspace custom instructions file - -1. In the root of your repository, create a file named `.github/copilot-instructions.md`. - - Create the `.github` directory if it does not already exist. - -1. Add natural language instructions to the file, in Markdown format. - -Once saved, these instructions will apply to the current workspace in JetBrains IDEs that you open with {% data variables.product.prodname_copilot_short %} enabled. - -### Manually creating a global custom instructions file - -To apply the same instructions across all workspaces in JetBrains IDEs, you can create a global custom instructions file on your local machine. - -1. Open your file explorer or terminal. -1. Navigate to the appropriate location for your operating system: - - * **macOS**: - `/Users/YOUR-USERNAME/.config/github-copilot/intellij/` - * **Windows**: - `C:\Users\YOUR-USERNAME\AppData\Local\github-copilot\intellij\` - -1. Create a file named `global-copilot-instructions.md` in that directory. -1. Add your custom instructions in natural language, using Markdown format. - -Once saved, these instructions will apply globally across all workspaces in JetBrains IDEs that you open with {% data variables.product.prodname_copilot_short %} enabled. - -{% endjetbrains %} - -{% xcode %} - -Xcode supports a single `.github/copilot-instructions.md` custom instructions file stored in the repository. - -You can create a custom instructions file in your repository via the {% data variables.product.prodname_copilot_short %} settings page. - -Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -1. Open the {% data variables.product.prodname_copilot %} for Xcode application. -1. At the top of the application window, under **Settings**, click **Advanced**. -1. To the right of "Custom Instructions", click **Current Workspace** or **Global** to choose whether the custom instructions apply to the current workspace or all workspaces. - -{% endxcode %} - -{% eclipse %} - -Eclipse supports two types of repository custom instructions: workspace and project custom instructions. - -To create a workspace custom instructions file, you can use the {% data variables.product.prodname_copilot_short %} settings page. To create a project custom instructions file, you can create the file manually in the project directory. - -Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -### Creating a workspace custom instructions file - -1. To open the {% data variables.copilot.copilot_chat_short %} panel, click the {% data variables.product.prodname_copilot_short %} icon ({% octicon "copilot" aria-hidden="true" aria-label="copilot" %}) in the status bar at the bottom of Eclipse. -1. From the menu, select "Edit preferences". -1. In the left pane, expand {% data variables.product.prodname_copilot %} and click **Custom Instructions**. -1. Select **Enable workspace instructions**. -1. In the "Workspace" section, under "Set custom instructions to guide {% data variables.product.prodname_copilot_short %}'s code suggestions in this workspace", add natural language instructions to the file, in Markdown format. - -### Creating a project custom instructions file - -1. In the root of your project directory, create a file named `.github/copilot-instructions.md`. -1. Add your custom instructions in natural language, using Markdown format. - -Once saved, these instructions will apply to the current project in Eclipse that you open with {% data variables.product.prodname_copilot_short %} enabled. - -{% endeclipse %} - -{% copilotcli %} - -{% data variables.product.prodname_copilot %} supports three types of repository custom instructions. - -* **Repository-wide custom instructions**, which apply to all requests made in the context of a repository. - - These are specified in a `copilot-instructions.md` file in the `.github` directory of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions). - -* **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. - - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions). - - If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. You should avoid potential conflicts between instructions as {% data variables.product.prodname_copilot_short %}'s choice between conflicting instructions is non-deterministic. - -* **Agent instructions** are used by AI agents. - - {% data reusables.copilot.custom-instructions-agents %} - - Alternatively, you can use a single `CLAUDE.md` or `GEMINI.md` file stored in the root of the repository. - -## Creating repository-wide custom instructions - -1. In the root of your repository, create a file named `.github/copilot-instructions.md`. - - Create the `.github` directory if it does not already exist. - -1. Add natural language instructions to the file, in Markdown format. - - Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -## Creating path-specific custom instructions - -{% data reusables.copilot.custom-instructions-path %} - -{% endcopilotcli %} - -{% vscode %} - -{% data variables.product.prodname_vscode_shortname %} supports three types of repository custom instructions. For details of which {% data variables.product.prodname_copilot %} features support these types of instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=vscode#support-for-repository-custom-instructions-1). - -* **Repository-wide custom instructions**, which apply to all requests made in the context of a repository. - - These are specified in a `copilot-instructions.md` file in the `.github` directory of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions-1). - -* **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. - - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-1). - - If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. - -* **Agent instructions** are used by AI agents. - - {% data reusables.copilot.custom-instructions-agents %} - - > [!NOTE] - > Support of `AGENTS.md` files outside of the workspace root is currently turned off by default. For details of how to enable this feature, see [Use custom instructions in VS Code](https://code.visualstudio.com/docs/copilot/customization/custom-instructions#_use-an-agentsmd-file) in the {% data variables.product.prodname_vscode_shortname %} documentation. - -## Creating repository-wide custom instructions - -1. In the root of your repository, create a file named `.github/copilot-instructions.md`. - - Create the `.github` directory if it does not already exist. - -1. Add natural language instructions to the file, in Markdown format. - - Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -## Creating path-specific custom instructions - -{% data reusables.copilot.custom-instructions-path %} - -{% endvscode %} - -{% visualstudio %} - -{% data variables.product.prodname_vs %} supports two types of custom instructions. For details of which {% data variables.product.prodname_copilot %} features support these types of instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=visualstudio#support-for-repository-custom-instructions-2). - -* **Repository-wide custom instructions**, which apply to all requests made in the context of a repository. - - These are specified in a `copilot-instructions.md` file in the `.github` directory of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions-2). - -* **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. - - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-2). - - If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. - -## Creating repository-wide custom instructions - -1. In the root of your repository, create a file named `.github/copilot-instructions.md`. - - Create the `.github` directory if it does not already exist. - -1. Add natural language instructions to the file, in Markdown format. - - Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. - -## Creating path-specific custom instructions - -{% data reusables.copilot.custom-instructions-path %} - -{% endvisualstudio %} - -{% webui %} - {% data variables.product.prodname_copilot_short %} on {% data variables.product.github %} supports three types of repository custom instructions. For details of which {% data variables.product.prodname_copilot %} features support these types of instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=webui#support-for-repository-custom-instructions). * **Repository-wide custom instructions** apply to all requests made in the context of a repository. @@ -320,7 +39,7 @@ Once saved, these instructions will apply to the current project in Eclipse that * **Path-specific custom instructions** apply to requests made in the context of files that match a specified path. - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-2). + These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-2). If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. @@ -341,8 +60,7 @@ You can create your own custom instructions file from scratch. See [Writing your You can also reach this page by clicking the **{% octicon "copilot" aria-label="Copilot icon" %}** button next to the search bar on any page on {% data variables.product.github %}, then selecting **Agents** from the sidebar. 1. Using the dropdown menu in the prompt field, select the repository you want {% data variables.product.prodname_copilot_short %} to generate custom instructions for. - -1. Copy the following prompt, customizing it if needed: +1. Copy the following prompt and paste it into the prompt field, customizing it if needed: ```markdown copy Your task is to "onboard" this repository to Copilot coding agent by adding a .github/copilot-instructions.md file in the repository that contains information describing how a coding agent seeing it for the first time can work most efficiently. @@ -376,7 +94,7 @@ You can create your own custom instructions file from scratch. See [Writing your - For each of bootstrap, build, test, run, lint, and any other scripted step, document the sequence of steps to take to run it successfully as well as the versions of any runtime or build tools used. - Each command should be validated by running it to ensure that it works correctly as well as any preconditions and postconditions. - - Try cleaning the repo and environment and running commands in different orders and document errors and and misbehavior observed as well as any steps used to mitigate the problem. + - Try cleaning the repo and environment and running commands in different orders and document errors and misbehavior observed as well as any steps used to mitigate the problem. - Run the tests and document the order of steps required to run the tests. - Make a change to the codebase. Document any unexpected build issues as well as the workarounds. - Document environment setup steps that seem optional but that you have validated are actually required. @@ -419,11 +137,99 @@ You can create your own custom instructions file from scratch. See [Writing your - Document any errors encountered as well as the steps taken to work-around them. -1. Click **Send now** or press Return. +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. + +{% data variables.product.prodname_copilot_short %} will start a new session, which will appear in the list below the prompt box. {% data variables.product.prodname_copilot_short %} will create a draft pull request, write your custom instructions, push them to the branch, then add you as a reviewer when it has finished, triggering a notification. + +### Writing your own `copilot-instructions.md` file + +1. In the root of your repository, create a file named `.github/copilot-instructions.md`. + + Create the `.github` directory if it does not already exist. + +1. Add natural language instructions to the file, in Markdown format. + + Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. + +> [!TIP] +> The first time you create a pull request in a given repository with {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot_short %} will leave a comment with a link to automatically generate custom instructions for the repository. + +## Creating path-specific custom instructions + +> [!NOTE] +> Currently, on {% data variables.product.prodname_dotcom_the_website %}, path-specific custom instructions are only supported for {% data variables.copilot.copilot_coding_agent %} and {% data variables.copilot.copilot_code-review_short %}. + +{% data reusables.copilot.custom-instructions-path %} + +{% data reusables.copilot.custom-instructions-note %} + +In {% data variables.copilot.copilot_chat_short %} ([github.com/copilot](https://github.com/copilot)), you can start a conversation that uses repository custom instructions by adding, as an attachment, the repository that contains the instructions file. + +Whenever repository custom instructions are used by {% data variables.copilot.copilot_chat_short %}, the instructions file is added as a reference for the response that's generated. To find out whether repository custom instructions were used, expand the list of references at the top of a chat response in the Chat panel and check whether the `.github/copilot-instructions.md` file is listed. + +![Screenshot of an expanded References list, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instructions-ref-in-github.png) + +You can click the reference to open the file. + +> [!NOTE] +> * {% data reusables.copilot.custom-instructions-chat-precedence %} +> * {% data reusables.copilot.custom-instructions-conflict %} + +## Enabling or disabling custom instructions for {% data variables.copilot.copilot_code-review_short %} + +Custom instructions are enabled for {% data variables.copilot.copilot_code-review_short %} by default but you can disable, or re-enable, them in the repository settings on {% data variables.product.prodname_dotcom_the_website %}. This applies to {% data variables.product.prodname_copilot_short %}'s use of custom instructions for all code reviews it performs in this repository. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +1. In the "Code & automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, then **Code review**. +1. Toggle the “Use custom instructions when reviewing pull requests” option on or off. + +## Further reading + +* [AUTOTITLE](/copilot/reference/custom-instructions-support) +* [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) + +{% endwebui %} + + + + + +{% vscode %} + +This version of this article is for using repository custom instructions and prompt files in {% data variables.product.prodname_vscode_shortname %}. Click the tabs above for instructions on using custom instructions in other environments. + +{% data reusables.copilot.repository-custom-instructions-about %} + +{% data reusables.copilot.repository-custom-instructions-prerequisites %} + +* Custom instructions must be enabled. This feature is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-repository-custom-instructions-1) later in this article. + +## Creating custom instructions + +{% vscode %} + +{% data variables.product.prodname_vscode_shortname %} supports three types of repository custom instructions. For details of which {% data variables.product.prodname_copilot %} features support these types of instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=vscode#support-for-repository-custom-instructions-1). + +* **Repository-wide custom instructions**, which apply to all requests made in the context of a repository. + + These are specified in a `copilot-instructions.md` file in the `.github` directory of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions-1). + +* **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. + + These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-1). -{% data variables.product.prodname_copilot_short %} will start a new session, which will appear in the list below the prompt box. {% data variables.product.prodname_copilot_short %} will create a draft pull request, write your custom instructions, push them to the branch, then add you as a reviewer when it has finished, triggering a notification. + If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. -### Writing your own `copilot-instructions.md` file +* **Agent instructions** are used by AI agents. + + {% data reusables.copilot.custom-instructions-agents %} + + > [!NOTE] + > Support of `AGENTS.md` files outside of the workspace root is currently turned off by default. For details of how to enable this feature, see [Use custom instructions in VS Code](https://code.visualstudio.com/docs/copilot/customization/custom-instructions#_use-an-agentsmd-file) in the {% data variables.product.prodname_vscode_shortname %} documentation. + +## Creating repository-wide custom instructions 1. In the root of your repository, create a file named `.github/copilot-instructions.md`. @@ -433,108 +239,117 @@ You can create your own custom instructions file from scratch. See [Writing your Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. -> [!TIP] -> The first time you create a pull request in a given repository with {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot_short %} will leave a comment with a link to automatically generate custom instructions for the repository. - ## Creating path-specific custom instructions -> [!NOTE] -> Currently, on {% data variables.product.prodname_dotcom_the_website %}, path-specific custom instructions are only supported for {% data variables.copilot.copilot_coding_agent %} and {% data variables.copilot.copilot_code-review_short %}. - {% data reusables.copilot.custom-instructions-path %} -{% endwebui %} +{% endvscode %} -{% note %} +{% data reusables.copilot.custom-instructions-note %} -Did you successfully add a custom instructions file to your repository? +{% data reusables.copilot.custom-instructions-reference %} -Yes No +![Screenshot of an expanded References list, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instructions-vscode.png) -{% endnote %} +{% data reusables.copilot.custom-instructions-enabling %} -## Repository custom instructions in use +1. Open the Setting editor by using the keyboard shortcut Command+, (Mac) / Ctrl+, (Linux/Windows). +1. Type `instruction file` in the search box. +1. Select or clear the checkbox under **Code Generation: Use Instruction Files**. -The instructions in the file(s) are available for use by {% data variables.product.prodname_copilot_short %} as soon as you save the file(s). The complete set of instructions will be automatically added to requests that you submit to {% data variables.product.prodname_copilot_short %} in the context of that repository. For example, they are added to the prompt you submit to {% data variables.copilot.copilot_chat_short %}. +{% data reusables.copilot.custom-instructions-enabling-for-ccr %} -{% webui %} +## Enabling and using prompt files -In {% data variables.copilot.copilot_chat_short %} ([github.com/copilot](https://github.com/copilot)), you can start a conversation that uses repository custom instructions by adding, as an attachment, the repository that contains the instructions file. +{% data reusables.copilot.prompt-files-preview-note %} -Whenever repository custom instructions are used by {% data variables.copilot.copilot_chat_short %}, the instructions file is added as a reference for the response that's generated. To find out whether repository custom instructions were used, expand the list of references at the top of a chat response in the Chat panel and check whether the `.github/copilot-instructions.md` file is listed. +Prompt files let you build and share reusable prompt instructions with additional context. A prompt file is a Markdown file, stored in your workspace, that mimics the existing format of writing prompts in {% data variables.copilot.copilot_chat_short %} (for example, `Rewrite #file:x.ts`). You can have multiple prompt files in your workspace, each of which defines a prompt for a different purpose. -![Screenshot of an expanded References list, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instructions-ref-in-github.png) +### Enabling prompt files -You can click the reference to open the file. +To enable prompt files, configure the workspace settings. -> [!NOTE] -> * {% data reusables.copilot.custom-instructions-chat-precedence %} -> * {% data reusables.copilot.custom-instructions-conflict %} +1. Open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). +1. Type "Open Workspace Settings (JSON)" and select the option that's displayed. +1. In the `settings.json` file, add `"chat.promptFiles": true` to enable the `.github/prompts` folder as the location for prompt files. This folder will be created if it does not already exist. -{% endwebui %} +### Creating prompt files -{% vscode %} +1. Open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). +1. Type "prompt" and select **Chat: Create Prompt**. +1. Enter a name for the prompt file, excluding the `.prompt.md` file name extension. The name can contain alphanumeric characters and spaces and should describe the purpose of the prompt information the file will contain. +1. Write the prompt instructions, using Markdown formatting. -{% data reusables.copilot.custom-instructions-reference %} + You can reference other files in the workspace by using Markdown links—for example, `[index](../../web/index.ts)`—or by using the `#file:../../web/index.ts` syntax. Paths are relative to the prompt file. Referencing other files allows you to provide additional context, such as API specifications or product documentation. -![Screenshot of an expanded References list, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instructions-vscode.png) +### Using prompt files -{% endvscode %} +1. At the bottom of the {% data variables.copilot.copilot_chat_short %} view, click the **Attach context** icon ({% octicon "paperclip" aria-hidden="true" aria-label="paperclip" %}). +1. In the dropdown menu, click **Prompt...** and choose the prompt file you want to use. +1. Optionally, attach additional files, including prompt files, to provide more context. +1. Optionally, type additional information in the chat prompt box. -{% visualstudio %} + Whether you need to do this or not depends on the contents of the prompt you are using. -{% data reusables.copilot.custom-instructions-reference %} +1. Submit the chat prompt. -![Screenshot of the References popup, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instruction-ref-visual-studio.png) +For more information about prompt files, see [Use prompt files in {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/copilot/customization/prompt-files) in the {% data variables.product.prodname_vscode %} documentation. -{% endvisualstudio %} +## Further reading -{% jetbrains %} +* [AUTOTITLE](/copilot/reference/custom-instructions-support) +* [AUTOTITLE](/copilot/tutorials/customization-library)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) -{% data reusables.copilot.custom-instructions-reference %} +{% endvscode %} -{% endjetbrains %} + -{% xcode %} + -{% data reusables.copilot.custom-instructions-reference %} +{% visualstudio %} -## Further reading +This version of this article is for using repository custom instructions and prompt files in {% data variables.product.prodname_vs %}. Click the tabs above for instructions on using custom instructions in other environments. -* [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples +{% data reusables.copilot.repository-custom-instructions-about %} -{% endxcode %} +{% data reusables.copilot.repository-custom-instructions-prerequisites %} -{% webui %} +* The **Enable custom instructions...** option must be enabled in your settings. This is enabled by default. See [Enabling or disabling repository custom instructions](#enabling-or-disabling-repository-custom-instructions-1) later in this article. -## Enabling or disabling custom instructions for {% data variables.copilot.copilot_code-review_short %} +## Creating custom instructions -Custom instructions are enabled for {% data variables.copilot.copilot_code-review_short %} by default but you can disable, or re-enable, them in the repository settings on {% data variables.product.prodname_dotcom_the_website %}. This applies to {% data variables.product.prodname_copilot_short %}'s use of custom instructions for all code reviews it performs in this repository. +{% data variables.product.prodname_vs %} supports two types of custom instructions. For details of which {% data variables.product.prodname_copilot %} features support these types of instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=visualstudio#support-for-repository-custom-instructions-2). -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -1. In the "Code & automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, then **Code review**. -1. Toggle the “Use custom instructions when reviewing pull requests” option on or off. +* **Repository-wide custom instructions**, which apply to all requests made in the context of a repository. -## Further reading + These are specified in a `copilot-instructions.md` file in the `.github` directory of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions-2). -* [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples +* **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. -{% endwebui %} + These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory in the repository. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions-2). -{% vscode %} + If the path you specify matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. -{% data reusables.copilot.custom-instructions-enabling %} +## Creating repository-wide custom instructions -1. Open the Setting editor by using the keyboard shortcut Command+, (Mac) / Ctrl+, (Linux/Windows). -1. Type `instruction file` in the search box. -1. Select or clear the checkbox under **Code Generation: Use Instruction Files**. +1. In the root of your repository, create a file named `.github/copilot-instructions.md`. -{% data reusables.copilot.custom-instructions-enabling-for-ccr %} + Create the `.github` directory if it does not already exist. -{% endvscode %} +1. Add natural language instructions to the file, in Markdown format. -{% visualstudio %} + Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. + +## Creating path-specific custom instructions + +{% data reusables.copilot.custom-instructions-path %} + +{% data reusables.copilot.custom-instructions-note %} + +{% data reusables.copilot.custom-instructions-reference %} + +![Screenshot of the References popup, showing the 'copilot-instructions.md' file highlighted with a dark orange outline.](/assets/images/help/copilot/custom-instruction-ref-visual-studio.png) {% data reusables.copilot.custom-instructions-enabling %} @@ -566,55 +381,70 @@ For more information about prompt files, see [Use prompt files in {% data variab ## Further reading +* [AUTOTITLE](/copilot/reference/custom-instructions-support) * [AUTOTITLE](/copilot/tutorials/customization-library)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) {% endvisualstudio %} -{% vscode %} + -## Enabling and using prompt files + -{% data reusables.copilot.prompt-files-preview-note %} +{% jetbrains %} -Prompt files let you build and share reusable prompt instructions with additional context. A prompt file is a Markdown file, stored in your workspace, that mimics the existing format of writing prompts in {% data variables.copilot.copilot_chat_short %} (for example, `Rewrite #file:x.ts`). You can have multiple prompt files in your workspace, each of which defines a prompt for a different purpose. +This version of this article is for using repository custom instructions in JetBrains IDEs. Click the tabs above for instructions on using custom instructions in other environments. -### Enabling prompt files +{% data reusables.copilot.repository-custom-instructions-about %} -To enable prompt files, configure the workspace settings. +{% data reusables.copilot.repository-custom-instructions-prerequisites %} -1. Open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). -1. Type "Open Workspace Settings (JSON)" and select the option that's displayed. -1. In the `settings.json` file, add `"chat.promptFiles": true` to enable the `.github/prompts` folder as the location for prompt files. This folder will be created if it does not already exist. +* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in your JetBrains IDE. -### Creating prompt files +## Creating custom instructions -1. Open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). -1. Type "prompt" and select **Chat: Create Prompt**. -1. Enter a name for the prompt file, excluding the `.prompt.md` file name extension. The name can contain alphanumeric characters and spaces and should describe the purpose of the prompt information the file will contain. -1. Write the prompt instructions, using Markdown formatting. +JetBrains IDEs support a single `.github/copilot-instructions.md` custom instructions file stored in the repository, and a locally stored `global-copilot-instructions.md` file. - You can reference other files in the workspace by using Markdown links—for example, `[index](../../web/index.ts)`—or by using the `#file:../../web/index.ts` syntax. Paths are relative to the prompt file. Referencing other files allows you to provide additional context, such as API specifications or product documentation. +You can create the `.github/copilot-instructions.md` file in your repository using the {% data variables.product.prodname_copilot_short %} settings page, or you can create the file manually. -### Using prompt files +Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. -1. At the bottom of the {% data variables.copilot.copilot_chat_short %} view, click the **Attach context** icon ({% octicon "paperclip" aria-hidden="true" aria-label="paperclip" %}). -1. In the dropdown menu, click **Prompt...** and choose the prompt file you want to use. -1. Optionally, attach additional files, including prompt files, to provide more context. -1. Optionally, type additional information in the chat prompt box. +### Using the settings page - Whether you need to do this or not depends on the contents of the prompt you are using. +{% data reusables.copilot.jetbrains-settings %} +{% data reusables.copilot.jetbrains-tools %} +1. Under "{% data variables.product.prodname_copilot_short %} Instructions", click **Workspace** or **Global** to choose whether the custom instructions apply to the current workspace or all workspaces. -1. Submit the chat prompt. +### Manually creating a workspace custom instructions file -For more information about prompt files, see [Use prompt files in {% data variables.product.prodname_vscode %}](https://code.visualstudio.com/docs/copilot/customization/prompt-files) in the {% data variables.product.prodname_vscode %} documentation. +1. In the root of your repository, create a file named `.github/copilot-instructions.md`. -## Further reading + Create the `.github` directory if it does not already exist. -* [AUTOTITLE](/copilot/tutorials/customization-library)—a curated collection of examples +1. Add natural language instructions to the file, in Markdown format. -{% endvscode %} +Once saved, these instructions will apply to the current workspace in JetBrains IDEs that you open with {% data variables.product.prodname_copilot_short %} enabled. -{% jetbrains %} +### Manually creating a global custom instructions file + +To apply the same instructions across all workspaces in JetBrains IDEs, you can create a global custom instructions file on your local machine. + +1. Open your file explorer or terminal. +1. Navigate to the appropriate location for your operating system: + + * **macOS**: + `/Users/YOUR-USERNAME/.config/github-copilot/intellij/` + * **Windows**: + `C:\Users\YOUR-USERNAME\AppData\Local\github-copilot\intellij\` + +1. Create a file named `global-copilot-instructions.md` in that directory. +1. Add your custom instructions in natural language, using Markdown format. + +Once saved, these instructions will apply globally across all workspaces in JetBrains IDEs that you open with {% data variables.product.prodname_copilot_short %} enabled. + +{% data reusables.copilot.custom-instructions-note %} + +{% data reusables.copilot.custom-instructions-reference %} ## Using prompt files @@ -654,23 +484,94 @@ Once prompt files are saved, their instructions will apply to the current worksp ## Further reading -* [AUTOTITLE](/copilot/tutorials/customization-library) +* [AUTOTITLE](/copilot/reference/custom-instructions-support) +* [AUTOTITLE](/copilot/tutorials/customization-library)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) {% endjetbrains %} -{% eclipse %} + + + + +{% xcode %} + +This version of this article is for using repository custom instructions in Xcode. Click the tabs above for instructions on using custom instructions in other environments. + +{% data reusables.copilot.repository-custom-instructions-about %} + +{% data reusables.copilot.repository-custom-instructions-prerequisites %} + +* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in Xcode. + +## Creating custom instructions + +Xcode supports a single `.github/copilot-instructions.md` custom instructions file stored in the repository. + +You can create a custom instructions file in your repository via the {% data variables.product.prodname_copilot_short %} settings page. + +Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. + +1. Open the {% data variables.product.prodname_copilot %} for Xcode application. +1. At the top of the application window, under **Settings**, click **Advanced**. +1. To the right of "Custom Instructions", click **Current Workspace** or **Global** to choose whether the custom instructions apply to the current workspace or all workspaces. + +{% data reusables.copilot.custom-instructions-note %} + +{% data reusables.copilot.custom-instructions-reference %} ## Further reading +* [AUTOTITLE](/copilot/reference/custom-instructions-support) * [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) -{% endeclipse %} +{% endxcode %} + + + + + +{% eclipse %} + +> [!NOTE] This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. + +This version of this article is for using repository custom instructions in Eclipse. Click the tabs above for instructions on using custom instructions in other environments. + +{% data reusables.copilot.repository-custom-instructions-about %} + +{% data reusables.copilot.repository-custom-instructions-prerequisites %} + +* The latest version of the {% data variables.product.prodname_copilot_short %} extension must be installed in Eclipse. + +## Creating custom instructions + +Eclipse supports two types of repository custom instructions: workspace and project custom instructions. + +To create a workspace custom instructions file, you can use the {% data variables.product.prodname_copilot_short %} settings page. To create a project custom instructions file, you can create the file manually in the project directory. + +Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. + +### Creating a workspace custom instructions file + +1. To open the {% data variables.copilot.copilot_chat_short %} panel, click the {% data variables.product.prodname_copilot_short %} icon ({% octicon "copilot" aria-hidden="true" aria-label="copilot" %}) in the status bar at the bottom of Eclipse. +1. From the menu, select "Edit preferences". +1. In the left pane, expand {% data variables.product.prodname_copilot %} and click **Custom Instructions**. +1. Select **Enable workspace instructions**. +1. In the "Workspace" section, under "Set custom instructions to guide {% data variables.product.prodname_copilot_short %}'s code suggestions in this workspace", add natural language instructions to the file, in Markdown format. + +### Creating a project custom instructions file + +1. In the root of your project directory, create a file named `.github/copilot-instructions.md`. +1. Add your custom instructions in natural language, using Markdown format. -{% copilotcli %} +Once saved, these instructions will apply to the current project in Eclipse that you open with {% data variables.product.prodname_copilot_short %} enabled. + +{% data reusables.copilot.custom-instructions-note %} ## Further reading -* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) +* [AUTOTITLE](/copilot/reference/custom-instructions-support) * [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples -{% endcopilotcli %} +{% endeclipse %} diff --git a/content/copilot/how-tos/copilot-cli/add-custom-instructions.md b/content/copilot/how-tos/copilot-cli/add-custom-instructions.md new file mode 100644 index 000000000000..5fa5baebfaaa --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/add-custom-instructions.md @@ -0,0 +1,83 @@ +--- +title: Adding custom instructions for Copilot CLI +shortTitle: Add custom instructions +intro: 'Create custom instructions files that give {% data variables.product.prodname_copilot_short %} additional context on how to understand your project and how to build, test and validate its changes.' +versions: + feature: copilot +topics: + - Copilot +redirect_from: + - /copilot/how-tos/copilot-cli/add-repository-instructions +contentType: how-tos +--- + +{% data variables.product.prodname_copilot %} can provide responses that are tailored to your personal preferences, the way your team works, the tools you use, or the specifics of your project, if you provide it with enough context to do so. Instead of repeatedly adding this contextual detail to your prompts, you can create custom instructions that automatically add this information for you. The additional information is not displayed, but is available to {% data variables.product.prodname_copilot_short %} to allow it to generate higher quality responses. + +## Types of custom instructions + +{% data variables.copilot.copilot_cli %} supports the following types of custom instructions. + +### Repository-wide custom instructions + +These apply to all requests made in the context of a repository. + +These are specified in a `copilot-instructions.md` file in the `.github` directory at the root of the repository. See [Creating repository-wide custom instructions](#creating-repository-wide-custom-instructions). + +### Path-specific custom instructions + +These apply to requests made in the context of files that match a specified path. + +These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory at the root of the repository, or within or below a `.github/instructions` directory in the current working directory. See [Creating path-specific custom instructions](#creating-path-specific-custom-instructions). + +If the path you specify in these instructions matches a file that {% data variables.product.prodname_copilot_short %} is working on, and a repository-wide custom instructions file also exists, then the instructions from both files are used. You should avoid potential conflicts between instructions as {% data variables.product.prodname_copilot_short %}'s choice between conflicting instructions is non-deterministic. + +### Agent instructions + +These are used by various AI agents. + +You can create one or more `AGENTS.md` files. These can be located in the repository's root directory, in the current working directory, or in any of the directories specified by a comma-separated list of paths in the `COPILOT_CUSTOM_INSTRUCTIONS_DIRS` environment variable. + +Instructions in the `AGENTS.md` file in the root directory, if found, are treated as primary instructions. If an `AGENTS.md` file and a `.github/copilot-instructions.md` file are both found at the root of the repository, the instructions in both files are used. + +Instructions found in other `AGENTS.md` files are treated as additional instructions. Any primary instructions that are found are likely to have more effect on {% data variables.product.prodname_copilot_short %}'s responses than additional instructions. + +For more information, see the [openai/agents.md repository](https://github.com/openai/agents.md). + +Alternatively, you can use `CLAUDE.md` and `GEMINI.md` files. These must be located at the root of the repository. + +### Local instructions + +These apply within a specific local environment. + +You can specify instructions within your own home directory, by creating a file at `$HOME/.copilot/copilot-instructions.md`. + +You can also set the `COPILOT_CUSTOM_INSTRUCTIONS_DIRS` environment variable to a comma-separated list of directories. {% data variables.copilot.copilot_cli_short %} will look for an `AGENTS.md` file, and any `.github/instructions/**/*.instructions.md` files, in each of these directories. + +## Creating repository-wide custom instructions + +1. In the root of your repository, create a file named `.github/copilot-instructions.md`. + + Create the `.github` directory if it does not already exist. + +1. Add natural language instructions to the file, in Markdown format. + + Whitespace between instructions is ignored, so the instructions can be written as a single paragraph, each on a new line, or separated by blank lines for legibility. + + For help on writing effective custom instructions, see [AUTOTITLE](/copilot/concepts/prompting/response-customization#writing-effective-custom-instructions). + +## Creating path-specific custom instructions + +{% data reusables.copilot.custom-instructions-path %} + +{% data reusables.copilot.custom-instructions-note %} + +{% data variables.copilot.copilot_cli_short %} caches instructions after they have been read. If you edit an instructions file, and you want to ensure that the changes are used, you must do one of the following: + +* Restart {% data variables.copilot.copilot_cli_short %}. +* Use `/resume SESSION-ID`. You can use the `/session` command to find the ID of the current session. + +## Further reading + +* [AUTOTITLE](/copilot/reference/custom-instructions-support) +* [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions)—a curated collection of examples +* [AUTOTITLE](/copilot/tutorials/use-custom-instructions) diff --git a/content/copilot/how-tos/copilot-cli/cli-best-practices.md b/content/copilot/how-tos/copilot-cli/cli-best-practices.md new file mode 100644 index 000000000000..7d1e5352f261 --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/cli-best-practices.md @@ -0,0 +1,484 @@ +--- +title: Best practices for GitHub Copilot CLI +shortTitle: Copilot CLI best practices +intro: 'Learn how to get the most out of {% data variables.copilot.copilot_cli %}.' +allowTitleToDifferFromFilename: true +versions: + feature: copilot +topics: + - Copilot +contentType: get-started +category: + - Learn about Copilot + - Author and optimize with Copilot +--- + +## Introduction + +{% data variables.copilot.copilot_cli %} is a terminal-native AI coding assistant that brings agentic capabilities directly to your command line. {% data variables.copilot.copilot_cli_short %} can operate like a chatbot, answering your questions, but its true power lies in its ability to work autonomously as your coding partner, allowing you to delegate tasks and oversee its work. + +This article provides tips for getting the most out of {% data variables.copilot.copilot_cli_short %}, from using the various CLI commands effectively to managing the CLI's access to files. Consider these tips as starting points, then experiment to find out what works best for your workflows. + +> [!NOTE] +> {% data variables.copilot.copilot_cli %} is continually evolving. Use the `/help` command to see the most up to date information. + +## 1. Customize your environment + +### Use custom instructions files + +{% data variables.copilot.copilot_cli_short %} automatically reads instructions from multiple locations, allowing you to define organization-wide standards and repository-specific conventions. + +**Supported locations (in order of discovery):** + +| Location | Scope | +|---------------------------------------------|-----------------------| +| `~/.copilot/copilot-instructions.md` | All sessions (global) | +| `.github/copilot-instructions.md` | Repository | +| `.github/instructions/**/*.instructions.md` | Repository (modular) | +| `AGENTS.md` (in Git root or cwd) | Repository | +| `{% data variables.product.prodname_copilot_short %}.md`, `GEMINI.md`, `CODEX.md` | Repository | + +#### Best practice + +Repository instructions **always take precedence** over global instructions. Use this to enforce team conventions. For example, this is a simple `.github/copilot-instructions.md` file. + +```markdown +## Build Commands +- `npm run build` - Build the project +- `npm run test` - Run all tests +- `npm run lint:fix` - Fix linting issues + +## Code Style +- Use TypeScript strict mode +- Prefer functional components over class components +- Always add JSDoc comments for public APIs + +## Workflow +- Run `npm run lint:fix && npm test` after making changes +- Commit messages follow conventional commits format +- Create feature branches from `main` +``` + +> [!TIP] +> Keep instructions concise and actionable. Lengthy instructions can dilute effectiveness. + +For more information, see [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=webui). + +### Configure allowed tools + +Manage which tools {% data variables.product.prodname_copilot_short %} can run without asking for permission. When {% data variables.product.prodname_copilot_short %} requests permission for an action, you can choose to **Allow once**, or **Always allow** to add the tool to your allowlist for this and future sessions. + +To reset previously approved tools, use: + +```copilot +/reset-allowed-tools +``` + +You can also preconfigure allowed tools via CLI flags: + +```bash +copilot --allow-tool 'shell(git:*)' --deny-tool 'shell(git push)' +``` + +**Common permission patterns:** + +* `shell(git:*)` — Allow all Git commands +* `shell(npm run:*)` — Allow all npm scripts +* `shell(npm run test:*)` — Allow npm test commands +* `write` — Allow file writes + +### Select your preferred model + +Use `/model` to choose from available models based on your task complexity: + +| Model | Best For | Tradeoffs | +| ----- | -------- | --------- | +| **Claude Opus 4.5** (default) | Complex architecture, difficult debugging, nuanced refactoring | Most capable but uses more [premium requests](/copilot/concepts/billing/copilot-requests#model-multipliers) | +| **Claude Sonnet 4.5** | Day-to-day coding, most routine tasks | Fast, cost-effective, handles most work well | +| **GPT-5.2 Codex** | Code generation, code review, straightforward implementations | Excellent for reviewing code produced by other models | + +**Recommendations:** + +* **Opus 4.5** is ideal for tasks requiring deep reasoning, complex system design, subtle bug investigation, or extensive context understanding. +* **Switch to Sonnet 4.5** for routine tasks where speed and cost efficiency matter—it handles the majority of everyday coding effectively. +* **Use Codex** for high-volume code generation and as a second opinion for reviewing code produced by other models. + +You can switch models mid-session with `/model` as task complexity changes. + +## 2. Plan before you code + +### Plan mode + +**Models achieve higher success rates when given a concrete plan to follow.** In plan mode, {% data variables.product.prodname_copilot_short %} will create a structured implementation plan before any code is written. + +Press Shift+Tab to toggle between normal mode and plan mode. In plan mode, all prompts you enter will trigger the plan workflow. + +Alternatively, you can use the `/plan` command in normal mode to achieve the same effect. + +**Example prompt (from normal mode):** + +```copilot +/plan Add OAuth2 authentication with Google and GitHub providers +``` + +**What happens:** + +* {% data variables.product.prodname_copilot_short %} analyzes your request and codebase. +* **Asks clarifying questions** to align on requirements and approach. +* Creates a structured implementation plan with checkboxes. +* Saves the plan to `plan.md` in your session folder. +* **Waits for your approval** before implementing. + +You can press Ctrl+y to view and edit the plan in your default editor for Markdown files. + +**Example plan output:** + +```markdown +# Implementation Plan: OAuth2 Authentication + +## Overview +Add social authentication using OAuth2 with Google and GitHub providers. + +## Tasks +- [ ] Install dependencies (passport, passport-google-oauth20, passport-github2) +- [ ] Create authentication routes in `/api/auth` +- [ ] Implement passport strategies for each provider +- [ ] Add session management middleware +- [ ] Create login/logout UI components +- [ ] Add environment variables for OAuth credentials +- [ ] Write integration tests + +## Detailed Steps +1. **Dependencies**: Add to package.json... +2. **Routes**: Create `/api/auth/google` and `/api/auth/github`... +``` + +### When to use plan mode + +| Scenario | Use plan mode? | +| ---------------------------------- | ------------ | +| Complex multi-file changes | {% octicon "check" aria-label="Yes" %} | +| Refactoring with many touch points | {% octicon "check" aria-label="Yes" %} | +| New feature implementation | {% octicon "check" aria-label="Yes" %} | +| Quick bug fixes | {% octicon "x" aria-label="No" %} | +| Single file changes | {% octicon "x" aria-label="No" %} | + +### The explore → plan → code → commit workflow + +For best results on complex tasks: + +* **Explore**: + + `Read the authentication files but don't write code yet` + +* **Plan**: + + `/plan Implement password reset flow` + +* **Review**: + + Check the plan, suggest modifications + +* **Implement**: + + `Proceed with the plan` + +* **Verify**: + + `Run the tests and fix any failures` + +* **Commit**: + + `Commit these changes with a descriptive message` + +## 3. Leverage infinite sessions + +### Automatic context window management + +{% data variables.copilot.copilot_cli_short %} features **infinite sessions**. You don't need to worry about running out of context. The system automatically manages context through intelligent compaction that summarizes conversation history while preserving essential information. + +**Session storage location:** + +```text +~/.copilot/session-state/{session-id}/ +├── events.jsonl # Full session history +├── workspace.yaml # Metadata +├── plan.md # Implementation plan (if created) +├── checkpoints/ # Compaction history +└── files/ # Persistent artifacts +``` + +> [!NOTE] +> If you ever need to manually trigger compaction, use `/compact`. This is rarely necessary since the system handles it automatically. + +### Session management commands + +To view information about the current CLI session, enter: + +```copilot +/session +``` + +To view a list of any session checkpoints, enter: + +```copilot +/session checkpoints +``` + +> [!NOTE] +> A checkpoint is created when session context is compacted, and allows you to view the summary context that {% data variables.product.prodname_copilot_short %} created. + +To view the details of a specific checkpoint, enter: + +```copilot +/session checkpoints NUMBER +``` + +where NUMBER specifies the checkpoint you want to display. + +To view any temporary files that have been created during the current session—for example, artifacts created by {% data variables.product.prodname_copilot_short %} that shouldn't be saved to the repository—enter: + +```copilot +/session files +``` + +To view the current plan (if {% data variables.product.prodname_copilot_short %} has generated one), enter: + +```copilot +/session plan +``` + +### Best practice: Keep sessions focused + +While infinite sessions allow long-running work, focused sessions produce better results: + +* Use `/clear` or `/new` between unrelated tasks. +* This resets context and improves response quality. +* Think of it like starting a fresh conversation with a colleague. + +### The `/context` command + +Visualize your current context usage with `/context`. It shows a breakdown of: + +* System/tools tokens +* Message history tokens +* Available free space +* Buffer allocation + +## 4. Delegate work effectively + +### The `/delegate` command + +**Offload work to run in the cloud using {% data variables.copilot.copilot_coding_agent %}.** This is particularly powerful for: + +* Tasks that can run asynchronously. +* Changes to other repositories. +* Long-running operations you don't want to wait for. + +**Example prompt:** + +```copilot +/delegate Add dark mode support to the settings page +``` + +**What happens:** + +* Your request is sent to {% data variables.copilot.copilot_coding_agent %}. +* The agent creates a pull request with the changes. +* You can continue working locally while the cloud agent works. + +### When to use `/delegate` + +| Use `/delegate` | Work locally | +|------------------------------|-------------------------| +| Tangential tasks | Core feature work | +| Documentation updates | Debugging | +| Refactoring separate modules | Interactive exploration | + +## 5. Common workflows + +### Codebase onboarding + +Use {% data variables.copilot.copilot_cli_short %} as your pair programming partner when joining a new project. For example, you could ask {% data variables.product.prodname_copilot_short %}: + +* `How is logging configured in this project?` +* `What's the pattern for adding a new API endpoint?` +* `Explain the authentication flow` +* `Where are the database migrations?` + +### Test-driven development + +Pair with {% data variables.copilot.copilot_cli_short %} to develop tests. + +* `Write failing tests for the user registration flow` +* *Review and approve the tests.* +* `Now implement code to make all tests pass` +* *Review the implementation.* +* `Commit with message "feat: add user registration"` + +### Code review assistance + +* ``/review Use Opus 4.5 and Codex 5.2 to review the changes in my current branch against `main`. Focus on potential bugs and security issues.`` + +### Git operations + +{% data variables.product.prodname_copilot_short %} excels at Git workflows: + +* ``What changes went into version `2.3.0`?`` +* `Create a PR for this branch with a detailed description` +* ``Rebase this branch against `main` `` +* ``Resolve the merge conflicts in `package.json` `` + +### Bug investigation + +* ``The `/api/users` endpoint returns 500 errors intermittently. Search the codebase and logs to identify the root cause.`` + +### Refactoring + +* `/plan Migrate all class components to functional components with hooks` + + Then answer the questions {% data variables.product.prodname_copilot_short %} asks. Review the plan it creates, and ask {% data variables.product.prodname_copilot_short %} to make changes if necessary. When you are happy with the plan you can prompt: + `Implement this plan` + +## 6. Advanced patterns + +### Work across multiple repositories + +**{% data variables.copilot.copilot_cli_short %} provides flexible multi-repository workflows**—a key differentiator for teams working on microservices, monorepos, or related projects. + +**Option 1: Run from a parent directory** + +```bash +# Navigate to a parent directory containing multiple repos +cd ~/projects +copilot +``` + +{% data variables.product.prodname_copilot_short %} can now access and work across all child repositories simultaneously. This is ideal for: + +* Microservices architectures +* Making coordinated changes across related repos +* Refactoring shared patterns across projects + +**Option 2: Use `/add-dir` to expand access** + +```bash +# Start in one repo, then add others (requires full paths) +copilot +/add-dir /Users/me/projects/backend-service +/add-dir /Users/me/projects/shared-libs +/add-dir /Users/me/projects/documentation +``` + +**View and manage allowed directories:** + +```copilot +/list-dirs +``` + +**Example workflow: coordinated API changes** + +```copilot +I need to update the user authentication API. The changes span: + +- @/Users/me/projects/api-gateway (routing changes) +- @/Users/me/projects/auth-service (core logic) +- @/Users/me/projects/frontend (client updates) + +Start by showing me the current auth flow across all three repos. +``` + +This multi-repository capability enables: + +* Cross-cutting refactors (update a shared pattern everywhere) +* API contract changes with client updates +* Documentation that references multiple codebases +* Dependency upgrades across a monorepo + +### Using images for UI work + +{% data variables.product.prodname_copilot_short %} can work with visual references. Simply **drag and drop** images directly into the CLI input, or reference image files: + +```copilot +Implement this design: @mockup.png +Match the layout and spacing exactly +``` + +### Checklists for complex migrations + +For large-scale changes: + +```copilot +Run the linter and write all errors to `migration-checklist.md` as a checklist. +Then fix each issue one by one, checking them off as you go. +``` + +## 7. Team guidelines + +### Recommended repository setup + +* **Create `.github/copilot-instructions.md`** with: + * Build and test commands + * Code style guidelines + * Required checks before commits + * Architecture decisions + +* **Establish conventions** for: + * When to use `/plan` (complex features, refactoring) + * When to use `/delegate` (tangential work) + * Code review processes with AI assistance + +### Security considerations + +* {% data variables.copilot.copilot_cli_short %} requires explicit approval for potentially destructive operations. +* Review all proposed changes before accepting. +* Use permission allowlists judiciously. +* Never commit secrets. {% data variables.product.prodname_copilot_short %} is designed to avoid this, but always verify. + +### Measuring productivity + +Track metrics like: + +* Time from issue to pull request +* Number of iterations before merge +* Code review feedback cycles +* Test coverage improvements + +## Getting help + +From the command line, you can display help by using the command: `copilot -h`. + +For help on various topics enter: + +```bash +copilot help TOPIC +``` + +where `TOPIC` can be one of: `config`, `commands`, `environment`, `logging`, or `permissions`. + +### Within the CLI + +For help within the CLI, enter: + +```copilot +/help +``` + +To view usage statistics, enter: + +```copilot +/usage +``` + +To submit private feedback to {% data variables.product.github %} about {% data variables.copilot.copilot_cli_short %}, raise a bug report, or submit a feature request, enter: + +```copilot +/feedback +``` + +## Further reading + +* [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli) +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli) +* [AUTOTITLE](/copilot/reference/cli-command-reference) +* [{% data variables.product.prodname_copilot_short %} plans and pricing](https://github.com/features/copilot/plans) diff --git a/content/copilot/how-tos/copilot-cli/cli-getting-started.md b/content/copilot/how-tos/copilot-cli/cli-getting-started.md new file mode 100644 index 000000000000..14915024da74 --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/cli-getting-started.md @@ -0,0 +1,126 @@ +--- +title: Getting started with GitHub Copilot CLI +shortTitle: Copilot CLI quickstart +intro: 'Quickly learn how to use {% data variables.copilot.copilot_cli %}.' +allowTitleToDifferFromFilename: true +product: '{% data reusables.gated-features.copilot-cli %}' +versions: + feature: copilot +topics: + - Copilot +contentType: get-started +category: + - Learn about Copilot + - Author and optimize with Copilot +--- + +## Introduction + +{% data variables.copilot.copilot_cli %} is a powerful terminal-native AI coding assistant that brings agentic capabilities directly to your command line. The {% data variables.copilot.copilot_cli_short %} offers deep flexibility, {% data variables.product.github %} workflow integration, and the ability to work autonomously on complex tasks while maintaining full user control. + +This guide will help you start using the CLI. + +## Installation + +Use one of these commands: + +* **Cross-platform (npm)** + + Prerequisite: {% data variables.copilot.copilot_cli_npm_version %}. + + ```bash copy + npm install -g @github/copilot + ``` + +* **Windows (WinGet)** + + ```bash copy + winget install GitHub.Copilot + ``` + +* **macOS/Linux (Homebrew)** + + ```bash copy + brew install copilot-cli + ``` + +## Starting the CLI for the first time + +1. In the terminal, navigate to the project directory where you want to use {% data variables.copilot.copilot_cli_short %}. +1. Start an interactive CLI session: + + ```bash + copilot + ``` + +1. In the CLI interface, enter `/login` and follow the on-screen prompts to authenticate with your {% data variables.product.github %} account. + + You'll only have to do this the first time you use the CLI. + +1. When prompted, confirm that you trust that the files in the current directory are suitable for use with an AI tool. + + > [!NOTE] + > {% data variables.product.prodname_copilot_short %} won't make changes to your files without your explicit approval. + +1. Try asking {% data variables.product.prodname_copilot_short %} a question, for example: + + ```copilot copy + Give me an overview of this project. + ``` + +## Core shortcuts to master + +| Shortcut | Action | +| -------- | ------ | +| Esc | Cancel the current operation | +| Ctrl+C | Cancel if thinking, clear input, or exit | +| Ctrl+L | Clear the screen | +| `@` | Mention files to include in context | +| `/` | Show slash commands | +| and | Navigate the command history | + +For a full list of shortcuts and available commands, enter: + +```bash +/help +``` + +## Using {% data variables.copilot.copilot_cli %} non-interactively + +You can also enter a command and get a response from {% data variables.product.prodname_copilot_short %} directly in your terminal, without starting an interactive session. + +To do this, pass a prompt to the CLI with the `-p` flag. For example: + +```bash +copilot -p "In Git, how can I apply a commit from another branch" +``` + +The `-p` flag allows you to use {% data variables.copilot.copilot_cli %} programmatically within scripts, for example to automate tasks using AI. + +You can add the `-s` flag to tell the CLI to output only {% data variables.product.prodname_copilot_short %}'s response, omitting the additional usage information. + +```bash +copilot -sp "YOUR PROMPT HERE" +``` + +For details of other flags you can use programmatically, and for more information, enter: + +```bash +copilot help +``` + +or: + +```bash +copilot help TOPIC +``` + +where TOPIC is one of the topics listed in the help output. + +## Next steps + +Find out more about {% data variables.copilot.copilot_cli_short %}: + +* [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli) +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli) +* [AUTOTITLE](/copilot/how-tos/copilot-cli/cli-best-practices) diff --git a/content/copilot/how-tos/copilot-cli/index.md b/content/copilot/how-tos/copilot-cli/index.md new file mode 100644 index 000000000000..89e7c058df33 --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/index.md @@ -0,0 +1,15 @@ +--- +title: GitHub Copilot CLI +shortTitle: Copilot CLI +intro: Learn how to use {% data variables.product.prodname_copilot %} in your terminal. +versions: + feature: copilot +children: + - /cli-getting-started + - /cli-best-practices + - /install-copilot-cli + - /add-custom-instructions + - /use-hooks + - /use-copilot-cli +contentType: how-tos +--- diff --git a/content/copilot/how-tos/copilot-cli/install-copilot-cli.md b/content/copilot/how-tos/copilot-cli/install-copilot-cli.md new file mode 100644 index 000000000000..7614c916d7d7 --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/install-copilot-cli.md @@ -0,0 +1,130 @@ +--- +title: Installing GitHub Copilot CLI +shortTitle: Install Copilot CLI +intro: Learn how to install {% data variables.copilot.copilot_cli_short %} so that you can use {% data variables.product.prodname_copilot_short %} directly from the command line. +product: '{% data reusables.gated-features.copilot-cli %}' +versions: + feature: copilot +topics: + - Copilot + - CLI +redirect_from: + - /copilot/how-tos/set-up/install-copilot-in-the-cli + - /copilot/github-copilot-in-the-cli/enabling-github-copilot-in-the-cli + - /copilot/github-copilot-in-the-cli/setting-up-github-copilot-in-the-cli + - /copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli + - /copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli + - /copilot/how-tos/personal-settings/installing-github-copilot-in-the-cli + - /copilot/how-tos/set-up/installing-github-copilot-in-the-cli + - /copilot/how-tos/set-up/install-copilot-cli +contentType: how-tos +category: + - Configure Copilot +--- + +{% data reusables.cli.preview-note-cli %} + +To find out about {% data variables.copilot.copilot_cli_short %} before you install it, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli). + +## Prerequisites + +* **An active {% data variables.product.prodname_copilot %} subscription**. See [{% data variables.product.prodname_copilot_short %} plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=engagement&ref_style=text). +* (On Windows) **PowerShell** v6 or higher + +If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.copilot.copilot_cli_short %} if your organization owner or enterprise administrator has disabled it in the organization or enterprise settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization). + +## Installing or updating {% data variables.copilot.copilot_cli_short %} + +You can install {% data variables.copilot.copilot_cli_short %} using WinGet (Windows), Homebrew (macOS and Linux), npm (all platforms), or an install script (macOS and Linux). + +### Installing with npm (all platforms) + +Prerequisite: {% data variables.copilot.copilot_cli_npm_version %}. + +```shell copy +npm install -g @github/copilot +``` + +> [!NOTE] +> If you have `ignore-scripts=true` in your `~/.npmrc` file, you must use the command: +> +> ```shell copy +> npm_config_ignore_scripts=false npm install -g @github/copilot +> ``` + +To install the prerelease version: + +```shell copy +npm install -g @github/copilot@prerelease +``` + +### Installing with WinGet (Windows) + +```powershell copy +winget install GitHub.Copilot +``` + +To install the prerelease version: + +```powershell copy +winget install GitHub.Copilot.Prerelease +``` + +### Installing with Homebrew (macOS and Linux) + +```shell copy +brew install copilot-cli +``` + +To install the prerelease version: + +```shell copy +brew install copilot-cli@prerelease +``` + +### Installing with the install script (macOS and Linux) + +```shell copy +curl -fsSL https://gh.io/copilot-install | bash +``` + +Or: + +```shell copy +wget -qO- https://gh.io/copilot-install | bash +``` + +To run as root and install to `/usr/local/bin`, use `| sudo bash`. + +To install to a custom directory, set the `PREFIX` environment variable. It defaults to `/usr/local` when run as root or `$HOME/.local` when run as a non-root user. + +To install a specific version, set the `VERSION` environment variable. It defaults to the latest version. + +For example, to install version `v0.0.369` to a custom directory: + +```shell copy +curl -fsSL https://gh.io/copilot-install | VERSION="v0.0.369" PREFIX="$HOME/custom" bash +``` + +### Download from {% data variables.product.prodname_dotcom_the_website %} + +You can download the executables directly from [the `copilot-cli` repository](https://github.com/github/copilot-cli/releases/). + +Download the executable for your platform, unpack it, and run. + +## Authenticating with {% data variables.copilot.copilot_cli_short %} + +On first launch, if you're not currently logged in to {% data variables.product.github %}, you'll be prompted to use the `/login` slash command. Enter this command and follow the on-screen instructions to authenticate. + +### Authenticating with a {% data variables.product.pat_generic %} + +You can also authenticate using a {% data variables.product.pat_v2 %} with the "{% data variables.product.prodname_copilot_short %} Requests" permission enabled. + +1. Visit [{% data variables.product.pat_v2_caps_plural %}](https://github.com/settings/personal-access-tokens/new). +1. Under "Permissions," click **Add permissions** and select **{% data variables.product.prodname_copilot_short %} Requests**. +1. Click **Generate token**. +1. Add the token to your environment using the `GH_TOKEN` or `GITHUB_TOKEN` environment variable (in order of precedence). + +## Next steps + +You can now use {% data variables.product.prodname_copilot_short %} from the command line. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli). diff --git a/content/copilot/how-tos/use-copilot-agents/use-copilot-cli.md b/content/copilot/how-tos/copilot-cli/use-copilot-cli.md similarity index 60% rename from content/copilot/how-tos/use-copilot-agents/use-copilot-cli.md rename to content/copilot/how-tos/copilot-cli/use-copilot-cli.md index b7af3f28675c..54936ace13ca 100644 --- a/content/copilot/how-tos/use-copilot-agents/use-copilot-cli.md +++ b/content/copilot/how-tos/copilot-cli/use-copilot-cli.md @@ -5,13 +5,14 @@ intro: Learn how to use {% data variables.product.prodname_copilot %} from the c product: '{% data reusables.gated-features.copilot-cli %}' redirect_from: - /copilot/how-tos/use-copilot-cli + - /copilot/how-tos/use-copilot-agents/use-copilot-cli versions: feature: copilot topics: - Copilot - CLI contentType: how-tos -category: +category: - Author and optimize with Copilot --- @@ -64,9 +65,9 @@ Install {% data variables.copilot.copilot_cli_short %}. See [AUTOTITLE](/copilot **2. Yes, and approve TOOL for the rest of the running session**: - Allow {% data variables.product.prodname_copilot_short %} to use this tool—with any options—without asking again, for the rest of the currently running session. You will have to approve the command again in future sessions. + Allow {% data variables.product.prodname_copilot_short %} to use this tool—with any options—without asking again, for the rest of the currently running session. Any pending parallel permission requests of the same type will be auto-approved. You will have to approve the command again in future sessions. - Choosing this option is useful for a many tools—such as `chmod`—as it avoids you having to approve similar commands repeatedly in the same session. However, you should be aware of the security implications of this option. Choosing this option for the command `rm`, for example, would allow {% data variables.product.prodname_copilot_short %} to delete any file in or below the current folder without asking for your approval. + Choosing this option is useful for many tools—such as `chmod`—as it avoids you having to approve similar commands repeatedly in the same session. However, be aware of the security implications of this option. For example, choosing this option for the command `rm` would allow {% data variables.product.prodname_copilot_short %} to delete any file in the current directory or its subdirectories without asking for your approval. **3. No, and tell Copilot what to do differently (Esc)**: @@ -74,6 +75,42 @@ Install {% data variables.copilot.copilot_cli_short %}. See [AUTOTITLE](/copilot For example, if you ask {% data variables.product.prodname_copilot_short %} to create a bash script but you do not want to use the script {% data variables.product.prodname_copilot_short %} suggests, you can stop the current operation and enter a new prompt, such as: `Continue the previous task but include usage instructions in the script`. + When you reject a tool permission request, you can also give {% data variables.product.prodname_copilot_short %} inline feedback about the rejection so it can adapt its approach without stopping entirely. + +## Permissions + +{% data variables.copilot.copilot_cli_short %} uses a permissions system to control access to paths and URLs. At times, path and URL permission checks utilize heuristic-based detection, which has limitations to be aware of. + +### Path permissions + +Path permissions control which directories and files {% data variables.product.prodname_copilot_short %} can access. By default, {% data variables.copilot.copilot_cli_short %} can access the current working directory, its subdirectories, and the system temp directory. + +Path permissions apply to shell commands, file operations (create, edit, view), and search tools (such as `grep` and glob patterns). For shell commands, paths are heuristically extracted by tokenizing command text and identifying tokens that look like paths. + +> [!WARNING] +> Path detection for shell commands has limitations: +> +> * Paths embedded in complex shell constructs may not be detected. +> * Only a specific set of environment variables are expanded (`HOME`, `TMPDIR`, `PWD`, and similar). Custom variables like `$MY_PROJECT_DIR` are not expanded and may not be validated correctly. +> * Symlinks are resolved for existing files, but not for files being created. + +To disable path verification, use the `--allow-all-paths` flag when starting {% data variables.copilot.copilot_cli_short %}. + +### URL permissions + +URL permissions control which external URLs {% data variables.product.prodname_copilot_short %} can access. By default, all URLs require approval before access is granted. + +URL permissions apply to the `web_fetch` tool and a curated list of shell commands that access the network (such as `curl`, `wget`, and `fetch`). For shell commands, URLs are extracted using regex patterns. + +> [!WARNING] +> URL detection for shell commands has limitations: +> +> * URLs in file contents, config files, or environment variables read by commands are not detected. +> * Obfuscated URLs (such as split strings or escape sequences) may not be detected. +> * HTTP and HTTPS are treated as different protocols and require separate approval. + +To disable URL verification, use the `--allow-all-urls` flag. To pre-approve specific domains, use `--allow-url ` (for example, `--allow-url github.com`). + ## Tips Optimize your experience with {% data variables.copilot.copilot_cli_short %} with the following tips. @@ -82,6 +119,14 @@ Optimize your experience with {% data variables.copilot.copilot_cli_short %} wit If you enter a prompt and then decide you want to stop {% data variables.product.prodname_copilot_short %} from completing the task while it is still "Thinking," press Esc. +### Use plan mode + +Plan mode lets you collaborate with {% data variables.product.prodname_copilot_short %} on an implementation plan before any code is written. Press Shift+Tab to cycle in and out of plan mode. + +### Steer the conversation while {% data variables.product.prodname_copilot_short %} is thinking + +You can interact with {% data variables.product.prodname_copilot_short %} while it's thinking. Send follow-up messages to steer the conversation in a different direction, or queue additional instructions for {% data variables.product.prodname_copilot_short %} to process after it finishes its current response. + ### Include a specific file in your prompt To add a specific file to your prompt, use `@` followed by the relative path to the file. For example: `Explain @config/ci/ci-required-checks.yml` or `Fix the bug in @src/app.js`. This adds the contents of the file to your prompt as context for {% data variables.product.prodname_copilot_short %}. @@ -98,7 +143,7 @@ You can also add a trusted directory manually at any time by using the slash com /add-dir /path/to/directory ``` -If all of the files you want to work with are in a different location, you can switch the current working directory without starting a new {% data variables.copilot.copilot_cli_short %} session by using the slash command: +If all of the files you want to work with are in a different location, you can switch the current working directory without starting a new {% data variables.copilot.copilot_cli_short %} session by using either the `/cwd` or `/cd` slash commands: ```shell /cwd /path/to/directory @@ -122,13 +167,21 @@ You can delegate a task using the slash command, followed by a prompt: /delegate complete the API integration tests and fix any failing edge cases ``` +Alternatively, prefix a prompt with `&` to delegate it: + +```shell +& complete the API integration tests and fix any failing edge cases +``` + {% data variables.product.prodname_copilot_short %} will ask to commit any of your unstaged changes as a checkpoint in a new branch it creates. {% data variables.copilot.copilot_coding_agent %} will open a draft pull request, make changes in the background, and request a review from you. {% data variables.product.prodname_copilot_short %} will provide a link to the pull request and agent session on {% data variables.product.github %} once the session begins. ### Resume an interactive session -You can return to a previous interactive session, and continue your conversation with {% data variables.product.prodname_copilot_short %}, by using the `--resume` command line option, then choosing the session you want to resume from the list that's displayed. You can quickly resume the most recently closed session by using the `--continue` command line option. +You can use the `--resume` command line option or the `/resume` slash command to cycle through and resume local and remote interactive sessions, allowing you to pick up right where you left off with your existing context. You can kick off a {% data variables.copilot.copilot_coding_agent %} session on {% data variables.product.github %}, and then use {% data variables.copilot.copilot_cli %} to bring that session to your local environment. + +You can quickly resume the most recently closed local session by using the `--continue` command line option. ### Use custom instructions @@ -137,16 +190,25 @@ You can enhance {% data variables.product.prodname_copilot_short %}’s performa {% data variables.copilot.copilot_cli_short %} supports: * Repository-wide instructions in the `.github/copilot-instructions.md` file. -* Path-specific instructions files: `.github/copilot-instructions/**/*.instructions.md`. +* Path-specific instructions files: `.github/instructions/**/*.instructions.md`. * Agent files such as `AGENTS.md`. -For more information, see [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions). +For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/add-custom-instructions). -### Use custom agents +### Use {% data variables.copilot.custom_agents_short %} {% data variables.copilot.custom_agents_caps_short %} are specialized versions of {% data variables.copilot.copilot_coding_agent %} that you can tailor to your unique workflows, coding conventions, and use cases. {% data variables.copilot.custom_agents_caps_short %} are defined using Markdown files, called {% data variables.copilot.agent_profiles %}, that specify prompts, tools, and MCP servers. -{% data variables.copilot.copilot_cli_short %} supports loading {% data variables.copilot.custom_agents_short %} from the following locations: +{% data variables.copilot.copilot_cli %} includes a default group of {% data variables.copilot.custom_agents_short %} for common tasks: + +| Agent | Description | +| --- | --- | +| Explore | Performs quick codebase analysis, allowing you to ask questions about your code without adding to your main context. | +| Task | Executes commands such as tests and builds, providing brief summaries on success and full output on failure. | +| Plan | Analyzes dependencies and structure to create implementation plans, helping you to understand how to approach a complex feature or refactoring task before making changes. | +| Code-review | Reviews changes with a focus on surfacing only genuine issues, minimizing noise. | + +When creating your own {% data variables.copilot.custom_agents_short %}, {% data variables.copilot.copilot_cli_short %} supports loading {% data variables.copilot.custom_agents_short %} from the following locations: | Type | Location | Scope | | --- | --- | --- | @@ -167,11 +229,11 @@ In the case of naming conflicts, a system-level agent overrides a repository-lev * Calling out to {% data variables.copilot.copilot_custom_agent_short %} directly in a prompt: ```shell - Use the refactoring agent to refactor this code block + Use the refactoring agent to refactor this code block ``` {% data variables.product.prodname_copilot_short %} will automatically infer the agent you want to use. - + * Specifying the {% data variables.copilot.copilot_custom_agent_short %} you want to use with the command-line option. For example: ```shell @@ -180,6 +242,12 @@ In the case of naming conflicts, a system-level agent overrides a repository-lev For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). +### Use skills + +You can create skills to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. + +For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills). + ### Add an MCP server {% data variables.copilot.copilot_cli_short %} comes with the {% data variables.product.github %} MCP server already configured. This MCP server allows you to interact with resources on {% data variables.product.prodname_dotcom_the_website %}—for example, allowing you to merge pull requests from the CLI. @@ -197,9 +265,32 @@ To extend the functionality available to you in {% data variables.copilot.copilo Details of your configured MCP servers are stored in the `mcp-config.json` file, which is located, by default, in the `~/.copilot` directory. This location can be changed by setting the `XDG_CONFIG_HOME` environment variable. For information about the JSON structure of a server definition, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp#writing-a-json-configuration-for-mcp-servers). -### View context and usage statistics for the current session +### Context management + +{% data variables.copilot.copilot_cli_short %} provides several slash commands to help you monitor and manage your context window: + +* `/usage`: Lets you view your session statistics, including: + * The amount of premium requests used in the current session + * The session duration + * The total lines of code edited + * A breakdown of token usage per model -You can use the `/usage` slash command to view how many premium requests you've used in the current session, the duration of the session, how many lines of code have been edited, and the breakdown of token usage per model. When you have less than 20% of a model's token limit remaining, {% data variables.copilot.copilot_cli_short %} will display a warning that the context will be truncated when the token limit is reached. +* `/context`: Provides a visual overview of your current token usage +* `/compact`: Manually compresses your conversation history to free up context space + +{% data variables.copilot.copilot_cli %} automatically compresses your history in the background when your conversation approaches 95% of the token limit, without interrupting your workflow. + +### Review code changes + +You can use the `/review` slash command to have {% data variables.product.prodname_copilot_short %} analyze code changes without leaving the CLI. This lets you get quick feedback on your changes prior to committing. + +### Enable all permissions + +For situations where you trust {% data variables.product.prodname_copilot_short %} to run freely, you can use the `--allow-all` or `--yolo` flags to enable all permissions at once. + +### Toggle reasoning visibility + +Press Ctrl+T to show or hide the model's reasoning process while it generates a response. This setting persists across sessions, allowing you to observe how {% data variables.product.prodname_copilot_short %} works through complex problems. ## Find out more @@ -229,3 +320,9 @@ For additional information use one of the following commands in your terminal: `copilot help permissions` {% data reusables.cli.feedback %} + +## Further reading + +* [AUTOTITLE](/copilot/how-tos/copilot-cli/cli-best-practices) +* [AUTOTITLE](/copilot/reference/cli-command-reference) +* [AUTOTITLE](/copilot/reference/acp-server) diff --git a/content/copilot/how-tos/copilot-cli/use-hooks.md b/content/copilot/how-tos/copilot-cli/use-hooks.md new file mode 100644 index 000000000000..b4dd5ba03022 --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/use-hooks.md @@ -0,0 +1,29 @@ +--- +title: Using hooks with GitHub Copilot CLI +shortTitle: Use hooks +intro: "Extend {% data variables.product.prodname_copilot %} agent behavior with custom shell commands at key points during agent execution." +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Configure Copilot +--- + +{% data reusables.copilot.coding-agent.hooks-intro %} + +## Creating a hook in a repository on {% data variables.product.github %} + +{% data reusables.copilot.coding-agent.create-hooks-instructions %} + +## Troubleshooting + +{% data reusables.copilot.coding-agent.troubleshoot-hooks %} + +## Further reading + +* [AUTOTITLE](/copilot/reference/hooks-configuration) +* [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent) +* [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli) +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment) \ No newline at end of file diff --git a/content/copilot/how-tos/index.md b/content/copilot/how-tos/index.md index 33f4ee2caa27..2c889032bf0d 100644 --- a/content/copilot/how-tos/index.md +++ b/content/copilot/how-tos/index.md @@ -10,6 +10,7 @@ children: - /set-up - /get-code-suggestions - /chat-with-copilot + - /copilot-cli - /use-copilot-agents - /use-ai-models - /provide-context diff --git a/content/copilot/how-tos/manage-and-track-spending/manage-company-spending.md b/content/copilot/how-tos/manage-and-track-spending/manage-company-spending.md index 25a06718efeb..dc9f7527ca4f 100644 --- a/content/copilot/how-tos/manage-and-track-spending/manage-company-spending.md +++ b/content/copilot/how-tos/manage-and-track-spending/manage-company-spending.md @@ -15,7 +15,7 @@ redirect_from: - /copilot/how-tos/spending/managing-your-companys-spending-on-github-copilot - /copilot/how-tos/spending/manage-company-spending contentType: how-tos -category: +category: - Manage Copilot for a team --- @@ -69,7 +69,7 @@ You can understand your spending trends by viewing graphs of {% data variables.p For more detailed insights, you can group usage by the type of {% data variables.product.prodname_copilot_short %} plan, and enterprises can filter the results by cost center. 1. Go to your enterprise or organization account settings and click **{% octicon "credit-card" aria-hidden="true" aria-label="credit-card" %} Billing & Licensing**. -1. In the left sidebar, click **Usage** (organizations) or **Usage** and then **Metered usage** (enterprises). +{% data reusables.billing.display-usage-view %} 1. In the "Metered usage" section, in the search field, enter `product:copilot`. To filter by cost center, add a query like `cost_center:ce-pilot-group`. 1. To understand spending differences between {% data variables.copilot.copilot_business_short %} and {% data variables.copilot.copilot_enterprise_short %} plans, select the **Group: None** dropdown menu and click **Group by: SKU**. diff --git a/content/copilot/how-tos/manage-and-track-spending/manage-request-allowances.md b/content/copilot/how-tos/manage-and-track-spending/manage-request-allowances.md index 032cf7f6c21d..1109a2228f0b 100644 --- a/content/copilot/how-tos/manage-and-track-spending/manage-request-allowances.md +++ b/content/copilot/how-tos/manage-and-track-spending/manage-request-allowances.md @@ -21,10 +21,13 @@ category: Each {% data variables.product.prodname_copilot_short %} plan includes a per-user allowance for premium requests. If enabled, requests over the allowance are billed to your organization or enterprise. To learn more about premium requests, see [AUTOTITLE](/copilot/concepts/copilot-billing/requests-in-github-copilot). For allowances per plan, see [AUTOTITLE](/copilot/get-started/plans-for-github-copilot#comparing-copilot-plans). -Your organization or enterprise's policies and budgets determine whether users can use premium requests over their included allowance: +Premium request usage beyond the allowance is governed by two complementary control layers: -* The **Premium request paid usage** policy determines whether users can surpass their included premium request allowance for each AI tool. This policy is enabled by default. -* If your enterprise or organization has a **Bundled premium requests budget** that caps usage, all premium request-powered tools are blocked once the budget amount is reached for the billing period. +* **Policy setting:** The **Premium request paid usage** policy determines whether users can surpass their included premium request allowance for each AI tool. This policy is enabled by default. +* **Budget constraints:** If your enterprise or organization has a premium request SKU-level budget or a bundled premium requests budget, premium request usage will be blocked once the budget is fully consumed for the billing period. + + +The **Premium request paid usage policy** must be enabled for any additional billing to occur. Budgets then control whether and when usage is stopped. You can increase the allowance for users by ensuring the policy is enabled, editing your budgets, or upgrading users to {% data variables.copilot.copilot_enterprise_short %}. @@ -34,6 +37,8 @@ You can increase the allowance for users by ensuring the policy is enabled, edit * Before making changes, download a usage report to see which developers are frequently hitting the limit or using a significant number of requests over the allowance. You may want to contact these users to understand their use cases and requirements. See [AUTOTITLE](/billing/how-tos/products/view-productlicense-use). * If a user receives licenses from multiple enterprises or standalone organizations, the user must select a billing entity to use premium requests. See [Managing premium request billing with multiple {% data variables.product.prodname_copilot_short %} licenses](/copilot/managing-copilot/monitoring-usage-and-entitlements/monitoring-your-copilot-usage-and-entitlements#managing-premium-request-billing-with-multiple-copilot-licenses). +* For enterprises only, review which organizations are able to assign and are actively assigning {% data variables.product.prodname_copilot_short %} access to users. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-access/grant-access#enabling-copilot-for-organizations). + ## Setting a policy for paid usage @@ -55,6 +60,9 @@ You can set the policy for an enterprise or a standalone organization. Creating new budgets without deleting an existing budget does not override the existing budget. If **any** applicable budget with "Stop usage when budget limit is reached" enabled is exhausted, additional premium requests are blocked. + Enterprise-level budgets act as a failsafe for the entire enterprise, including any spending originating from within cost centers. If the enterprise budget is exhausted before the cost center budget, usage will be blocked. See [AUTOTITLE](/billing/concepts/budgets-and-alerts) for details on different scopes of budgets and stopping usage. + + ## Upgrading users to {% data variables.copilot.copilot_enterprise_short %} An enterprise owner can upgrade certain users to increase their base allowance of premium requests. @@ -73,14 +81,35 @@ An enterprise owner can upgrade certain users to increase their base allowance o 1. Check the usage report regularly to ensure that {% data variables.copilot.copilot_enterprise_short %} remains the most cost-effective option for these users. -## Setting a budget for specific members +## Organization-based premium request management -You can set a higher budget for premium requests over the allowance for specific users in your enterprise. However, you must ensure that every user in your enterprise is covered by a budget. Users who are not covered by a budget will have access to unlimited spending on premium requests. +With this budget management method, budgets are scoped to cost centers with organizations as the managed resource. -At a high level, the required steps are: +Users must be assigned a {% data variables.product.prodname_copilot_short %} license through only a single organization in the enterprise. If users are currently assigned licenses through multiple organizations within your enterprise, you must either update your assignment practices or use user-based management. For a comparison of methods, see [AUTOTITLE](/copilot/concepts/billing/premium-request-management). -1. Ensure the "Premium request paid usage" policy is enabled. See [Setting a policy for paid usage](#setting-a-policy-for-paid-usage). -1. If there is a $0 budget for premium requests set at your enterprise or organization account level, delete it. +### Setting up organization-based cost centers + +1. Create a cost center and assign all organizations that contain users where no additional premium requests are required. These organizations should be the organizations that assign each user their {% data variables.product.prodname_copilot_short %} license. Assign a $0 budget to this cost center. +1. Create a second cost center and assign organizations with users who need access to additional premium requests. These organizations should be the organizations that assign each user their {% data variables.product.prodname_copilot_short %} license. Assign a budget to this cost center. +1. If you need more than one tier of budgets for additional premium requests, create further cost centers. + +You should define a SKU-level budget for "`FEATURE` Premium Request", not a product-level budget for "{% data variables.product.prodname_copilot_short %}". Alternatively, use "Bundled premium requests budget" to define a budget for all types of premium requests. + +>[!NOTE] +> Creating a budget scoped directly to the organization is an option, but it is not recommended due to how organization-scoped budgets interact with cost center-scoped budgets for cost centers that contain users as resources. + +## User-based premium request management + +With this budget management method, budgets are scoped to cost centers with users as the managed resource. When a user is added directly as a managed resource to a cost center, this takes precedence over the user being a member of any organizations that are managed resources in any cost centers. + +User-based management applies to all metered, licensed products. See [AUTOTITLE](/billing/reference/cost-center-allocation#details-for-license-based-products). + +> [!NOTE] +> If your business needs to allocate license costs for {% data variables.product.prodname_copilot %} and {% data variables.product.prodname_enterprise %} separately from costs for {% data variables.product.prodname_GHAS_cs_or_sp %}, you must use organization-based management. + +### Setting up user-based cost centers + +1. Create a cost center to contain each subset of users that needs a distinct limit on premium requests. +1. Assign the appropriate budget for premium requests to each cost center. -1. Create a new budget for the users who need a higher allowance. For example, create an organization or cost center containing just these users, then create a **Bundled premium requests budget** for the organization or cost center. -1. Create a separate, more restrictive budget that covers every other {% data variables.product.prodname_copilot_short %} user in your enterprise. You will likely need to integrate with the API to ensure that this budget covers new users as they are added to your enterprise. +You should define a SKU-level budget for "`FEATURE` Premium Request", not a product-level budget for "{% data variables.product.prodname_copilot_short %}". Alternatively, use "Bundled premium requests budget" to define a budget for all types of premium requests. diff --git a/content/copilot/how-tos/manage-and-track-spending/monitor-premium-requests.md b/content/copilot/how-tos/manage-and-track-spending/monitor-premium-requests.md index e7612a22e6e3..54e6b0f931c8 100644 --- a/content/copilot/how-tos/manage-and-track-spending/monitor-premium-requests.md +++ b/content/copilot/how-tos/manage-and-track-spending/monitor-premium-requests.md @@ -58,11 +58,11 @@ You can view an overview of your premium request usage at any time in your "Bill ### Viewing detailed analytics of your usage +{% data reusables.billing.premium-request-analytics-start %} + {% data reusables.user-settings.access_billing_settings_url %} 1. In the side bar, click **Premium request analytics** to show detailed analytics. 1. Use the filter, "Group by", and "Timeframe" options to change the data displayed in the chart and table. - {% data reusables.billing.premium-request-analytics-start %} - 1. Optionally, to download the data shown in the chart, click the {% octicon "kebab-horizontal" aria-label="Chart options" aria-hidden="true" %} button and select your preferred format. ![Screenshot of the usage chart on the "Premium request analytics" page with "Chart options" open and outlined in dark orange.](/assets/images/help/billing/premium-request-analytics-chart-download.png) diff --git a/content/copilot/how-tos/manage-your-account/manage-policies.md b/content/copilot/how-tos/manage-your-account/manage-policies.md index a32ee86c6024..18ab4daea8ba 100644 --- a/content/copilot/how-tos/manage-your-account/manage-policies.md +++ b/content/copilot/how-tos/manage-your-account/manage-policies.md @@ -53,22 +53,29 @@ If you choose to allow suggestions matching public code, when {% data variables. {% ifversion fpt %} -## Enabling or disabling prompt and suggestion collection +## Enabling or disabling third-party coding agents in your repositories -You can choose whether your prompts and {% data variables.product.prodname_copilot_short %}'s suggestions are collected and retained by {% data variables.product.prodname_dotcom %}, and further processed and shared with Microsoft. For more information about data that {% data variables.product.prodname_copilot %} may collect depending on your settings, see [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) and the [{% data variables.product.prodname_copilot %} privacy FAQ](https://github.com/features/copilot/#faq). +> [!NOTE] +> {% data reusables.gated-features.third-party-agents %} -{% data reusables.user-settings.copilot-settings %} -1. To allow or prevent {% data variables.product.prodname_dotcom %} using your data, select or deselect **Allow {% data variables.product.prodname_dotcom %} to use my code snippets from the code editor for product improvements**. +You can choose whether to allow the following coding agents to be enabled in your personal account: + +* {% data variables.product.prodname_anthropic_claude %} +* {% data variables.product.prodname_openai_codex %} -## Enabling or disabling alternative AI models +Coding agents have access to the same repositories that {% data variables.copilot.copilot_coding_agent %} has been enabled in. -You can choose whether to allow the following AI models to be used as an alternative to {% data variables.product.prodname_copilot_short %}'s default model. +To enable coding agents: -* {% data variables.copilot.copilot_claude %} - see [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-claude-in-github-copilot) -* {% data variables.copilot.copilot_gemini %} - see [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-gemini-in-github-copilot) +1. Navigate to your account's [coding agent settings](https://github.com/settings/copilot/coding_agent?ref_product=copilot&ref_type=engagement&ref_style=text&utm_source=docs-3p-agents-cca-settings-cta&utm_medium=docs&utm_campaign=agent-3p-platform-feb-2026). +1. On the {% data variables.copilot.copilot_coding_agent %} page, under "Partner agents", click the toggle to enable the third-party agent you want to use. + +## Enabling or disabling prompt and suggestion collection + +You can choose whether your prompts and {% data variables.product.prodname_copilot_short %}'s suggestions are collected and retained by {% data variables.product.prodname_dotcom %}, and further processed and shared with Microsoft. For more information about data that {% data variables.product.prodname_copilot %} may collect depending on your settings, see [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) and the [{% data variables.product.prodname_copilot %} privacy FAQ](https://github.com/features/copilot/#faq). {% data reusables.user-settings.copilot-settings %} -1. To the right of the model name, select the dropdown menu, then click **Enabled** or **Disabled**. +1. To allow or prevent {% data variables.product.prodname_dotcom %} using your data, select or deselect **Allow {% data variables.product.prodname_dotcom %} to use my code snippets from the code editor for product improvements**. ## Enabling or disabling web search for {% data variables.copilot.copilot_chat %} diff --git a/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md b/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md index 04133ca4b279..b8d6120b5d29 100644 --- a/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md +++ b/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md @@ -49,6 +49,14 @@ You can add two types of context to your space: * **{% octicon "upload" aria-hidden="true" aria-label="upload" %} Upload a file**: You can upload files directly from your local machine. This includes images, text files, rich documents, and spreadsheets. * **{% octicon "paste" aria-hidden="true" aria-label="paste" %} Add text content**: You can type or paste free-text content, such as transcripts, notes, or any other relevant information that can help {% data variables.product.prodname_copilot_short %} understand the context of your space. +## Choosing repositories or files as context + +When adding sources to your space, you can choose to attach entire repositories or individual files. Understanding how each option works can help you get the best results from {% data variables.product.prodname_copilot_short %}. + +* **Attach a repository**: When you attach a repository, {% data variables.product.prodname_copilot_short %} doesn't load the entire project into memory. Instead, it searches the repository and retrieves only the most relevant content needed to answer your question. This is recommended for large-scale use cases (for example, answering questions across all documentation in a repository). + +* **Attach individual files**: When you attach a file, its full contents are loaded into {% data variables.product.prodname_copilot_short %}'s context window and considered for every query in that space. This is best when you want {% data variables.product.prodname_copilot_short %} to consistently prioritize a specific document or small set of files. + ## Adding context as you're working You can add files to a space directly from the code view on {% data variables.product.github %}, so you don't need to break your flow when building context for your space. diff --git a/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md b/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md index 21fe14554791..8049a4c023a0 100644 --- a/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md +++ b/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md @@ -38,7 +38,28 @@ Once you've accessed space context from your IDE: ### Prerequisites -To use {% data variables.copilot.copilot_spaces_short %} in your IDE, you need to install the {% data variables.product.github %} MCP server. For setup instructions, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server). +To use {% data variables.copilot.copilot_spaces_short %} in your IDE, you need to: + +* Set up the remote {% data variables.product.github %} MCP server for your IDE. For more information, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server) and [Remote {% data variables.product.github %} MCP Server](https://github.com/github/github-mcp-server/blob/main/docs/remote-server.md) in the {% data variables.product.github %} MCP server documentation. +* Configure the set up of the remote {% data variables.product.github %} MCP server so that the {% data variables.copilot.copilot_spaces_short %} toolset is enabled. + + The {% data variables.copilot.copilot_spaces_short %} toolset is not included in the default configuration, so you must explicitly enable it using the `X-MCP-Toolsets` header. The following example configuration enables both the default tools and {% data variables.copilot.copilot_spaces_short %}: + + ```json copy + { + "servers": { + "github": { + "type": "http", + "url": "https://api.githubcopilot.com/mcp/", + "headers": { + "X-MCP-Toolsets": "default,copilot_spaces" + } + } + } + } + ``` + + Alternatively, you can use the dedicated {% data variables.copilot.copilot_spaces_short %} toolset URL: `https://api.githubcopilot.com/mcp/x/copilot_spaces`. Note that this configuration provides _only_ {% data variables.copilot.copilot_spaces_short %} tools, without other default {% data variables.product.github %} MCP server functionality. ### Accessing space context from your IDE diff --git a/content/copilot/how-tos/provide-context/use-mcp/change-mcp-registry.md b/content/copilot/how-tos/provide-context/use-mcp/change-mcp-registry.md index b583d57067b8..f7e28fa5d8e0 100644 --- a/content/copilot/how-tos/provide-context/use-mcp/change-mcp-registry.md +++ b/content/copilot/how-tos/provide-context/use-mcp/change-mcp-registry.md @@ -7,6 +7,8 @@ versions: feature: copilot defaultTool: jetbrains contentType: how-tos +category: + - Configure Copilot --- MCP registries for {% data variables.product.prodname_copilot_short %} in your IDE streamline the process of discovering and setting up MCP servers. By default, {% data variables.product.prodname_copilot_short %} uses the {% data variables.product.github %} MCP Registry, but you can configure your own MCP registry to customize the list of servers available in your environment. diff --git a/content/copilot/how-tos/provide-context/use-mcp/configure-toolsets.md b/content/copilot/how-tos/provide-context/use-mcp/configure-toolsets.md new file mode 100644 index 000000000000..a1aa4f36bb23 --- /dev/null +++ b/content/copilot/how-tos/provide-context/use-mcp/configure-toolsets.md @@ -0,0 +1,47 @@ +--- +title: Configuring toolsets for the GitHub MCP Server +intro: 'Learn how to configure toolsets and tools for the {% data variables.product.github %} MCP server for fine-grained control and optimized performance.' +shortTitle: Configure toolsets +versions: + feature: copilot +defaultTool: vscode +topics: + - Copilot +redirect_from: + - /copilot/how-tos/context/use-mcp/configure-toolsets +contentType: how-tos +category: + - Configure Copilot +--- + +The {% data variables.product.github %} MCP server includes default toolsets (`repos`, `issues`, and `pull_requests`) that are enabled automatically. You can customize toolset configuration by: + +* **Enabling individual toolsets** such as `actions`, `code_security`, or `secret_protection` +* **Using special keywords** like `all` to enable every available toolset, or [`default`](https://github.com/github/github-mcp-server?tab=readme-ov-file#default-toolset) to include the standard set alongside others (for example, `default,stargazers`) +* **Accessing remote-only toolsets** such as `copilot` (for {% data variables.copilot.copilot_coding_agent %}) and `github_support_docs_search`, which are only available on the remote MCP server +* **Selecting specific tools** for granular control when you want to exclude specific tools or combine toolsets with individual tools + +For a complete list of available toolsets, see [Tools](https://github.com/github/github-mcp-server/blob/main/README.md#tools) in the `github/github-mcp-server` repository. For configuration examples, see [Server configuration](https://github.com/github/github-mcp-server/blob/main/docs/server-configuration.md). For a full introduction to the {% data variables.product.github %} MCP server and an overview of MCP, see [AUTOTITLE](/copilot/concepts/context/mcp). + +## Configuring toolsets for the remote MCP server + +You can configure toolsets for the remote {% data variables.product.github %} MCP server using: + +* **URL path parameters** when enabling a single toolset +* **HTTP headers** when enabling multiple toolsets + +For detailed setup instructions, see [Remote {% data variables.product.github %} MCP server](https://github.com/github/github-mcp-server?tab=readme-ov-file#remote-github-mcp-server) and [Remote server configuration](https://github.com/github/github-mcp-server/blob/main/docs/remote-server.md) in the `github/github-mcp-server` repository. + +## Configuring toolsets for the local MCP server + +You can configure toolsets for the local {% data variables.product.github %} MCP server using: + +* **Command-line flags** +* **Environment variables** (these take precedence over command-line flags) + +For detailed setup instructions, see [Local {% data variables.product.github %} MCP server](https://github.com/github/github-mcp-server?tab=readme-ov-file#local-github-mcp-server) and [Tool configuration](https://github.com/github/github-mcp-server?tab=readme-ov-file#tool-configuration) in the `github/github-mcp-server` repository. + +## Further reading + +* [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server) +* [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server) diff --git a/content/copilot/how-tos/provide-context/use-mcp/enterprise-configuration.md b/content/copilot/how-tos/provide-context/use-mcp/enterprise-configuration.md new file mode 100644 index 000000000000..5defeb78a460 --- /dev/null +++ b/content/copilot/how-tos/provide-context/use-mcp/enterprise-configuration.md @@ -0,0 +1,650 @@ +--- +title: Configuring the GitHub MCP Server for GitHub Enterprise +intro: 'Learn how to configure the GitHub Model Context Protocol (MCP) server to work with {% data variables.product.prodname_ghe_server %} or {% data variables.enterprise.data_residency %}.' +shortTitle: Enterprise configuration +versions: + feature: copilot +defaultTool: vscode +topics: + - Copilot +contentType: how-tos +category: + - Configure Copilot +--- + +The {% data variables.product.github %} MCP server can be configured to work with {% data variables.product.prodname_ghe_server %} and {% data variables.enterprise.data_residency %}. The configuration steps differ depending on whether you are using the remote or local MCP server. + +## About enterprise MCP server configuration + +The {% data variables.product.github %} MCP server supports two enterprise deployment types: + +* **[{% data variables.enterprise.data_residency %}](#configuring-the-remote-mcp-server-for-github-enterprise-cloud-with-data-residency)**: Supports both remote and local MCP server configurations +* **[{% data variables.product.prodname_ghe_server %}](#configuring-the-local-mcp-server-for-enterprise)**: Supports **only local MCP server configuration** + +> [!IMPORTANT] +> {% data variables.product.prodname_ghe_server %} does **not** support remote MCP server hosting. If you are using {% data variables.product.prodname_ghe_server %}, you **must** use the local MCP server configuration described in [Configuring the local MCP server for enterprise](#configuring-the-local-mcp-server-for-enterprise). Skip the remote MCP server configuration section below. + +## Prerequisites + +* A {% data variables.product.prodname_ghe_server %} instance or {% data variables.product.prodname_ghe_cloud %} account with {% data variables.enterprise.data_residency_short %} +* The {% data variables.product.github %} MCP server configured in your editor. See [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server). + +## Configuring the remote MCP server for {% data variables.enterprise.data_residency %} + +> [!NOTE] +> This section applies **only** to {% data variables.enterprise.data_residency %}. If you are using {% data variables.product.prodname_ghe_server %}, skip to [Configuring the local MCP server for enterprise](#configuring-the-local-mcp-server-for-enterprise). + +{% vscode %} + +{% data variables.enterprise.data_residency %} can use the remote MCP server. To configure it, you need to update the MCP server URL to point to your {% data variables.product.prodname_ghe_cloud %} instance. + +For example, if your {% data variables.product.prodname_ghe_cloud %} instance is `https://octocorp.ghe.com`, the MCP server URL would be `https://copilot-api.octocorp.ghe.com/mcp`. + +1. In {% data variables.product.prodname_vscode %}, open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). +1. Type and select **MCP: Open User Configuration**. +1. In the settings file, locate the `servers` section. If you have already configured the {% data variables.product.github %} MCP server, you will see a `github` entry. +1. Update the `url` field to point to your {% data variables.product.prodname_ghe_cloud %} instance. + + **Option A: With PAT authentication** + + ```json copy + { + "servers": { + "github": { + "type": "http", + "url": "https://copilot-api.{% data variables.enterprise.data_residency_domain %}/mcp", + "headers": { + "Authorization": "Bearer ${input:github_mcp_pat}" + } + } + }, + "inputs": [ + { + "type": "promptString", + "id": "github_mcp_pat", + "description": "GitHub PAT", + "password": true + } + ] + } + ``` + + **Option B: With OAuth authentication** + + ```json copy + { + "servers": { + "github": { + "type": "http", + "url": "https://copilot-api.{% data variables.enterprise.data_residency_domain %}/mcp" + } + } + } + ``` + + Replace `{% data variables.enterprise.data_residency_domain %}` with your {% data variables.enterprise.data_residency_site %} subdomain. + +1. Save the file. +1. When using OAuth with {% data variables.enterprise.data_residency %}, configure your {% data variables.product.prodname_vscode_shortname %} settings to point to your {% data variables.product.prodname_ghe_cloud %} instance. Add the following to your [{% data variables.product.prodname_vscode_shortname %} user settings](https://code.visualstudio.com/docs/configure/settings#_user-settings): + + ```json + { + "github-enterprise.uri": "https://copilot-api.{% data variables.enterprise.data_residency_domain %}/mcp" + } + ``` + +1. Restart {% data variables.product.prodname_vscode %} or reload the window for the changes to take effect. + +{% endvscode %} + +{% visualstudio %} + +{% data variables.product.prodname_ghe_cloud %} with data residency can use the remote MCP server. To configure it, you need to update the MCP server URL to point to your {% data variables.product.prodname_ghe_cloud %} instance. + +For example, if your {% data variables.product.prodname_ghe_cloud %} instance is `https://octocorp.ghe.com`, the MCP server URL would be `https://copilot-api.octocorp.ghe.com/mcp`. + +1. In the {% data variables.product.prodname_vs %} menu bar, click **View**, then click **{% data variables.copilot.copilot_chat %}**. +1. At the bottom of the chat panel, select **Agent** from the mode dropdown. +1. In the {% data variables.copilot.copilot_chat_short %} window, click the tools icon, then click the plus icon in the tool picker window. +1. In the "Configure MCP server" pop-up window, fill out the fields. + 1. For "Server ID", type `github`. + 1. For "Type", select "HTTP/SSE" from the dropdown. + 1. For "URL", type `https://copilot-api.YOURSUBDOMAIN.ghe.com/mcp`, replacing `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + 1. Add a new header under "Headers", called "Authorization" and set to the value `Bearer YOUR_GITHUB_PAT`, replacing "YOUR_GITHUB_PAT" with your {% data variables.product.pat_generic %}. +1. Click **Save**. + +{% endvisualstudio %} + +{% jetbrains %} + +{% data variables.product.prodname_ghe_cloud %} with data residency can use the remote MCP server. To configure it, you need to update the MCP server URL to point to your {% data variables.product.prodname_ghe_cloud %} instance. + +For example, if your {% data variables.product.prodname_ghe_cloud %} instance is `https://octocorp.ghe.com`, the MCP server URL would be `https://copilot-api.octocorp.ghe.com/mcp`. + +{% data reusables.copilot.jetbrains-mcp-setup-steps %} +1. In the `mcp.json` file, add the following configuration, replacing `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain and `YOUR_GITHUB_PAT` with your {% data variables.product.pat_generic %}: + + ```json copy + { + "servers": { + "github": { + "url": "https://copilot-api.YOURSUBDOMAIN.ghe.com/mcp", + "requestInit": { + "headers": { + "Authorization": "Bearer YOUR_GITHUB_PAT" + } + } + } + } + } + ``` + +{% endjetbrains %} + +{% xcode %} + +{% data variables.product.prodname_ghe_cloud %} with data residency can use the remote MCP server. To configure it, you need to update the MCP server URL to point to your {% data variables.product.prodname_ghe_cloud %} instance. + +For example, if your {% data variables.product.prodname_ghe_cloud %} instance is `https://octocorp.ghe.com`, the MCP server URL would be `https://copilot-api.octocorp.ghe.com/mcp`. + +{% data reusables.copilot.xcode-mcp-setup-steps %} +1. Add the following configuration, replacing `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain and `YOUR_GITHUB_PAT` with your {% data variables.product.pat_generic %}: + + ```json copy + { + "servers": { + "github": { + "url": "https://copilot-api.YOURSUBDOMAIN.ghe.com/mcp", + "requestInit": { + "headers": { + "Authorization": "Bearer YOUR_GITHUB_PAT" + } + } + } + } + } + ``` + +{% endxcode %} + +{% eclipse %} + +{% data variables.product.prodname_ghe_cloud %} with data residency can use the remote MCP server. To configure it, you need to update the MCP server URL to point to your {% data variables.product.prodname_ghe_cloud %} instance. + +For example, if your {% data variables.product.prodname_ghe_cloud %} instance is `https://octocorp.ghe.com`, the MCP server URL would be `https://copilot-api.octocorp.ghe.com/mcp`. + +{% data reusables.copilot.eclipse-mcp-setup-steps %} +1. Add the following configuration under "Server Configurations", replacing `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain and `YOUR_GITHUB_PAT` with your {% data variables.product.pat_generic %}: + + ```json copy + { + "servers": { + "github": { + "url": "https://copilot-api.YOURSUBDOMAIN.ghe.com/mcp", + "requestInit": { + "headers": { + "Authorization": "Bearer YOUR_GITHUB_PAT" + } + } + } + } + } + ``` + +1. Click **Apply**. + +{% endeclipse %} + +## Configuring the local MCP server for enterprise + +Both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} with data residency support the local MCP server. You can configure the local server using either the `GITHUB_HOST` environment variable or the `--gh-host` command-line flag. + +### Important considerations + +* **For {% data variables.product.prodname_ghe_server %}**: Prefix the hostname with the `https://` URI scheme, as it otherwise defaults to `http://`, which {% data variables.product.prodname_ghe_server %} does not support. +* **For {% data variables.product.prodname_ghe_cloud %} with data residency**: Use `https://YOURSUBDOMAIN.ghe.com` as the hostname. + +### Configuration with Docker + +{% vscode %} + +To configure the local MCP server with Docker in {% data variables.product.prodname_vscode %}: + +1. In {% data variables.product.prodname_vscode %}, open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). +1. Type and select **MCP: Open User Configuration**. +1. In the settings file, locate the `servers` section or create it if it doesn't exist. +1. Add the following configuration: + + **For {% data variables.product.prodname_ghe_server %}:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOUR_GHES_HOSTNAME" + } + } + } + } + ``` + + Replace `YOUR_GHES_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`). + + **For {% data variables.product.prodname_ghe_cloud %} with data residency:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOURSUBDOMAIN.ghe.com" + } + } + } + } + ``` + + Replace `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + +1. Save the file. +1. Restart {% data variables.product.prodname_vscode %} or reload the window for the changes to take effect. + +{% endvscode %} + +{% visualstudio %} + +To configure the local MCP server with Docker in {% data variables.product.prodname_vs %}, you need to manually edit the `mcp.json` file. + +1. Open the `mcp.json` file in {% data variables.product.prodname_vs %}. The file is typically located in your user profile directory. +1. Add the following configuration: + + **For {% data variables.product.prodname_ghe_server %}:** + + ```json copy + { + "mcp": { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOUR_GHES_HOSTNAME" + } + } + } + } + } + ``` + + Replace `YOUR_GHES_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`). + + **For {% data variables.product.prodname_ghe_cloud %} with data residency:** + + ```json copy + { + "mcp": { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOURSUBDOMAIN.ghe.com" + } + } + } + } + } + ``` + + Replace `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + +1. Save the file. + +{% endvisualstudio %} + +{% jetbrains %} + +To configure the local MCP server with Docker in JetBrains IDEs: + +{% data reusables.copilot.jetbrains-mcp-setup-steps %} +1. Add the following configuration: + + **For {% data variables.product.prodname_ghe_server %}:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOUR_GHES_HOSTNAME" + } + } + } + } + ``` + + Replace `YOUR_GHES_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`). + + **For {% data variables.product.prodname_ghe_cloud %} with data residency:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOURSUBDOMAIN.ghe.com" + } + } + } + } + ``` + + Replace `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + +{% endjetbrains %} + +{% xcode %} + +To configure the local MCP server with Docker in Xcode: + +{% data reusables.copilot.xcode-mcp-setup-steps %} +1. Add the following configuration: + + **For {% data variables.product.prodname_ghe_server %}:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOUR_GHES_HOSTNAME" + } + } + } + } + ``` + + Replace `YOUR_GHES_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`). + + **For {% data variables.product.prodname_ghe_cloud %} with data residency:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOURSUBDOMAIN.ghe.com" + } + } + } + } + ``` + + Replace `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + +{% endxcode %} + +{% eclipse %} + +To configure the local MCP server with Docker in Eclipse: + +{% data reusables.copilot.eclipse-mcp-setup-steps %} +1. Add the following configuration under "Server Configurations": + + **For {% data variables.product.prodname_ghe_server %}:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOUR_GHES_HOSTNAME" + } + } + } + } + ``` + + Replace `YOUR_GHES_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`). + + **For {% data variables.product.prodname_ghe_cloud %} with data residency:** + + ```json copy + { + "inputs": [ + { + "type": "promptString", + "id": "github_token", + "description": "GitHub PAT", + "password": true + } + ], + "servers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "-e", + "GITHUB_HOST", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}", + "GITHUB_HOST": "https://YOURSUBDOMAIN.ghe.com" + } + } + } + } + ``` + + Replace `YOURSUBDOMAIN` with your {% data variables.product.prodname_ghe_cloud %} subdomain. + +1. Click **Apply**. + +{% endeclipse %} + +### Configuration when building from source + +If you are building the MCP server from source instead of using Docker, you can set the `GITHUB_HOST` environment variable or use the `--gh-host` command-line flag: + +**Using environment variable:** + +```bash +export GITHUB_HOST="https://YOUR_GHES_OR_GHEC_HOSTNAME" +./github-mcp-server stdio +``` + +**Using command-line flag:** + +```bash +./github-mcp-server --gh-host \ + "https://YOUR_GHES_OR_GHEC_HOSTNAME" stdio +``` + +Replace `YOUR_GHES_OR_GHEC_HOSTNAME` with your {% data variables.product.prodname_ghe_server %} hostname (for example, `https://github.example.com`) or {% data variables.product.prodname_ghe_cloud %} hostname (for example, `https://octocorp.ghe.com`). + +## Next steps + +* To learn how to use the {% data variables.product.github %} MCP server, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server). +* To learn how to configure toolsets for the {% data variables.product.github %} MCP server, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/configure-toolsets). diff --git a/content/copilot/how-tos/provide-context/use-mcp/index.md b/content/copilot/how-tos/provide-context/use-mcp/index.md index 8d710f94aeb6..30cc2094cf3d 100644 --- a/content/copilot/how-tos/provide-context/use-mcp/index.md +++ b/content/copilot/how-tos/provide-context/use-mcp/index.md @@ -9,6 +9,8 @@ topics: children: - /extend-copilot-chat-with-mcp - /set-up-the-github-mcp-server + - /enterprise-configuration + - /configure-toolsets - /use-the-github-mcp-server - /change-mcp-registry redirect_from: diff --git a/content/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server.md b/content/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server.md index b1b46f71aca8..7942d6d22a62 100644 --- a/content/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server.md +++ b/content/copilot/how-tos/provide-context/use-mcp/set-up-the-github-mcp-server.md @@ -22,6 +22,8 @@ category: The {% data variables.product.github %} MCP server is available to all {% data variables.product.github %} users regardless of plan type. However, specific tools within the MCP server inherit the same access requirements as their corresponding {% data variables.product.github %} features. If a feature requires a paid {% data variables.product.github %} or {% data variables.product.prodname_copilot_short %} license, the equivalent MCP tool will require the same subscription. For example, tools that interact with {% data variables.product.prodname_copilot_short %} Coding Agent require a paid {% data variables.product.prodname_copilot_short %} license. +For the latest information and updates, see the [{% data variables.product.github %} MCP server repository](https://github.com/github/github-mcp-server). + {% vscode %} {% data reusables.copilot.mcp.about-github-mcp-server %} @@ -48,10 +50,6 @@ For information on manually configuring the remote or local {% data variables.pr 1. To check that the {% data variables.product.github %} MCP server is configured correctly, open the command palette by pressing Ctrl+Shift+P (Windows/Linux) / Command+Shift+P (Mac). 1. Type and select **MCP: List Servers**. You should see `github` listed as a configured server. -## Tool configuration - -The {% data variables.product.github %} MCP server supports installing individual toolsets, either in read-only mode or with full read/write access, via the `--toolsets` flag. For more information, see [Tool Configuration](https://github.com/mcp/io.github.github/github-mcp-server#tool-configuration) in the GitHub MCP server documentation. - {% endvscode %} {% visualstudio %} @@ -309,6 +307,11 @@ To configure the remote {% data variables.product.github %} MCP server with a PA {% endeclipse %} +## Enterprise configuration + +If you are using {% data variables.product.prodname_ghe_server %} or {% data variables.product.prodname_ghe_cloud %} with data residency, additional configuration is required. For more information, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/enterprise-configuration). + ## Next steps -To learn how to use the {% data variables.product.github %} MCP server in {% data variables.product.prodname_vscode %}, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server). +* To learn how to use the {% data variables.product.github %} MCP server in {% data variables.product.prodname_vscode %}, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/use-the-github-mcp-server). +* For information on configuring individual toolsets with read-only or read/write access, see [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp/configure-toolsets). diff --git a/content/copilot/how-tos/set-up/index.md b/content/copilot/how-tos/set-up/index.md index fb4044ff53a5..b3b76877d768 100644 --- a/content/copilot/how-tos/set-up/index.md +++ b/content/copilot/how-tos/set-up/index.md @@ -1,7 +1,7 @@ --- title: Setting up GitHub Copilot shortTitle: Set up -intro: 'Learn how to set up {% data variables.product.prodname_copilot %}.' +intro: Learn how to set up {% data variables.product.prodname_copilot %}. topics: - Copilot versions: @@ -12,9 +12,9 @@ children: - /set-up-for-enterprise - /set-up-a-dedicated-enterprise-for-copilot-business - /install-copilot-extension - - /install-copilot-cli redirect_from: - /copilot/setting-up-github-copilot - /copilot/get-started/setting-up-github-copilot contentType: how-tos --- + diff --git a/content/copilot/how-tos/set-up/install-copilot-cli.md b/content/copilot/how-tos/set-up/install-copilot-cli.md deleted file mode 100644 index a5af2be63074..000000000000 --- a/content/copilot/how-tos/set-up/install-copilot-cli.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Installing GitHub Copilot CLI -shortTitle: Install Copilot CLI -intro: 'Learn how to install {% data variables.copilot.copilot_cli_short %} so that you can use {% data variables.product.prodname_copilot_short %} directly from the command line.' -versions: - feature: copilot -topics: - - Copilot - - CLI -redirect_from: - - /copilot/how-tos/set-up/install-copilot-in-the-cli - - /copilot/github-copilot-in-the-cli/enabling-github-copilot-in-the-cli - - /copilot/github-copilot-in-the-cli/setting-up-github-copilot-in-the-cli - - /copilot/github-copilot-in-the-cli/installing-github-copilot-in-the-cli - - /copilot/managing-copilot/configure-personal-settings/installing-github-copilot-in-the-cli - - /copilot/how-tos/personal-settings/installing-github-copilot-in-the-cli - - /copilot/how-tos/set-up/installing-github-copilot-in-the-cli -contentType: how-tos -category: - - Configure Copilot ---- - -{% data reusables.cli.preview-note-cli %} - -To find out about {% data variables.copilot.copilot_cli_short %} before you install it, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli). - -## Prerequisites - -* **A {% data variables.product.prodname_copilot %} subscription**. See [Copilot plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=engagement&ref_style=text). -* **Node.js** version 22 or later -* **npm** version 10 or later - -If you have access to {% data variables.product.prodname_copilot %} via your organization or enterprise, you cannot use {% data variables.copilot.copilot_cli_short %} if your organization owner or enterprise administrator has disabled it in the organization or enterprise settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization). - -## Installing or updating {% data variables.copilot.copilot_cli_short %} - -Run the following command to install or update {% data variables.copilot.copilot_cli_short %}. - -```shell copy -npm install -g @github/copilot -``` - -## Next steps - -You can now use {% data variables.product.prodname_copilot_short %} from the command line. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli). diff --git a/content/copilot/how-tos/set-up/set-up-a-dedicated-enterprise-for-copilot-business.md b/content/copilot/how-tos/set-up/set-up-a-dedicated-enterprise-for-copilot-business.md index 57ebd093574b..4960ac9f46e6 100644 --- a/content/copilot/how-tos/set-up/set-up-a-dedicated-enterprise-for-copilot-business.md +++ b/content/copilot/how-tos/set-up/set-up-a-dedicated-enterprise-for-copilot-business.md @@ -15,6 +15,9 @@ topics: - Accounts - Copilot shortTitle: Set up a dedicated enterprise +category: + - Configure Copilot + - Manage Copilot for a team --- You can create an enterprise account specifically for managing {% data variables.copilot.copilot_business_short %} licenses, without adopting {% data variables.product.prodname_enterprise %}. With this account, you will have access to enterprise-grade integrations with identity providers for authentication and provisioning, without needing to pay for {% data variables.product.prodname_enterprise %} licenses. See [AUTOTITLE](/copilot/concepts/about-enterprise-accounts-for-copilot-business). diff --git a/content/copilot/how-tos/set-up/set-up-for-self.md b/content/copilot/how-tos/set-up/set-up-for-self.md index 672ea7944256..cf2c30c84a69 100644 --- a/content/copilot/how-tos/set-up/set-up-for-self.md +++ b/content/copilot/how-tos/set-up/set-up-for-self.md @@ -12,7 +12,7 @@ redirect_from: - /copilot/get-started/setting-up-github-copilot/setting-up-github-copilot-for-yourself - /copilot/how-tos/set-up/setting-up-github-copilot-for-yourself contentType: how-tos -category: +category: - Configure Copilot --- @@ -55,8 +55,9 @@ All users can configure {% data variables.product.prodname_copilot_short %} sett If you have your own {% data variables.product.prodname_copilot_short %} plan (instead of using your organization or enterprise's plan), you can: -* **Install Model Context Protocol (MCP) servers to integrate with {% data variables.copilot.copilot_chat_short %}. See [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp). +* **Install Model Context Protocol (MCP) servers** to integrate with {% data variables.copilot.copilot_chat_short %}. See [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp). * **Manage policies**. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber). +* **Enable {% data variables.copilot.copilot_memory %}**, which allows {% data variables.product.prodname_copilot_short %} to generate and store useful information about your repositories. See [AUTOTITLE](/copilot/concepts/agents/copilot-memory). ## 7. Start using {% data variables.product.prodname_copilot_short %} diff --git a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-common-issues.md b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-common-issues.md index 94cd025ce4a9..4be80d2b8dcf 100644 --- a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-common-issues.md +++ b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-common-issues.md @@ -15,6 +15,8 @@ redirect_from: - /copilot/how-tos/troubleshoot/troubleshooting-common-issues-with-github-copilot - /copilot/how-tos/troubleshoot/troubleshoot-common-issues contentType: how-tos +category: + - Troubleshooting Copilot --- diff --git a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-firewall-settings.md b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-firewall-settings.md index c6eb9665a51b..2530b50a5b9e 100644 --- a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-firewall-settings.md +++ b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-firewall-settings.md @@ -13,6 +13,8 @@ redirect_from: - /copilot/how-tos/troubleshoot/troubleshooting-firewall-settings-for-github-copilot - /copilot/how-tos/troubleshoot/troubleshoot-firewall-settings contentType: how-tos +category: + - Troubleshooting Copilot --- ## About the problem diff --git a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-network-errors.md b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-network-errors.md index 94a96a788d82..51748b4eacd8 100644 --- a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-network-errors.md +++ b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-network-errors.md @@ -14,6 +14,8 @@ versions: feature: copilot shortTitle: Troubleshoot network errors contentType: how-tos +category: + - Troubleshooting Copilot --- If you're working on company equipment and connecting to a corporate network, you may be connecting to the Internet via a VPN or an HTTP proxy server. In some cases, these types of network setups may prevent {% data variables.product.prodname_copilot %} from connecting to {% data variables.product.prodname_dotcom %}'s server. For more information about the options for setting up proxies with {% data variables.product.prodname_copilot %}, see [AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot). diff --git a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-spark.md b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-spark.md index 8ea5edac6b98..0ea0b201d1d0 100644 --- a/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-spark.md +++ b/content/copilot/how-tos/troubleshoot-copilot/troubleshoot-spark.md @@ -7,6 +7,8 @@ topics: - Copilot shortTitle: Troubleshoot Spark contentType: how-tos +category: + - Troubleshooting Copilot --- ## Error: "Live preview is interrupted. Try refreshing the page to reconnect." diff --git a/content/copilot/how-tos/troubleshoot-copilot/view-logs.md b/content/copilot/how-tos/troubleshoot-copilot/view-logs.md index f09afe0540aa..a9d18641e7be 100644 --- a/content/copilot/how-tos/troubleshoot-copilot/view-logs.md +++ b/content/copilot/how-tos/troubleshoot-copilot/view-logs.md @@ -18,6 +18,8 @@ versions: feature: copilot shortTitle: View logs contentType: how-tos +category: + - Troubleshooting Copilot --- {% jetbrains %} @@ -143,7 +145,7 @@ If you encounter problems connecting to {% data variables.product.prodname_copil * Use: Shift+Command+P * For Windows or Linux: * Use: Ctrl+Shift+P -1. Type "Diagnostics", and then select **{% data variables.product.prodname_copilot %}: Collect Diagnostics** from the list. This opens a new editor with the relevant information that you can inspect yourself or share with the support team. +1. Type "Diagnostics", and then select **Developer: Chat Diagnostics** from the list. This opens a new editor with the relevant information that you can inspect yourself or share with the support team. 1. Check the section on **Reachability** to determine if {% data variables.product.prodname_copilot %} can actually access the necessary services. ## Viewing Electron logs diff --git a/content/copilot/how-tos/use-ai-models/configure-access-to-ai-models.md b/content/copilot/how-tos/use-ai-models/configure-access-to-ai-models.md index 68e694d5ef41..fc730ee95320 100644 --- a/content/copilot/how-tos/use-ai-models/configure-access-to-ai-models.md +++ b/content/copilot/how-tos/use-ai-models/configure-access-to-ai-models.md @@ -28,19 +28,10 @@ To learn how {% data variables.copilot.copilot_chat_short %} serves different AI ## Setup for individual use -If you have a {% data variables.copilot.copilot_free_short %}, {% data variables.copilot.copilot_pro_short %}, or {% data variables.copilot.copilot_pro_plus_short %} plan, you may need to enable access to certain models before using them. - -You can enable access in two ways: - -* The first time you use a model with {% data variables.copilot.copilot_chat_short %} in your editor or in {% data variables.product.github %}, you will be prompted to allow access to the model. - - Click **Allow** to enable the AI model and update the policy in your personal settings on {% data variables.product.github %}. - -* You can enable the model directly in your personal settings on the {% data variables.product.github %} website. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber#enabling-or-disabling-alternative-ai-models). +If you have a {% data variables.copilot.copilot_free_short %}, {% data variables.copilot.copilot_pro_short %}, or {% data variables.copilot.copilot_pro_plus_short %} plan, you can use AI models directly within {% data variables.product.prodname_copilot_short %} without configuring access or managing policies. >[!NOTE] > * Some models may not be available depending on your plan. See [AUTOTITLE](/copilot/about-github-copilot/plans-for-github-copilot#models). -> * Models available in {% data variables.copilot.copilot_auto_model_selection %} will follow the policies set by users and align to individual plans. See [AUTOTITLE](/copilot/concepts/auto-model-selection). ## Setup for organization and enterprise use diff --git a/content/copilot/how-tos/use-ai-models/create-a-custom-model.md b/content/copilot/how-tos/use-ai-models/create-a-custom-model.md deleted file mode 100644 index f163049cc247..000000000000 --- a/content/copilot/how-tos/use-ai-models/create-a-custom-model.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: Creating a custom model for GitHub Copilot -shortTitle: Create a custom model -intro: 'You can fine-tune {% data variables.product.prodname_copilot_short %} inline suggestions by creating a custom model based on code in your organization''s repositories.' -permissions: 'Owners of organizations enrolled in the {% data variables.release-phases.public_preview %}.' -product: '{% data reusables.copilot.ce-product-callout %}' -versions: - feature: copilot -topics: - - Copilot -redirect_from: - - /copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot - - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot - - /copilot/customizing-copilot/creating-a-custom-model-for-github-copilot - - /copilot/how-tos/ai-models/creating-a-custom-model-for-github-copilot - - /copilot/how-tos/ai-models/create-a-custom-model -contentType: how-tos -category: - - Configure Copilot ---- - -> [!NOTE] The current {% data variables.release-phases.public_preview %} of custom models for {% data variables.copilot.copilot_enterprise %} will be discontinued. For now, participants can continue using their custom models, but we are no longer processing new training requests. We encourage participants to use the {% data variables.copilot.copilot_gpt_41 %} {% data variables.product.prodname_copilot_short %} model for inline suggestions. See [AUTOTITLE](/copilot/how-tos/use-ai-models/change-the-completion-model?tool=vscode). - -## Prerequisite - -The code on which you want to train a custom model must be hosted in repositories owned by your organization on {% data variables.product.github %}. - -## Limitations - -* For the {% data variables.release-phases.public_preview %}, an enterprise can deploy one custom model in a single organization. -* Inline suggestions based on the custom model are only available to managed users who get a {% data variables.copilot.copilot_enterprise_short %} plan from the organization in which the custom model is deployed. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users). -* The custom model is not used for code suggested in responses by {% data variables.copilot.copilot_chat %}. - -## About {% data variables.product.prodname_copilot_short %} custom models - -By default {% data variables.product.prodname_copilot %} uses a large language model that has been trained on a large number of public code repositories, so that it can provide inline suggestions for a wide range of programming languages in many different contexts. You can use this model as the basis for creating a custom large language model that you train specifically on your own code. This process is often known as fine-tuning. - -By creating a custom model you enable {% data variables.product.prodname_copilot %} to show you inline suggestions that are: - -* Based on code in your own designated repositories. -* Created for proprietary or less publicly represented programming languages. -* Tailored according to your organization's coding style and guidelines. - -This provides: - -* **Personalization** - {% data variables.product.prodname_copilot_short %} has a detailed knowledge of your codebase, including available modules, functions, and internal libraries. A custom model may be particularly beneficial if your code is not typical of the wide range of code used to train the included model. -* **Efficiency and quality** - {% data variables.product.prodname_copilot_short %} is better equipped to help you write code faster and with fewer errors. -* **Privacy** - The custom model’s training process, hosting and inferencing are secure and private to your organization. Your data always remains yours, is never used to train another customer’s model, and your custom model is never shared. - -### About model creation - -Currently, in the {% data variables.release-phases.public_preview %}, only one organization in an enterprise is permitted to create a custom model. - -As an owner of the organization that's permitted to create a custom model, you can choose which of your organization's repositories to use to train the model. You can train the model on one, several, or all of the repositories in the organization. The model is trained on the content of the default branches of the selected repositories. Optionally, you can specify that only code written in certain programming languages should be used for training. The custom model will be used for generating inline suggestions in all file types, irrespective of whether that type of file was used for training. - -You can also choose whether telemetry data (such as the prompts entered by users and the suggestions generated by {% data variables.product.prodname_copilot_short %}) should be used when training the model. For more information, see [Telemetry data collection and usage for custom models](#telemetry-data-collection-and-usage-for-custom-models), later in this article. - -Once initiated, custom model creation will take many hours to complete. You can check the progress of the training in your organization's settings. When model creation completes - or if it fails to complete - the person who initiated the model training will be notified by email. - -If model creation fails, {% data variables.product.prodname_copilot_short %} will continue to use the current model for generating inline suggestions. - -### About model usage - -As soon as the custom model is successfully created, all managed users in your enterprise who get {% data variables.copilot.copilot_enterprise_short %} access from the organization in which the custom model is deployed will start to see {% data variables.product.prodname_copilot_short %} inline suggestions that are generated using the custom model. The custom model will always be used for any code these users edit, irrespective of where the code resides. Users cannot choose which model is used to generate the inline suggestions they see. - -## When you can benefit from a custom model - -The value of a custom model is most pronounced in environments with: - -* **Proprietary or less publicly represented programming languages** -* **Internal libraries or custom frameworks** -* **Custom standards and company-specific coding practices** - -However, even in standardized environments, fine-tuning offers an opportunity to align {% data variables.product.prodname_copilot_short %} inline suggestions more closely with your organization's established coding practices and standards. - -## Assess the effectiveness of a custom model - -While some coding environments are more likely to benefit from fine-tuning, there is no guaranteed correlation between specific behaviors in a codebase and the quality of the results you get from a custom model. It is advisable to assess the use and satisfaction levels of {% data variables.product.prodname_copilot %} inline suggestions before and after the implementation of a custom model. - -* Use the {% data variables.product.prodname_dotcom %} API to assess the usage of {% data variables.product.prodname_copilot %}. See [AUTOTITLE](/rest/copilot/copilot-usage?apiVersion=2022-11-28#get-a-summary-of-copilot-usage-for-an-enterprise-team). -* Survey developers to assess their level of satisfaction with {% data variables.product.prodname_copilot %} inline suggestions. - -Comparing results from the API and developer survey, from before and after the implementation of a custom model, will give you an indication of the effectiveness of the custom model. - -## Creating a custom model - -You can use your organization settings to create a custom large language model. - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}** then click **Custom model**. -1. On the "Custom models" page, click **Train a new custom model**. -1. Under "Select repositories," choose either **Selected repositories** or **All repositories**. - -1. If you chose **Selected repositories**, select the repositories you want to use for training then click **Apply**. -1. Optionally, if you want to train your model only on code written in certain programming languages, under "Specify languages," start typing the name of a language you want to include. Select the required language from the list that's displayed. Repeat the process for each language you want to include. -1. To improve the performance of your model, select the checkbox labeled **Include data from prompts and suggestions**. - - > [!NOTE] - > If the checkbox isn't available to select it indicates that the **Telemetry data collection** policy for custom models has been disabled in your organization's settings. For information on how to change policies for your organization, see [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization). - - By selecting this option you allow {% data variables.product.prodname_copilot_short %} to collect data for prompts that user submitted and the inline suggestions that were generated. Once sufficient data has been collected, {% data variables.product.prodname_copilot_short %} will use this as part of the model training process, allowing it to produce a more effective model. - - For more information, see [Telemetry data collection and usage for custom models](#telemetry-data-collection-and-usage-for-custom-models), later in this article. - -1. Click **Create new custom model**. - -## Checking the progress of model creation - -You can check in your organization settings for an indication of how model creation is progressing. - -1. Go to your organization's settings for {% data variables.product.prodname_copilot_short %} custom models. See [Creating a custom model](#creating-a-custom-model) above. -1. The first time you train a model, the page that's displayed shows the training results. - - If this is not the first training, the current and previous training attempts are listed. To see details of the current training process, click the first ellipsis button (**...**), then click **Training details**. - -## Reasons for training failure - -Model training may fail for a variety of reasons, including: - -* Not enough data or non-representative data. Lack of data provided for training, or too much replication in the data, may make the fine-tuning unstable. -* Non-differentiated data. If the data is not sufficiently different from the public data on which the included model was trained, training may fail or the quality of inline suggestions from the custom model may be only marginally improved. -* A data preprocessing step may encounter unexpected files types and formats which causes it to fail. A solution may be to specify only certain file types for training. - -## Retraining or deleting the custom model - -As an organization owner, you can update or delete the custom model from your organization's settings page. - -Retraining the model updates it to include any new code that has been added to the repositories you selected for training. You can retrain the model once a week. - -1. Go to your organization's settings for {% data variables.product.prodname_copilot_short %} custom models. See [Creating a custom model](#creating-a-custom-model) above. -1. On the model training page, click the first ellipsis button (**...**), then click either **Retrain model** or **Delete model**. - -If you retrain the model, {% data variables.product.prodname_copilot_short %} will continue to use the current model to generate inline suggestions until the new model is ready. Once the new model is ready, it will be automatically be used for inline suggestions for all managed users who get a {% data variables.copilot.copilot_enterprise_short %} plan from the organization. - -If you delete the custom model, {% data variables.product.prodname_copilot_short %} will use the included model for generating inline suggestions for all users who get a {% data variables.product.prodname_copilot_short %} plan from the organization. - -## Telemetry data collection and usage for custom models - -When you create a custom model, you can choose to allow {% data variables.product.company_short %} to collect telemetry data for the purposes of training the model. This data is used to improve the quality of the inline suggestions the model can generate. - -### What telemetry data is collected? - -* **Prompts:** This includes all the information sent to the {% data variables.product.prodname_copilot %} language model by the {% data variables.product.prodname_copilot_short %} extension, including context from your open files. -* **Suggestions:** The inline suggestions that {% data variables.product.prodname_copilot_short %} generates. -* **Code snippet:** A snapshot of the code 30 seconds after a suggestion is accepted, capturing how the suggestion was integrated into the codebase. This helps determine whether the suggestion was accepted as is or modified by the user before final integration. - -### How is telemetry data used? - -Telemetry data is primarily used to fine-tune the {% data variables.product.prodname_copilot_short %} custom model to better understand and predict your organization’s coding patterns. Specifically, it helps: - -* **Enhance model accuracy:** By analyzing the collected telemetry, {% data variables.product.prodname_copilot_short %} refines your custom model to increase the relevance and accuracy of future coding suggestions. -* **Monitor performance:** Telemetry data allows {% data variables.product.company_short %} to monitor how well custom models are performing compared to the included model, enabling ongoing improvements. -* **Feedback loops:** The data helps {% data variables.product.company_short %} create feedback loops where the model learns from real-world usage, adapting to your specific coding environment over time. - -### Data storage and retention - -* **Data storage:** All telemetry data collected is stored in the {% data variables.product.prodname_copilot_short %} Data Store, a secure and restricted environment. The data is encrypted and isolated to prevent unauthorized access. -* **Retention period:** Telemetry data is retained for a rolling 28-day period. After this period, the data is automatically deleted from {% data variables.product.company_short %}'s systems, ensuring that only recent and relevant data is used for model training and improvement. - -### Privacy and data security - -{% data variables.product.company_short %} is committed to ensuring that your organization’s data remains private and secure. - -* **Exclusive use:** The telemetry data collected from your organization is used exclusively for training your custom model and is never shared with other organizations or used to train other customers’ models. -* **Data leakage prevention:** {% data variables.product.company_short %} implements strict data isolation protocols to prevent cross-contamination between different organizations’ data. This means that your proprietary code and information are protected from exposure to other organizations or individuals. - -### Important considerations - -* **Opt-in for telemetry:** Participation in telemetry data collection is optional and controlled via your organization’s admin policies. Telemetry data is only collected when explicitly enabled for training custom models. -* **Potential risks:** Although {% data variables.product.company_short %} takes extensive measures to prevent data leakage, there are scenarios where sensitive data, such as internal links or names, could be included in the telemetry and subsequently used in training. We recommend reviewing and filtering the data you submit for training to minimize these risks. - - For more details about our data-handling practices, see the [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page) or review {% data variables.product.company_short %}’s [data protection agreement](https://github.com/customer-terms/github-data-protection-agreement). diff --git a/content/copilot/how-tos/use-ai-models/index.md b/content/copilot/how-tos/use-ai-models/index.md index 2b7527565c8e..54513931d285 100644 --- a/content/copilot/how-tos/use-ai-models/index.md +++ b/content/copilot/how-tos/use-ai-models/index.md @@ -10,9 +10,9 @@ children: - /configure-access-to-ai-models - /change-the-chat-model - /change-the-completion-model - - /create-a-custom-model redirect_from: - /copilot/using-github-copilot/ai-models - /copilot/how-tos/ai-models + - /copilot/how-tos/use-ai-models/create-a-custom-model contentType: how-tos --- diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model.md new file mode 100644 index 000000000000..d6dc15c5a96f --- /dev/null +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model.md @@ -0,0 +1,37 @@ +--- +title: Changing the AI model for GitHub Copilot coding agent +shortTitle: Changing the AI model +intro: '{% data variables.copilot.copilot_pro %} and {% data variables.copilot.copilot_pro_plus %} users can select the model used by {% data variables.copilot.copilot_coding_agent %}.' +product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Author and optimize with Copilot +--- + +> [!NOTE] +> For an overview of {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/about-copilot-coding-agent). + +## Introduction + +{% data variables.copilot.copilot_pro %} and {% data variables.copilot.copilot_pro_plus %} users can select the model used by {% data variables.copilot.copilot_coding_agent %}. + +> [!NOTE] Model selection for {% data variables.copilot.copilot_coding_agent %} is only supported when starting a task from the agents tab or panel, assigning an issue to {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %} and from the Raycast launcher. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr). + +You may find that different models perform better, or provide more useful responses, depending on the type of tasks you give {% data variables.product.prodname_copilot_short %}. + +Support for selecting a model is coming soon for {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} users. Until then, for these users, {% data variables.copilot.copilot_coding_agent %} will use {% data variables.copilot.copilot_claude_sonnet_45 %}. {% data variables.product.company_short %} reserves the right to change the model used at any time. + +## Supported models + +The following options are currently available: + +* Auto +{% data reusables.copilot.copilot-coding-agent-auto-models %} +{% data reusables.copilot.copilot-coding-agent-non-auto-models %} + +{% data reusables.copilot.auto-model-option %} + diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md index 4f60bbdba21d..7773049cb331 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md @@ -23,7 +23,7 @@ redirect_from: - /copilot/how-tos/agents/coding-agent/assign-copilot-to-an-issue - /copilot/how-tos/use-copilot-agents/coding-agent/assign-copilot-to-an-issue contentType: how-tos -category: +category: - Author and optimize with Copilot --- @@ -37,12 +37,12 @@ You can ask {% data variables.product.prodname_copilot_short %} to create a new * {% data variables.product.prodname_github_issues %}, by [assigning an issue to {% data variables.product.prodname_copilot_short %}](#assigning-an-issue-to-copilot) * The [agents tab or panel](#asking-copilot-to-create-a-pull-request-from-the-agents-tab-or-panel) on {% data variables.product.github %} * The [dashboard](#asking-copilot-to-create-a-pull-request-from-the-dashboard) on {% data variables.product.github %} -* {% data variables.copilot.copilot_chat_short %} in [{% data variables.product.prodname_vscode %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-code), [JetBrains IDEs](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-jetbrains-ides), [Eclipse](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-eclipse) and [{% data variables.product.prodname_vs %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio) +* {% data variables.copilot.copilot_chat_short %} in [{% data variables.product.prodname_vscode %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-code), [JetBrains IDEs](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-jetbrains-ides), [Eclipse](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-eclipse) and [{% data variables.product.prodname_vs %} 2026](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-2026) * {% data variables.copilot.copilot_chat_short %} on [{% data variables.product.prodname_dotcom_the_website %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-githubcom) * The [{% data variables.product.prodname_cli %}](#asking-copilot-to-create-a-pull-request-from-the-github-cli) * On [{% data variables.product.prodname_mobile %}](#asking-copilot-to-create-a-pull-request-from-github-mobile) * Your preferred IDE or agentic coding tool with [Model Context Protocol (MCP)](#asking-copilot-to-create-a-pull-request-from-the-github-mcp-server) support -* The [Raycast](#asking-copilot-to-create-a-pull-request-from-raycast) launcher on macOS +* The [Raycast](#asking-copilot-to-create-a-pull-request-from-raycast) launcher * The ["New repository" form](#asking-copilot-to-create-a-pull-request-from-the-new-repository-page) on {% data variables.product.github %} {% data variables.product.prodname_copilot_short %} will start working on the task, raise a pull request, then request a review from you when it's finished working. For more information, see [AUTOTITLE](/copilot/using-github-copilot/coding-agent/about-assigning-tasks-to-copilot). @@ -56,10 +56,14 @@ You can assign an issue to {% data variables.product.prodname_copilot_short %}: * On {% data variables.product.prodname_dotcom_the_website %} (see the [next section](#assigning-an-issue-to-copilot-on-githubcom)) * On [{% data variables.product.prodname_mobile %}](#assigning-an-issue-to-copilot-on-github-mobile) * Via the {% data variables.product.github %} API (see [later in this article](#assigning-an-issue-to-copilot-via-the-github-api)) +* Using the [Raycast launcher](#assigning-an-issue-to-copilot-from-raycast) * Using {% data variables.product.prodname_cli %} (see [`gh issue edit`](https://cli.github.com/manual/gh_issue_edit)) ### Assigning an issue to {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %} +> [!NOTE] +> This feature is in {% data variables.release-phases.public_preview %} and subject to change. + {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-issues %} @@ -93,7 +97,8 @@ You can assign an issue to {% data variables.product.prodname_copilot_short %}: > [!TIP] > When you assign an issue to {% data variables.product.prodname_copilot_short %}, it gets sent the issue title, description, any comments that currently exist, and any additional instructions you provide. After assigning the issue, {% data variables.product.prodname_copilot_short %} will not be aware of, and therefore won't react to, any further comments that are added to the issue. If you have more information, or changes to the original requirement, add this as a comment in the pull request that {% data variables.product.prodname_copilot_short %} raises. -{% data reusables.copilot.optional-select-custom-agent %} +{% data reusables.copilot.optional-select-custom-agent-dotcom %} +{% data reusables.copilot.optional-select-copilot-coding-agent-model %} You can also assign issues to {% data variables.product.prodname_copilot_short %} from other places on {% data variables.product.prodname_dotcom_the_website %}: @@ -112,9 +117,32 @@ You can also assign issues to {% data variables.product.prodname_copilot_short % ### Assigning an issue to {% data variables.product.prodname_copilot_short %} via the {% data variables.product.github %} API -You can assign issues to {% data variables.product.prodname_copilot_short %} using the GraphQL API. +> [!NOTE] +> This feature is in {% data variables.release-phases.public_preview %} and subject to change. + +You can assign issues to {% data variables.product.prodname_copilot_short %} using either the GraphQL API or the REST API. Both APIs support an optional Agent Assignment input to customize the task: + +| GraphQL parameter | REST parameter | Description | +| --- | --- | --- | +| `targetRepositoryId` | `target_repo` | The repository where {% data variables.product.prodname_copilot_short %} will work | +| `baseRef` | `base_branch` | The branch that {% data variables.product.prodname_copilot_short %} will branch from | +| `customInstructions` | `custom_instructions` | Additional instructions for {% data variables.product.prodname_copilot_short %} | +| `customAgent` | `custom_agent` | A custom agent to use for the task | +| `model` | `model` | The model for {% data variables.product.prodname_copilot_short %} to use | + +#### Using the GraphQL API + +> [!NOTE] +> You must include the `GraphQL-Features` header with the values `issues_copilot_assignment_api_support` and `coding_agent_model_selection`. + +You can use the following GraphQL mutations to assign issues to {% data variables.product.prodname_copilot_short %}: + +* [`updateIssue`](/graphql/reference/mutations#updateissue) +* [`createIssue`](/graphql/reference/mutations#createissue) +* [`addAssigneesToAssignable`](/graphql/reference/mutations#addassigneestoassignable) +* [`replaceActorsForAssignable`](/graphql/reference/mutations#replaceactorsforassignable) -#### Creating and assigning a new issue +##### Creating and assigning a new issue 1. Make sure you're authenticating with the API using a user token, for example a {% data variables.product.pat_generic %} or a {% data variables.product.prodname_github_app %} user-to-server token. @@ -162,11 +190,23 @@ You can assign issues to {% data variables.product.prodname_copilot_short %} usi } ``` -1. Create the issue with the `createIssue` mutation. Replace `REPOSITORY_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. - - ```graphql copy - mutation { - createIssue(input: {repositoryId: "REPOSITORY_ID", title: "Implement comprehensive unit tests", body: "DETAILS", assigneeIds: ["BOT_ID"]}) { +1. Create the issue with the `createIssue` mutation. Replace `REPOSITORY_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. You can optionally include the `agentAssignment` input to customize the task. + + ```shell copy + gh api graphql -f query='mutation { + createIssue(input: { + repositoryId: "REPOSITORY_ID", + title: "Implement comprehensive unit tests", + body: "DETAILS", + assigneeIds: ["BOT_ID"], + agentAssignment: { + targetRepositoryId: "REPOSITORY_ID", + baseRef: "main", + customInstructions: "Add comprehensive test coverage", + customAgent: "", + model: "" + } + }) { issue { id title @@ -177,10 +217,10 @@ You can assign issues to {% data variables.product.prodname_copilot_short %} usi } } } - } + }' -H 'GraphQL-Features: issues_copilot_assignment_api_support,coding_agent_model_selection' ``` -#### Assigning an existing issue +##### Assigning an existing issue 1. Make sure you're authenticating with the API using a user token, for example a {% data variables.product.pat_generic %} or a {% data variables.product.prodname_github_app %} user-to-server token. 1. Verify that {% data variables.copilot.copilot_coding_agent %} is enabled in the repository by checking if the repository's `suggestedActors` in the GraphQL API includes {% data variables.product.prodname_copilot_short %}. Replace `octo-org` with the repository owner, and `octo-repo` with the repository name. @@ -221,11 +261,79 @@ You can assign issues to {% data variables.product.prodname_copilot_short %} usi } ``` -1. Assign the existing issue to {% data variables.product.prodname_copilot_short %} using the `replaceActorsForAssignable` mutation. Replace `ISSUE_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. +1. Assign the existing issue to {% data variables.product.prodname_copilot_short %} using the `replaceActorsForAssignable` mutation. Replace `ISSUE_ID` with the ID returned from the previous step, `BOT_ID` with the ID returned from the step before that, and `REPOSITORY_ID` with the repository ID. You can optionally include the `agentAssignment` input to customize the task. + + ```shell copy + gh api graphql -f query='mutation { + replaceActorsForAssignable(input: { + assignableId: "ISSUE_ID", + actorIds: ["BOT_ID"], + agentAssignment: { + targetRepositoryId: "REPOSITORY_ID", + baseRef: "main", + customInstructions: "Fix the reported bug", + customAgent: "", + model: "" + } + }) { + assignable { + ... on Issue { + id + title + assignees(first: 10) { + nodes { + login + } + } + } + } + } + }' -H 'GraphQL-Features: issues_copilot_assignment_api_support,coding_agent_model_selection' + ``` - ```graphql copy - mutation { - replaceActorsForAssignable(input: {assignableId: "ISSUE_ID", actorIds: ["BOT_ID"]}) { +1. Alternatively, you can use the `updateIssue` mutation to update an existing issue and assign it to {% data variables.product.prodname_copilot_short %}. Replace `ISSUE_ID` with the issue ID and `BOT_ID` with the bot ID. + + ```shell copy + gh api graphql -f query='mutation { + updateIssue(input: { + id: "ISSUE_ID", + assigneeIds: ["BOT_ID"], + agentAssignment: { + targetRepositoryId: "REPOSITORY_ID", + baseRef: "main", + customInstructions: "Update feature implementation", + customAgent: "", + model: "" + } + }) { + issue { + id + title + assignees(first: 10) { + nodes { + login + } + } + } + } + }' -H 'GraphQL-Features: issues_copilot_assignment_api_support,coding_agent_model_selection' + ``` + +1. You can also use the `addAssigneesToAssignable` mutation to add {% data variables.product.prodname_copilot_short %} to an existing issue while keeping other assignees. Replace `ISSUE_ID` with the issue ID and `BOT_ID` with the bot ID. + + ```shell copy + gh api graphql -f query='mutation { + addAssigneesToAssignable(input: { + assignableId: "ISSUE_ID", + assigneeIds: ["BOT_ID"], + agentAssignment: { + targetRepositoryId: "REPOSITORY_ID", + baseRef: "main", + customInstructions: "Collaborate on this task", + customAgent: "", + model: "" + } + }) { assignable { ... on Issue { id @@ -238,9 +346,99 @@ You can assign issues to {% data variables.product.prodname_copilot_short %} usi } } } - } + }' -H 'GraphQL-Features: issues_copilot_assignment_api_support,coding_agent_model_selection' ``` +#### Using the REST API + +You can use the following REST API endpoints to assign issues to {% data variables.product.prodname_copilot_short %}: + +* [Add assignees to an issue](/rest/issues/assignees#add-assignees-to-an-issue) +* [Create an issue](/rest/issues/issues#create-an-issue) +* [Update an issue](/rest/issues/issues#update-an-issue) + +##### Adding assignees to an existing issue + +```shell copy +gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/OWNER/REPO/issues/ISSUE_NUMBER/assignees \ + --input - <<< '{ + "assignees": ["copilot-swe-agent[bot]"], + "agent_assignment": { + "target_repo": "OWNER/REPO", + "base_branch": "main", + "custom_instructions": "", + "custom_agent": "", + "model": "" + } +}' +``` + +##### Creating a new issue + +```shell copy +gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/OWNER/REPO/issues \ + --input - <<< '{ + "title": "Issue title", + "body": "Issue description.", + "assignees": ["copilot-swe-agent[bot]"], + "agent_assignment": { + "target_repo": "OWNER/REPO", + "base_branch": "main", + "custom_instructions": "", + "custom_agent": "", + "model": "" + } +}' +``` + +##### Updating an existing issue + +```shell copy +gh api \ + --method PATCH \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/OWNER/REPO/issues/ISSUE_NUMBER \ + --input - <<< '{ + "assignees": ["copilot-swe-agent[bot]"], + "agent_assignment": { + "target_repo": "OWNER/REPO", + "base_branch": "main", + "custom_instructions": "", + "custom_agent": "", + "model": "" + } +}' +``` + +### Assigning an issue to {% data variables.product.prodname_copilot_short %} from Raycast + +{% data reusables.copilot.coding-agent.raycast-intro %} + +{% data reusables.copilot.coding-agent.raycast-setup %} +1. Open Raycast, search for "{% data variables.product.prodname_copilot_short %}," find the **Assign Issues to {% data variables.product.prodname_copilot_short %}** command, then press Enter. +1. Click **Sign in with {% data variables.product.github %}**, then complete the authentication flow. Raycast will re-open. +1. Select the repository you want {% data variables.product.prodname_copilot_short %} to work in. +1. Select the issue you want to assign to {% data variables.product.prodname_copilot_short %}. +1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. {% data variables.product.prodname_copilot_short %} will create a new branch based on this branch, then push the changes to a pull request targeting that branch. +{% data reusables.copilot.optional-select-custom-agent-generic %} +{% data reusables.copilot.optional-select-copilot-coding-agent-model %} +1. Optionally, provide additional instructions. These will be passed to {% data variables.product.prodname_copilot_short %} alongside your issue contents. +1. Press Command+Enter to assign the issue. + + {% data variables.product.prodname_copilot_short %} will start a new session. {% data variables.product.prodname_copilot_short %} will work on the task and push changes to its pull request, then add you as a reviewer when it has finished, triggering a notification. + + +{% data reusables.copilot.coding-agent.raycast-oauth-access-restrictions %} + ## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from the agents tab or panel You can ask {% data variables.product.prodname_copilot_short %} to open a pull request from either the agents tab or the agents panel. The only difference is the entry point - once you see the "New agent task" form, the steps are the same. @@ -260,7 +458,7 @@ You can ask {% data variables.product.prodname_copilot_short %} to open a pull r For example, `Implement a user friendly message for common errors.` 1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. {% data variables.product.prodname_copilot_short %} will create a new branch based on this branch, then push the changes to a pull request. -{% data reusables.copilot.optional-select-custom-agent %} +{% data reusables.copilot.optional-select-custom-agent-dotcom %} 1. Click **{% octicon "paper-airplane" aria-label="Send now" %} Send now** or press Return. You will be taken to the agents tab, and {% data variables.product.prodname_copilot_short %} will start a new session, which will appear in the "Recent sessions" list below the prompt box. {% data variables.product.prodname_copilot_short %} will work on the task and push changes to its pull request, then add you as a reviewer when it has finished, triggering a notification. @@ -314,22 +512,25 @@ You can ask {% data variables.product.prodname_copilot_short %} to open a pull r {% data variables.product.prodname_copilot_short %} will start a new session and respond with a link to the pull request it creates. It will work on the task and push changes to the pull request, and then add you as a reviewer when it has finished, triggering a notification from {% data variables.product.github %} and in the IDE. -## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %} +## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %} 2026 + +> [!NOTE] To use {% data variables.copilot.copilot_coding_agent %} in {% data variables.product.prodname_vs %}, you'll need to be running at least [December Update 18.1.0](https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes#github-copilot-1) of {% data variables.product.prodname_vs %} 2026. +1. Enable {% data variables.copilot.copilot_coding_agent %} support in {% data variables.product.prodname_vs %}. + 1. Open the **Tools** menu, then click **Options**. + 1. In the sidebar, select **{% data variables.product.github %}**. + 1. Check the **Enable Copilot Coding agent (preview)** box. + 1. Restart {% data variables.product.prodname_vs %}. 1. Open {% data variables.copilot.copilot_chat %} in {% data variables.product.prodname_vs %}. -1. Type a prompt, starting with `@github`, asking {% data variables.product.prodname_copilot_short %} to create a pull request, and giving details of what you want {% data variables.product.prodname_copilot_short %} to change. +1. Enter a prompt, giving details of what you want {% data variables.product.prodname_copilot_short %} to change. - For example, `@github Create a PR to put backticks around file names and variables in output.` + For example, `Put backticks around file names and variables in log output.` - > [!TIP] - > * To help {% data variables.product.prodname_copilot_short %}, you can select the relevant line(s) of code before submitting your prompt. - > * From {% data variables.copilot.copilot_chat_short %}, you can ask {% data variables.product.prodname_copilot_short %} to open a pull request using a specific branch as the base branch by including it in your prompt. - -1. Submit your prompt. +1. Submit your prompt by clicking the **Delegate this task to the GitHub Copilot coding agent** button, next to the **Send** button. {% data variables.product.prodname_copilot_short %} asks you to confirm that you want to use the coding agent to create a pull request. -1. Click **Allow**. +1. Click **Confirm**. {% data variables.product.prodname_copilot_short %} will start a new session and respond with a link to the pull request it creates. It will work on the task and push changes to the pull request, and then add you as a reviewer when it has finished, triggering a notification. @@ -341,8 +542,8 @@ You can ask {% data variables.product.prodname_copilot_short %} to open a pull r For example, `/task Put backticks around file names and variables in output.` 1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. {% data variables.product.prodname_copilot_short %} will create a new branch based on this branch, then push the changes to a pull request targeting that branch. -{% data reusables.copilot.optional-select-custom-agent %} -1. Click {% octicon "paper-airplane" aria-label="Start task" %} **Start task** or press Return. +{% data reusables.copilot.optional-select-custom-agent-dotcom %} +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. {% data variables.product.prodname_copilot_short %} will start a new session, which will appear in the list below the prompt box. {% data variables.product.prodname_copilot_short %} will work on the task and push changes to its pull request, then add you as a reviewer when it has finished, triggering a notification. @@ -412,13 +613,14 @@ To see all of the available options, run `gh agent-task create --help`. For example, `Implement a user friendly message for common errors.` 1. Select the repository you want {% data variables.product.prodname_copilot_short %} to work in. 1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. {% data variables.product.prodname_copilot_short %} will create a new branch based on this branch, then push the changes to a pull request targeting that branch. +{% data reusables.copilot.optional-select-custom-agent-generic %} +{% data reusables.copilot.optional-select-copilot-coding-agent-model %} 1. Press Command+Enter to start the task. {% data variables.product.prodname_copilot_short %} will start a new session. {% data variables.product.prodname_copilot_short %} will work on the task and push changes to its pull request, then add you as a reviewer when it has finished, triggering a notification. -> [!NOTE] -> -> If you are unable to select a specific repository when starting a task, the organization that owns the repository may have enabled {% data variables.product.prodname_oauth_app %} access restrictions. To learn how to request approval for the "{% data variables.product.prodname_copilot %} for Raycast" {% data variables.product.prodname_oauth_app %}, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/requesting-organization-approval-for-oauth-apps). + +{% data reusables.copilot.coding-agent.raycast-oauth-access-restrictions %} ## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from the "New repository" page diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents.md index 93b8163c21fd..cab507467e25 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents.md @@ -7,6 +7,9 @@ versions: feature: copilot topics: - Copilot +category: + - Configure Copilot + - Author and optimize with Copilot --- {% data variables.copilot.custom_agents_caps_short %} allow you to create specialized agents with tailored expertise for specific tasks. For a conceptual overview of {% data variables.copilot.custom_agents_short %}, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents). @@ -89,7 +92,7 @@ To configure your {% data variables.copilot.agent_profile %}: 1. If creating an organization or enterprise level agent on {% data variables.product.github %}, you can use the `mcp-servers` property to optionally configure MCP servers that will be available only to this agent to extend its capabilities. 1. If you are creating and using the {% data variables.copilot.agent_profile %} in {% data variables.product.prodname_vscode_shortname %}, JetBrains IDEs, Eclipse, or Xcode, you can also use the `model` property to control which AI model the agent should use. 1. Optionally, set the `target` property to either `vscode` or `github-copilot` if you want to only use the agent in a specific environment. The agent will be available in both environments if you omit the property. -1. Write the agent's prompt. Define the agent's behavior, expertise, and instructions in the Markdown content below the YAML frontmatter. +1. Write the agent's prompt. Define the agent's behavior, expertise, and instructions in the Markdown content below the YAML frontmatter. The prompt can be a maximum of 30,000 characters. ## Example {% data variables.copilot.agent_profiles %} diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md index 42da1ff2a6ab..07f243df4025 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md @@ -26,6 +26,7 @@ You can customize {% data variables.product.prodname_copilot_short %}'s environm * [Preinstall tools or dependencies in {% data variables.product.prodname_copilot_short %}'s environment](#preinstalling-tools-or-dependencies-in-copilots-environment) * [Set environment variables in {% data variables.product.prodname_copilot_short %}'s environment](#setting-environment-variables-in-copilots-environment) * [Upgrade from standard {% data variables.product.github %}-hosted {% data variables.product.prodname_actions %} runners to larger runners](#upgrading-to-larger-github-hosted-github-actions-runners) +* [Run on your ARC-based {% data variables.product.prodname_actions %} self-hosted runners](#using-self-hosted-github-actions-runners-with-arc) * [Enable Git Large File Storage (LFS)](#enabling-git-large-file-storage-lfs) * [Disable or customize the agent's firewall](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). @@ -140,20 +141,29 @@ jobs: > [!NOTE] > * {% data variables.copilot.copilot_coding_agent %} is only compatible with Ubuntu x64 Linux runners. Runners with Windows, macOS or other operating systems are not supported. -> * Self-hosted {% data variables.product.prodname_actions %} runners are not supported. -## Using self-hosted {% data variables.product.prodname_actions %} runners with ARC +## Using self-hosted {% data variables.product.prodname_actions %} runners. -You can use ARC (Actions Runner Controller) to run {% data variables.copilot.copilot_coding_agent %} on self-hosted runners. You must first set up ARC-managed scale sets in your environment. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller). +You can run {% data variables.copilot.copilot_coding_agent %} on self-hosted runners powered by ARC (Actions Runner Controller), or the GitHub Actions Runner Scale Set Client. You must first set up ARC- For more information on ARC, see [AUTOTITLE](/actions/reference/runners/self-hosted-runners#supported-autoscaling-solutions). > [!WARNING] -> Persistent runners are not recommended for autoscaling scenarios with {% data variables.copilot.copilot_coding_agent %}. +> ARC and the Scale Set Client are the only officially supported solutions for self-hosting {% data variables.copilot.copilot_coding_agent %}. > [!NOTE] -> * ARC is the only officially supported solution for self-hosting {% data variables.copilot.copilot_coding_agent %}. -> * {% data variables.copilot.copilot_coding_agent %} is only compatible with Ubuntu x64 Linux runners. Runners with Windows, macOS or other operating systems are not supported. -> * For more information about ARC, see [AUTOTITLE](/actions/concepts/runners/actions-runner-controller). +> {% data variables.copilot.copilot_coding_agent %} is only compatible with Ubuntu x64 Linux runners. Runners with Windows, macOS or other operating systems are not supported. + +1. Configure network security controls for your {% data variables.product.prodname_actions %} runners to ensure that {% data variables.copilot.copilot_coding_agent %} does not have open access to your network or the public internet. + + You must configure your firewall to allow connections to the [standard hosts required for {% data variables.product.prodname_actions %} self-hosted runners](/actions/reference/runners/self-hosted-runners#accessible-domains-by-function), plus the following hosts: + * `uploads.github.com` + * `user-images.githubusercontent.com` + * `api.individual.githubcopilot.com` (if you expect {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository) + * `api.business.githubcopilot.com` (if you expect {% data variables.copilot.copilot_business_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository) + * `api.enterprise.githubcopilot.com` (if you expect {% data variables.copilot.copilot_enterprise_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository) + * `api.githubcopilot.com` (*no longer required after February 27, 2026*) + +1. Disable {% data variables.copilot.copilot_coding_agent %}'s integrated firewall in your repository settings. The firewall is not compatible with self-hosted runners. Unless this is disabled, use of {% data variables.copilot.copilot_coding_agent %} will be blocked. For more information, see [AUTOTITLE](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). 1. In your `copilot-setup-steps.yml` file, set the `runs-on` attribute to your ARC-managed scale set name: ```yaml @@ -165,20 +175,13 @@ You can use ARC (Actions Runner Controller) to run {% data variables.copilot.cop # ... ``` -1. Disable {% data variables.copilot.copilot_coding_agent %}'s integrated firewall in your repository settings, as it is not compatible with self-hosted runners. Without disabling the firewall, runners will not be able to connect to {% data variables.product.prodname_copilot_short %}. You must configure your own network security controls before disabling the built-in firewall. For more information, see [AUTOTITLE](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). - - > [!WARNING] - > Disabling the firewall reduces isolation between {% data variables.product.prodname_copilot_short %} and your self-hosted environment. You must implement alternative network security controls to protect your environment. - -### Security considerations for self-hosted runners - -When using self-hosted runners, especially with the firewall disabled, ensure your hosting environment has strict network communication controls. The following endpoints must be reachable from your runners: +1. If you want to configure a proxy server for {% data variables.copilot.copilot_coding_agent %}'s connections to the internet, configure the following environment variables as appropriate: -* `api.githubcopilot.com` -* `uploads.github.com` -* `user-images.githubusercontent.com` + {% data reusables.actions.actions-proxy-environment-variables-table %} + | `ssl_cert_file` | The path to the SSL certificate presented by your proxy server. You will need to configure this if your proxy intercepts SSL connections. | `/path/to/key.pem` | + | `node_extra_ca_certs` | The path to the SSL certificate presented by your proxy server. You will need to configure this if your proxy intercepts SSL connections. | `/path/to/key.pem` | -For a comprehensive list of other hosts that must also be allowlisted for {% data variables.product.prodname_actions %} self-hosted runners, see [AUTOTITLE](/actions/reference/runners/self-hosted-runners#accessible-domains-by-function). + You can set these environment variables by following the [instructions above](#setting-environment-variables-in-copilots-environment), or by baking the environment variables into your custom runner image. For more information on building a custom image, see [AUTOTITLE](/actions/concepts/runners/actions-runner-controller#creating-your-own-runner-image). ## Enabling Git Large File Storage (LFS) diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp.md index 9565ea77b49c..1c14f67c3778 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp.md @@ -50,7 +50,7 @@ Repository administrators can configure MCP servers by following these steps: Your configuration will be validated to ensure proper syntax. -1. If your MCP server requires a key or secret, add a secret to your {% data variables.product.prodname_copilot_short %} environment. Only secrets with names prefixed with `COPILOT_MCP_` will be available to your MCP configuration. See [Setting up a {% data variables.product.prodname_copilot_short %} environment for {% data variables.copilot.copilot_coding_agent %}](#setting-up-a-copilot-environment-for-copilot-coding-agent). +1. If your MCP server requires a variable, key, or secret, add a variable or secret to your {% data variables.product.prodname_copilot_short %} environment. Only variables and secrets with names prefixed with `COPILOT_MCP_` will be available to your MCP configuration. See [Setting up a {% data variables.product.prodname_copilot_short %} environment for {% data variables.copilot.copilot_coding_agent %}](#setting-up-a-copilot-environment-for-copilot-coding-agent). ## Writing a JSON configuration for MCP servers @@ -78,20 +78,23 @@ The configuration object can contain the following keys: **Required keys for local and remote MCP servers** * `tools` (`string[]`): The tools from the MCP server to enable. You may be able to find a list of tools in the server's documentation, or in its code. We strongly recommend that you allowlist specific read-only tools, since the agent will be able to use these tools autonomously and will not ask you for approval first. You can also enable all tools by including `*` in the array. -* `type` (`string`): {% data variables.copilot.copilot_coding_agent %} accepts `"local"`, `"http"`, or `"sse"`. +* `type` (`string`): {% data variables.copilot.copilot_coding_agent %} accepts `"local"`, `"stdio"`, `"http"`, or `"sse"`. **Local MCP specific keys** * `command` (`string`): Required. The command to run to start the MCP server. * `args` (`string[]`): Required. The arguments to pass to the `command`. * `env` (`object`): Optional. The environment variables to pass to the server. This object should map the name of the environment variable that should be exposed to your MCP server to either of the following: - * The name of a {% data variables.product.prodname_actions %} secret you have configured, beginning with `COPILOT_MCP_`. - * A string value. + * The name of a secret you have configured in your {% data variables.product.prodname_copilot_short %} environment, beginning with `COPILOT_MCP_`. + * The name of a variable you have configured in your {% data variables.product.prodname_copilot_short %} environment, beginning with `COPILOT_MCP_`. **Remote MCP specific keys** * `url` (`string`): Required. The MCP server's URL. * `headers` (`object`): Optional. The headers to attach to requests to the server. This object should map the name of header keys to either of the following: - * The name of a {% data variables.product.prodname_actions %} secret you have configured, beginning with `COPILOT_MCP_` preceded by a `$` - * A string value + * The name of a secret you have configured in your {% data variables.product.prodname_copilot_short %} environment, beginning with `COPILOT_MCP_` preceded by a `$`. + * The name of a variable you have configured in your {% data variables.product.prodname_copilot_short %} environment, beginning with `COPILOT_MCP_` preceded by a `$`. + * A string value. + +Note that all `string` and `string[]` fields besides `tools` & `type` support substitution with a variable or secret you have configured in your {% data variables.product.prodname_copilot_short %} environment, beginning with `COPILOT_MCP_` preceded by a `$`. ## Example configurations @@ -111,10 +114,12 @@ The [Sentry MCP server](https://github.com/getsentry/sentry-mcp) gives {% data v "args": ["@sentry/mcp-server@latest", "--host=$SENTRY_HOST"], "tools": ["get_issue_details", "get_issue_summary"], "env": { - // We can specify an environment variable value as a string... - "SENTRY_HOST": "https://contoso.sentry.io", - // or refer to a {% data variables.product.prodname_actions %} secret with a name starting with - // `COPILOT_MCP_` + // We can specify an environment variable value as + // a variable in your {% data variables.product.prodname_copilot_short %} environment + // where `COPILOT_MCP_SENTRY_HOST` = "https://contoso.sentry.io"... + "SENTRY_HOST": "COPILOT_MCP_SENTRY_HOST", + // or refer to a secret with a name starting with + // `COPILOT_MCP_`. "SENTRY_ACCESS_TOKEN": "COPILOT_MCP_SENTRY_ACCESS_TOKEN" } } @@ -303,7 +308,7 @@ If you want to allow {% data variables.product.prodname_copilot_short %} to acce 1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short_cap_c %}**. 1. Add your configuration in the **MCP configuration** section. For example, you can add the following: - ```javascript copy + ```javascript copy // If you copy and paste this example, you will need to remove the comments prefixed with `//`, which are not valid JSON. { "mcpServers": { @@ -322,8 +327,7 @@ If you want to allow {% data variables.product.prodname_copilot_short %} to acce } ``` - -For more information on toolsets, refer to the [README](https://github.com/github/github-mcp-server?tab=readme-ov-file#available-toolsets) in the {% data variables.product.github %} Remote MCP Server documentation. + For more information on toolsets, refer to the [README](https://github.com/github/github-mcp-server?tab=readme-ov-file#available-toolsets) in the {% data variables.product.github %} Remote MCP Server documentation. 1. Click **Save**. {% data reusables.actions.sidebar-environment %} diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md index 68b24ae9c466..d45f880afd9c 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md @@ -9,6 +9,7 @@ topics: children: - /create-a-pr - /make-changes-to-an-existing-pr + - /provide-visual-inputs - /track-copilot-sessions - /review-copilot-prs - /create-custom-agents @@ -17,8 +18,11 @@ children: - /integrate-coding-agent-with-slack - /integrate-coding-agent-with-teams - /integrate-coding-agent-with-linear + - /integrate-coding-agent-with-azure-boards + - /changing-the-ai-model - /customize-the-agent-environment - /customize-the-agent-firewall + - /use-hooks - /troubleshoot-coding-agent redirect_from: - /copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md new file mode 100644 index 000000000000..46f1ef6c4f11 --- /dev/null +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md @@ -0,0 +1,62 @@ +--- +title: Integrating Copilot coding agent with Azure Boards +shortTitle: Integrate coding agent with Azure Boards +intro: 'Use the {% data variables.product.prodname_copilot_short %} integration in Azure Boards to send work items directly to {% data variables.copilot.copilot_coding_agent %} and generate pull requests, all from within your Azure DevOps workspace.' +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Integrate Copilot with your tools +--- + +The Azure Boards {% data variables.product.github %} integration allows you to invoke {% data variables.copilot.copilot_coding_agent %} without leaving your workspace. From within a Azure Boards work item you can initiate {% data variables.copilot.copilot_coding_agent_short %} sessions and open pull requests, using the context of your work item description and comments. + +For information about additional {% data variables.product.prodname_copilot_short %} integrations, see [AUTOTITLE](/copilot/concepts/tools/about-copilot-integrations). + +> [!NOTE] +> When you send a work item to {% data variables.copilot.copilot_coding_agent %}, the agent will capture content from text fields (such as the description and reproduction steps), along with the last 50 comments. This context is stored in the pull request, and is visible to anyone with access to the repository. + +## Prerequisites + +* You must have a {% data variables.product.github %} account with access to {% data variables.product.prodname_copilot_short %} through {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, or {% data variables.copilot.copilot_enterprise_short %}. +* The repositories connected to the Azure DevOps project must have {% data variables.copilot.copilot_coding_agent %} enabled. + +## Installing the Azure Boards application on {% data variables.product.github %} + +> [!NOTE] +> To install the Azure Boards application, you must be an owner or App manager of the organization or enterprise on {% data variables.product.github %}. + +The Azure Boards app only needs to be installed once in an organization. After the app is installed, any member of the organization can connect their {% data variables.product.github %} account to the app and start using it. + +1. Go to the [Azure Boards installation page](https://github.com/marketplace/azure-boards). +1. Scroll to the bottom of the page, then use the **Account** dropdown menu to select an account you would like to install the app in. +1. Click **Install**. +1. Select the repositories you would like the Azure Boards app to have access to. +1. Follow the prompts on screen to configure and authorize the app in your Azure DevOps organization and project. + +## Approving the Azure Boards application permissions + +If you already have the Azure Boards application installed on {% data variables.product.github %}, you will need to approve the required permission changes to allow the app to communicate with {% data variables.product.prodname_copilot %}. + +1. Navigate to [your installed {% data variables.product.github %} Apps](https://github.com/settings/installations). +1. Find the Azure Boards application, then click the **Review request** link. +1. Review the permissions, then click **Accept new permission**. + +## Creating a pull request from a work item + +1. In Azure Boards, open the work item you want to send to {% data variables.copilot.copilot_coding_agent %}. +1. Click the {% octicon "copilot" aria-label="Copilot" %} icon on the work item. +1. Select **Create a pull request with {% data variables.product.prodname_copilot_short %}**. +1. Under **{% data variables.product.github %} repository**, select the repository where {% data variables.product.prodname_copilot_short %} should create the pull request. +1. Optionally, change the base branch that {% data variables.product.prodname_copilot_short %} should use for the pull request. +1. Optionally, add any additional instructions to provide {% data variables.product.prodname_copilot_short %} with more context. +1. Click **Create**. + +{% data variables.copilot.copilot_coding_agent %} will begin processing the work item and create a draft pull request linked back to the work item. + +## Further reading + +* [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent) +* [AUTOTITLE](/copilot/concepts/agents/coding-agent/access-management) \ No newline at end of file diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear.md index 5a333a1cc481..58f775a1db13 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear.md @@ -7,6 +7,8 @@ versions: topics: - Copilot contentType: how-tos +category: + - Integrate Copilot with your tools --- > [!NOTE] diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack.md index 220c5016736e..faff8eb32cc4 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack.md @@ -5,6 +5,8 @@ intro: 'Provide context to the {% data variables.product.prodname_copilot_short versions: feature: copilot contentType: how-tos +category: + - Integrate Copilot with your tools --- > [!NOTE] diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/make-changes-to-an-existing-pr.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/make-changes-to-an-existing-pr.md index 22941dd26cbe..1c587a32fb8f 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/make-changes-to-an-existing-pr.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/make-changes-to-an-existing-pr.md @@ -9,6 +9,8 @@ versions: topics: - Copilot contentType: how-tos +category: + - Author and optimize with Copilot --- > [!NOTE] diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/provide-visual-inputs.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/provide-visual-inputs.md new file mode 100644 index 000000000000..2ec648f25589 --- /dev/null +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/provide-visual-inputs.md @@ -0,0 +1,49 @@ +--- +title: Provide visual inputs to GitHub Copilot +shortTitle: Provide visual inputs +intro: 'You can attach images to issues or {% data variables.copilot.copilot_chat_short %} prompts to help {% data variables.product.prodname_copilot_short %} understand your task.' +product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Author and optimize with Copilot +--- + +> [!NOTE] +> For an overview of {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/about-copilot-coding-agent). + +## Introduction + +{% data variables.copilot.copilot_coding_agent_short_cap_c %} can process images, such as a photo or screenshot of a sketch or design, as part of your task description. This is useful when you want to show {% data variables.product.prodname_copilot_short %} what you're trying to achieve visually, for example, when updating a UI or implementing a design. + +You can provide images to {% data variables.product.prodname_copilot_short %} in two ways: + +* **In an issue**: Add an image to the issue body, with a description of the task you want {% data variables.product.prodname_copilot_short %} to complete, then assign the issue to {% data variables.product.prodname_copilot_short %}. +* **In {% data variables.copilot.copilot_chat_short %}**: Attach images to your prompt when you ask {% data variables.product.prodname_copilot_short %} to create a pull request. + +## Attaching images to an issue + +1. Navigate to the repository where you want to create the issue. +1. Create a new issue or open an existing issue. +1. In the issue body, drag and drop your image. +1. Add a clear description of what you want {% data variables.product.prodname_copilot_short %} to do with the image. For example, "Let's update the login form to match this mockup". +1. Assign the issue to {% data variables.product.prodname_copilot_short %}. For detailed instructions, see [Assign an issue to {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %}](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr#assigning-an-issue-to-copilot-on-githubcom). + +{% data variables.product.prodname_copilot_short %} will analyze the image along with your description when working on the task. + +## Attaching images in {% data variables.copilot.copilot_chat_short %} + +1. Open {% data variables.copilot.copilot_chat_short %}. +1. Attach your image to the chat prompt, and use `/task` to describe what you want {% data variables.product.prodname_copilot_short %} to do. For example, "Update the notification badge to match this mockup". + + For detailed instructions, see [Asking {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_dotcom_the_website %}](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-githubcom). +1. {% data variables.product.prodname_copilot_short %} will create a pull request using the image as context for the task. + +## Further reading + +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr) +* [AUTOTITLE](/copilot/tutorials/coding-agent/best-practices) +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs) diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents.md index ccdf4c74d999..152a40a3e56f 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/test-custom-agents.md @@ -7,6 +7,9 @@ topics: - Copilot shortTitle: Test custom agents contentType: how-tos +category: + - Configure Copilot + - Manage Copilot for a team --- {% data reusables.copilot.custom-agents-preview-note %} diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/troubleshoot-coding-agent.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/troubleshoot-coding-agent.md index 75d53dd0b187..d99a920b9f9e 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/troubleshoot-coding-agent.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/troubleshoot-coding-agent.md @@ -71,7 +71,7 @@ If there is a "{% data variables.product.prodname_copilot_short %} started work" If you do have write access, and you mention `@copilot` on a pull request that is assigned to {% data variables.product.prodname_copilot_short %}, the comment is passed to {% data variables.copilot.copilot_coding_agent %}. An eyes emoji (👀) is added to your comment to indicate that {% data variables.copilot.copilot_coding_agent %} has seen your comment. Shortly after, a "{% data variables.product.prodname_copilot_short %} started work" event is added to the pull request timeline. -If this doesn't happen, {% data variables.product.prodname_copilot_short %} may have been unassigned from the pull request, or you may not have write access. +If this doesn't happen, {% data variables.product.prodname_copilot_short %} may have been unassigned from the pull request, or you may not have write access. Note that {% data variables.product.prodname_copilot_short %} only responds to mentions in open pull requests. Once a pull request is merged or closed, {% data variables.copilot.copilot_coding_agent %} will not respond to new mentions or comments to better focus on active development work. ## Based on the agent session logs, {% data variables.product.prodname_copilot_short %} appears to be stuck diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md new file mode 100644 index 000000000000..4f678282e67a --- /dev/null +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md @@ -0,0 +1,29 @@ +--- +title: Using hooks with GitHub Copilot agents +shortTitle: Use hooks +intro: 'Extend and customize {% data variables.product.prodname_copilot %} agent behavior by executing custom shell commands at key points during agent execution.' +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Configure Copilot +--- + +{% data reusables.copilot.coding-agent.hooks-intro %} + +## Creating a hook in a repository on {% data variables.product.github %} + +{% data reusables.copilot.coding-agent.create-hooks-instructions %} + +## Troubleshooting + +{% data reusables.copilot.coding-agent.troubleshoot-hooks %} + +## Further reading + +* For more information about configuring hooks, see [AUTOTITLE](/copilot/reference/hooks-configuration) +* For more information about {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent) +* For more information about {% data variables.copilot.copilot_cli %}, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli) +* For information about customizing the agent environment, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment) diff --git a/content/copilot/how-tos/use-copilot-agents/copilot-memory.md b/content/copilot/how-tos/use-copilot-agents/copilot-memory.md new file mode 100644 index 000000000000..53865972169f --- /dev/null +++ b/content/copilot/how-tos/use-copilot-agents/copilot-memory.md @@ -0,0 +1,94 @@ +--- +title: Enabling and curating Copilot Memory +shortTitle: Copilot Memory +intro: Learn how to enable agentic memory, and how to view and delete stored memories. +product: '{% data reusables.gated-features.copilot-memory %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: how-tos +category: + - Author and optimize with Copilot +--- + +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. + +{% data variables.copilot.copilot_memory %} allows {% data variables.product.prodname_copilot_short %} to learn about your codebase, helping {% data variables.copilot.copilot_coding_agent %}, {% data variables.copilot.copilot_code-review_short %}, and {% data variables.copilot.copilot_cli_short %} to work more effectively in a repository. + +For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-memory). + +## Enabling {% data variables.copilot.copilot_memory %} + +{% data variables.copilot.copilot_memory %} is turned off by default and must be enabled for users in either the enterprise, organization, or personal settings. + +Users who receive {% data variables.product.prodname_copilot_short %} from an organization must have {% data variables.copilot.copilot_memory %} enabled in the organization or enterprise settings. + +> [!NOTE] +> If a user is assigned a {% data variables.product.prodname_copilot_short %} subscription by more than one organization, the most restrictive setting applies—that is, {% data variables.copilot.copilot_memory %} will not be used unless all of those organizations have enabled this feature. + +Users who receive {% data variables.product.prodname_copilot_short %} from an individual subscription to {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} must have {% data variables.copilot.copilot_memory %} enabled in their personal {% data variables.product.prodname_copilot_short %} settings. + +### Enabling {% data variables.copilot.copilot_memory %} for an enterprise + +Enterprise owners can define an enablement policy for the whole enterprise, or delegate the decision to individual organization owners. + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.ai-controls-tab %} +1. In the sidebar, click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**. +1. Under "Features", scroll down to the **{% data variables.copilot.copilot_memory %}** setting and select a policy from the dropdown. + + * **Let organizations decide** devolves the decision of whether to enable {% data variables.copilot.copilot_memory %} to organization owners. + * **Enabled everywhere** enables {% data variables.copilot.copilot_memory %} for all members of organizations in this enterprise who have a {% data variables.product.prodname_copilot_short %} license. + * **Disabled everywhere** disables {% data variables.copilot.copilot_memory %} and prevents it being enabled by organizations in this enterprise. + +### Enabling {% data variables.copilot.copilot_memory %} for an organization + +Organization owners can enable or disable {% data variables.copilot.copilot_memory %} for all members of the organization with a {% data variables.product.prodname_copilot_short %} license. + +If the organization belongs to an enterprise, the ability for organization owners to enable or disable {% data variables.copilot.copilot_memory %} may be controlled by the enterprise-level policy. + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +1. In the sidebar, under "Code, planning, and automation", click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, then click **Policies**. +1. Under "Features", scroll down to the setting for **{% data variables.copilot.copilot_memory %}**. +1. Click the dropdown button and select **Enabled**. + + {% data variables.copilot.copilot_memory %} is enabled for all members of the organization who have a {% data variables.product.prodname_copilot_short %} license. + +### Enabling {% data variables.copilot.copilot_memory %} for an individual user + +If you have an individual {% data variables.product.prodname_copilot_short %} subscription, from a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan, you can enable {% data variables.copilot.copilot_memory %} in your personal {% data variables.product.prodname_copilot_short %} settings on {% data variables.product.github %}. + +Once enabled, {% data variables.copilot.copilot_memory %} will be used in any repository in which you use {% data variables.copilot.copilot_coding_agent %}, {% data variables.copilot.copilot_code-review_short %}, or {% data variables.copilot.copilot_cli_short %}. + +{% data reusables.user-settings.copilot-settings %} +1. Under "Features", scroll down to the setting for **{% data variables.copilot.copilot_memory %}**. +1. Click the dropdown button and select **Enabled**. + +## Viewing and deleting memories + +As an owner of a repository in which {% data variables.copilot.copilot_memory %} is in use, you can review the currently stored memories. If you think any are inappropriate, misleading, or incorrect you can delete them. + +### Viewing {% data variables.product.prodname_copilot_short %}'s memories for a repository + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +1. In the "Code & automation" section of the sidebar, click {% data variables.product.prodname_copilot_short %} then **Memory**. + + A list of stored memories is displayed in chronological order, with the most recently stored memory at the top of the list. + + ![Screenshot of the "Memories" list showing an example set of memories.](/assets/images/help/copilot/copilot-memory-list.png) + +### Deleting a memory + +You can delete a memory if you don't want it to be used by {% data variables.product.prodname_copilot_short %}. It's worth noting, however, that {% data variables.product.prodname_copilot_short %} validates memories before they are used, which ensures that a memory is only used if the code that caused it to be generated still exists in the codebase. + +1. View the memories for a repository. +1. Click the trashcan icon to the right of a memory you want to delete. + + Alternatively, use the checkboxes to select multiple memories, then click **Delete**. + +> [!NOTE] +> Memories are automatically deleted after 28 days to avoid stale information adversely affecting agentic decision making. diff --git a/content/copilot/how-tos/use-copilot-agents/index.md b/content/copilot/how-tos/use-copilot-agents/index.md index 6d969853dbe7..cf61004e7e02 100644 --- a/content/copilot/how-tos/use-copilot-agents/index.md +++ b/content/copilot/how-tos/use-copilot-agents/index.md @@ -1,7 +1,7 @@ --- title: Use GitHub Copilot agents shortTitle: Use Copilot agents -intro: 'Learn how to use {% data variables.product.prodname_copilot %} agents.' +intro: Learn how to use {% data variables.product.prodname_copilot %} agents. versions: feature: copilot topics: @@ -10,8 +10,9 @@ children: - /manage-agents - /coding-agent - /request-a-code-review - - /use-copilot-cli + - /copilot-memory redirect_from: - /copilot/how-tos/agents contentType: how-tos --- + diff --git a/content/copilot/how-tos/use-copilot-agents/manage-agents.md b/content/copilot/how-tos/use-copilot-agents/manage-agents.md index ded7da257818..d51c72ba2655 100644 --- a/content/copilot/how-tos/use-copilot-agents/manage-agents.md +++ b/content/copilot/how-tos/use-copilot-agents/manage-agents.md @@ -1,13 +1,15 @@ --- -title: Managing Copilot coding agents +title: Managing coding agents shortTitle: Manage agents -intro: View your agent's progress and keep {% data variables.product.prodname_copilot_short %} on task. +intro: View your agent's progress and keep it on task. product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' versions: feature: copilot topics: - Copilot contentType: how-tos +category: + - Author and optimize with Copilot --- {% data reusables.copilot.coding-agent.agent-management-intro %} @@ -15,20 +17,22 @@ contentType: how-tos ## 1. Select a repository and choose your agent 1. Start a new agent task. - - * Open the [Agents tab](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). - * Use the **Task** button or `/task` command from [{% data variables.copilot.copilot_chat_short %}](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text). + + * Open the **{% octicon "agent" aria-label="The Agents icon" %} Agents** tab in a repository + * Open the [Agents page](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text) + * Use the **Task** button or `/task` command from [{% data variables.copilot.copilot_chat_short %}](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text) * Open the Agents panel by clicking the {% octicon "agent" aria-label="The Agents icon" %} at the top of any page on {% data variables.product.github %} -1. Using the dropdown menu, select the repository you want {% data variables.product.prodname_copilot_short %} to work in. +1. Using the dropdown menu, select the repository you want the coding agent to work in. 1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. -{% data reusables.copilot.optional-select-custom-agent %} +{% data reusables.copilot.optional-select-custom-agent-dotcom %} +1. Optionally, select the **CURRENT-MODEL** {% octicon "chevron-down" aria-hidden="true" aria-label="chevron-down" %} dropdown menu, then click the AI model of your choice. 1. Type a prompt describing your request. For example: ```text Implement a user-friendly message for common errors. ``` -1. Click {% octicon "paper-airplane" aria-label="Start task" %} **Start task** or press Return. +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. {% data variables.product.prodname_copilot_short %} will start work on the task and begin pushing changes to a new pull request, where it will automatically add you as a reviewer. @@ -36,18 +40,18 @@ For more information on ways to start new agent tasks, see [AUTOTITLE](/copilot/ ## 2. Monitor agent activity -Once {% data variables.product.prodname_copilot_short %} starts working, it will continue to update the session log and overview with its progress and thought process. - -Each session displays its status. Click on a session to open the session log, where you can monitor the agent's progress and the session length. You can view the overview, file diff, premium request usage, and session count by clicking the **Open workbench** button. +Once the agent starts working, it will continue to update the session log and overview with its progress and thought process. -![Screenshot of the top-right corner of the agents tab on {% data variables.product.github %}. The "Open workbench button is highlighted in a dark orange outline.](/assets/images/help/copilot/coding-agent/open-workbench.png) +Each session displays its status. Click on a session to open the session log, where you can monitor the agent's progress, see the tools it's using, and track how long the session has been running. -Agent sessions can also be tracked from the {% data variables.product.prodname_cli %}, {% data variables.product.prodname_mobile %}, {% data variables.product.prodname_vscode %}, Raycast, and JetBrains IDEs. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). +{% data variables.copilot.copilot_coding_agent %} sessions can also be tracked from the {% data variables.product.prodname_cli %}, {% data variables.product.prodname_mobile %}, {% data variables.product.prodname_vscode %}, Raycast, and JetBrains IDEs. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). ## 3. Redirect agents as needed You can step in and provide **steering input** to {% data variables.product.prodname_copilot_short %} without stopping the run. Steering uses **one premium request** per message. +> [!NOTE] Steering a session is currently not available for **third-party coding agents**. + Reasons you might want to steer a session include: * {% data variables.product.prodname_copilot_short %} appears to be going in a wrong direction, and you want to give it more clarity. @@ -63,12 +67,28 @@ In the prompt box under the agent session log, prompt {% data variables.product. ## 4. Open an agent session in your local development environment -You can guide {% data variables.product.prodname_copilot_short %} in your local development environment on further changes, or make any edits that require human expertise. +You can guide the agent in your local development environment on further changes, or make any edits that require human expertise. -Click the **Code** button in the top-right of the agent session view and select "Open in {% data variables.product.prodname_vscode_shortname %} Insiders" to launch the session directly in {% data variables.product.prodname_vscode_shortname %}. +### {% data variables.product.prodname_vscode_shortname %} + +At the bottom of the agent session view, click the **{% octicon "vscode" aria-label="VS Code" %} Open in {% data variables.product.prodname_vscode_shortname %}** button to launch the session directly in {% data variables.product.prodname_vscode_shortname %}. {% data reusables.copilot.coding-agent.use-latest-vscode %} +### {% data variables.copilot.copilot_cli %} + 1. At the bottom of the agent session view, click the dropdown list next to **{% octicon "vscode" aria-label="VS Code" %} Open in {% data variables.product.prodname_vscode_shortname %}**. + 1. Click **{% octicon "agent" aria-label="Agent" %} Continue in {% data variables.copilot.copilot_cli %}** to copy the `copilot --resume=` command to your clipboard. + ![Screenshot of the session action dropdown list, "Continue in Copilot CLI" is highlighted with a dark orange outline.](/assets/images/help/copilot/coding-agent/open-agent-session-in-copilot-cli.png) + 1. In your terminal, paste and run the command to resume the agent session. + ## 5. Review and merge agent code -Once {% data variables.product.prodname_copilot_short %} completes a session, you can click **Open workbench** and click the **Overview** tab to read through the summary of changes {% data variables.product.prodname_copilot_short %} has made. Select the **Files changed** tab to scan the diff of the pull request. If the changes look ready for a final review, navigate to the pull request to approve and merge the changes. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs). +Once the agent completes a session, you can navigate to the pull request to review the changes. From the pull request, you can scan the diff, request further improvements, or approve and merge the changes. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs). + +## 6. Archive agent sessions + +Sessions that have been stopped can be archived to remove them from the sessions list. + +1. Open the agent session you want to archive. +1. In the top right corner, click **{% octicon "kebab-horizontal" aria-label="More actions" %}**, then click **{% octicon "inbox" aria-hidden="true" aria-label="inbox" %} Archive session**. +1. In the dialog box that opens, click **Yes, archive**. diff --git a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md index 0d2df4d7931d..5098fdc65474 100644 --- a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md +++ b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md @@ -28,6 +28,8 @@ For a full introduction to {% data variables.copilot.copilot_code-review %}, see {% webui %} +{% data variables.copilot.copilot_code-review_short %} is also available for organization members without a {% data variables.product.prodname_copilot_short %} license, when enabled by an enterprise administrator or organization owner. See [{% data variables.copilot.copilot_code-review_short %} for organization members without a {% data variables.product.prodname_copilot_short %} license](/copilot/concepts/agents/code-review#copilot-code-review-for-organization-members-without-a-copilot-license). + ## Using {% data variables.copilot.copilot_code-review_short %} These instructions explain how to use {% data variables.copilot.copilot_code-review_short %} in the {% data variables.product.github %} website. To see instructions for other popular coding environments, click the appropriate tab at the top of the page. diff --git a/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-or-update-issues.md b/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-or-update-issues.md index 7eea6d0443f7..dd15bf8ac9af 100644 --- a/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-or-update-issues.md +++ b/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-or-update-issues.md @@ -30,7 +30,7 @@ You stay in control of the process. You can review and refine what {% data varia You can create issues from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.github %}. -1. Go to {% data variables.copilot.copilot_chat_short %} ([https://github.com/copilot](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text). +1. Go to {% data variables.copilot.copilot_chat_short %} ([https://github.com/copilot](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text)). 1. In the prompt box, describe the issue you want to create. If you contribute issues to multiple repositories, use the `repo-owner/repo-name` format to specify the target repository for this issue. If you don't specify a repository, {% data variables.product.prodname_copilot_short %} will infer the repository based on the repository you last created an issue in. diff --git a/content/copilot/index.md b/content/copilot/index.md index 3535e7226fed..bfe83b34558f 100644 --- a/content/copilot/index.md +++ b/content/copilot/index.md @@ -10,24 +10,6 @@ changelog: introLinks: overview: /copilot/get-started/what-is-github-copilot quickstart: /copilot/get-started/quickstart -featuredLinks: - startHere: - - /copilot/get-started/what-is-github-copilot - - '{% ifversion fpt %}/copilot/get-started/quickstart{% endif %}' - - '{% ifversion fpt %}/copilot/tutorials/try-extensions{% endif %}' - - '{% ifversion fpt %}/copilot/concepts/agents/coding-agent{% endif %}' - - '{% ifversion ghec %}/copilot/get-started/choose-enterprise-plan{% endif %}' - - '{% ifversion ghec %}/copilot/how-tos/set-up/set-up-for-enterprise{% endif %}' - - '{% ifversion ghec %}/copilot/tutorials/coding-agent/pilot-coding-agent{% endif %}' - popular: - - /copilot/get-started/features - - '{% ifversion fpt %}/copilot/tutorials/copilot-chat-cookbook{% endif %}' - - '{% ifversion fpt %}/copilot/how-tos/get-code-suggestions/get-ide-code-suggestions{% endif %}' - - '{% ifversion fpt %}/copilot/how-tos/chat-with-copilot/chat-in-ide{% endif %}' - - '{% ifversion fpt %}/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-in-the-cli{% endif %}' - - '{% ifversion ghec %}/copilot/how-tos/manage-and-track-spending/manage-request-allowances{% endif %}' - - '{% ifversion ghec %}/copilot/tutorials/roll-out-at-scale/enable-developers/drive-adoption{% endif %}' - - '{% ifversion ghec %}/copilot/tutorials/roll-out-at-scale/enable-developers/integrate-ai-agents{% endif %}' layout: discovery-landing heroImage: /assets/images/banner-images/hero-6 versions: @@ -48,6 +30,7 @@ includedCategories: - Author and optimize with Copilot - Integrate Copilot with your tools - Manage Copilot for a team + - Track Copilot usage - Troubleshooting Copilot - Responsible use --- diff --git a/content/copilot/reference/acp-server.md b/content/copilot/reference/acp-server.md new file mode 100644 index 000000000000..a26cc3fa3cb3 --- /dev/null +++ b/content/copilot/reference/acp-server.md @@ -0,0 +1,133 @@ +--- +title: "Copilot CLI ACP server" +shortTitle: ACP server +intro: "Learn about {% data variables.copilot.copilot_cli %}'s Agent Client Protocol server." +versions: + feature: copilot +topics: + - Copilot +category: + - Configure Copilot +contentType: reference +--- + +> [!NOTE] +> ACP support in {% data variables.copilot.copilot_cli %} is in {% data variables.release-phases.public_preview %} and subject to change. + +## Overview + +The Agent Client Protocol (ACP) is a protocol that standardizes communication between clients (such as code editors and IDEs) and coding agents (such as {% data variables.copilot.copilot_cli_short %}). For more details about this protocol, see the [official introduction](https://agentclientprotocol.com/get-started/introduction). + +## Use cases + +* **IDE integrations:** Build {% data variables.product.prodname_copilot_short %} support into any editor or development environment. +* **CI/CD pipelines:** Orchestrate agentic coding tasks in automated workflows. +* **Custom frontends:** Create specialized interfaces for specific developer workflows. +* **Multi-agent systems:** Coordinate {% data variables.product.prodname_copilot_short %} with other AI agents using a standard protocol. + +## Starting the ACP server + +{% data variables.copilot.copilot_cli %} can be started as an ACP server using the `--acp` flag. The server supports two modes, `stdio` and `TCP`. + +### stdio mode (recommended for IDE integration) + +By default, when providing the `--acp` flag, `stdio` mode will be inferred. The `--stdio` flag can also be provided for disambiguation. + +```bash +copilot --acp --stdio +``` + +### TCP mode + +If the `--port` flag is provided in combination with the `--acp` flag, the server is started in TCP mode. + +```bash +copilot --acp --port 3000 +``` + +## Integrating with the ACP server + +There is a growing ecosystem of libraries to programmatically interact with ACP servers. Given {% data variables.copilot.copilot_cli %} is correctly installed and authenticated, the following example demonstrates using the [typescript](https://agentclientprotocol.com/libraries/typescript) client to send a single prompt and print the AI response. + +```typescript +import * as acp from "@agentclientprotocol/sdk"; +import { spawn } from "node:child_process"; +import { Readable, Writable } from "node:stream"; + +async function main() { + const executable = process.env.COPILOT_CLI_PATH ?? "copilot"; + + // ACP uses standard input/output (stdin/stdout) for transport; we pipe these for the NDJSON stream. + const copilotProcess = spawn(executable, ["--acp", "--stdio"], { + stdio: ["pipe", "pipe", "inherit"], + }); + + if (!copilotProcess.stdin || !copilotProcess.stdout) { + throw new Error("Failed to start Copilot ACP process with piped stdio."); + } + + // Create ACP streams (NDJSON over stdio) + const output = Writable.toWeb(copilotProcess.stdin) as WritableStream; + const input = Readable.toWeb(copilotProcess.stdout) as ReadableStream; + const stream = acp.ndJsonStream(output, input); + + const client: acp.Client = { + async requestPermission(params) { + // This example should not trigger tool calls; if it does, refuse. + return { outcome: { outcome: "cancelled" } }; + }, + + async sessionUpdate(params) { + const update = params.update; + + if (update.sessionUpdate === "agent_message_chunk" && update.content.type === "text") { + process.stdout.write(update.content.text); + } + }, + }; + + const connection = new acp.ClientSideConnection((_agent) => client, stream); + + await connection.initialize({ + protocolVersion: acp.PROTOCOL_VERSION, + clientCapabilities: {}, + }); + + const sessionResult = await connection.newSession({ + cwd: process.cwd(), + mcpServers: [], + }); + + process.stdout.write("Session started!\n"); + const promptText = "Hello ACP Server!"; + process.stdout.write(`Sending prompt: '${promptText}'\n`); + + const promptResult = await connection.prompt({ + sessionId: sessionResult.sessionId, + prompt: [{ type: "text", text: promptText }], + }); + + process.stdout.write("\n"); + + if (promptResult.stopReason !== "end_turn") { + process.stderr.write(`Prompt finished with stopReason=${promptResult.stopReason}\n`); + } + + // Best-effort cleanup + copilotProcess.stdin.end(); + copilotProcess.kill("SIGTERM"); + await new Promise((resolve) => { + copilotProcess.once("exit", () => resolve()); + setTimeout(() => resolve(), 2000); + }); +} + +main().catch((error) => { + console.error(error); + process.exitCode = 1; +}); +``` + +## Further reading + +* [Official ACP documentation](https://agentclientprotocol.com/protocol/overview) diff --git a/content/copilot/reference/agentic-audit-log-events.md b/content/copilot/reference/agentic-audit-log-events.md index efe042df3be0..8d422a838f3b 100644 --- a/content/copilot/reference/agentic-audit-log-events.md +++ b/content/copilot/reference/agentic-audit-log-events.md @@ -8,6 +8,8 @@ versions: topics: - Copilot contentType: reference +category: + - Learn about Copilot --- You can apply the `actor:Copilot` filter to your enterprise audit log to view agentic activity over the last 180 days. The following key fields can help you interpret agentic events: diff --git a/content/copilot/reference/ai-models/model-comparison.md b/content/copilot/reference/ai-models/model-comparison.md index a2c04d80a166..74fe98fb8d16 100644 --- a/content/copilot/reference/ai-models/model-comparison.md +++ b/content/copilot/reference/ai-models/model-comparison.md @@ -29,32 +29,23 @@ contentType: reference Use this table to find a suitable model quickly, see more detail in the sections below. -| Model | Task area | Excels at (primary use case) | Additional capabilities | Further reading | -|-------------------------------------------------------|--------------------------------------------------|-------------------------------------------------------------------------|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| -| {% data variables.copilot.copilot_gpt_41 %} | General-purpose coding and writing | Fast, accurate code completions and explanations | Agent mode, vision | [{% data variables.copilot.copilot_gpt_41 %} model card](https://openai.com/index/gpt-4-1/) | -| {% data variables.copilot.copilot_gpt_51 %} | Deep reasoning and debugging | Multi-step problem solving and architecture-level code analysis | Agent mode | Not available | -| {% data variables.copilot.copilot_gpt_5_codex %} | General-purpose coding and writing | Fast, accurate code completions and explanations | Agent mode | [{% data variables.copilot.copilot_gpt_5_codex %} model card](https://cdn.openai.com/pdf/97cc5669-7a25-4e63-b15f-5fd5bdc4d149/gpt-5-codex-system-card.pdf) | -| {% data variables.copilot.copilot_gpt_5_mini %} | General-purpose coding and writing | Fast, accurate code completions and explanations | Agent mode, reasoning, vision | [{% data variables.copilot.copilot_gpt_5_mini %} model card](https://cdn.openai.com/gpt-5-system-card.pdf) | -| {% data variables.copilot.copilot_gpt_5 %} | Deep reasoning and debugging | Multi-step problem solving and architecture-level code analysis | Reasoning | [{% data variables.copilot.copilot_gpt_5 %} model card](https://cdn.openai.com/gpt-5-system-card.pdf) | -| {% data variables.copilot.copilot_claude_haiku_45 %} | Fast help with simple or repetitive tasks | Fast, reliable answers to lightweight coding questions | Agent mode | Not available | -| {% data variables.copilot.copilot_claude_sonnet_45 %} | General-purpose coding and agent tasks | Complex problem-solving challenges, sophisticated reasoning | Agent mode | [{% data variables.copilot.copilot_claude_sonnet_45 %} model card](https://assets.anthropic.com/m/12f214efcc2f457a/original/Claude-Sonnet-4-5-System-Card.pdf) | -| {% data variables.copilot.copilot_claude_opus_41 %} | Deep reasoning and debugging | Complex problem-solving challenges, sophisticated reasoning | Reasoning, vision | [{% data variables.copilot.copilot_claude_opus_41 %} model card](https://assets.anthropic.com/m/4c024b86c698d3d4/original/Claude-4-1-System-Card.pdf) | -| {% data variables.copilot.copilot_claude_sonnet_40 %} | Deep reasoning and debugging | Performance and practicality, perfectly balanced for coding workflows | Agent mode, vision | [{% data variables.copilot.copilot_claude_sonnet_40 %} model card](https://www-cdn.anthropic.com/6be99a52cb68eb70eb9572b4cafad13df32ed995.pdf) | -| {% data variables.copilot.copilot_gemini_25_pro %} | Deep reasoning and debugging | Complex code generation, debugging, and research workflows | Reasoning, vision | [{% data variables.copilot.copilot_gemini_25_pro %} model card](https://storage.googleapis.com/model-cards/documents/gemini-2.5-pro.pdf) | -| {% data variables.copilot.copilot_grok_code %} | General-purpose coding and writing | Fast, accurate code completions and explanations | Agent mode | [{% data variables.copilot.copilot_grok_code %} model card](https://data.x.ai/2025-08-20-grok-4-model-card.pdf) | -| {% data variables.copilot.copilot_qwen_25 %} | General-purpose coding and writing | Code generation, reasoning, and code repair / debugging | Reasoning | [{% data variables.copilot.copilot_qwen_25 %} model card](https://arxiv.org/pdf/2409.12186) | -| {% data variables.copilot.copilot_raptor_mini %} | General-purpose coding and writing | Fast, accurate code completions and explanations | Agent mode | Coming soon | + +| Model | Task area | Excels at (primary use case) | Further reading | +|----------------------------------------------------|-----------------------|------------------------------|-----------------------------| +| {% for model in tables.copilot.model-comparison %} | +| {{ model.name }} | {{ model.task_area }} | {{ model.excels_at }} | {{ model.further_reading }} | +| {% endfor %} | ## Task: General-purpose coding and writing Use these models for common development tasks that require a balance of quality, speed, and cost efficiency. These models are a good default when you don't have specific requirements. -| Model | Why it's a good fit | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| -| {% data variables.copilot.copilot_gpt_5_codex %} | Delivers higher-quality code on complex engineering tasks like features, tests, debugging, refactors, and reviews without lengthy instructions. | -| {% data variables.copilot.copilot_gpt_5_mini %} | Reliable default for most coding and writing tasks. Fast, accurate, and works well across languages and frameworks. | -| {% data variables.copilot.copilot_grok_code %} | Specialized for coding tasks. Performs well on code generation, and debugging across multiple languages. | -| {% data variables.copilot.copilot_raptor_mini %} | Specialized for fast, accurate inline suggestions and explanations. | +| Model | Why it's a good fit | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| +| {% data variables.copilot.copilot_gpt_51_codex %} | Delivers higher-quality code on complex engineering tasks like features, tests, debugging, refactors, and reviews without lengthy instructions. | +| {% data variables.copilot.copilot_gpt_5_mini %} | Reliable default for most coding and writing tasks. Fast, accurate, and works well across languages and frameworks. | +| {% data variables.copilot.copilot_grok_code %} | Specialized for coding tasks. Performs well on code generation, and debugging across multiple languages. | +| {% data variables.copilot.copilot_raptor_mini %} | Specialized for fast, accurate inline suggestions and explanations. | ### When to use these models @@ -99,13 +90,13 @@ These models are designed for tasks that require step-by-step reasoning, complex ### Recommended models -| Model | Why it's a good fit | -|-------------------------------------------------------|---------------------------------------------------------------------------------------------------------------| -| {% data variables.copilot.copilot_gpt_5_mini %} | Delivers deep reasoning and debugging with faster responses and lower resource usage than GPT-5. Ideal for interactive sessions and step-by-step code analysis. | -| {% data variables.copilot.copilot_gpt_5 %} | Great at complex reasoning, code analysis, and technical decision-making. | -| {% data variables.copilot.copilot_claude_sonnet_40 %} | Improves on 3.7 with more reliable completions and smarter reasoning under pressure. | -| {% data variables.copilot.copilot_claude_opus_41 %} | Anthropic’s most powerful model. Improves on {% data variables.copilot.copilot_claude_opus %}. | -| {% data variables.copilot.copilot_gemini_25_pro %} | Advanced reasoning across long contexts and scientific or technical analysis. | +| Model | Why it's a good fit | +|-------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------| +| {% data variables.copilot.copilot_gpt_5_mini %} | Delivers deep reasoning and debugging with faster responses and lower resource usage than GPT-5. Ideal for interactive sessions and step-by-step code analysis. | +| {% data variables.copilot.copilot_gpt_52 %} | Great at complex reasoning, code analysis, and technical decision-making. | +| {% data variables.copilot.copilot_claude_sonnet_40 %} | Improves on 3.7 with more reliable completions and smarter reasoning under pressure. | +| {% data variables.copilot.copilot_claude_opus_46 %} | Anthropic’s most powerful model. Improves on {% data variables.copilot.copilot_claude_opus_45 %}. | +| {% data variables.copilot.copilot_gemini_3_pro %} | Advanced reasoning across long contexts and scientific or technical analysis. | ### When to use these models @@ -126,11 +117,11 @@ For general development workflows or content generation, see [General-purpose co Use these models when you want to ask questions about screenshots, diagrams, UI components, or other visual input. These models support multimodal input and are well suited for front-end work or visual debugging. -| Model | Why it's a good fit | -|-------|---------------------| -| {% data variables.copilot.copilot_gpt_5_mini %} | Reliable default for most coding and writing tasks. Fast, accurate, and supports multimodal input for visual reasoning tasks. Works well across languages and frameworks. | +| Model | Why it's a good fit | +|-------------------------------------------------------|---------------------| +| {% data variables.copilot.copilot_gpt_5_mini %} | Reliable default for most coding and writing tasks. Fast, accurate, and supports multimodal input for visual reasoning tasks. Works well across languages and frameworks. | | {% data variables.copilot.copilot_claude_sonnet_40 %} | Improves on 3.7 with more reliable completions and smarter reasoning under pressure. | -| {% data variables.copilot.copilot_gemini_25_pro %} | Deep reasoning and debugging, ideal for complex code generation, debugging, and research workflows. | +| {% data variables.copilot.copilot_gemini_3_pro %} | Deep reasoning and debugging, ideal for complex code generation, debugging, and research workflows. | ### When to use these models diff --git a/content/copilot/reference/ai-models/model-hosting.md b/content/copilot/reference/ai-models/model-hosting.md index 03015a18d5f2..84c40c3c5a73 100644 --- a/content/copilot/reference/ai-models/model-hosting.md +++ b/content/copilot/reference/ai-models/model-hosting.md @@ -28,6 +28,9 @@ Used for: * {% data variables.copilot.copilot_gpt_51_codex %} * {% data variables.copilot.copilot_gpt_51_codex_mini %} * {% data variables.copilot.copilot_gpt_51_codex_max %} +* {% data variables.copilot.copilot_gpt_52 %} +* {% data variables.copilot.copilot_gpt_52_codex %} +* {% data variables.copilot.copilot_gpt_53_codex %} These models are hosted by OpenAI and {% data variables.product.github %}'s Azure infrastructure. @@ -47,20 +50,14 @@ Used for: ## Anthropic models - - - - -{% data reusables.copilot.claude-promo-period %} See [Model multipliers](/copilot/reference/ai-models/supported-models#model-multipliers). - - - Used for: * {% data variables.copilot.copilot_claude_haiku_45 %} * {% data variables.copilot.copilot_claude_sonnet_45 %} * {% data variables.copilot.copilot_claude_opus_41 %} * {% data variables.copilot.copilot_claude_opus_45 %} +* {% data variables.copilot.copilot_claude_opus_46 %} +* {% data variables.copilot.copilot_claude_opus_46_fast %} * {% data variables.copilot.copilot_claude_sonnet_40 %} These models are hosted by Amazon Web Services, Anthropic PBC, and Google Cloud Platform. {% data variables.product.github %} has provider agreements in place to ensure data is not used for training. Additional details for each provider are included below: @@ -69,7 +66,7 @@ These models are hosted by Amazon Web Services, Anthropic PBC, and Google Cloud * Anthropic PBC: {% data variables.product.github %} maintains a [zero data retention agreement](https://privacy.anthropic.com/en/articles/8956058-i-have-a-zero-retention-agreement-with-anthropic-what-products-does-it-apply-to) with Anthropic. * Google Cloud: [Google commits to not training on {% data variables.product.github %} data as part of their service terms](https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance). {% data variables.product.github %} is additionally not subject to prompt logging for abuse monitoring. -To provide better service quality and reduce latency, {% data variables.product.github %} uses [prompt caching](https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching). You can read more about prompt caching on [Anthropic PBC](https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching), [Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-caching.html), and [Google Cloud](https://cloud.google.com/vertex-ai/generative-ai/docs/partner-models/claude-prompt-caching). +To provide better service quality and reduce latency, {% data variables.product.github %} uses [prompt caching](https://platform.claude.com/docs/en/build-with-claude/prompt-caching). You can read more about prompt caching on [Anthropic PBC](https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching), [Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-caching.html), and [Google Cloud](https://cloud.google.com/vertex-ai/generative-ai/docs/partner-models/claude-prompt-caching). When using {% data variables.copilot.copilot_claude %}, input prompts and output completions continue to run through {% data variables.product.prodname_copilot %}'s content filters for public code matching, when applied, along with those for harmful or offensive content. @@ -79,8 +76,9 @@ Used for: * {% data variables.copilot.copilot_gemini_25_pro %} * {% data variables.copilot.copilot_gemini_3_pro %} +* {% data variables.copilot.copilot_gemini_3_flash %} -{% data variables.product.prodname_copilot %} uses {% data variables.copilot.copilot_gemini_3_pro %} and {% data variables.copilot.copilot_gemini_25_pro %} hosted on Google Cloud Platform (GCP). When using {% data variables.copilot.copilot_gemini %} models, prompts and metadata are sent to GCP, which makes the [following data commitment](https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance): _{% data variables.copilot.copilot_gemini %} doesn't use your prompts, or its responses, as data to train its models._ +{% data variables.product.prodname_copilot %} uses {% data variables.copilot.copilot_gemini_3_pro %}, {% data variables.copilot.copilot_gemini_3_flash %}, and {% data variables.copilot.copilot_gemini_25_pro %} hosted on Google Cloud Platform (GCP). When using {% data variables.copilot.copilot_gemini %} models, prompts and metadata are sent to GCP, which makes the [following data commitment](https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance): _{% data variables.copilot.copilot_gemini %} doesn't use your prompts, or its responses, as data to train its models._ To provide better service quality and reduce latency, {% data variables.product.github %} uses [prompt caching](https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance#customer_data_retention_and_achieving_zero_data_retention). diff --git a/content/copilot/reference/ai-models/supported-models.md b/content/copilot/reference/ai-models/supported-models.md index e45b20d77846..fa355402a4f2 100644 --- a/content/copilot/reference/ai-models/supported-models.md +++ b/content/copilot/reference/ai-models/supported-models.md @@ -51,11 +51,11 @@ This table lists the AI models available in {% data variables.product.prodname_c ## Model retirement history -The following table lists AI models that have been retired from {% data variables.product.prodname_copilot_short %}, along with their retirement dates and suggested alternatives. +The following table lists AI models that are retired or scheduled for retirement from {% data variables.product.prodname_copilot_short %}, along with their retirement dates and suggested alternatives. {% rowheaders %} -| Model name | Retired date | Suggested alternative | +| Model name | Retirement date | Suggested alternative | |-------------------------------------------------------------|-----------------------------|-----------------------------------| | {% for model in tables.copilot.model-deprecation-history %} | | {{ model.name }} | {{ model.retirement_date }} | {{ model.suggested_alternative }} | @@ -94,18 +94,12 @@ The following table shows which AI models are available in each {% data variable ## Model multipliers +> [!NOTE] Promotional pricing for {% data variables.copilot.copilot_claude_opus_46_fast %} is available from February 7, 2026 through February 16, 2026. During this period, {% data variables.copilot.copilot_claude_opus_46_fast %} uses a 9x premium request multiplier. + Each model has a premium request multiplier, based on its complexity and resource usage. If you are on a paid {% data variables.product.prodname_copilot_short %} plan, your premium request allowance is deducted according to this multiplier. For more information about premium requests, see [AUTOTITLE](/copilot/managing-copilot/monitoring-usage-and-entitlements/about-premium-requests). - - - - -{% data reusables.copilot.claude-promo-period %} - - - {% data reusables.copilot.model-multipliers %} ## Next steps diff --git a/content/copilot/reference/cli-command-reference.md b/content/copilot/reference/cli-command-reference.md new file mode 100644 index 000000000000..0b27abf83d5c --- /dev/null +++ b/content/copilot/reference/cli-command-reference.md @@ -0,0 +1,148 @@ +--- +title: GitHub Copilot CLI command reference +shortTitle: CLI command reference +intro: 'Find commands and keyboard shortcuts to help you use {% data variables.copilot.copilot_cli_short %} effectively.' +versions: + feature: copilot +category: + - Author and optimize with Copilot +topics: + - Copilot +contentType: reference +--- + +## Command-line commands + +| Command | Purpose | +|------------------------|----------------------------------------------------| +| `copilot` | Launch interactive mode. | +| `copilot help [topic]` | Display help information. Help topics include: `config`, `commands`, `environment`, `logging`, and `permissions`. | +| `copilot init` | Initialize {% data variables.product.prodname_copilot_short %} custom instructions for this repository. | +| `copilot update` | Download and install the latest version. | +| `copilot version` | Display version information and check for updates. | +| `copilot plugin` | Manage plugins and plugin marketplaces. | + +## Global shortcuts in interactive mode + +| Shortcut | Purpose | +|-------------------------------------|---------------------------------------| +| `@ FILENAME` | Include file contents in the context. | +| Ctrl+X then `/` | After you have started typing a prompt, this allows you to run a slash command—for example, if you want to change the model without having to retype your prompt. | +| Esc | Cancel the current operation. | +| `! COMMAND` | Execute a command in your local shell, bypassing {% data variables.product.prodname_copilot_short %}. | +| Ctrl+C | Cancel operation / clear input. Press twice to exit. | +| Ctrl+D | Shutdown. | +| Ctrl+L | Clear the screen. | + +## Timeline shortcuts in interactive mode + +| Shortcut | Purpose | +|-------------------------------------|---------------------------------------| +| ctrl+o | While there is nothing in the prompt input, this expands recent items in {% data variables.product.prodname_copilot_short %}'s response timeline to show more details. | +| ctrl+e | While there is nothing in the prompt input, this expands all items in {% data variables.product.prodname_copilot_short %}'s response timeline. | + +## Navigation shortcuts in interactive mode + +| Shortcut | Purpose | +|-------------------------------------|----------------------------------------------| +| Ctrl+A | Move to beginning of the line (when typing). | +| Ctrl+E | Move to end of the line (when typing). | +| Ctrl+H | Delete the previous character. | +| Ctrl+W | Delete the previous word. | +| Ctrl+U | Delete from cursor to beginning of the line. | +| Ctrl+K | Delete from cursor to end of the line. | +| Meta+/ | Move the cursor by a word. | +| / | Navigate the command history. | + + +## Slash commands in interactive mode + +| Command | Purpose | +|-----------------------------------------------------|---------| +| `/add-dir PATH` | Add a directory to the allowed list for file access. | +| `/agent` | Browse and select from available agents (if any). | +| `/allow-all`, `/yolo` | Enable all permissions (tools, paths, and URLs). | +| `/clear`, `/new` | Clear the conversation history. | +| `/compact` | Summarize the conversation history to reduce context window usage. | +| `/context` | Show the context window token usage and visualization. | +| `/cwd`, `/cd [PATH]` | Change the working directory or display the current directory. | +| `/delegate [PROMPT]` | Delegate changes to a remote repository with an AI-generated pull request. | +| `/diff` | Review the changes made in the current directory. | +| `/exit`, `/quit` | Exit the CLI. | +| `/experimental [on\|off]` | Toggle or turn on/off experimental features. | +| `/share [file\|gist] [PATH]` | Share the session to a Markdown file or GitHub gist. | +| `/feedback` | Provide feedback about the CLI. | +| `/help` | Show the help for interactive commands. | +| `/ide` | Connect to an IDE workspace. | +| `/init` | Initialize {% data variables.product.prodname_copilot_short %} custom instructions and agentic features for this repository. | +| `/list-dirs` | Display all of the directories for which file access has been allowed. | +| `/login` | Log in to {% data variables.product.prodname_copilot_short %}. | +| `/logout` | Log out of {% data variables.product.prodname_copilot_short %}. | +| `/lsp [show\|test\|reload\|help] [SERVER-NAME]` | Manage the language server configuration. | +| `/mcp [show\|add\|edit\|delete\|disable\|enable] [SERVER-NAME]` | Manage the MCP server configuration. | +| `/model`, `/models [MODEL]` | Select the AI model you want to use. | +| `/plan [PROMPT]` | Create an implementation plan before coding. | +| `/plugin [marketplace\|install\|uninstall\|update\|list] [ARGS...]` | Manage plugins and plugin marketplaces. | +| `/rename NAME` | Rename the current session (alias for `/session rename`). | +| `/reset-allowed-tools` | Reset the list of allowed tools. | +| `/resume [SESSION-ID]` | Switch to a different session (optionally specify a session ID). | +| `/review [PROMPT]` | Run the code review agent to analyze changes. | +| `/session [checkpoints [n]\|files\|plan\|rename NAME]` | Show session information and a workspace summary. Use the subcommands for details. | +| `/skills [list\|info\|add\|remove\|reload] [ARGS...]` | Manage skills for enhanced capabilities. | +| `/terminal-setup` | Configure the terminal for multiline input support (Shift+Enter and Ctrl+Enter). | +| `/theme [show\|set\|list] [auto\|THEME-ID]` | View or configure the terminal theme. | +| `/usage` | Display session usage metrics and statistics. | +| `/user [show\|list\|switch]` | Manage the current {% data variables.product.github %} user. | + +For a complete list of available slash commands enter `/help` in interactive mode. + +## Command-line options + +| Option | Purpose | +|------------------------------------|------------------------------------------| +| `--acp` | Start the Agent Client Protocol server. | +| `--add-dir PATH` | Add a directory to the allowed list for file access (can be used multiple times). | +| `--add-github-mcp-tool TOOL` | Add a tool to enable for the {% data variables.product.github %} MCP server, instead of the default CLI subset (can be used multiple times). Use `*` for all tools. | +| `--add-github-mcp-toolset TOOLSET` | Add a toolset to enable for the {% data variables.product.github %} MCP server, instead of the default CLI subset (can be used multiple times). Use `all` for all toolsets. | +| `--additional-mcp-config JSON` | Additional MCP servers configuration as a JSON string or a file path (prefix with `@`) (can be used multiple times). Augments the configuration from `~/.copilot/mcp-config.json` for this session. | +| `--agent AGENT` | Specify a custom agent to use. | +| `--allow-all` | Enable all permissions (equivalent to `--allow-all-tools --allow-all-paths --allow-all-urls`). | +| `--allow-all-paths` | Disable file path verification and allow access to any path. | +| `--allow-all-tools` | Allow all tools to run automatically without confirmation. Required for non-interactive mode (env: `COPILOT_ALLOW_ALL`). | +| `--allow-all-urls` | Allow access to all URLs without confirmation. | +| `--allow-tool [TOOLS...]` | Tools the CLI has permission to use. Will not prompt for permission. | +| `--allow-url [URLS...]` | Allow access to specific URLs or domains. | +| `--available-tools [TOOLS...]` | Only these tools will be available to the model. | +| `--banner` | Show the startup banner. | +| `--config-dir PATH` | Set the configuration directory (default: `~/.copilot`). | +| `--continue` | Resume the most recent session. | +| `--deny-tool [TOOLS...]` | Tools the CLI does not have permission to use. Will not prompt for permission. | +| `--deny-url [URLS...]` | Deny access to specific URLs or domains, takes precedence over `--allow-url`. | +| `--disable-builtin-mcps` | Disable all built-in MCP servers (currently: `github-mcp-server`). | +| `--disable-mcp-server SERVER-NAME` | Disable a specific MCP server (can be used multiple times). | +| `--disable-parallel-tools-execution` | Disable parallel execution of tools (LLM can still make parallel tool calls, but they will be executed sequentially). | +| `--disallow-temp-dir` | Prevent automatic access to the system temporary directory. | +| `--enable-all-github-mcp-tools` | Enable all {% data variables.product.github %} MCP server tools, instead of the default CLI subset. Overrides the `--add-github-mcp-toolset` and `--add-github-mcp-tool` options. | +| `--excluded-tools [TOOLS...]` | These tools will not be available to the model. | +| `--experimental` | Enable experimental features (use `--no-experimental` to disable). | +| `-h`, `--help` | Display help. | +| `-i PROMPT`, `--interactive PROMPT` | Start interactive mode and automatically execute this prompt. | +| `--log-dir DIRECTORY` | Set the log file directory (default: `~/.copilot/logs/`). | +| `--log-level LEVEL` | Set the log level (choices: `none`, `error`, `warning`, `info`, `debug`, `all`, `default`). | +| `--model MODEL` | Set the AI model you want to use. | +| `--no-ask-user` | Disable the `ask_user` tool (the agent works autonomously without asking questions). | +| `--no-auto-update` | Disable downloading CLI updates automatically. | +| `--no-color` | Disable all color output. | +| `--no-custom-instructions` | Disable loading of custom instructions from `AGENTS.md` and related files. | +| `-p PROMPT`, `--prompt PROMPT` | Execute a prompt in non-interactive mode (exits after completion). | +| `--plain-diff` | Disable rich diff rendering (syntax highlighting via the diff tool specified by your git config). | +| `--resume [SESSION-ID]` | Resume from a previous session (optionally specify a session ID). | +| `-s`, `--silent` | Output only the agent response (without usage statistics), useful for scripting with `-p`. | +| `--screen-reader` | Enable screen reader optimizations. | +| `--share [PATH]` | Share a session to a Markdown file after completion in non-interactive mode (default path: `./copilot-session-.md`). | +| `--share-gist` | Share a session to a secret {% data variables.product.github %} gist after completion in non-interactive mode. | +| `--stream MODE` | Enable or disable streaming mode (mode choices: `on` or `off`). | +| `-v`, `--version` | Show version information. | +| `--yolo` | Enable all permissions (equivalent to `--allow-all-tools --allow-all-paths --allow-all-urls`). | + +For a complete list of commands and options, run `copilot help`. diff --git a/content/copilot/reference/copilot-allowlist-reference.md b/content/copilot/reference/copilot-allowlist-reference.md index 7216f42cf798..72adb64467c3 100644 --- a/content/copilot/reference/copilot-allowlist-reference.md +++ b/content/copilot/reference/copilot-allowlist-reference.md @@ -329,6 +329,7 @@ The allowlist allows access to the following hosts: * `playwright.azureedge.net` * `playwright-akamai.azureedge.net` * `playwright-verizon.azureedge.net` +* `storage.googleapis.com/chrome-for-testing-public` ### Linux Package Managers: Ubuntu diff --git a/content/copilot/reference/copilot-feature-matrix.md b/content/copilot/reference/copilot-feature-matrix.md new file mode 100644 index 000000000000..988d1e7e6f38 --- /dev/null +++ b/content/copilot/reference/copilot-feature-matrix.md @@ -0,0 +1,197 @@ +--- +title: Copilot feature matrix +intro: 'Identify which IDEs support which {% data variables.product.prodname_copilot %} features.' +versions: + feature: copilot +topics: + - Copilot +category: + - Learn about Copilot +--- + +> [!NOTE] +> The {% data variables.product.prodname_copilot %} feature matrix is currently in {% data variables.release-phases.public_preview %} and is subject to change. + +{% data variables.product.company_short %} recommends using the latest stable IDE and {% data variables.product.prodname_copilot_short %} extension versions to get the best {% data variables.product.prodname_copilot_short %} experience. + +**Key:** + +* ✓ = supported +* ✗ = not supported +* P = under preview + + + +{% ides %} + +## Features by IDE + +The following table shows supported {% data variables.product.prodname_copilot_short %} features in the latest version of each IDE. + +{%- comment %} +This loop generates the "Features by IDE" comparison table: +- Outer loop: Iterates through each feature from VS Code's feature list (using VS Code as the canonical source) +- Inner loop: For each feature, iterates through all IDEs to check support in their latest version + - Gets the latest version using ideEntry[1].versions | first + - Looks up the support level for that feature in that version + - Outputs ✓ (supported), P (preview), or ✗ (not supported) +Example row: | Agent mode | ✓ | ✓ | P | ✗ | ... | +{%- endcomment %} + +| Feature{%- for entry in tables.copilot.copilot-matrix.ides %} | {{ entry[0] }}{%- endfor %} | +|:----{%- for entry in tables.copilot.copilot-matrix.ides %}|:----:{%- endfor %}| +{%- for featureEntry in tables.copilot.copilot-matrix.ides["VS Code"].features %} +| {{ featureEntry[0] }}{%- for ideEntry in tables.copilot.copilot-matrix.ides %}{%- assign latestVersion = ideEntry[1].versions | first %}{%- assign supportLevel = ideEntry[1].features[featureEntry[0]][latestVersion] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endides %} + +{% vscode %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["VS Code"] %} + +## Features by VS Code version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## VS Code {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endvscode %} + +{% visualstudio %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["Visual Studio"] %} + +## Features by Visual Studio version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## Visual Studio {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endvisualstudio %} + +{% jetbrains %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["JetBrains"] %} + +## Features by JetBrains version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the {% data variables.copilot.copilot_extension %} for the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## JetBrains {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endjetbrains %} + +{% eclipse %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["Eclipse"] %} + +## Features by Eclipse version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the {% data variables.copilot.copilot_extension %} for the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## Eclipse {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endeclipse %} + +{% xcode %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["Xcode"] %} + +## Features by Xcode version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the {% data variables.copilot.copilot_extension %} for the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## Xcode {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endxcode %} + +{% vimneovim %} + +{% assign ideEntry = tables.copilot.copilot-matrix.ides["NeoVim"] %} + +## Features by NeoVim version + +The following table shows supported {% data variables.product.prodname_copilot_short %} features across recent vesions of the {% data variables.copilot.copilot_extension %} for the IDE. + +{%- comment %} Use the predefined versionGroups from JSON data {%- endcomment %} +{% for groupEntry in ideEntry.versionGroups %} + {%- assign groupName = groupEntry[0] %} + {%- assign groupVersions = groupEntry[1] %} + +## NeoVim {{ groupName }} + +| Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | +|:----{%- for version in groupVersions %}|:----:{%- endfor %}| +{%- for featureEntry in ideEntry.features %} +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +{%- endfor %} + +{% endfor %} + +{% endvimneovim %} diff --git a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md index 0b03872edee4..43e6d8a3d384 100644 --- a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md +++ b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md @@ -2,7 +2,7 @@ title: Data available in Copilot usage metrics allowTitleToDifferFromFilename: true shortTitle: Copilot usage metrics data -intro: 'You can display and export {% data variables.product.prodname_copilot_short %} usage metrics data in the dashboard and via APIs.' +intro: '{% data variables.product.prodname_copilot_short %} usage metrics data is available through the dashboard and APIs, using a consistent set of fields to represent adoption, usage, and code generation activity.' permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: fpt: '*' @@ -11,11 +11,18 @@ type: reference topics: - Copilot - Enterprise +category: + - Copilot usage metrics + - Understand available data + - Track Copilot usage --- {% data reusables.copilot.usage-metrics-preview %} -The {% data variables.product.prodname_copilot_short %} usage metrics dashboard and APIs display and export data using a consistent set of fields. This reference lists all available metrics and describes how to interpret their values in both dashboard visuals and NDJSON or API exports. To retrieve this data programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). +The {% data variables.product.prodname_copilot_short %} usage metrics dashboard and APIs display and export data using a consistent set of fields. This reference lists all available metrics and describes how to interpret their values in both dashboard visuals and NDJSON or API exports. + +* The {% data variables.product.prodname_copilot_short %} usage metrics dashboard reports data at the **enterprise** level. To access the dashboard, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption). +* The {% data variables.product.prodname_copilot_short %} usage metrics APIs support **enterprise-, organization-, and user-level** records. To retrieve this data programmatically, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). For guidance on how to read and interpret these metrics, see [AUTOTITLE](/copilot/concepts/copilot-metrics). @@ -38,7 +45,7 @@ These metrics appear directly in the {% data variables.product.prodname_copilot_ | Model usage per day | Daily breakdown of chat model usage. | | Model usage per chat mode | Model usage by {% data variables.product.prodname_copilot_short %} feature (Ask, Edit, Agent). | | Model usage per language | Distribution of languages broken down by model. | -| Most used chat model | The most frequently used chat model in the current calendar month. | +| Most used chat model | The most frequently used chat model in the last 28 days. | | Requests per chat mode | Number of chat requests by mode (Ask, Edit, Agent). | ## Code generation dashboard metrics @@ -47,8 +54,8 @@ These metrics appear in the code generation dashboard and provide a breakdown of | Metric | Description | |:--|:--| -| Lines of code changed with AI | Total lines of code added and deleted across all modes during the current calendar month. | -| Agent contribution | Percentage of lines of code added and deleted by agents (including Edit, Agent, and custom modes) during the current calendar month. | +| Lines of code changed with AI | Total lines of code added and deleted across all modes in the last 28 days. | +| Agent contribution | Percentage of lines of code added and deleted by agents (including Edit, Agent, and custom modes) in the last 28 days. | | Average lines deleted by agent | Average number of lines automatically deleted by agents on behalf of active users during the current calendar month. | | Daily total of lines added and deleted | Total number of lines added to and deleted from the codebase across all modes for each day. | | User-initiated code changes | Lines suggested or manually added by users through code completions and chat panel actions (insert, copy, or apply). | @@ -60,14 +67,15 @@ These metrics appear in the code generation dashboard and provide a breakdown of ## API and export fields -These fields appear in the exported NDJSON reports and in the {% data variables.product.prodname_copilot_short %} usage metrics APIs. They provide granular daily records for each user in the enterprise. +These fields appear in the exported NDJSON reports and in the {% data variables.product.prodname_copilot_short %} usage metrics APIs. They provide daily records at the enterprise, organization, or user scope, depending on the metric. | Field | Description | |:--|:--| | `agent_edit` | A dedicated bucket in the API and reports. Captures lines added and deleted directly by {% data variables.product.prodname_copilot_short %} Agent and Edit mode.
These are not included in suggested metrics, since agent edits don’t follow a simple suggestion to acceptance flow. | | `report_start_day` / `report_end_day` | Start and end dates for the 28-day reporting period. | | `day` | Calendar day this record represents. | -| `enterprise_id` | Unique ID of the enterprise or organization. | +| `enterprise_id` | Unique ID of the enterprise. | +| `organization_id` (API only) | Unique ID of the organization. | | `user_id` / `user_login` | Unique identifier and {% data variables.product.github %} username for the user. | | `user_initiated_interaction_count` | Number of explicit prompts sent to {% data variables.product.prodname_copilot_short %}.

Only counts messages or prompts actively sent to the model. Does **not** include opening the chat panel, switching modes (for example, Ask, Edit, or Agent), using keyboard shortcuts to open the inline UI, or making configuration changes. | | `code_generation_activity_count` | Number of distinct {% data variables.product.prodname_copilot_short %} output events generated.

**Includes:** All generated content, including comments and docstrings.
**Multiple blocks:** Each distinct code block from a single user prompt counts as a separate generation.
**Note:** This metric is not directly comparable to `user_initiated_interaction_count`, since one prompt can produce multiple generations. | @@ -81,3 +89,14 @@ These fields appear in the exported NDJSON reports and in the {% data variables. | `totals_by_language_feature` | Breakdown combining language and feature dimensions. | | `totals_by_model_feature` / `totals_by_language_model` | Model-specific breakdowns for chat activity (not completions). | | `last_known_ide_version` / `last_known_plugin_version` | The most recent IDE and {% data variables.copilot.copilot_chat_short %} extension version detected for each user. | + +### Pull request activity fields (API only) + +These fields capture daily pull request creation and review activity across the enterprise, including activity performed by {% data variables.product.prodname_copilot_short %}. + +| Field | Description | +|:--|:--| +| `pull_requests.total_created` | Total number of pull requests created across the enterprise on this specific day.

Creation is a one-time event. Each pull request is counted only on the day it is created. | +| `pull_requests.total_reviewed` | Total number of pull requests reviewed across the enterprise on this specific day.

The same pull request may be counted on multiple days if it receives reviews on multiple days. Within a single day, each pull request is counted once, even if multiple review actions occur. | +| `pull_requests.total_created_by_copilot` | Number of pull requests created by {% data variables.product.prodname_copilot_short %} across the enterprise on this specific day. | +| `pull_requests.total_reviewed_by_copilot` | Number of pull requests reviewed by {% data variables.product.prodname_copilot_short %} across the enterprise on this specific day.

A pull request may be counted on multiple days if {% data variables.product.prodname_copilot_short %} reviews it on multiple days. | diff --git a/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md b/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md index e05f9fc3f9c3..3b19c5b3ebf7 100644 --- a/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md +++ b/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md @@ -1,7 +1,7 @@ --- title: Interpreting usage and adoption metrics for GitHub Copilot shortTitle: Interpret usage metrics -intro: 'Evaluate trends surfaced in {% data variables.product.prodname_copilot_short %} usage metrics to enable adoption in your enterprise.' +intro: '{% data variables.product.prodname_copilot_short %} usage and adoption metrics reveal patterns in how developers engage with {% data variables.product.prodname_copilot_short %} across your enterprise.' permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -12,13 +12,17 @@ allowTitleToDifferFromFilename: true redirect_from: - /early-access/copilot-metrics/dashboards/interpreting-the-metrics - /copilot/reference/interpret-copilot-metrics +category: + - Copilot usage metrics + - Understand metrics + - Track Copilot usage --- >[!NOTE] The {% data variables.product.prodname_copilot_short %} usage metrics dashboard is currently in {% data variables.release-phases.public_preview %} and subject to change. -After you’ve viewed usage data in the {% data variables.product.prodname_copilot_short %} usage metrics dashboard, you can use this article to interpret what each chart means and identify opportunities to increase adoption and engagement across your enterprise. +After you’ve viewed the {% data variables.product.prodname_copilot_short %} usage metrics dashboard, you can use this article to interpret each chart and identify opportunities to increase adoption and engagement. -You can also access these metrics programmatically through the {% data variables.product.prodname_copilot_short %} usage metrics REST API, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). +> [!NOTE] The dashboard reports enterprise-level data. Organization-level views are available through the {% data variables.product.prodname_copilot_short %} usage metrics APIs. ## Reviewing overall usage trends @@ -73,7 +77,6 @@ Use trends in usage, feature adoption, and language activity to guide enablement > [!TIP] > Consider combining dashboard trends with feedback from surveys or retrospectives to get a full picture of {% data variables.product.prodname_copilot_short %}’s impact on developer productivity. -## Further reading +## Next steps -* [AUTOTITLE](/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics) -* [AUTOTITLE](/copilot/reference/copilot-usage-metrics/lines-of-code-metrics) +* To access metrics programmatically, including enterprise, organization, and user-level records, see [AUTOTITLE](/rest/copilot/copilot-usage-metrics). diff --git a/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md b/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md index 675a66ea358e..4fffc315a6cf 100644 --- a/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md +++ b/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md @@ -1,7 +1,7 @@ --- title: Lines of Code metrics shortTitle: Copilot LoC metrics -intro: Understand how Lines of Code metrics measure {% data variables.product.prodname_copilot_short %}’s output and what factors affect their coverage and accuracy. +intro: Lines of Code metrics provide a directional measure of {% data variables.product.prodname_copilot_short %} output by quantifying the lines of code suggested, added, or deleted across completions, chat, and agent features. permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -12,6 +12,10 @@ topics: - Copilot contentType: reference allowTitleToDifferFromFilename: true +category: + - Copilot usage metrics + - Understand metrics + - Track Copilot usage --- {% data reusables.copilot.usage-metrics-preview %} @@ -22,8 +26,8 @@ Lines of Code (LoC) metrics provide a directional measure of {% data variables.p You may encounter LoC metrics in: -* **Code generation dashboard** — visualizes LoC-based user and agent activity. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation). -* **Exports and APIs** — expose LoC fields such as `loc_suggested_to_add_sum`, `loc_added_sum`, and `loc_deleted_sum`. See [AUTOTITLE](/rest/copilot/copilot-usage-metrics). +* **Code generation dashboard (enterprise level)** — visualizes LoC-based user and agent activity. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation). +* **Exports and APIs (enterprise, organization, and user level)** — expose LoC fields such as `loc_suggested_to_add_sum`, `loc_added_sum`, and `loc_deleted_sum`. See [AUTOTITLE](/rest/copilot/copilot-usage-metrics). * **"Data available in {% data variables.product.prodname_copilot_short %} usage metrics" reference** — lists all dashboard and API fields derived from LoC. See [AUTOTITLE](/copilot/reference/copilot-usage-metrics/copilot-usage-metrics). This article covers how LoC is measured and what affects its accuracy and coverage. For detailed definitions, refer to the reference article above. diff --git a/content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics.md b/content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics.md index 964ddc517b59..48382a03dc82 100644 --- a/content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics.md +++ b/content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics.md @@ -1,7 +1,7 @@ --- title: Reconciling Copilot usage metrics across dashboards, APIs, and reports shortTitle: Reconciling Copilot usage metrics -intro: Understand how {% data variables.product.prodname_copilot_short %} usage metrics differ between dashboards, APIs, and exported reports. +intro: '{% data variables.product.prodname_copilot_short %} usage metrics are derived from the same underlying telemetry but are aggregated and presented differently across dashboards, APIs, and exported reports.' permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -12,12 +12,19 @@ allowTitleToDifferFromFilename: true redirect_from: - /early-access/copilot-metrics/dashboards/best-practices-for-correlating-usage-metrics - /copilot/reference/reconciling-usage-metrics +category: + - Copilot usage metrics + - Reconcile and validate metrics + - Track Copilot usage --- {% data reusables.copilot.usage-metrics-preview %} The {% data variables.product.prodname_copilot_short %} usage metrics dashboard, APIs, and export files all use the same underlying telemetry data, but they aggregate and present it differently. Understanding these differences helps you reconcile numbers across sources and trust your analysis when preparing internal reports. +* The {% data variables.product.prodname_copilot_short %} usage metrics dashboard reports data at the **enterprise-level**. +* The {% data variables.product.prodname_copilot_short %} usage metrics APIs support **enterprise-, organization-, and user-level** records. + ## Prerequisite {% data variables.product.prodname_copilot_short %} usage metrics depend on **telemetry from users’ IDEs**. If a developer has disabled telemetry in their IDE, their {% data variables.product.prodname_copilot_short %} activity will **not** appear in the dashboard, API reports, or exported data. diff --git a/content/copilot/reference/custom-agents-configuration.md b/content/copilot/reference/custom-agents-configuration.md index 0a9633afc0e8..5cbe431f5136 100644 --- a/content/copilot/reference/custom-agents-configuration.md +++ b/content/copilot/reference/custom-agents-configuration.md @@ -7,6 +7,8 @@ versions: topics: - Copilot contentType: reference +category: + - Configure Copilot --- This reference article provides detailed configuration information for {% data variables.copilot.custom_agents_short %}. For general information about creating {% data variables.copilot.custom_agents_short %}, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). @@ -15,21 +17,24 @@ This reference article provides detailed configuration information for {% data v ## YAML frontmatter properties -The following table outlines the properties that are supported in repository-level {% data variables.copilot.agent_profiles %}, organization or enterprise level {% data variables.copilot.agent_profiles %}, and in {% data variables.product.prodname_vscode_shortname %}. +The following table outlines the properties that are supported in repository-level {% data variables.copilot.agent_profiles %}, organization or enterprise level {% data variables.copilot.agent_profiles %}, and in {% data variables.product.prodname_vscode_shortname %}. The configuration file's name (minus `.md` or `.agent.md`) is used for deduplication between levels so that the lowest level configuration takes precedence. {% rowheaders %} | Property | Type | Purpose | Repository | Organization / enterprise | {% data variables.product.prodname_vscode_shortname %}, JetBrains IDEs, Eclipse, and Xcode | | ------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------------------------- | ------------------ | -| `name` | string | Unique name for the {% data variables.copilot.copilot_custom_agent_short %}. Optional, if unset defaults to the filename (without `.md` or `.agent.md` suffix).
Lowest level configuration takes precedence when there is a naming conflict. | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +| `name` | string | Display name for the {% data variables.copilot.copilot_custom_agent_short %}. Optional. | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | `description` | **Required** string | Description of the {% data variables.copilot.copilot_custom_agent_short %}'s purpose and capabilities | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | `target` | string | Target environment or context for the {% data variables.copilot.copilot_custom_agent_short %} (`vscode` or `github-copilot`). If unset, defaults to both environments. | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | `tools` | list of strings, string | List of tool names the {% data variables.copilot.copilot_custom_agent_short %} can use. Supports both a comma separated string and yaml string array. If unset, defaults to all tools. See [Tools](#tools). | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +| `infer` | boolean | Controls whether {% data variables.copilot.copilot_coding_agent %} can automatically use this {% data variables.copilot.copilot_custom_agent_short %} based on task context. When `false`, the agent must be manually selected. If unset, defaults to `true`. | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | `mcp-servers` | object | Additional MCP servers and tools that should be used by the {% data variables.copilot.copilot_custom_agent_short %}. | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | `metadata` | object consisting of a name and value pair, both strings | Allows annotation of the agent with useful data | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% endrowheaders %} +Define the agent's behavior, expertise, and instructions in the Markdown content below the YAML frontmatter. The prompt can be a maximum of 30,000 characters. + > [!NOTE] > The `model`, `argument-hint`, and `handoffs` properties from {% data variables.product.prodname_vscode_shortname %} and other IDE {% data variables.copilot.custom_agents_short %} are currently not supported for {% data variables.copilot.copilot_coding_agent %} on {% data variables.product.prodname_dotcom_the_website %}. They are ignored to ensure compatibility. For more information on {% data variables.copilot.copilot_custom_agent_short %} file structure in {% data variables.product.prodname_vscode_shortname %}, see [{% data variables.copilot.custom_agents_caps_short %} in {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/docs/copilot/customization/custom-agents#_custom-agent-file-structure) in the {% data variables.product.prodname_vscode_shortname %} documentation. @@ -56,11 +61,11 @@ The following tool aliases are available for {% data variables.copilot.custom_ag | Primary alias | Compatible aliases | {% data variables.copilot.copilot_coding_agent_short_cap_c %} mapping | Purpose | | ------------- | -------------------------------------------- | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | -| `shell` | `Bash`, `powershell` | Shell tools: `bash` or `powershell` | Execute a command in the appropriate shell for the operating system. | +| `execute` | `shell`, `Bash`, `powershell` | Shell tools: `bash` or `powershell` | Execute a command in the appropriate shell for the operating system. | | `read` | `Read`, `NotebookRead` | `view` | Read file contents. | | `edit` | `Edit`, `MultiEdit`, `Write`, `NotebookEdit` | Edit tools: e.g. `str_replace`, `str_replace_editor` | Allow LLM to edit. Exact arguments can vary. | | `search` | `Grep`, `Glob` | `search` | Search for files or text in files. | -| `custom-agent` | `Task` | "{% data variables.copilot.copilot_custom_agent_caps_short %}" tools | Allows a different {% data variables.copilot.copilot_custom_agent_short %} to be invoked to accomplish a task. | +| `agent` | `custom-agent`, `Task` | "{% data variables.copilot.copilot_custom_agent_caps_short %}" tools | Allows a different {% data variables.copilot.copilot_custom_agent_short %} to be invoked to accomplish a task. | | `web` | `WebSearch`, `WebFetch` | Currently not applicable for {% data variables.copilot.copilot_coding_agent_short %}. | Allows fetching content from URLs and performing a web search | | `todo` | `TodoWrite` | Currently not applicable for {% data variables.copilot.copilot_coding_agent_short %}. | Creates and manages structured task lists. Not supported in {% data variables.copilot.copilot_coding_agent_short %} today, but supported by {% data variables.product.prodname_vscode_shortname %}. | diff --git a/content/copilot/reference/custom-instructions-support.md b/content/copilot/reference/custom-instructions-support.md new file mode 100644 index 000000000000..c0cd9d833630 --- /dev/null +++ b/content/copilot/reference/custom-instructions-support.md @@ -0,0 +1,270 @@ +--- +title: Support for different types of custom instructions +shortTitle: Custom instructions support +intro: 'Find out which environments support which types of custom instructions.' +versions: + feature: copilot +topics: + - Copilot +contentType: reference +category: + - Learn about Copilot +--- + +This reference article provides details of which types of custom instructions are supported in various environments. For more information about the various types of custom instructions for {% data variables.product.prodname_copilot %}, see [AUTOTITLE](/copilot/concepts/prompting/response-customization). + +## {% data variables.product.prodname_dotcom_the_website %} + +{% comment %} +WRITING NOTE: The following tables have been written using HTML rather than Markdown due to the poor column width rendering of Markdown tables. In Markdown the columns have equal width, resulting in the first column being too wide, and the second column being too narrow for the text it contains. +{% endcomment %} + + + + + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-personal %} + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-organization %} +
+
{% data variables.copilot.copilot_coding_agent %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-all %} + {% data reusables.copilot.ci-support-organization %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-organization %} +
+
+ +## {% data variables.product.prodname_vscode %} + + + + + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-only %} +
+
{% data variables.copilot.copilot_coding_agent %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-all %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    + {% data reusables.copilot.ci-support-repository %} +
+
+ + + +## {% data variables.product.prodname_vs %} + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    + {% data reusables.copilot.ci-support-repository %} +
+
+ +## JetBrains IDEs + + + + + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} +
+
{% data variables.copilot.copilot_coding_agent %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-all %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} +
+
+ +## Eclipse + + + + + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-repository %} +
+
{% data variables.copilot.copilot_coding_agent %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-all %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    +
  • Custom instructions are currently not supported.
    • +
+
+ +## Xcode + + + + + + + + + + + + + + + + + + + + + + +
{% data variables.product.prodname_copilot_short %} featureTypes of custom instructions supported
{% data variables.copilot.copilot_chat_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} +
+
{% data variables.copilot.copilot_coding_agent %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-all %} +
+
{% data variables.copilot.copilot_code-review_short %} +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} +
+
+ +## {% data variables.copilot.copilot_cli_short %} + +
    + {% data reusables.copilot.ci-support-repository %} + {% data reusables.copilot.ci-support-path %} + {% data reusables.copilot.ci-support-agents-only %} +
+ +## Further reading + +* [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions) +* [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-personal-instructions) +* [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-organization-instructions) diff --git a/content/copilot/reference/hooks-configuration.md b/content/copilot/reference/hooks-configuration.md new file mode 100644 index 000000000000..d6c956f2084b --- /dev/null +++ b/content/copilot/reference/hooks-configuration.md @@ -0,0 +1,552 @@ +--- +title: Hooks configuration +shortTitle: Hooks configuration +intro: 'Find information about configuring hooks for use with {% data variables.copilot.copilot_cli %} and {% data variables.copilot.copilot_coding_agent %}.' +versions: + feature: copilot +topics: + - Copilot +contentType: reference +category: + - Configure Copilot +--- + +This reference article describes the available hook types with examples, including their input and output formats, script best practices, and advanced patterns for logging, security enforcement, and external integrations. For general information about creating hooks, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks). + +## Hook types + +### Session start hook + +Executed when a new agent session begins or when resuming an existing session. + +**Input JSON:** + +```json copy +{ + "timestamp": 1704614400000, + "cwd": "/path/to/project", + "source": "new", + "initialPrompt": "Create a new feature" +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `source`: Either `"new"` (new session), `"resume"` (resumed session), or `"startup"` +* `initialPrompt`: The user's initial prompt (if provided) + +**Output:** Ignored (no return value processed) + +**Example hook:** + +```json copy +{ + "type": "command", + "bash": "./scripts/session-start.sh", + "powershell": "./scripts/session-start.ps1", + "cwd": "scripts", + "timeoutSec": 30 +} +``` + +**Example script (Bash):** + +```shell copy +#!/bin/bash +INPUT=$(cat) +SOURCE=$(echo "$INPUT" | jq -r '.source') +TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp') + +echo "Session started from $SOURCE at $TIMESTAMP" >> session.log +``` + +### Session end hook + +Executed when the agent session completes or is terminated. + +**Input JSON:** + +```json copy +{ + "timestamp": 1704618000000, + "cwd": "/path/to/project", + "reason": "complete" +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `reason`: One of `"complete"`, `"error"`, `"abort"`, `"timeout"`, or `"user_exit"` + +**Output:** Ignored + +**Example script:** + +```shell copy +#!/bin/bash +INPUT=$(cat) +REASON=$(echo "$INPUT" | jq -r '.reason') + +echo "Session ended: $REASON" >> session.log +# Cleanup temporary files +rm -rf /tmp/session-* +``` + +### User prompt submitted hook + +Executed when the user submits a prompt to the agent. + +**Input JSON:** + +```json copy +{ + "timestamp": 1704614500000, + "cwd": "/path/to/project", + "prompt": "Fix the authentication bug" +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `prompt`: The exact text the user submitted + +**Output:** Ignored (prompt modification not currently supported in customer hooks) + +**Example script:** + +```shell copy +#!/bin/bash +INPUT=$(cat) +PROMPT=$(echo "$INPUT" | jq -r '.prompt') +TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp') + +# Log to a structured file +echo "$(date -d @$((TIMESTAMP/1000))): $PROMPT" >> prompts.log +``` + +### Pre-tool use hook + +Executed before the agent uses any tool (such as `bash`, `edit`, `view`). This is the most powerful hook as it can **approve or deny tool executions**. + +**Input JSON:** + +```json copy +{ + "timestamp": 1704614600000, + "cwd": "/path/to/project", + "toolName": "bash", + "toolArgs": "{\"command\":\"rm -rf dist\",\"description\":\"Clean build directory\"}" +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `toolName`: Name of the tool being invoked (such as "bash", "edit", "view", "create") +* `toolArgs`: JSON string containing the tool's arguments + +**Output JSON (optional):** + +```json copy +{ + "permissionDecision": "deny", + "permissionDecisionReason": "Destructive operations require approval" +} +``` + +**Output fields:** + +* `permissionDecision`: Either `"allow"`, `"deny"`, or `"ask"` (only `"deny"` is currently processed) +* `permissionDecisionReason`: Human-readable explanation for the decision + +**Example hook to block dangerous commands:** + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') +TOOL_ARGS=$(echo "$INPUT" | jq -r '.toolArgs') + +# Log the tool use +echo "$(date): Tool=$TOOL_NAME Args=$TOOL_ARGS" >> tool-usage.log + +# Check for dangerous patterns +if echo "$TOOL_ARGS" | grep -qE "rm -rf /|format|DROP TABLE"; then + echo '{"permissionDecision":"deny","permissionDecisionReason":"Dangerous command detected"}' + exit 0 +fi + +# Allow by default (or omit output to allow) +echo '{"permissionDecision":"allow"}' +``` + +**Example hook to enforce file permissions:** + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') + +# Only allow editing specific directories +if [ "$TOOL_NAME" = "edit" ]; then + PATH_ARG=$(echo "$INPUT" | jq -r '.toolArgs' | jq -r '.path') + + if [[ ! "$PATH_ARG" =~ ^(src/|test/) ]]; then + echo '{"permissionDecision":"deny","permissionDecisionReason":"Can only edit files in src/ or test/ directories"}' + exit 0 + fi +fi + +# Allow all other tools +``` + +### Post-tool use hook + +Executed after a tool completes execution (whether successful or failed). + +**Example input JSON:** + +```json copy +{ + "timestamp": 1704614700000, + "cwd": "/path/to/project", + "toolName": "bash", + "toolArgs": "{\"command\":\"npm test\"}", + "toolResult": { + "resultType": "success", + "textResultForLlm": "All tests passed (15/15)" + } +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `toolName`: Name of the tool that was executed +* `toolArgs`: JSON string containing the tool's arguments +* `toolResult`: Result object containing: + * `resultType`: Either `"success"`, `"failure"`, or `"denied"` + * `textResultForLlm`: The result text shown to the agent + +**Output:** Ignored (result modification is not currently supported) + +**Example script that logs tool execution statistics to a CSV file:** + +This script logs tool execution statistics to a CSV file and sends an email alert when a tool fails. + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') +RESULT_TYPE=$(echo "$INPUT" | jq -r '.toolResult.resultType') + +# Track statistics +echo "$(date),${TOOL_NAME},${RESULT_TYPE}" >> tool-stats.csv + +# Alert on failures +if [ "$RESULT_TYPE" = "failure" ]; then + RESULT_TEXT=$(echo "$INPUT" | jq -r '.toolResult.textResultForLlm') + echo "FAILURE: $TOOL_NAME - $RESULT_TEXT" | mail -s "Agent Tool Failed" admin@example.com +fi +``` + +### Error occurred hook + +Executed when an error occurs during agent execution. + +**Example input JSON:** + +```json copy +{ + "timestamp": 1704614800000, + "cwd": "/path/to/project", + "error": { + "message": "Network timeout", + "name": "TimeoutError", + "stack": "TimeoutError: Network timeout\n at ..." + } +} +``` + +**Fields:** + +* `timestamp`: Unix timestamp in milliseconds +* `cwd`: Current working directory +* `error`: Error object containing: + * `message`: Error message + * `name`: Error type/name + * `stack`: Stack trace (if available) + +**Output:** Ignored (error handling modification is not currently supported) + +**Example script that extracts error details to a log file:** + +```shell copy +#!/bin/bash +INPUT=$(cat) +ERROR_MSG=$(echo "$INPUT" | jq -r '.error.message') +ERROR_NAME=$(echo "$INPUT" | jq -r '.error.name') + +echo "$(date): [$ERROR_NAME] $ERROR_MSG" >> errors.log +``` + +## Script best practices + +### Reading input + +This example script reads JSON input from stdin into a variable, then uses `jq` to extract the `timestamp` and `cwd` fields. + +**Bash:** + +```shell copy +#!/bin/bash +# Read JSON from stdin +INPUT=$(cat) + +# Parse with jq +TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp') +CWD=$(echo "$INPUT" | jq -r '.cwd') +``` + +**PowerShell:** + +```powershell copy +# Read JSON from stdin +$input = [Console]::In.ReadToEnd() | ConvertFrom-Json + +# Access properties +$timestamp = $input.timestamp +$cwd = $input.cwd +``` + +### Outputting JSON + +This example script shows how to output valid JSON from your hook script. Use `jq -c` in Bash for compact single-line output, or `ConvertTo-Json -Compress` in PowerShell. + +**Bash:** + +```shell copy +#!/bin/bash +# Use jq to compact the JSON output to a single line +echo '{"permissionDecision":"deny","permissionDecisionReason":"Security policy violation"}' | jq -c + +# Or construct with variables +REASON="Too dangerous" +jq -n --arg reason "$REASON" '{permissionDecision: "deny", permissionDecisionReason: $reason}' +``` + +**PowerShell:** + +```powershell copy +# Use ConvertTo-Json to compact the JSON output to a single line +$output = @{ + permissionDecision = "deny" + permissionDecisionReason = "Security policy violation" +} +$output | ConvertTo-Json -Compress +``` + +### Error handling + +This script example demonstrates how to handle errors in hook scripts. + +**Bash:** + +```shell copy +#!/bin/bash +set -e # Exit on error + +INPUT=$(cat) +# ... process input ... + +# Exit with 0 for success +exit 0 +``` + +**PowerShell:** + +```powershell copy +$ErrorActionPreference = "Stop" + +try { + $input = [Console]::In.ReadToEnd() | ConvertFrom-Json + # ... process input ... + exit 0 +} catch { + Write-Error $_.Exception.Message + exit 1 +} +``` + +### Handling timeouts + +Hooks have a default timeout of 30 seconds. For longer operations, increase `timeoutSec`: + +```json copy +{ + "type": "command", + "bash": "./scripts/slow-validation.sh", + "timeoutSec": 120 +} +``` + +## Advanced patterns + +### Multiple hooks of the same type + +You can define multiple hooks for the same event. They execute in order: + +```json copy +{ + "version": 1, + "hooks": { + "preToolUse": [ + { + "type": "command", + "bash": "./scripts/security-check.sh", + "comment": "Security validation - runs first" + }, + { + "type": "command", + "bash": "./scripts/audit-log.sh", + "comment": "Audit logging - runs second" + }, + { + "type": "command", + "bash": "./scripts/metrics.sh", + "comment": "Metrics collection - runs third" + } + ] + } +} +``` + +### Conditional logic in scripts + +**Example: Only block specific tools** + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') + +# Only validate bash commands +if [ "$TOOL_NAME" != "bash" ]; then + exit 0 # Allow all non-bash tools +fi + +# Check bash command for dangerous patterns +COMMAND=$(echo "$INPUT" | jq -r '.toolArgs' | jq -r '.command') +if echo "$COMMAND" | grep -qE "rm -rf|sudo|mkfs"; then + echo '{"permissionDecision":"deny","permissionDecisionReason":"Dangerous system command"}' +fi +``` + +### Structured logging + +**Example: JSON Lines format** + +```shell copy +#!/bin/bash +INPUT=$(cat) +TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp') +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') +RESULT_TYPE=$(echo "$INPUT" | jq -r '.toolResult.resultType') + +# Output structured log entry +jq -n \ + --arg ts "$TIMESTAMP" \ + --arg tool "$TOOL_NAME" \ + --arg result "$RESULT_TYPE" \ + '{timestamp: $ts, tool: $tool, result: $result}' >> logs/audit.jsonl +``` + +### Integration with external systems + +**Example: Send alerts to Slack** + +```shell copy +#!/bin/bash +INPUT=$(cat) +ERROR_MSG=$(echo "$INPUT" | jq -r '.error.message') + +WEBHOOK_URL="https://hooks.slack.com/services/YOUR/WEBHOOK/URL" + +curl -X POST "$WEBHOOK_URL" \ + -H 'Content-Type: application/json' \ + -d "{\"text\":\"Agent Error: $ERROR_MSG\"}" +``` + +## Example use cases + +### Compliance audit trail + +Log all agent actions for compliance requirements by utilizing log scripts: + +```json copy +{ + "version": 1, + "hooks": { + "sessionStart": [{"type": "command", "bash": "./audit/log-session-start.sh"}], + "userPromptSubmitted": [{"type": "command", "bash": "./audit/log-prompt.sh"}], + "preToolUse": [{"type": "command", "bash": "./audit/log-tool-use.sh"}], + "postToolUse": [{"type": "command", "bash": "./audit/log-tool-result.sh"}], + "sessionEnd": [{"type": "command", "bash": "./audit/log-session-end.sh"}] + } +} +``` + +### Cost tracking + +Track tool usage for cost allocation: + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') +TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp') +USER=${USER:-unknown} + +echo "$TIMESTAMP,$USER,$TOOL_NAME" >> /var/log/copilot/usage.csv +``` + +### Code quality enforcement + +Prevent commits that violate code standards: + +```shell copy +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName') + +if [ "$TOOL_NAME" = "edit" ] || [ "$TOOL_NAME" = "create" ]; then + # Run linter before allowing edits + npm run lint-staged + if [ $? -ne 0 ]; then + echo '{"permissionDecision":"deny","permissionDecisionReason":"Code does not pass linting"}' + fi +fi +``` + +### Notification system + +Send notifications on important events: + +```shell copy +#!/bin/bash +INPUT=$(cat) +PROMPT=$(echo "$INPUT" | jq -r '.prompt') + +# Notify on production-related prompts +if echo "$PROMPT" | grep -iq "production"; then + echo "ALERT: Production-related prompt: $PROMPT" | mail -s "Agent Alert" team@example.com +fi +``` diff --git a/content/copilot/reference/index.md b/content/copilot/reference/index.md index 5cf4d79e94f5..f1e42319f595 100644 --- a/content/copilot/reference/index.md +++ b/content/copilot/reference/index.md @@ -9,8 +9,13 @@ topics: children: - /cheat-sheet - /ai-models + - /copilot-feature-matrix - /keyboard-shortcuts + - /cli-command-reference - /custom-agents-configuration + - /acp-server + - /hooks-configuration + - /custom-instructions-support - /policy-conflicts - /copilot-allowlist-reference - /mcp-allowlist-enforcement diff --git a/content/copilot/reference/mcp-allowlist-enforcement.md b/content/copilot/reference/mcp-allowlist-enforcement.md index 2d69575f6164..cb9d4d4a6d48 100644 --- a/content/copilot/reference/mcp-allowlist-enforcement.md +++ b/content/copilot/reference/mcp-allowlist-enforcement.md @@ -6,6 +6,8 @@ versions: topics: - Copilot contentType: reference +category: + - Learn about Copilot --- ## Current enforcement limitations diff --git a/content/copilot/reference/policy-conflicts.md b/content/copilot/reference/policy-conflicts.md index da063328f39a..7c7b406af5aa 100644 --- a/content/copilot/reference/policy-conflicts.md +++ b/content/copilot/reference/policy-conflicts.md @@ -42,6 +42,7 @@ Feature, model, and privacy settings for users are set according to the **least | :---- | :---- | :---- | | {% data variables.product.prodname_copilot_short %} Metrics API | Most restrictive organization | [AUTOTITLE](/rest/copilot/copilot-metrics) | | Suggestions matching public code (privacy policy) | Most restrictive organization | [AUTOTITLE](/copilot/concepts/completions/code-suggestions) | +| Allow members without a {% data variables.product.prodname_copilot_short %} license to use {% data variables.copilot.copilot_code-review_short %} in {% data variables.product.prodname_dotcom_the_website %} | Most restrictive organization | [AUTOTITLE](/copilot/responsible-use/code-review) | | {% data variables.product.prodname_copilot_short %} can search the web | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use/chat-in-github#leveraging-a-web-search-to-answer-a-question) | | {% data variables.copilot.copilot_mobile_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use/chat-in-github-mobile) | | {% data variables.copilot.copilot_chat_short %} in the IDE | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use/chat-in-your-ide) | diff --git a/content/copilot/tutorials/coding-agent/improve-a-project.md b/content/copilot/tutorials/coding-agent/improve-a-project.md new file mode 100644 index 000000000000..d29e67182b19 --- /dev/null +++ b/content/copilot/tutorials/coding-agent/improve-a-project.md @@ -0,0 +1,201 @@ +--- +title: Using GitHub Copilot coding agent to improve a project +shortTitle: Improve a project +allowTitleToDifferFromFilename: true +intro: 'Find and fix problems in a project with {% data variables.copilot.copilot_coding_agent %}.' +product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +topics: + - Copilot +contentType: tutorials +category: + - Author and optimize with Copilot + - Improve quality and maintainability + - Burn down tech debt +--- + +> [!NOTE] +> For an introduction to {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/about-copilot-coding-agent). + +## Introduction + +Modern development often starts with good intentions: a quick script, a prototype, maybe an action to automate one small thing. But as projects evolve, those early efforts can become brittle. + +This tutorial shows how you can use {% data variables.copilot.copilot_coding_agent %} to improve a mature project, without slowing down your momentum. + +In the following sections we'll: + +* Make sure that the project contains custom instructions that {% data variables.product.prodname_copilot_short %} can use to tailor its responses to your project. +* Make sure there's an environment setup file for {% data variables.copilot.copilot_coding_agent %}, so that it can get started on tasks more quickly by pre-installing your project’s dependencies. +* Get {% data variables.product.prodname_copilot_short %} to look for improvements that could be made to the code, and then create issues for that work. +* Delegate the coding work to {% data variables.product.prodname_copilot_short %} by assigning it to an issue. + +## 1. Check for custom instructions + +1. Go to your repository on {% data variables.product.github %}. +1. Check that at least one of the following custom instructions files exists: + + * `.github/copilot-instructions.md` + * `.github/instructions/**/*-instructions.md` + * `AGENTS.md` + +1. If any of these files exists, view the file and check that the instructions are adequate and up to date. + + For more information, see the section "Writing effective custom instructions" in [AUTOTITLE](/copilot/concepts/prompting/response-customization?tool=webui#writing-effective-custom-instructions), and the library of examples at [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions). + +1. If there are no custom instructions files in the repository, use {% data variables.copilot.copilot_coding_agent %} to create a `.github/copilot-instructions.md` file, by following the instructions in [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions#asking-copilot-coding-agent-to-generate-a-copilot-instructionsmd-file). +1. Review the pull request that {% data variables.copilot.copilot_coding_agent %} creates. Check that the `.github/copilot-instructions.md` file provides {% data variables.product.prodname_copilot_short %} with all of the information it needs to know to work on this project. + + The file should include: + + * A clear summary of the codebase and what the software does. + * A project structure overview. + * Contribution guidelines. For example, how to build, format, lint, and test the codebase, and requirements that must be met before pull requests can be merged. + * Key technical principles. + +1. Edit the file as required. +1. Click **Ready for review** at the bottom of the "Conversation" tab of the pull request, then complete your usual process for merging a pull request. + +## 2. Check for an environment setup file + +A `copilot-setup-steps.yml` {% data variables.product.prodname_actions %} workflow file can help {% data variables.copilot.copilot_coding_agent %} to get started on tasks more quickly by pre-installing the dependencies that are used by the project. + +Creating this file is optional but is a good idea if you use {% data variables.copilot.copilot_coding_agent %} regularly in the repository. + +1. In your repository on {% data variables.product.github %}, check that the following file exists: + + ```text copy + .github/workflows/copilot-setup-steps.yml + ``` + + > [!TIP] + > A quick way to do this is to copy the above path, go to the main page of your repository and paste the path into the "Go to file" field. + +1. If the file exists, open it and check that the steps in the workflow install the correct dependencies for your project. After verifying this, you can skip the remaining steps in this section. +1. If you don't already have a `copilot-setup-steps.yml` file, use the following steps to get {% data variables.copilot.copilot_coding_agent %} to create it for you. +1. At the top of any page of your repository on the {% data variables.product.github %} website, click **{% octicon "agent" aria-label="Open agents panel" %}**. +1. Copy and paste the following prompt into the Agents dialog: + + + ```text copy + Analyze this repository to understand the dependencies that need to be installed on the development environment to work on the code in this repository. Using this information, and the details about the `copilot-setup-steps.yml` file that are given in https://docs.github.com/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment, add a `.github/workflows/copilot-setup-steps.yml` to this repository. This Actions workflow file should install, in the development environment for {% data variables.copilot.copilot_coding_agent %}, all of the dependencies necessary to work on the code in this repository. Make sure that the workflow job is named `copilot-setup-steps`. + ``` + + +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. +1. In the "Recent agent sessions" list, click the new agent session that has started. + + This displays an activity log, as {% data variables.product.prodname_copilot_short %} works on the task. When {% data variables.product.prodname_copilot_short %} finishes it will generate a summary of what it did. + +1. Read the summary, then click **{% octicon "git-pull-request" aria-hidden="true" aria-label="Pull request" %} View pull request**. +1. Optionally, add {% data variables.product.prodname_copilot_short %} as a reviewer. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review?tool=webui). Wait for {% data variables.product.prodname_copilot_short %} to add review comments, then make any changes you think are necessary in response to the comments. +1. Review the pull request yourself, making sure that the setup steps in the new `copilot-setup-steps.yml` file are correct. + + The workflow file that {% data variables.product.prodname_copilot_short %} has created should include an `on: workflow_dispatch` trigger, to allow you to run the workflow manually, and the job must be named `copilot-setup-steps` as shown in this extract: + + ```yaml + on: + workflow_dispatch: + push: + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml + + jobs: + copilot-setup-steps: + runs-on: ubuntu-latest + ``` + +1. Make any required changes to the `copilot-setup-steps.yml` file in the pull request. + + You can ask {% data variables.product.prodname_copilot_short %} to make changes for you by using `@copilot` in a review comment. For example: + + `@copilot - comment the file more thoroughly` + +1. Click **Ready for review** at the bottom of the "Conversation" tab of the pull request, then complete your usual process for merging a pull request. +1. Open the newly added `.github/workflows/copilot-setup-steps.yml` file in your repository on {% data variables.product.github %}. +1. Click **View Runs** near the top right of the page. +1. Click **Run workflow** and then **Run workflow** in the dialog, to test the new workflow. +1. Check that the workflow runs correctly and installs the dependencies. Fix any failures by editing the `.github/workflows/copilot-setup-steps.yml` file. + +## 3. Let {% data variables.product.prodname_copilot_short %} find technical debt + +Now that {% data variables.product.prodname_copilot_short %} has the right context and (optionally) a ready-to-use environment, you can use it to surface and prioritize technical debt in your repository. +1. Click the **{% octicon "copilot" aria-label="Run this prompt in Copilot Chat" %}** button in the following prompt box to send this prompt to {% data variables.copilot.copilot_chat_short %} on {% data variables.product.prodname_dotcom_the_website %}. + + ```copilot copy prompt + What technical debt exists in this project? Give me a prioritized list of up to 5 areas we need to focus on. For each, describe the problem and its consequences. + ``` + +1. Make sure that **{% octicon "comment" aria-hidden="true" aria-label="comment" %} Ask** mode is selected. +1. Use the **{% octicon "globe" aria-hidden="true" aria-label="globe" %} All repositories** dropdown to select your repository. +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. +1. Review the details in {% data variables.product.prodname_copilot_short %}'s response. +1. Assuming {% data variables.product.prodname_copilot_short %} identified at least one area for improvement, copy the following prompt into the same conversation: + + ```copilot copy + /create-issue + + Create a GitHub issue to address the first of the problem areas that you identified. + + If the problem area requires substantial work, create one main issue for the entire problem area and then sub-issues that allow the work to be split up into manageable chunks, which will be tackled in separate pull requests that can be easily reviewed. For a large body of work, do not create a single issue that attempts to address the entire problem. + + The issue, or each sub-issue if these are created, must include a description of the problem, a set of acceptance criteria, and pointers on what files need to be added/updated. + ``` + +1. Edit this prompt as required. For example, depending on the response that {% data variables.product.prodname_copilot_short %} produced, you may want to work on another of the problem areas that {% data variables.product.prodname_copilot_short %} identified, rather than the first. +1. Make sure that Ask mode is still selected (**{% octicon "comment" aria-label="comment icon" %}**). +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. +1. Review the draft issue that {% data variables.product.prodname_copilot_short %} generates, editing it as required. +1. If {% data variables.product.prodname_copilot_short %} creates a single draft issue that indicates that sub-issues should be created, prompt {% data variables.product.prodname_copilot_short %} to do this for you: + + ```copilot copy + Go ahead and create sub-issues that chunk this work into manageable pieces. + ``` + +1. Click **Create**, or **Review and Create**, depending on how many issues were drafted. + + {% data variables.product.prodname_copilot_short %} creates one or more new issues on your behalf. You will be shown as the issue author. + +## 4. Get {% data variables.product.prodname_copilot_short %} to fix an issue + +Now that you have created issues, the next step is to delegate an issue to {% data variables.product.prodname_copilot_short %} and review the resulting pull request. +1. Open one of the issues that {% data variables.product.prodname_copilot_short %} created for you in the previous section. +1. Check that the issue contains acceptance criteria that {% data variables.product.prodname_copilot_short %} can use to verify it has completed the task. +1. Make any changes you feel are necessary to accurately describe the problem that needs to be fixed, and the expected outcome of the work on this issue. +1. Click **{% octicon "agent" aria-label="Open agents panel" %} Assign to {% data variables.product.prodname_copilot_short %}**. +1. In the "Assign Copilot to issue", click **Assign**. + + {% data variables.product.prodname_copilot_short %} will start working on the issue. After a few moments a link to a draft pull request will be added to the issue. + +1. Click the link to the draft pull request. + + Once {% data variables.product.prodname_copilot_short %} has finished working on the pull request it will remove "[WIP]" from the pull request title and will add you as a reviewer. + + You can leave {% data variables.product.prodname_copilot_short %} to work on the pull request asynchronously, and come back to review the pull request once you are added as a reviewer. + +1. Optionally, after {% data variables.product.prodname_copilot_short %} has been working for a couple of minutes, you can click **View session** on the pull request to see a log of what {% data variables.product.prodname_copilot_short %} is doing. +1. Optionally, on the "Conversation" tab of the pull request, add {% data variables.product.prodname_copilot_short %} as a reviewer. +1. After you have been added as a reviewer, review the changes yourself and make any required changes. + + You can ask {% data variables.product.prodname_copilot_short %} to make changes for you by using `@copilot` in a review comment. + +1. Click **Ready for review** at the bottom of the "Conversation" tab of the pull request, then complete your usual process for merging a pull request. + +## 5. Iterate on this process + +1. If {% data variables.product.prodname_copilot_short %} created multiple issues, repeat section 4, assigning {% data variables.product.prodname_copilot_short %} to one of the other issues. +1. After closing all of the issues that {% data variables.product.prodname_copilot_short %} created, repeat section 3, choosing another problem area and iterating on section 4 to assign issues to {% data variables.product.prodname_copilot_short %} and review and merge its changes. + +## Conclusion + +{% data variables.copilot.copilot_coding_agent %} can help you to improve the quality of code in any project, but it's particularly useful for reducing technical debt in a project that has grown organically over many months or years. By using {% data variables.copilot.copilot_coding_agent %}, you can make improvements that you might have struggled to find time for without an AI assistant working on your behalf. + +{% data variables.product.prodname_copilot_short %} doesn't replace you as a developer—you still need to be involved at every step of this process, specifying what you want {% data variables.product.prodname_copilot_short %} to do and carefully reviewing the code it changes or adds—but it does allow you to implement improvements at the same time as you work on other important tasks. + +## Next steps + +Read this case study on the {% data variables.product.github %} blog: [How the {% data variables.product.github %} billing team uses the coding agent in {% data variables.product.prodname_copilot %} to continuously burn down technical debt](https://github.blog/ai-and-ml/github-copilot/how-the-github-billing-team-uses-the-coding-agent-in-github-copilot-to-continuously-burn-down-technical-debt/). diff --git a/content/copilot/tutorials/coding-agent/index.md b/content/copilot/tutorials/coding-agent/index.md index 0c4fd6c110f0..49e61e299a66 100644 --- a/content/copilot/tutorials/coding-agent/index.md +++ b/content/copilot/tutorials/coding-agent/index.md @@ -10,5 +10,6 @@ topics: children: - /get-the-best-results - /pilot-coding-agent + - /improve-a-project contentType: tutorials --- diff --git a/content/copilot/tutorials/compare-ai-models.md b/content/copilot/tutorials/compare-ai-models.md index dd5566e5a562..a3c127626661 100644 --- a/content/copilot/tutorials/compare-ai-models.md +++ b/content/copilot/tutorials/compare-ai-models.md @@ -126,9 +126,9 @@ print(active_users_sorted) * {% data variables.copilot.copilot_gpt_5_mini %} is optimized for cost and speed, making it ideal for quick edits, prototyping, and utility code. * Use this model when you want reliable answers for simple coding questions without waiting for unnecessary depth. -## {% data variables.copilot.copilot_gpt_5 %} +## {% data variables.copilot.copilot_gpt_52 %} -{% data reusables.copilot.model-use-cases.gpt-5 %} +{% data reusables.copilot.model-use-cases.gpt-52 %} ### Example scenario @@ -172,7 +172,7 @@ class Cart: return Order("", None, 0) ``` -### Why {% data variables.copilot.copilot_gpt_5 %} is a good fit +### Why {% data variables.copilot.copilot_gpt_52 %} is a good fit * It can interpret visual assets, such as UML diagrams, wireframes, or flowcharts, to generate code scaffolding or suggest architecture. * It can be useful for reviewing screenshots of UI layouts or form designs and generating. diff --git a/content/copilot/tutorials/copilot-chat-cookbook/analyze-security/manage-dependency-updates.md b/content/copilot/tutorials/copilot-chat-cookbook/analyze-security/manage-dependency-updates.md index 0c32c865516e..1e094d405a10 100644 --- a/content/copilot/tutorials/copilot-chat-cookbook/analyze-security/manage-dependency-updates.md +++ b/content/copilot/tutorials/copilot-chat-cookbook/analyze-security/manage-dependency-updates.md @@ -90,8 +90,6 @@ Once you've committed the `dependabot.yml` file to your repository, {% data vari ### Example scenario -### Example scenario - Let's say your team has been using the basic {% data variables.product.prodname_dependabot %} configuration for a few months, and you're getting lots of dependency update pull requests. However, you're finding that: * Pull requests are sitting un-reviewed because no one is automatically assigned. diff --git a/content/copilot/tutorials/copilot-chat-cookbook/communicate-effectively/creating-diagrams.md b/content/copilot/tutorials/copilot-chat-cookbook/communicate-effectively/creating-diagrams.md index ecee86e1cf20..aa53dc02c76f 100644 --- a/content/copilot/tutorials/copilot-chat-cookbook/communicate-effectively/creating-diagrams.md +++ b/content/copilot/tutorials/copilot-chat-cookbook/communicate-effectively/creating-diagrams.md @@ -15,25 +15,25 @@ topics: contentType: tutorials --- -{% data variables.copilot.copilot_chat %} can help you create mermaid diagrams to visualize data, making it easier to understand and communicate insights. You can ask {% data variables.copilot.copilot_chat_short %} to generate diagrams based on your data or code, and it will provide you with the necessary code to create those diagrams. +{% data variables.copilot.copilot_chat %} on {% data variables.product.prodname_dotcom_the_website %} can help you create Mermaid diagrams to visualize data, making it easier to understand and communicate insights. You can ask {% data variables.copilot.copilot_chat_short %} to generate diagrams based on your data or code, and it will provide you with the necessary code to create those diagrams. ## Example scenario -You want to create a Gantt chart to visualize the timeline of a project. You can ask {% data variables.copilot.copilot_chat_short %} to generate the mermaid code for the Gantt chart, with specific details about the project phases and their durations. You can then use this code in any Markdown file that supports mermaid syntax, such as issues, discussions, or pull requests on {% data variables.product.github %}. +You want to create a Gantt chart to visualize the timeline of a project. You can ask {% data variables.copilot.copilot_chat_short %} on {% data variables.product.prodname_dotcom_the_website %} to generate the Mermaid code for the Gantt chart, with specific details about the project phases and their durations. You can then use this code in any Markdown file that supports Mermaid syntax, such as issues, discussions, or pull requests on {% data variables.product.github %}. ## Example prompt ```copilot copy prompt -Create a mermaid gantt diagram that covers the period August 1st 2025 until January 31st, 2025. Include 5 phases, each taking 6 weeks, and overlapping equally. +Create a Mermaid Gantt diagram that covers the period August 1st 2025 until January 31st, 2025. Include 5 phases, each taking 6 weeks, and overlapping equally. ``` ## Example response {% data reusables.copilot.example-prompts.response-is-an-example %} -{% data variables.product.prodname_copilot_short %} will provide you with the mermaid code to create the flowchart. You can copy the code {% data variables.copilot.copilot_chat_short %} provides and paste it anywhere on {% data variables.product.github %} that supports Markdown, such as an issue or discussion. +{% data variables.product.prodname_copilot_short %} will provide you with the Mermaid code to create the flowchart. You can copy the code {% data variables.copilot.copilot_chat_short %} provides and paste it anywhere on {% data variables.product.github %} that supports Markdown, such as an issue or discussion. -Ensure you include the correct mermaid syntax of `` ```mermaid `` before and `` ``` `` after the code block to render the diagram correctly. +Ensure you include the correct Mermaid syntax of `` ```mermaid `` before and `` ``` `` after the code block to render the diagram correctly. ````text ```mermaid @@ -61,7 +61,7 @@ gantt This Mermaid code would generate the following diagram: -![Screenshot of a rendered Mermaid gantt chart.](/assets/images/help/copilot/mermaid-gantt-chart-example.png) +![Screenshot of a rendered Mermaid Gantt chart.](/assets/images/help/copilot/mermaid-gantt-chart-example.png) ## Further reading diff --git a/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/diagnose-test-failures.md b/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/diagnose-test-failures.md new file mode 100644 index 000000000000..927c7656b67a --- /dev/null +++ b/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/diagnose-test-failures.md @@ -0,0 +1,103 @@ +--- +title: Diagnosing test failures +shortTitle: Diagnose test failures +intro: '{% data variables.copilot.copilot_chat_short %} can help you understand why a test is failing and suggest how to fix it.' +versions: + feature: copilot +category: + - Debugging code + - Author and optimize with Copilot +complexity: + - Intermediate +octicon: bug +topics: + - Copilot +contentType: tutorials +--- + +{% data variables.copilot.copilot_chat_short %} can analyze test failures and help identify potential causes. + +## Example scenario: Tests passing locally but failing in CI + +Consider a scenario where you have a test that passes on your local machine but sometimes fails in CI. {% data variables.copilot.copilot_chat_short %} can help identify the reason for the failure. + +In this example, the code being tested defines a simple order service (`order.py`), and there's a corresponding test that checks if an order was created today (`test_order_service.py`). + +## Example prompt + +The prompt below provides {% data variables.product.prodname_copilot_short %} with the relevant code and test files (using `#file:`) and includes a copy/paste of the relevant excerpt from the CI failure. + +```copilot copy +Please take a look at this CI failure message. The test passes locally, but intermittently fails in CI. Can you help me figure out if this looks like a code bug, environment issue, or a flaky test? + +Failure: + +___ TestOrderService.test_order_created_today ___ +> assert order["created_date"] == date.today() +E AssertionError: assert datetime.date(2024, 1, 15) == datetime.date(2024, 1, 16) + +test_order_service.py:45: AssertionError + +#file:order.py +#file:test_order_service.py + +``` + +## Example response + +{% data reusables.copilot.example-prompts.response-is-an-example %} + +{% data variables.copilot.copilot_chat_short %} notices that the dates are exactly one day apart and identifies that this could be a **timezone** or **time-boundary** issue. + +The local machine and CI runner may be using different timezone settings or deriving `today` from different clocks (UTC vs. local time), so when the test runs near midnight, `date.today()` can return different dates in each environment. + +{% data variables.copilot.copilot_chat_short %} suggests treating the failure as test flakiness caused by environment/time assumptions (and not a logic bug), and fixing it by standardizing how `today` is computed across environments. + +## Example scenario 2: Intermittent test failures + +Consider a scenario where a test sometimes passes and sometimes fails on the same machine. {% data variables.copilot.copilot_chat_short %} can compare logs from passing and failing runs to help identify the cause. + +In this example, the code under test uses a background job in `order_service.py` to update an order's status asynchronously, and a test in `test_order_service.py` asserts that the final status is `"processed"`. + +## Example prompt + +The prompt below provides {% data variables.product.prodname_copilot_short %} with the failure message, the log excerpts from both a passing and failing run, and the relevant code files (using `#file:`). + +```copilot copy +This test passes sometimes and fails sometimes. Can you compare the logs and help me figure out why? + +Failure message: + +> assert order.status == "processed" +E AssertionError: assert "pending" == "processed" + +test_order_service.py:62: AssertionError + +Logs from a passing run: +[DEBUG] Created order #1234 +[DEBUG] Background job started for order #1234 +[DEBUG] Background job completed (52ms) +[DEBUG] Checking order status +[DEBUG] Order #1234 status: processed + +Logs from the failing run: +[DEBUG] Created order #1234 +[DEBUG] Background job started for order #1234 +[DEBUG] Checking order status +[DEBUG] Order #1234 status: pending + +#file:order_service.py +#file:test_order_service.py +``` + +## Example response + +{% data reusables.copilot.example-prompts.response-is-an-example %} + +{% data variables.copilot.copilot_chat_short %} compares the two logs and notices that in the passing run, the background job completed *before* the status check, while in the failing run, the status was checked while the job was still running. {% data variables.copilot.copilot_chat_short %} notes that this is a **race condition**, as the test doesn't wait for the background job to finish. + +{% data variables.copilot.copilot_chat_short %} suggests adding a mechanism to ensure the job completes before asserting, such as running the job synchronously, awaiting completion (for example, via a callback), or polling. + +## Further reading + +{% data reusables.copilot.example-prompts.further-reading-items %} diff --git a/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/index.md b/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/index.md index c0d4e517c746..225b447b755d 100644 --- a/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/index.md +++ b/content/copilot/tutorials/copilot-chat-cookbook/debug-errors/index.md @@ -12,6 +12,6 @@ topics: children: - /debug-invalid-json - /handle-api-rate-limits + - /diagnose-test-failures contentType: tutorials --- - diff --git a/content/copilot/tutorials/copilot-chat-cookbook/testing-code/index.md b/content/copilot/tutorials/copilot-chat-cookbook/testing-code/index.md index 406c8c404a3c..82bb5bd3b18d 100644 --- a/content/copilot/tutorials/copilot-chat-cookbook/testing-code/index.md +++ b/content/copilot/tutorials/copilot-chat-cookbook/testing-code/index.md @@ -12,6 +12,7 @@ children: - /generate-unit-tests - /create-mock-objects - /create-end-to-end-tests + - /update-unit-tests contentType: tutorials --- diff --git a/content/copilot/tutorials/copilot-chat-cookbook/testing-code/update-unit-tests.md b/content/copilot/tutorials/copilot-chat-cookbook/testing-code/update-unit-tests.md new file mode 100644 index 000000000000..76920681ccb1 --- /dev/null +++ b/content/copilot/tutorials/copilot-chat-cookbook/testing-code/update-unit-tests.md @@ -0,0 +1,122 @@ +--- +title: Updating unit tests to match code changes +shortTitle: Update unit tests +intro: '{% data variables.copilot.copilot_chat_short %} can help with updating your tests.' +versions: + feature: copilot +category: + - Testing code + - Author and optimize with Copilot +complexity: + - Intermediate +octicon: beaker +topics: + - Copilot +contentType: tutorials +--- + +When you make changes to your code, it's important to update any tests to verify the new behavior and catch any bugs that the new code has introduced. {% data variables.copilot.copilot_chat_short %} can help you quickly update tests to match your code changes, ensuring your test suite stays in sync with your implementation. + +## Example scenario + +Imagine you have a Python function, `calculate_discount`, that determines the discount for a given purchase amount. In the original code, you get a 10% discount for amounts over $100. You're making changes to the logic of the function, so that only prices over $150 get a 10% discount, and there's now a 20% discount for amounts over $200. + +### Original code + +In the original code, purchase prices above $100 get a 10% discount. + +```python +def calculate_discount(amount: float) -> float: + if amount > 100: + return amount * 0.1 # 10% discount + return 0.0 +``` + +### Updated code + +In the changed code, only amounts above $150 get 10% discount, and amounts above $200 now get a 20% discount. + +```python id=calculate_discount +def calculate_discount(amount: float) -> float: + if amount > 200: + return amount * 0.2 + elif amount > 150: + return amount * 0.1 + return 0.0 +``` + +### Existing tests + +This example shows the existing tests that were written for the original code. + +```python +import unittest +from discount import calculate_discount + +class TestCalculateDiscount(unittest.TestCase): + def test_discount_above_100(self): + # $140 should get a $14 discount (10%) + self.assertAlmostEqual(calculate_discount(140), 14.0) + + def test_discount_below_100(self): + # $80 should get no discount + self.assertEqual(calculate_discount(80), 0.0) + + def test_discount_exactly_100(self): + # $100 is not above 100, so no discount + self.assertEqual(calculate_discount(100), 0.0) + +if __name__ == '__main__': + unittest.main() +``` + +## Example prompt + +You can ask {% data variables.copilot.copilot_chat_short %} to identify and update any tests affected by your logic change. + +```copilot +Given the update to the `calculate_discount` function, update the unit tests that may fail or become outdated as a result. +``` + +## Example response + +{% data reusables.copilot.example-prompts.response-is-an-example %} + +{% data variables.copilot.copilot_chat_short %} analyzes your code and existing tests, and identifies which tests will fail or are now misleading following your code change. + +For example, {% data variables.copilot.copilot_chat_short %} explains that: +* `test_discount_above_100` will now **fail** +* `test_discount_below_100` and `test_discount_exactly_100` will pass, but they are now **misleading**, since the threshold for the 10% discount is now $150, and not $100. + +In addition, {% data variables.copilot.copilot_chat_short %} identifies any **missing test coverage**, such as the new 20% discount tier for amounts over $200. + +{% data variables.copilot.copilot_chat_short %} proposes an updated set of tests. + +### Updated tests + +```python +import unittest +from discount import calculate_discount + +class TestCalculateDiscount(unittest.TestCase): + def test_discount_above_200(self): + # $250 should get a $50 discount (20%) + self.assertAlmostEqual(calculate_discount(250), 50.0) + + def test_discount_above_150(self): + # $175 should get a $17.50 discount (10%) + self.assertAlmostEqual(calculate_discount(175), 17.5) + + def test_discount_at_or_below_150(self): + # $150 is not above 150, so no discount + self.assertEqual(calculate_discount(150), 0.0) + # $80 should get no discount + self.assertEqual(calculate_discount(80), 0.0) + +if __name__ == '__main__': + unittest.main() +``` + +## Further reading + +{% data reusables.copilot.example-prompts.further-reading-items %} \ No newline at end of file diff --git a/content/copilot/tutorials/customization-library/custom-agents/bug-fix-teammate.md b/content/copilot/tutorials/customization-library/custom-agents/bug-fix-teammate.md index 7b7e96f831d2..1d2975b39c9b 100644 --- a/content/copilot/tutorials/customization-library/custom-agents/bug-fix-teammate.md +++ b/content/copilot/tutorials/customization-library/custom-agents/bug-fix-teammate.md @@ -61,4 +61,19 @@ You are a bug-fixing specialist focused on resolving issues in the codebase with Your goal is to make the codebase more stable and reliable by implementing working fixes, not just identifying problems. ``` +## How to use this {% data variables.copilot.copilot_custom_agent_short %} + +1. Go to the agents tab at [https://github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). +1. Using the dropdown menus in the text box, select the repository and branch you want the custom agent to work in. +1. Click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %}, then click **{% octicon "plus" aria-label="Plus button" %} Create a custom agent**. +1. An {% data variables.copilot.agent_profile %} template called `my-agent.agent.md` will open in the `.github/agents` directory, in the repository you chose. Name the file `bug-fix-teammate.agent.md` and paste in the example {% data variables.copilot.agent_profile %}. +1. Commit and merge this file into your repository's default branch. Go back to the agents tab (you may need to refresh the page), and in the text box, select your "bug-fix-teammate" agent from the dropdown. +1. In the text box, enter a task for the agent (such as the example below) and click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. + + ```copilot copy + Scan the repository for the most critical bug, then implement a targeted fix and explain your approach. + ``` + +The agent task will appear on the page below the text box. You can click into the task and follow along with the agent. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). + {% data reusables.copilot.custom-agents-further-reading %} diff --git a/content/copilot/tutorials/customization-library/custom-agents/cleanup-specialist.md b/content/copilot/tutorials/customization-library/custom-agents/cleanup-specialist.md index 24de467e4f57..6ae1faef262d 100644 --- a/content/copilot/tutorials/customization-library/custom-agents/cleanup-specialist.md +++ b/content/copilot/tutorials/customization-library/custom-agents/cleanup-specialist.md @@ -71,4 +71,19 @@ You are a cleanup specialist focused on making codebases cleaner and more mainta Focus on cleaning up existing code rather than adding new features. Work on both code files (.js, .py, etc.) and documentation files (.md, .txt, etc.) when removing duplication and improving consistency. ``` +## How to use this {% data variables.copilot.copilot_custom_agent_short %} + +1. Go to the agents tab at [https://github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). +1. Using the dropdown menus in the text box, select the repository and branch you want the custom agent to work in. +1. Click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %}, then click **{% octicon "plus" aria-label="Plus button" %} Create a custom agent**. +1. An {% data variables.copilot.agent_profile %} template called `my-agent.agent.md` will open in the `.github/agents` directory, in the repository you chose. Name the file `cleanup-specialist.agent.md` and paste in the example {% data variables.copilot.agent_profile %}. +1. Commit and merge this file into your repository's default branch. Go back to the agents tab (you may need to refresh the page), and in the text box, select your "cleanup-specialist" agent from the dropdown. +1. In the text box, enter a task for the agent (such as the example below) and click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. + + ```copilot copy + Refactor and clean up any messy or inconsistent code in the `src/utils` directory, then document the improvements you made. + ``` + +The agent task will appear on the page below the text box. You can click into the task and follow along with the agent. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). + {% data reusables.copilot.custom-agents-further-reading %} diff --git a/content/copilot/tutorials/customization-library/custom-agents/implementation-planner.md b/content/copilot/tutorials/customization-library/custom-agents/implementation-planner.md index 8bb9dd2864e6..e147a347e50e 100644 --- a/content/copilot/tutorials/customization-library/custom-agents/implementation-planner.md +++ b/content/copilot/tutorials/customization-library/custom-agents/implementation-planner.md @@ -41,7 +41,7 @@ When creating implementation plans, use this structure (adapt sections based on - Success criteria (what does "done" look like?) - Who will use this and how? -## Technical Approach +## Technical Approach - High-level architecture and key technology choices - Important APIs, data structures, or integrations - Major technical decisions and trade-offs @@ -75,4 +75,19 @@ For each phase, list specific tasks with complexity estimates (Small/Medium/Larg Adjust the detail level based on your needs - solo projects might need less formal documentation, while team projects benefit from more thorough planning. Focus on creating a roadmap that helps you stay organized and make progress. ``` +## How to use this {% data variables.copilot.copilot_custom_agent_short %} + +1. Go to the agents tab at [https://github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). +1. Using the dropdown menus in the text box, select the repository and branch you want the custom agent to work in. +1. Click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %}, then click **{% octicon "plus" aria-label="Plus button" %} Create a custom agent**. +1. An {% data variables.copilot.agent_profile %} template called `my-agent.agent.md` will open in the `.github/agents` directory, in the repository you chose. Name the file `implementation-planner.agent.md` and paste in the example {% data variables.copilot.agent_profile %}. +1. Commit and merge this file into your repository's default branch. Go back to the agents tab (you may need to refresh the page), and in the text box, select your "implementation-planner" agent from the dropdown. +1. In the text box, enter a task for the agent (such as the example below) and click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. + + ```copilot copy + Create a detailed implementation plan for adding user authentication to our web app, including technical approach, phases, and risk assessment. + ``` + +The agent task will appear on the page below the text box. You can click into the task and follow along with the agent. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). + {% data reusables.copilot.custom-agents-further-reading %} diff --git a/content/copilot/tutorials/customization-library/custom-agents/your-first-custom-agent.md b/content/copilot/tutorials/customization-library/custom-agents/your-first-custom-agent.md index eb304ffe8be7..ad901c5e8648 100644 --- a/content/copilot/tutorials/customization-library/custom-agents/your-first-custom-agent.md +++ b/content/copilot/tutorials/customization-library/custom-agents/your-first-custom-agent.md @@ -74,10 +74,10 @@ Test this agent by giving it a task to complete: 1. Go to the agents tab at [https://github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). 1. Using the dropdown menus in the text box, select the repository and branch you're comfortable testing with (ideally one with a minimal or outdated README). -1. Click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %}, then click **{% octicon "plus" aria-label="Plus button" %} Create an agent**. +1. Click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %}, then click **{% octicon "plus" aria-label="Plus button" %} Create a custom agent**. 1. An {% data variables.copilot.agent_profile %} template called `my-agent.agent.md` will open in the `.github/agents` directory, in the repository you chose. Name the file `readme-specialist.agent.md` and paste in the example {% data variables.copilot.agent_profile %}. 1. Commit and merge this file into your repository's default branch. Go back to the agents tab (you may need to refresh the page), and in the text box, select your "readme-specialist" agent from the dropdown. -1. In the text box, enter a task for the agent (such as the example below) and click **{% octicon "paper-airplane" aria-label="Start task" %} Start task** or press Return. +1. In the text box, enter a task for the agent (such as the example below) and click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. ```copilot copy Please review and improve our README.md file. diff --git a/content/copilot/tutorials/customization-library/prompt-files/create-readme.md b/content/copilot/tutorials/customization-library/prompt-files/create-readme.md index ad662631d3af..2f23b8646691 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/create-readme.md +++ b/content/copilot/tutorials/customization-library/prompt-files/create-readme.md @@ -23,7 +23,7 @@ This prompt file creates professional, comprehensive README files by analyzing y ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Create a comprehensive README.md file for the project' --- diff --git a/content/copilot/tutorials/customization-library/prompt-files/document-api.md b/content/copilot/tutorials/customization-library/prompt-files/document-api.md index b918473da58c..8d468fdad123 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/document-api.md +++ b/content/copilot/tutorials/customization-library/prompt-files/document-api.md @@ -23,7 +23,7 @@ This prompt file generates OpenAPI 3.0 specifications for REST API endpoints by ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Generate OpenAPI 3.0 specification for API endpoints' --- diff --git a/content/copilot/tutorials/customization-library/prompt-files/generate-unit-tests.md b/content/copilot/tutorials/customization-library/prompt-files/generate-unit-tests.md index 084066447e77..cdc10a7bf271 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/generate-unit-tests.md +++ b/content/copilot/tutorials/customization-library/prompt-files/generate-unit-tests.md @@ -23,7 +23,7 @@ This prompt file generates focused unit tests for specific functions or methods, ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Generate unit tests for selected functions or methods' --- diff --git a/content/copilot/tutorials/customization-library/prompt-files/onboarding-plan.md b/content/copilot/tutorials/customization-library/prompt-files/onboarding-plan.md index 65bc684de940..79a2a6a06e06 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/onboarding-plan.md +++ b/content/copilot/tutorials/customization-library/prompt-files/onboarding-plan.md @@ -21,7 +21,7 @@ contentType: tutorials ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Help new team members onboard with a phased plan and suggestions for first tasks.' --- diff --git a/content/copilot/tutorials/customization-library/prompt-files/review-code.md b/content/copilot/tutorials/customization-library/prompt-files/review-code.md index b8efaf4d2ecb..8055f67c1be2 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/review-code.md +++ b/content/copilot/tutorials/customization-library/prompt-files/review-code.md @@ -25,7 +25,7 @@ You can also use {% data variables.copilot.copilot_code-review_short %} in {% da ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Perform a comprehensive code review' --- diff --git a/content/copilot/tutorials/customization-library/prompt-files/your-first-prompt-file.md b/content/copilot/tutorials/customization-library/prompt-files/your-first-prompt-file.md index c25ea457bf12..db497bc297fd 100644 --- a/content/copilot/tutorials/customization-library/prompt-files/your-first-prompt-file.md +++ b/content/copilot/tutorials/customization-library/prompt-files/your-first-prompt-file.md @@ -32,7 +32,7 @@ Start with this simple prompt file that helps you write clear, well-documented c ```text copy --- -mode: 'agent' +agent: 'agent' description: 'Generate a clear code explanation with examples' --- diff --git a/content/copilot/tutorials/image.png b/content/copilot/tutorials/image.png new file mode 100644 index 000000000000..d0a7d9539eee Binary files /dev/null and b/content/copilot/tutorials/image.png differ diff --git a/content/copilot/tutorials/index.md b/content/copilot/tutorials/index.md index e60355bcb8a2..09ed26940a01 100644 --- a/content/copilot/tutorials/index.md +++ b/content/copilot/tutorials/index.md @@ -26,8 +26,10 @@ children: - /review-ai-generated-code - /learn-a-new-language - /modernize-legacy-code + - /modernize-java-applications - /migrate-a-project - /plan-a-project + - /vibe-coding - /upgrade-projects redirect_from: - /copilot/using-github-copilot/guides-on-using-github-copilot @@ -37,10 +39,11 @@ layout: bespoke-landing sidebarLink: text: All tutorials href: /copilot/tutorials -recommended: - - /copilot/tutorials/copilot-chat-cookbook - - /copilot/tutorials/customization-library - - /copilot/tutorials/roll-out-at-scale +carousels: + recommended: + - /copilot/tutorials/copilot-chat-cookbook + - /copilot/tutorials/customization-library + - /copilot/tutorials/roll-out-at-scale includedCategories: - Accelerate PR velocity - Automate simple user stories diff --git a/content/copilot/tutorials/modernize-java-applications.md b/content/copilot/tutorials/modernize-java-applications.md new file mode 100644 index 000000000000..e19d3b957d01 --- /dev/null +++ b/content/copilot/tutorials/modernize-java-applications.md @@ -0,0 +1,138 @@ +--- +title: Modernizing Java applications with GitHub Copilot +shortTitle: Modernize Java applications +intro: '{% data variables.product.prodname_copilot %} can help modernize and migrate Java applications by assessing your codebase, identifying upgrade paths, and automating remediation and containerization tasks.' +versions: + feature: copilot +contentType: tutorials +category: + - Modernize applications + - Author and optimize with Copilot +--- + + + + + +The {% data variables.product.prodname_copilot %} app modernization extension in {% data variables.product.prodname_vscode %} automates Java upgrades by identifying outdated frameworks, deprecated APIs, and upgrade blockers. {% data variables.copilot.copilot_coding_agent %} applies code changes, updates build files, and resolves build and CVE issues for you. + +The recommendations and reporting produced by the extension can help your teams adopt new technologies quickly and reduce technical debt. {% data variables.product.prodname_copilot_short %} guides you through upgrades with actionable steps and summaries, accelerating and securing your migrations while reducing manual effort. + +For extension capabilities, setup, and user interface instructions, see [The GitHub Copilot app modernization documentation](https://learn.microsoft.com/en-us/azure/developer/github-copilot-app-modernization/) in the Microsoft documentation. + +## Modernization framework + +When you start an agent session using the [Java upgrade extension](https://marketplace.visualstudio.com/items?itemName=vscjava.vscode-java-upgrade), the extension will help you modernize your Java application using the following framework. + +* **Perform assessment tasks**. The extension can analyze code, configuration, and dependencies, providing an assessment of your application's current state. +* **Create a customizable modernization plan**. Based on the assessment, the extension can suggest a modernization path, including necessary framework and library updates. +* **Early identification of issues**. The extension identifies dependencies, outdated libraries and language features, and potential migration issues. The extension provides actionable strategies to remediate problems. +* **Customize your plan**. Edit the modernization plan to your application's specific needs, such as incorporating organizational standards and practices, excluding certain components, or prioritizing specific features or design patterns. +* **Implement your plan**. The extension can assist in applying code changes, updating build files, refactoring deprecated APIs, and resolving build and syntax issues. The extension will automatically fix build errors and perform test validations after each step to ensure stability and error-free changes. +* **Review your changes**. The extension can produce a detailed upgrade report, summarizing the changes applied, and listing any unaddressed issues and remaining steps for your modernization. +* **Generate unit tests**. The extension automatically evaluates existing tests, and generates new test files and adds them to the workspace. A report is produced summarizing the pre- and post-generation test results. +* **Containerize your application**. The extension can automatically generate Dockerfiles, build images, and validate everything for your modernized application to run within the container services such as Azure Kubernetes Service (AKS), Azure Container Apps (ACA), and AKS Automatic, enabling easier deployment and scalability. +* **Prepare for deployment**. The extension can help you prepare your application for containerization and deployment, by generating deployment artifacts such as scripts and configurations. +* **Automate deployment to Azure**. The extension can help you deploy or provision your modernized application to Azure, generating necessary artifacts and Azure resources, and performing execution steps. + +You can improve your team's understanding of the application codebase, and save time and effort by using {% data variables.product.prodname_copilot_short %} to help with complex modernization tasks such as: + +* Reverse engineering and code transformation +* Vulnerability and dependency analysis, and code behavior checks and remediation +* Automated generation of assets, documentation, and upgrade reports +* Test generation and evaluation +* Deployment automation + +## Modernization workflow overview + +In this example, we'll walk through the high-level steps to modernize a Java application using the {% data variables.product.prodname_copilot %} app modernization extension in {% data variables.product.prodname_vscode %}. + +For detailed prerequisites and instructions, see [Quickstart: upgrade a Java project with {% data variables.product.prodname_copilot %} app modernization](https://learn.microsoft.com/en-us/java/upgrade/quickstart-upgrade) in the Microsoft documentation. + +> [!NOTE] +> During the modernization workflow, you may frequently be prompted by {% data variables.copilot.copilot_coding_agent %} for confirmation before it performs specific actions. + +### 1. Open your Java project + +Use {% data variables.product.prodname_vscode_shortname %} to open your project folder. + +#### Suggested actions + +* Ensure your project builds successfully before proceeding. +* If you encounter build issues, you can use {% data variables.product.prodname_copilot_short %} to help resolve them before starting the modernization process. + +### 2. Start a modernization workspace + +Launch {% data variables.copilot.copilot_chat_short %} and start a new session in agent mode. Choose **{% data variables.product.prodname_copilot %} app modernization – upgrade for Java** from the available tools. + +### 3. Analyze your project for upgrade opportunities + +{% data variables.product.prodname_copilot_short %} will scan your codebase. The analysis includes: + +* Detection of outdated frameworks (for example, Spring Boot, Jakarta EE, Java SE versions). +* Identification of deprecated APIs and obsolete patterns. +* Suggestions for upgrade opportunities. + +You can review the findings and a structured upgrade plan in the editor, which will display: + +* Current and recommended versions for frameworks and dependencies. +* Code locations requiring migration or refactoring. +* Upgrade blockers or incompatible dependencies. + +#### Suggested actions + +* Review and customize the modernization plan before proceeding with the upgrade. + +### 4. Apply {% data variables.product.prodname_copilot_short %} upgrade recommendations + +Use {% data variables.product.prodname_copilot_short %} to apply or review code changes, update build files, and refactor APIs. + +If build errors are found, {% data variables.product.prodname_copilot_short %} can enter a fix-and-test loop until the project compiles cleanly. + +{% data variables.copilot.copilot_coding_agent %} automated changes can include: + +* Updating `pom.xml` or `build.gradle` files for new dependency versions. +* Generating pull requests or committing changes directly. +* Refactoring code for API changes. For example, migrating from `javax.*` to `jakarta.*` namespaces. +* Suggesting or applying code transformations to address breaking changes. + +{% data variables.product.prodname_copilot_short %} will iterate and continue to fix errors until the project builds successfully and there are no more issues that require fixing. It's possible that minor issues that don't require immediate fixes may remain. These will not prevent the upgrade from completing. + +#### Suggested actions + +* Review all code changes in your diff editor before accepting. +* Use {% data variables.product.prodname_copilot_short %} to further explain and document code changes. +* When the extension prompts you to, accept the options to check modified dependencies for known CVEs, and to validate code behavior for consistency. +* Review any issues remaining and evaluate their importance. + +### 5. View the upgrade report and suggested next steps + +After the upgrade process is complete, {% data variables.product.prodname_copilot_short %} will generate a summary upgrade report that includes: + +* Project information. +* Lines of code changed. +* Updated dependencies. +* Summarized code changes. +* Fixed CVE security and code inconsistency issues, if any. +* Unaddressed minor CVE issues. + +#### Suggested actions + +* Review the report to understand the changes made. +* Follow any suggested next steps to finalize your modernization. + +### Completing the modernization + +Further work to support your modernization may include: + +* **Checking** the initial modernization and code changes thoroughly. Ensure your company's coding standards and best practices are met. +* **Reviewing** modified code closely. For example, check that the generated code fits the purpose and architecture of your project. For more suggestions, see [AUTOTITLE](/copilot/tutorials/review-ai-generated-code). +* **Bug fixing**. Check specific content for subtle errors, and use your own debugging and linting tools to evaluate new content. +* **Writing tests** and identifying gaps in testing for the upgraded project. +* **Cleaning up** the project by removing any files that are no longer needed. +* **Refactoring** the code in the new language. The modernization process may have resulted in a project whose architecture was based on that of your original project, but that is no longer the ideal or optimum solution for your needs. You may now want to refactor the code to make best use of features of the language and the framework used. +* **Updating documentation**. Your project information and contributing files may now be out of date and need to be rewritten. +* **Containerization**. Update your application code, generate containerization files like Dockerfiles, and build the image to test the validity. If needed, {% data variables.product.prodname_copilot_short %} can perform these containerization tasks, and also create a comprehensive plan detailing the next steps. +* **Deploying** the modernized application to your target environments, including cloud platforms such as Microsoft Azure. + + diff --git a/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md b/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md index d19da338291f..bf47978e1310 100644 --- a/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md +++ b/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md @@ -18,6 +18,9 @@ redirect_from: - /copilot/tutorials/rolling-out-github-copilot-at-scale/measure-adoption/analyze-usage-over-time - /copilot/tutorials/roll-out-at-scale/measure-adoption allowTitleToDifferFromFilename: true +category: + - Copilot usage metrics + - Measure success --- {% data reusables.copilot.usage-metrics-preview %} diff --git a/content/copilot/tutorials/roll-out-at-scale/drive-downstream-impact/reduce-security-debt.md b/content/copilot/tutorials/roll-out-at-scale/drive-downstream-impact/reduce-security-debt.md index 4cb114b6e986..fe61f99ca616 100644 --- a/content/copilot/tutorials/roll-out-at-scale/drive-downstream-impact/reduce-security-debt.md +++ b/content/copilot/tutorials/roll-out-at-scale/drive-downstream-impact/reduce-security-debt.md @@ -21,17 +21,17 @@ category: {% data reusables.copilot.identify-barriers-intro %} -As development teams works to deliver new features and keep their applications running smoothly, their focus is often on speed and functionality. However, over time, small issues can accumulate, such as: +Development teams often focus on speed and functionality to deliver new features and keep applications running smoothly. Over time, small issues can accumulate, such as: -* Known security weaknesses that haven't been fixed +* Known security weaknesses that remain unfixed * Reliance on older software components with potential flaws -* Delays in addressing problems when they are discovered +* Delays in addressing discovered problems -For many organizations, this accumulation of unresolved security issues and outdated components creates a significant backlog—a **security debt**. +This creates a **security debt**, a significant backlog of issues. -This debt carries real risks. The longer it goes unaddressed, the larger it can grow and the more costly it becomes to resolve. A large security debt can leave systems vulnerable to attacks, expose sensitive data, and ultimately erode customer trust and impact the bottom line. +Security debt carries real risks. The longer it goes unaddressed, the larger and more costly it becomes. Large security debt leaves systems vulnerable to attacks, exposes sensitive data, and erodes customer trust. -The challenge is to balance the need for rapid development with the crucial responsibility of maintaining a secure and stable software environment. +The challenge is balancing rapid development with maintaining a secure and stable software environment. ## 2. Evaluate your options @@ -41,29 +41,28 @@ The challenge is to balance the need for rapid development with the crucial resp ### How {% data variables.product.prodname_copilot_short %} can help -{% data variables.product.prodname_copilot %} can help mitigate security debt by integrating security considerations directly into the development lifecycle. Its capabilities can make it easier for developers to proactively identify and address potential vulnerabilities and keep their projects up-to-date. +{% data variables.product.prodname_copilot_short %} integrates security considerations directly into the development lifecycle. This helps developers proactively identify and address potential vulnerabilities while keeping projects up-to-date. -{% data variables.product.prodname_copilot_short %} can help reduce security vulnerabilities throughout the software development lifecycle. +{% data variables.product.prodname_copilot_short %} reduces security vulnerabilities throughout the software development lifecycle. #### During development -{% data variables.product.prodname_copilot_short %} proactively reviews code as it's written, leveraging its understanding of common security flaws and patterns to flag areas that might be susceptible to exploitation. This real-time analysis can surface hidden vulnerabilities that might otherwise be missed during standard development or initial security reviews. +{% data variables.product.prodname_copilot_short %} reviews code as you write it. It uses its understanding of common security flaws to flag areas that might be vulnerable to exploitation. This real-time analysis surfaces hidden vulnerabilities that might be missed during standard development or initial security reviews. -When issues are identified, {% data variables.product.prodname_copilot_short %} can instantly suggest actionable code changes to remediate vulnerabilities, empowering developers to address weaknesses early in the development cycle and prevent security debt from accumulating. +When {% data variables.product.prodname_copilot_short %} identifies issues, it suggests code changes to fix vulnerabilities. This empowers you to address weaknesses early and prevent security debt from accumulating. #### Ongoing maintenance -{% data variables.product.prodname_copilot_short %} integrates with {% data variables.product.github %}'s code scanning capabilities to keep your existing codebase secure. When code scanning identifies a potential security alert, {% data variables.copilot.copilot_autofix_short %} can intelligently analyze the vulnerability and provide targeted, context-specific recommendations to resolve it. +{% data variables.product.prodname_copilot_short %} integrates with {% data variables.product.github %}'s code scanning capabilities to keep your existing codebase secure. When code scanning identifies a security alert, {% data variables.copilot.copilot_autofix_short %} analyzes it and provides targeted recommendations to resolve it. -These concrete fix suggestions streamline remediation, reducing the time developers spend researching vulnerabilities and figuring out how to address them. As a result, security alerts are resolved more efficiently and are less likely to linger or contribute to ongoing security debt. +These suggested fixes reduce the time you spend researching vulnerabilities and determining how to address them. This helps you resolve security alerts more efficiently and prevents ongoing security debt. ### Cultural considerations {% data reusables.copilot.cultural-factors-intro %} -* Teams might **ignore or defer security debt**, allowing inefficient and vulnerable systems to persist. This could be caused by a deadline-driven focus on features, or a lack of education about the long-term impact of security debt. -* Teams might **build overly complex solutions** for simple problems, which makes code harder to maintain and security issues harder to detect. This could be caused by a desire to future-proof -unnecessarily or pressure to add value through complexity. +* Teams might **ignore or defer security debt**. This allows inefficient and vulnerable systems to persist. This could be caused by a deadline-driven focus on features or a lack of education about the long-term impact of security debt. +* Teams might **build overly complex solutions** for simple problems. This makes code harder to maintain and security issues harder to detect. This could be caused by a desire to future-proof unnecessarily or by pressure to add value through complexity. ## 3. Implement changes @@ -76,50 +75,50 @@ unnecessarily or pressure to add value through complexity. ### Analyze your code for security vulnerabilities -Depending on the size of your codebase, {% data variables.product.prodname_copilot_short %} may not be able to analyze the entire project while developers are writing code, due to context restraints. However, developers can adopt a practice of asking {% data variables.product.prodname_copilot_short %} to analyze specific files for insecure code practices. +Depending on the size of your codebase, {% data variables.product.prodname_copilot_short %} may not be able to analyze your entire project while you are writing code. This is due to context constraints. However, you can ask it to analyze specific files for insecure code practices. 1. Open the files to analyze in {% data variables.product.prodname_vscode %}. 1. In {% data variables.copilot.copilot_chat_short %}, ask: `Analyze this code for potential security vulnerabilities and suggest fixes` - You can also use the `#file` chat variable to specifically include a file's content in the prompt, or use prompt files and custom instructions to guide {% data variables.product.prodname_copilot_short %}'s responses. + Use the `#file` chat variable to specifically include a file's content in the prompt. You can also use prompt files and custom instructions to guide {% data variables.product.prodname_copilot_short %}'s responses. -1. {% data variables.copilot.copilot_chat_short %} will analyze the code, identify the security vulnerabilities, and suggest the appropriate fixes. +1. {% data variables.copilot.copilot_chat_short %} analyzes the code, identifies security vulnerabilities, and suggests fixes. 1. Review the suggested changes and apply them as appropriate. -Other examples of prompts include: +Other examples of prompts: * `Are there any security vulnerabilities in my code? If so, can you explain them and suggest fixes?` * `Does this code follow secure code best practices? If not, what specific improvements can I make?` * `What are the potential security risks in this code if it were deployed to production? How can I mitigate them?` ### Use {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts -{% data variables.copilot.copilot_autofix_short %} is a component of {% data variables.product.prodname_GH_code_security %} that can suggest potential fixes to {% data variables.product.prodname_code_scanning %} alerts. {% data variables.copilot.copilot_autofix_short %} is available in public repositories and repositories with a license for {% data variables.product.prodname_GH_code_security %}. +{% data variables.copilot.copilot_autofix_short %} is a part of {% data variables.product.prodname_GH_code_security %} that suggests potential fixes to {% data variables.product.prodname_code_scanning %} alerts. It is available in public repositories and repositories with a license for {% data variables.product.prodname_GH_code_security %}. -When someone runs a code scan on a repository, potential issues are raised as {% data variables.product.prodname_code_scanning %} alerts in the repository. Developers can resolve the alerts by following this flow: +When you run a code scan on a repository, potential issues are raised as {% data variables.product.prodname_code_scanning %} alerts. Resolve the alerts by following these steps: 1. Open an alert on GitHub. -1. Click **Generate fix**, which is displayed if Copilot can resolve the alert. -1. {% data variables.copilot.copilot_autofix_short %} will generate a potential fix for this alert, showing you the code changes in the alert itself. It then gives you the option to commit this code change to a new branch or an existing branch. -1. At this point you can test the code, then open a pull request to move the changes to the main branch. -1. Once you move the changes to the main branch and {% data variables.product.prodname_code_scanning %} verifies the alert is fixed, the alert will be closed automatically. +1. Click **Generate fix**. This displays when Copilot can resolve the alert. +1. {% data variables.copilot.copilot_autofix_short %} generates a potential fix and shows you the code changes in the alert. You can commit this code change to a new branch or an existing branch. +1. Test the code. Then open a pull request to move the changes to the main branch. +1. After you move the changes to the main branch and {% data variables.product.prodname_code_scanning %} verifies the fix, the alert closes automatically. ### Best practices for developers Developers **should**: -* **Use {% data variables.copilot.copilot_chat_short %} regularly to analyze code snippets for vulnerabilities**: Make it a habit to proactively check code for security issues before committing changes. -* **Leverage {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts**: When alerts appear, use {% data variables.copilot.copilot_autofix_short %} as a first step to quickly address them. -* **Provide clear and specific prompts to {% data variables.copilot.copilot_chat_short %}**: The more detailed your request, the better {% data variables.product.prodname_copilot_short %} can analyze the code and suggest relevant fixes. For example, include the programming language and specific areas of concern in your prompts. -* **Combine {% data variables.product.prodname_copilot_short %} with existing security tools**: Use {% data variables.product.prodname_copilot_short %} as an additional layer of security analysis, not as a replacement for dedicated security scanners and practices. +* **Use {% data variables.copilot.copilot_chat_short %} regularly to analyze code snippets for vulnerabilities**. Make it a habit to check code for security issues before committing changes. +* **Use {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts**. When alerts appear, use {% data variables.copilot.copilot_autofix_short %} as a first step to quickly address them. +* **Provide clear and specific prompts to {% data variables.copilot.copilot_chat_short %}**. The more detailed your request, the better {% data variables.product.prodname_copilot_short %} can analyze the code and suggest relevant fixes. For example, include the programming language and specific areas of concern. +* **Combine {% data variables.product.prodname_copilot_short %} with existing security tools**. Use {% data variables.product.prodname_copilot_short %} as an additional layer of security analysis, not as a replacement for dedicated security scanners and practices. Developers **should not**: -* **Automatically accept {% data variables.product.prodname_copilot_short %}'s security suggestions**: Always review and test the code changes suggested by {% data variables.product.prodname_copilot_short %} to ensure they are appropriate and effective. -* **Rely solely on {% data variables.product.prodname_copilot_short %} for comprehensive security audits**: {% data variables.product.prodname_copilot_short %} is a helpful tool, but it should not replace thorough security reviews and penetration testing. -* **Ignore {% data variables.product.prodname_code_scanning %} alerts**: Address all alerts promptly, even if they seem minor, to prevent the accumulation of security debt. -* **Use {% data variables.product.prodname_copilot_short %} as an excuse to avoid learning secure coding practices**: Continue to educate yourself and your team on security best practices. -* **Assume {% data variables.product.prodname_copilot_short %} will catch every vulnerability**: Security is an ongoing process, and vigilance is always necessary. -* **Use {% data variables.product.prodname_copilot_short %} to bypass security policies**: Adhere to your organization's security protocols, and use {% data variables.product.prodname_copilot_short %} as a tool to enhance them, not circumvent them. +* **Automatically accept {% data variables.product.prodname_copilot_short %}'s security suggestions**. Always review and test the suggested code changes to ensure they are appropriate and effective. +* **Rely solely on {% data variables.product.prodname_copilot_short %} for comprehensive security audits**. {% data variables.product.prodname_copilot_short %} is a helpful tool, but it should not replace thorough security reviews and penetration testing. +* **Ignore {% data variables.product.prodname_code_scanning %} alerts**. Address all alerts promptly, even if they seem minor, to prevent the accumulation of security debt. +* **Use {% data variables.product.prodname_copilot_short %} as an excuse to avoid learning secure coding practices**. Continue to educate yourself and your team on security best practices. +* **Assume {% data variables.product.prodname_copilot_short %} will catch every vulnerability**. Security is an ongoing process, and vigilance is always necessary. +* **Use {% data variables.product.prodname_copilot_short %} to bypass security policies**. Adhere to your organization's security protocols. Use {% data variables.product.prodname_copilot_short %} as a tool to enhance them, not circumvent them. ### Resources for developers @@ -131,7 +130,7 @@ Developers **should not**: {% data reusables.copilot.measure-changes-intro %} -* **Security debt ratio**: Use security overview to see if the number of alerts falls over time. -* **Time to remediate security issues**: Use security overview to see if the time to remediate security issues falls over time. +* **Security debt ratio**. Use security overview to see if the number of alerts falls over time. +* **Time to remediate security issues**. Use security overview to see if the time to remediate security issues falls over time. See [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk). diff --git a/content/copilot/tutorials/roll-out-at-scale/measure-success.md b/content/copilot/tutorials/roll-out-at-scale/measure-success.md index f2ad1ef7804f..f11867d7fa63 100644 --- a/content/copilot/tutorials/roll-out-at-scale/measure-success.md +++ b/content/copilot/tutorials/roll-out-at-scale/measure-success.md @@ -1,7 +1,7 @@ --- title: Measuring the success of a GitHub Copilot trial shortTitle: Measure trial success -intro: Learn how to use {% data variables.product.prodname_copilot_short %} usage metrics to evaluate your trial, interpret adoption and engagement results, and decide how to monitor usage going forward. +intro: Measure the success of a {% data variables.product.prodname_copilot_short %} trial by analyzing adoption, engagement, and early usage patterns using {% data variables.product.prodname_copilot_short %} usage metrics. permissions: '{% data reusables.copilot.usage-metrics-permissions %}' versions: feature: copilot @@ -10,6 +10,11 @@ topics: - Copilot - Enterprise allowTitleToDifferFromFilename: true +category: + - Copilot usage metrics + - Measure success + - Track Copilot usage + - Manage Copilot for a team --- When your organization runs a {% data variables.product.prodname_copilot_short %} trial, the key to success is understanding how teams adopt and use {% data variables.product.prodname_copilot_short %}. @@ -38,6 +43,10 @@ Setting clear goals makes it easier to interpret results and communicate value t ## Step 2: View adoption and engagement metrics in the dashboard +> [!NOTE] +> * The {% data variables.product.prodname_copilot_short %} usage metrics dashboard reports data at the enterprise level. +> * Organization-level metrics are available through the {% data variables.product.prodname_copilot_short %} usage metrics APIs and exports. + {% data reusables.copilot.access-copilot-metrics-dashboard %} The dashboard shows 28 days of aggregated IDE telemetry data for all licensed users in your enterprise. Focus on these **key metrics** during your trial: @@ -84,7 +93,7 @@ After your trial, you can continue monitoring adoption and engagement through th ### Retrieve enterprise-wide data -You can use the {% data variables.product.prodname_copilot_short %} Metrics API to download 28-day usage reports for your enterprise. These reports include the same dataset shown in the {% data variables.product.prodname_copilot_short %} usage metrics dashboard. The API provides two endpoints. +You can use the {% data variables.product.prodname_copilot_short %} usage metrics endpoints to download 28-day usage reports for your enterprise. These reports include the same dataset shown in the {% data variables.product.prodname_copilot_short %} usage metrics dashboard. The API provides two endpoints. | Endpoint | Description | |:--|:--| diff --git a/content/copilot/tutorials/speed-up-development-work.md b/content/copilot/tutorials/speed-up-development-work.md index 613c5f0b1750..57d79ef25d57 100644 --- a/content/copilot/tutorials/speed-up-development-work.md +++ b/content/copilot/tutorials/speed-up-development-work.md @@ -16,22 +16,26 @@ category: - Author and optimize with Copilot --- -If you're starting a new feature, trying to understand a system, or picking up a task in a codebase you’re still learning, {% data variables.copilot.copilot_spaces %} can help you: +{% data variables.copilot.copilot_spaces %} helps you work faster when starting a new feature, understanding a system, or picking up a task in an unfamiliar codebase. -* Stay focused by organizing the context you need in one place. -* Get better help from {% data variables.product.prodname_copilot_short %} by grounding it in relevant code and documentation. -* Move faster without switching between tools or asking others for background information. +Use {% data variables.copilot.copilot_spaces_short %} to: + +* Organize the context you need in one place. +* Provide {% data variables.product.prodname_copilot_short %} with relevant code and documentation. +* Reduce time spent switching between tools or asking others for background information. To create a space, go to [https://github.com/copilot/spaces](https://github.com/copilot/spaces?ref_product=copilot&ref_type=engagement&ref_style=text), and click **Create space**. -Below are some examples of how to use {% data variables.copilot.copilot_spaces_short %} to help you with development work. +The examples in this article show you how to use {% data variables.copilot.copilot_spaces_short %} for common development tasks. ## Developing a new feature -When working on a specific feature, you can save time and produce higher-quality results by using a space. Add the relevant code, a product spec, and any supporting materials—like notes from a design review or mockup images. {% data variables.product.prodname_copilot_short %} can help you: +Create a space when you start working on a specific feature. Add the relevant code, a product specification, and any supporting materials. Supporting materials can include notes from a design review or mockup images. + +{% data variables.product.prodname_copilot_short %} can help you: * Summarize how the current implementation works. -* Suggest changes or additions based on the spec. +* Suggest changes or additions based on the specification. * Draft a first implementation or outline next steps. * Flag missing elements or inconsistencies. @@ -43,12 +47,14 @@ When working on a specific feature, you can save time and produce higher-quality ## Defining the logic for a small, frequent task -When working on repetitive tasks like tracking telemetry events or handling event emissions, it’s useful to document the logic once and share it with others through {% data variables.copilot.copilot_spaces_short %}. This allows everyone to stay consistent and saves time when performing the task. If you have a process flowchart for a task, you can upload this to your space for reference. {% data variables.product.prodname_copilot_short %} can assist by: +Document the logic for repetitive tasks once and share it through a space. This approach keeps everyone consistent and saves time. Tasks like tracking telemetry events or handling event emissions benefit from this approach. + +If you have a process flowchart, upload it to your space for reference. {% data variables.product.prodname_copilot_short %} can: -* Suggesting efficient patterns based on your previous work. -* Helping write reusable functions or templates. -* Reviewing the logic to ensure it aligns with project standards. -* Providing examples of how similar tasks have been handled in the codebase. +* Suggest efficient patterns based on your previous work. +* Help write reusable functions or templates. +* Review the logic to ensure it aligns with project standards. +* Provide examples of how similar tasks have been handled in the codebase. **Instructions**: > You help developers implement telemetry events. You should (1) validate what the user's goals are for the event, (2) propose a new event structure based on examples of existing events (and using the common telemetry schema), and (3) create a new version of the telemetry config file. @@ -58,11 +64,13 @@ When working on repetitive tasks like tracking telemetry events or handling even ## Sharing knowledge with teammates -In situations where people tend to ask similar questions, such as how authentication or search works in your project, {% data variables.product.prodname_copilot_short %} can help: +Create a space for topics where people tend to ask similar questions. For example, questions about how authentication or search works in your project. + +{% data variables.product.prodname_copilot_short %} can: * Explain how the code works. -* Answer questions grounded in the latest documentation. -* Guide new team members on the best practices. +* Answer questions based on the latest documentation. +* Guide new team members on best practices. **Instructions**: > You contain the code and documentation associated with our authentication system. @@ -72,16 +80,17 @@ In situations where people tend to ask similar questions, such as how authentica ## Hands-on practice -Try the [Scale institutional knowledge using Copilot Spaces](https://github.com/skills/scale-institutional-knowledge-using-copilot-spaces) Skills exercise for practical experience to do the following: -* Centralize scattered project management knowledge in Copilot Spaces -* Convert tacit team insights into searchable, versioned artifacts -* Give all team members equal access to processes, decisions, and rationale -* Connect a repository as a structured knowledge source -* Extract, refine, and standardize workflows collaboratively -* Feed validated improvements back into living documentation -* Accelerate onboarding and reduce single-person dependency risk -* Enable consistent, repeatable project execution +Try the [Scale institutional knowledge using Copilot Spaces](https://github.com/skills/scale-institutional-knowledge-using-copilot-spaces) Skills exercise for practical experience. This exercise shows you how to: + +* Centralize scattered project management knowledge in Copilot Spaces. +* Convert team insights into searchable, versioned artifacts. +* Give all team members equal access to processes, decisions, and rationale. +* Connect a repository as a structured knowledge source. +* Extract, refine, and standardize workflows collaboratively. +* Feed validated improvements back into living documentation. +* Accelerate onboarding and reduce single-person dependency risk. +* Enable consistent, repeatable project execution. ## Next steps -Once you’ve created a space to help with development tasks, consider sharing it with your team to reduce handoffs and repeated questions. See [AUTOTITLE](/copilot/using-github-copilot/copilot-spaces/collaborating-with-your-team-using-copilot-spaces). +After you create a space to help with development tasks, consider sharing it with your team to reduce handoffs and repeated questions. See [AUTOTITLE](/copilot/using-github-copilot/copilot-spaces/collaborating-with-your-team-using-copilot-spaces). diff --git a/content/copilot/tutorials/upgrade-projects.md b/content/copilot/tutorials/upgrade-projects.md index b9bec70d4ac2..364f7cbf158a 100644 --- a/content/copilot/tutorials/upgrade-projects.md +++ b/content/copilot/tutorials/upgrade-projects.md @@ -16,9 +16,6 @@ category: - Author and optimize with Copilot --- -> [!NOTE] -> "GitHub Copilot app modernization – upgrade for Java" and "GitHub Copilot app modernization – Upgrade for .NET" are currently in {% data variables.release-phases.public_preview %} and subject to change. - ## Introduction {% data variables.product.prodname_copilot %} can help streamline the process of modernizing and upgrading your Java and .NET applications. {% data variables.product.prodname_copilot_short %} will analyze the project, generate a plan, automatically fix issues it encounters when carrying out the plan, and produce a summary. @@ -32,7 +29,7 @@ You can upgrade a Git-based Maven or Gradle Java project using {% data variables * For Maven-based projects, access to the public Maven Central repository. * Installed versions of both the source and target JDKs. -For the next steps, see [Quickstart: upgrade a Java project with GitHub Copilot App Modernization - upgrade for Java (preview)](https://learn.microsoft.com/en-gb/java/upgrade/quickstart-upgrade) on Microsoft Learn. +For an overview of the modernization workflow, see [AUTOTITLE](/copilot/tutorials/modernize-java-applications). ## Upgrading .NET projects diff --git a/content/copilot/tutorials/use-custom-instructions.md b/content/copilot/tutorials/use-custom-instructions.md index bad2a2c2e460..be148e75dc5a 100644 --- a/content/copilot/tutorials/use-custom-instructions.md +++ b/content/copilot/tutorials/use-custom-instructions.md @@ -125,7 +125,7 @@ Use `copilot-instructions.md` for: **Example structure for `copilot-instructions.md`**: -```markdown +```markdown copy # General Code Review Standards ## Code Quality Essentials @@ -160,7 +160,7 @@ Use `*.instructions.md` files with the `applyTo` frontmatter property for: Create a file called `python.instructions.md` in the `.github/instructions` directory: -````markdown +````text copy --- applyTo: "**/*.py" --- @@ -201,7 +201,7 @@ with open('data.txt') as file: Create a file called `frontend.instructions.md` in the `.github/instructions` directory: -````markdown +````text copy --- applyTo: "src/components/**/*.{tsx,jsx}" --- @@ -248,7 +248,7 @@ Each file should have a clear, specific purpose and appropriate `applyTo` frontm Based on what works well with {% data variables.copilot.copilot_code-review_short %}, here's a recommended template for structuring your instructions: -````markdown +````text copy --- applyTo: "**/*.{js,ts}" # If this is a path-specific file --- @@ -365,7 +365,7 @@ Here's a complete example that incorporates all the best practices from this tut **File: `.github/copilot-instructions.md`** -```markdown +```markdown copy # General Code Review Standards ## Purpose @@ -412,7 +412,7 @@ Always prioritize security vulnerabilities and performance issues that could imp **File: `.github/instructions/typescript.instructions.md`** -````markdown +````text copy --- applyTo: "**/*.{ts,tsx}" --- diff --git a/content/copilot/tutorials/vibe-coding.md b/content/copilot/tutorials/vibe-coding.md new file mode 100644 index 000000000000..553f9580370a --- /dev/null +++ b/content/copilot/tutorials/vibe-coding.md @@ -0,0 +1,417 @@ +--- +title: Vibe coding with GitHub Copilot +shortTitle: Vibe coding +intro: 'Create an application without writing any code yourself.' +topics: + - Copilot +versions: + feature: copilot +contentType: tutorials +category: + - Author and optimize with Copilot +--- + +## Introduction + +{% data variables.product.prodname_copilot_short %} allows you to create a whole new application from scratch, add features, or alter the user interface, without writing a line of code yourself. You can work with {% data variables.product.prodname_copilot_short %}, entering prompts in the chat view—using the AI as your coding partner—and leave all of the actual coding to {% data variables.product.prodname_copilot_short %}. + +In this tutorial you'll work this way, in {% data variables.product.prodname_vscode_shortname %} or in a JetBrains IDE, to create a personal time-tracking web app. + +This method works well for developing a proof of concept, creating a draft of an application that you'll develop further using a more conventional approach to software development, or creating applications for your own personal use. + +> [!NOTE] +> The responses shown in this article are examples. {% data variables.copilot.copilot_chat_short %} responses are non-deterministic, so you may get different responses from the ones shown here. + +## Who is this tutorial for? + +- **Learner:** You're learning how to create software applications. You can learn a lot from working with {% data variables.product.prodname_copilot_short %} and seeing how it implements your requests. +- **Non-developer:** You're a product manager, or working in another role outside of an engineering team. You want to quickly create a proof of concept application to demonstrate some particular functionality. You're mainly concerned with the user experience, rather than the details of the code. +- **Individual:** You want to create an application to provide some useful functionality to help you in your daily work or home life. The application will run locally on your computer, and only you will use it, so you're not overly concerned about how the code was put together. + +This tutorial is not intended for experienced developers with an established practice of writing code in an editor. Experienced developers will use {% data variables.product.prodname_copilot_short %} in a different way—as tool for problem solving and increased productivity. In this tutorial, we'll work within chat and leave {% data variables.product.prodname_copilot_short %} to do all the work in the editor. + +## How long will this take? + +There are many variables that may affect how long you might take to complete this tutorial. However, you should allow for at least two hours. At any time you can return to it later, picking up from where you left off in the same conversation in {% data variables.copilot.copilot_chat_short %}. + +## Prerequisites + +Before getting started you must have the following: +* A [{% data variables.product.prodname_copilot %} subscription plan](/copilot/about-github-copilot/subscription-plans-for-github-copilot). +* One of these IDEs: + * {% data variables.product.prodname_vscode %} + * Any JetBrains IDE that supports {% data variables.product.prodname_copilot_short %}, with the {% data variables.product.prodname_copilot %} extension for JetBrains installed. See [AUTOTITLE](/copilot/how-tos/set-up/install-copilot-extension?tool=jetbrains). +* Some experience of using {% data variables.copilot.copilot_chat_short %} in either {% data variables.product.prodname_vscode %} or JetBrains. If you've never used {% data variables.copilot.copilot_chat_short %} before, see [AUTOTITLE](/copilot/how-tos/chat-with-copilot/chat-in-ide). + +## Preparation + +We'll create a time-tracking app in a new {% data variables.product.github %} repository. + +1. In the {% data variables.product.github %} website, create a new private repository for your application, including an initial README file. See [Creating a new repository](/repositories/creating-and-managing-repositories/creating-a-new-repository). +1. Clone a copy of the repository to your local machine. See [Cloning a repository](/repositories/creating-and-managing-repositories/cloning-a-repository). +1. In your local copy of the repository, create a new branch to work in. + + For example, in a terminal, use the command: + + ```bash copy + git checkout -b BRANCH-NAME + ``` + +## Researching with {% data variables.product.prodname_copilot_short %} + +1. In {% data variables.product.prodname_vscode_shortname %}, or your JetBrains IDE, open the repository directory as a new project or workspace. +1. Close any editor tabs that are currently open. + + Working in an empty project or workspace, with no editor tabs open, prevents {% data variables.product.prodname_copilot_short %} being influenced by any code or information in those tabs. + +1. Open a terminal window in the IDE. +1. Open {% data variables.copilot.copilot_chat_short %} and check, at the bottom of the chat view, that **Ask** is the currently selected chat mode. If it is not, select **Ask** from the chat mode dropdown. + + ![Screenshot of "Ask" being selected in the mode picker at the bottom of chat view.](/assets/images/help/copilot/ask-mode-selection.png) + +1. Choose a model from the models dropdown. + + > [!NOTE] + > The responses referred to in this tutorial were received while using Claude Sonnet 4.5. Other models will respond differently, but you should get roughly similar results. Claude Sonnet 4.5 is a good choice, if it's available, as it provides useful commentary in the chat view, explaining what it is doing, and giving detailed summaries when it has finished coding. + > + > If Claude Sonnet 4.5 is not available, set the model to **Auto** or select a model of your choice. + +1. Enter this prompt in the chat: + + ```copilot copy + I need to keep a daily log of what I've spent my time on. I want to build a time-tracking application to help me do this. Throughout the day I want to use the app to record what I'm working on as I move between tasks. At the end of the day it should show me the total time I've spent on each item. + + What are the typical features of such an app? + + What do I need to consider when building this app? + ``` + + {% data variables.product.prodname_copilot_short %} responds with details to answer your questions. + +1. Consider {% data variables.product.prodname_copilot_short %}'s response and ask for more information, as required, to clarify your thoughts about your application. + + For example, you might ask: + + ```copilot copy + Data storage: the application will run locally on my laptop. What's the best way to persistently store data so that I'll have access to historic time-tracking data? + + Data structure: How should I structure the data for this application? There will be tasks and projects. Each chunk of time will be associated with a task and some, but not all, tasks will be associated with projects. I will want to see totals for: each task, each project, each task per project. + ``` + +1. Continue to ask questions in the same chat conversation, to build up a clearer idea of the application you want to build. + + Keep your chat conversation open, as {% data variables.product.prodname_copilot_short %} will use this in the next series of steps. + +## Planning the implementation + +You can now start planning for an initial implementation of your application. It's a good idea to begin with a basic version of the application which you can iterate on. This makes it easier to get the fundamental functionality working, before adding features. + +1. In the same {% data variables.copilot.copilot_chat_short %} conversation you used in the previous section, switch from ask mode to plan mode by selecting **Plan** from the chat mode dropdown at the bottom of the chat view. +1. Enter this prompt: + + ```copilot copy + I want to build a time-tracking application that allows me to keep track of how much time I spend on tasks during my working day. This should be a web app that runs locally on my computer. Plan the implementation of a basic, initial version of this application. This first version should allow me to: + + - Add, edit and delete projects and tasks - each a name with a maximum of about 50 characters + - Quickly click to select a project and task and record the start time + - Click another task to stop the current timer, recording the stop time, and recording the start time for the new task + - Pause/resume/end the current task + - Display the totals of times I have spent on each: task, project, and task per project. + + Time is always recorded for a specific task. A task can optionally be associated with a project. + + Store data for each day, but for this version do not include any user interface or functionality for looking at historical data, or compiling statistics. The initial version of the application should be limited to today's time tracking. + + Notes: + - Tasks never overlap + - Time should be accurate to the minute by recording the day, hour, minute tasks are started and stopped and calculating the duration from this + - Design the web UI for display on a desktop monitor + - Keep things very simple for the initial version. Do not add any other features not mentioned in this prompt + ``` + + Copilot replies with something like: + + + > ### Plan: Build Time-Tracking Web Application + > + > A single-page web application for tracking daily task time using vanilla HTML/CSS/JavaScript with localStorage. The app displays projects/tasks in a sidebar, shows an active timer, and calculates daily totals by task and project. + > + > Steps + > + > 1. **Create project structure** with `index.html`, `styles.css`, `app.js`, and `storage.js` for a self-contained vanilla JavaScript application + > 2. **Implement data storage layer** in `storage.js` using localStorage with collections for `projects`, `tasks`, and `timeEntries`, including CRUD operations and ID generation + > 3. **Build HTML structure** in `index.html` with three main sections: left sidebar for project/task management, center panel for active timer and controls (start/pause/resume/stop), and right panel for daily totals + > 4. **Implement core timer logic** in `app.js` handling task selection (auto-stop previous, auto-start new), pause/resume/stop actions, and minute-precision time calculations storing `{ taskId, startTime, endTime, duration }` + > 5. **Create UI rendering functions** in `app.js` for project/task lists with inline edit/delete, active timer display with real-time updates, and totals panel aggregating by task, project, and task-per-project + > 6. **Style the interface** in `styles.css` with desktop-optimized three-column layout, clear visual states for active/paused timers, and simple forms for adding/editing projects and tasks + > + > + > Further Considerations + > + > 1. **Date handling** - Store all times as ISO strings and filter entries by today's date (`YYYY-MM-DD`). Should the day boundary be midnight or a custom time (e.g., 4am for late-night workers)? + > 2. **Timer display format** - Show elapsed time as `HH:MM` or `H hours M minutes`? Update every second or every minute? + > 3. **Unassigned tasks** - How to display tasks without projects in the UI? Separate "No Project" section at top/bottom of sidebar, or mixed alphabetically? + + +1. Answer the "Further Considerations" questions {% data variables.product.prodname_copilot_short %} raised. For example, you could respond with this prompt: + + ```copilot copy + - Date handling: only consider the local date. This app is only going to be used by one person in one timezone. Set the day boundary to 4 am. + - Time display: Show elapsed time as HH:MM. Don't track seconds. + - Unassigned tasks: I've changed my mind. All tasks should be associated with a project, but there should be a built-in project called "No Project" (which the user can't delete or rename). All tasks should be associated with this project until the user chooses another project. + + If the user is changing tasks for the same project then they should be able to do this with one click (assuming the new task has already been defined). If they are doing the same task but for a different project, this should also be possible to change with one click (assuming the new project is already defined). If they want to track time for a different task in a different project then they should be able to do this with 2 clicks. + ``` + + {% data variables.product.prodname_copilot_short %} may respond with further questions for your consideration. + +1. You can answer some or all of the questions, or, if you feel that the plan has enough detail, you can skip to the next stage. + + {% data variables.product.prodname_copilot_short %}'s responses are non-deterministic, so the questions it asks will vary, but let's assume its response included these questions: + + > **New task default project** - When adding a new task without specifying project, assign to "No Project" or to currently active/selected project? Recommend: Currently selected/active project with "No Project" as fallback. + > + > **Timer precision edge case** - If user switches tasks within the same minute (e.g., 10:30:15 to 10:30:45), should this create a 0-minute entry or be ignored? Recommend: Ignore and treat as immediate switch without recording. + + You might decide to respond to these questions by entering the prompt: + + ```copilot copy + New task default project - When adding a new task without actively specifying a project, use the currently selected/active project with "No Project" as the default when the user has not actively selected any other project. + + Timer precision edge case - If user switches or ends tasks within the same minute as the start time then delete this entry. Only time entries of more than one minute should be recorded. + ``` + +1. Continue iterating if you feel there are further questions that need answered. + +1. Keep your chat conversation open, as {% data variables.product.prodname_copilot_short %} will use this in the next series of steps. + +## Building your application with {% data variables.copilot.copilot_coding_agent %} + +When you think the plan contains enough detail: + +1. Click **Start Implementation** in the {% data variables.copilot.copilot_chat_short %} view. + + Depending on your IDE this will either start the agent immediately, or it will add "Start Implementation" as a prompt, which you should then submit. + + Notice that chat mode switches from "Plan" to "Agent". + +1. {% data variables.product.prodname_copilot_short %} will request your permission to perform actions such as editing sensitive files, running commands, or adding files to Git. + + * **In {% data variables.product.prodname_vscode_shortname %}:** click **Allow**. + + ![Screenshot of {% data variables.product.prodname_copilot_short %} in VS Code asking for permission to edit a sensitive file. The "Allow" button is highlighted.](/assets/images/help/copilot/allow-editing-files.png) + + Alternatively, click the arrow on the **Allow** button and click **Allow in this Session** in the dropdown menu. + + * **In JetBrains:** + + * When asked if you want to add a file to Git, select the **Don't ask again** checkbox, then click **Add**. + * When asked about running a command, click **Continue**. + + ![Screenshot of {% data variables.product.prodname_copilot_short %} in JetBrains asking for permission to run a command. The "Continue" button is highlighted.](/assets/images/help/copilot/continue-button-jetbrains.png) + + {% data variables.product.prodname_copilot_short %} will begin to implement an initial version of your application. + +1. If {% data variables.product.prodname_copilot_short %} finishes its response without completing the installation, or if {% data variables.product.prodname_copilot_short %} appears to have stalled, take the following remedial actions, as required: + + * **Missing component** + + If {% data variables.product.prodname_copilot_short %} says it cannot proceed because a required component needs to be installed (for example, Node.js), you can enter a prompt asking {% data variables.product.prodname_copilot_short %} to download and install the missing component. + + * **Process is taking a long time** + + Some steps may take several minutes to complete. Be patient and allow the agent to complete each part of the process. An animated spinner icon indicates that the agent is currently working on a command. + + For example, in JetBrains IDEs: + + ![Screenshot of the {% data variables.copilot.copilot_chat_short %} view. The spinner icon is highlighted with a red outline.](/assets/images/help/copilot/agent-working-spinner.png) + + * **Input required** + + Occasionally {% data variables.product.prodname_copilot_short %} will run a command that requires some manual input. + + If {% data variables.product.prodname_copilot_short %} appears to have stalled, check the IDE's terminal window to see if a command requires action from you. {% data variables.product.prodname_copilot_short %} will wait for you to enter a response in the terminal before continuing. + + * **Error messages** + + If you get any error messages while developing the application, copy the error message into the chat prompt box and ask {% data variables.product.prodname_copilot_short %} to fix the problem. + + > [!NOTE] + > You may have to iterate with {% data variables.product.prodname_copilot_short %} in this way, asking it to debug and fix problems, until it has a working application that you can view in your browser. + + * **{% data variables.product.prodname_copilot_short %}'s response appears to be stuck** + + If the spinner icon is displayed in a response but, after waiting for several minutes—and having checked that your input is not required in the terminal—nothing is happening, you can stop and restart the conversation. + + Click the cancel button at the bottom of the chat view. For example, in {% data variables.product.prodname_vscode_shortname %}: + + ![Screenshot of the cancel button at the bottom right of the chat view in {% data variables.product.prodname_vscode_shortname %}.](/assets/images/help/copilot/chat-cancel-button.png) + + Then enter the prompt: + + ```copilot copy + Your previous response stalled. Try again, picking up from where you left off. + ``` + +1. Typically, towards the end of the coding process, {% data variables.product.prodname_copilot_short %} will request your permission to open an untrusted web page for the application: + + ![Screenshot of the 'Open untrusted web page' message.](/assets/images/help/copilot/open-untrusted-web-page.png) + + Give your permission for this. + +1. When the agent finishes work on the application it will display a summary of what it built in the chat panel. Typically it will provide a link to the running application. + + The time tracker application may also be displayed in a browser tab in your IDE. This can be useful for confirming that the page is available. However, you should always check the application in your default browser to verify a realistic user experience. + + Click the link in the chat panel to open the application in your default browser. + + If a link isn't displayed in {% data variables.product.prodname_copilot_short %}'s chat response, wait a few minutes as the agent may be working on deploying the application. If a link is still not displayed you can prompt {% data variables.product.prodname_copilot_short %} to display one: + + ```copilot copy + Confirm the implementation is complete. If so, give me a link to the running application. + ``` + +1. If the final message from {% data variables.product.prodname_copilot_short %} gives you instructions for starting the application (such as running `npm start`), rather than supplying a link to the running application, you can ask {% data variables.product.prodname_copilot_short %} to run the command for you and check that it completed successfully. For example: + + ```copilot copy + Run npm start for me and confirm everything is working + ``` + + If {% data variables.product.prodname_copilot_short %} isn't able to run all of the commands itself, it will provide you with commands that you can copy and paste into the terminal. + +## Testing your application + +1. View your application's web page. + + Below are some examples of a time tracking application created by {% data variables.product.prodname_copilot_short %}: + + ![Screenshot of an example of a time tracker app created by {% data variables.product.prodname_copilot_short %}.](/assets/images/help/copilot/time-tracker-example1.png) + + Screenshot of another example of a time tracker created by {% data variables.product.prodname_copilot_short %}. + + > [!NOTE] + > The application that {% data variables.product.prodname_copilot_short %} generates for you might look quite different to the examples shown above. + +1. Try using the application. Add a couple of projects and a selection of tasks, then start tracking time on a task. +1. As you try out this first draft of the application, make a note of the two or three most important things that need to be changed. In subsequent steps you'll work on fixing these. For now, don't spend time noting down everything you want to change. Just identify the most pressing things that need to be fixed first. You'll have time to get everything working and looking the way you want it to later in the process. +1. If the application doesn't load, or an error is displayed, describe the problem in the chat prompt box, copying and pasting any error messages, and ask {% data variables.product.prodname_copilot_short %} to debug and fix the problem. +1. After you have reviewed the initial draft of the application and established that it runs in at least a rudimentary fashion, return to your IDE. +1. _**Optional**: if you're familiar with the type of code {% data variables.product.prodname_copilot_short %} is writing for you._ Display the files that {% data variables.product.prodname_copilot_short %} has changed in the editor and review the changes. You can make your own changes if required. +1. Click **Keep** (in {% data variables.product.prodname_vscode_shortname %}) or **Accept All** (in JetBrains IDEs), in the {% data variables.copilot.copilot_chat_short %} view, to accept the changes and remove the diff lines from the editor. + + You now have a base version of your application that you can iterate on to improve and extend the functionality and user interface. + +1. Commit the changes to Git. + + It's always a good idea to commit changes at each successful iteration so you can easily return to a previous version if you decide you don't like some changes that {% data variables.product.prodname_copilot_short %} has made for you. + +1. Close any open editor tabs, but keep the {% data variables.copilot.copilot_chat_short %} view open as you'll continue working in the same chat conversation. + +## Iterating on changes + +1. After committing the initial version to git you can make a change to the application, fixing one of the things you noted when you reviewed the site. + + For example, the implementation may have tied tasks to project, so that a task created for one project doesn't show up when you select another project. To change this—allowing you to create tasks that can be used for any project—enter another prompt into the same conversation, while still in agent mode for {% data variables.product.prodname_copilot_short %}. You could use a prompt such as: + + ```copilot copy + Tasks should not be tied to projects in the user interface, as they currently are. When the user selects a project, allow them to choose any currently defined task. There should be a many-to-many relationship between projects and tasks. + ``` + +1. Again, {% data variables.product.prodname_copilot_short %} is likely to ask you to approve changes it needs to make to the code. Click **Approve** or **Continue**. +1. Once {% data variables.product.prodname_copilot_short %} completes the change, return to your browser and refresh the page. +1. Review the revised application and tell {% data variables.product.prodname_copilot_short %} if the change was not implemented correctly. + + You may spot more than one thing that needs fixed, but to allow {% data variables.product.prodname_copilot_short %} to focus on one thing at a time, you should restrict each prompt to a single task and iterate on this in a series of prompts and responses, as necessary, until the problem is fixed. Then, move on to the next thing you want to change. + +1. If there's a problem with the layout of the web page—for example, overlapping or badly aligned elements—you can take a screenshot, paste it into the chat and enter a prompt such as: + + ```copilot copy + This part of the web page looks bad. Fix it. + ``` + +1. After a change is implemented satisfactorily, click **Keep** or **Accept All** and commit the changes. +1. _**Optional**:_ Depending on your working practices—for example, if you are working in a development team—you may decide at this point, and after each significant change, to raise a pull request. This will allow you to have changes reviewed and merged into the default branch of the repository so that other people can work on the code. +1. Continue iterating on your application. + + For example, you might want to give the app a different style of user interface. In this case, still in agent mode, you could prompt {% data variables.product.prodname_copilot_short %}: + + ```copilot copy + I don't like the look of the user interface. Suggest some alternative web UI libraries I could choose to give the app a more formal, business-like appearance. + ``` + + {% data variables.product.prodname_copilot_short %} will list some UI libraries. + +1. Choose one of the libraries and ask {% data variables.product.prodname_copilot_short %} to use it. For example: + + ```copilot copy + Alter the user interface to use Bootstrap 5. I want the app to look like a professionally designed business application. + ``` + + {% data variables.product.prodname_copilot_short %} will rework the application to use your chosen user interface library. + +1. Check the results and commit the changes if you are happy with the revised look of the application. +1. A common requirement for a time tracker application is the ability to output your timesheet. For example, if you are a contractor, you might be required to submit a timesheet along with your invoice. So let's add the ability to generate a PDF. + + Use this prompt: + + ```copilot copy + Add a button to the user interface which generates a PDF timesheet for the work the user has tracked today. The timesheet should show the total time spent on task for each of the defined project for which data has been recorded today. Under this show the total time spent on each project. Then show the total time spent on each task irrespective of projects. Finally show a chronological lists of tasks performed during the day with the time spent on each. + ``` + +### Example application + +After working with {% data variables.product.prodname_copilot_short %} to build, extend and improve your time tracker, the application might look something like this: + +Screenshot an example of a time tracker app with data added by a user. + +## Improving your software project + +1. {% data variables.product.prodname_copilot_short %} can help you make your project more robust by adding and running tests. Tests help to prevent bugs from getting into the codebase. You could prompt {% data variables.product.prodname_copilot_short %} in agent mode: + + ```copilot copy + Add a comprehensive suite of tests for this application. These should include unit tests, integration tests, component tests, database tests, and end-to-end tests. Locate the tests in a `tests` directory. Run the tests and fix any problems that are identified. + ``` + +1. It's always a good idea to have a README file in your project. The README should provide an overview of the project and give instructions for using the application. You can ask {% data variables.product.prodname_copilot_short %} to create or update the README file: + + ```copilot copy + Add or update a README.md file. This should provide an introduction to the application, describing its primary use and highlighting its features. It should give easy to follow user instructions for using the application in the browser. It should provide admin instructions, explaining how to deploy the application. Finally it should give an overview of the technologies used to build the application and some basic information for developers on how to maintain the code and extend the application. + ``` + +1. Now that you've added the initial code for the application to the repository, you should add a custom instructions file for {% data variables.product.prodname_copilot_short %}. The custom instructions file improves {% data variables.product.prodname_copilot_short %}'s responses in a repository by providing repository-specific guidance and implementation preferences. To add a custom instructions file: + + * **In VS Code:** click the "Configure Chat" cog icon, at the top of the chat view, and click **Generate Chat Instructions**. + + * **In JetBrains IDEs:** in agent mode of {% data variables.copilot.copilot_chat_short %}, submit a prompt such as: + + ```copilot copy + Analyze this codebase and create or update `.github/copilot-instructions.md` to guide AI coding agents. + + Discover essential knowledge for immediate productivity: + - Architecture: major components, service boundaries, data flows, and structural decisions + - Developer workflows: builds, tests, debugging commands + - Project conventions that differ from common practices + - Integration points and cross-component communication + + Guidelines: + - Merge intelligently if file exists + - Write ~20-50 concise lines with markdown structure + - Include specific codebase examples + - Focus on THIS project's approaches, not generic advice + - Document discoverable patterns, not aspirational patterns + - Reference key files/directories that exemplify important patterns + ``` + +1. Review the instructions file. If you think the instructions need some more details, you can add these to the file manually and save it. For example, you could add an instruction about running tests, if the file does not already contain an instruction about this: + + ```text copy + ## Running tests + + Always run the complete test suite after completing a batch of code changes, to ensure the changes do not break or adversely affect any part of the application. Fix any test failures and then run the tests again to verify the fix. + ``` + +## Next steps + +* Continue iterating on this project, making improvements to your time tracker. +* Using the same methodology, create another application. +* Find out about another way you can create applications without writing the code yourself. See [AUTOTITLE](/copilot/concepts/spark). diff --git a/content/discussions/index.md b/content/discussions/index.md index d0dd5965496e..0f40d188c38a 100644 --- a/content/discussions/index.md +++ b/content/discussions/index.md @@ -10,6 +10,9 @@ redirect_from: - /organizations/collaborating-with-your-team/editing-or-deleting-a-team-discussion - /organizations/collaborating-with-your-team/pinning-a-team-discussion - /organizations/collaborating-with-your-team + - /rest/teams/discussion-comments + - /rest/teams/discussions + - /rest/repos/discussions featuredLinks: startHere: - /discussions/collaborating-with-your-community-using-discussions/about-discussions diff --git a/content/enterprise-onboarding/getting-started-with-your-enterprise/index.md b/content/enterprise-onboarding/getting-started-with-your-enterprise/index.md index b3478fcdfd53..93a66ff1a5a9 100644 --- a/content/enterprise-onboarding/getting-started-with-your-enterprise/index.md +++ b/content/enterprise-onboarding/getting-started-with-your-enterprise/index.md @@ -15,5 +15,3 @@ children: - /about-enterprise-billing - /about-migrating-to-github-enterprise-cloud --- - -Visit [{% data variables.product.prodname_enterprise %}](https://github.com/enterprise) to discover how our AI-powered developer platform can benefit you, and to start a free trial of today. diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md index f48d9edc9834..f859974fd12a 100644 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md +++ b/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md @@ -21,8 +21,6 @@ You can use policies to control how enterprise members use {% data variables.pro To run {% data variables.product.prodname_actions %} workflows, you need to use runners. {% data reusables.actions.about-runners %} If you use {% data variables.product.company_short %}-hosted runners, you will be billed based on consumption after exhausting the minutes included in your plan, whereas self-hosted runners are free. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). -For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners). - If you choose self-hosted runners, you can add runners at the enterprise, organization, or repository levels. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners). ## Provisioning fine-grained permissions for {% data variables.product.prodname_actions %} diff --git a/content/enterprise-onboarding/github-apps/automations-in-your-enterprise.md b/content/enterprise-onboarding/github-apps/automations-in-your-enterprise.md new file mode 100644 index 000000000000..a97dcb3943b0 --- /dev/null +++ b/content/enterprise-onboarding/github-apps/automations-in-your-enterprise.md @@ -0,0 +1,17 @@ +--- +title: Automations in your enterprise +shortTitle: Automations +intro: 'Learn how {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} work together to automate processes in your enterprise.' +versions: + ghec: '*' +type: overview +topics: + - Enterprise + - Fundamentals +--- + +{% data reusables.enterprise-onboarding.automations %} + +## Next steps + +To create {% data variables.product.prodname_github_apps %} that can access enterprise-level resources and automate workflows, see [AUTOTITLE](/enterprise-onboarding/github-apps/create-enterprise-apps). diff --git a/content/enterprise-onboarding/github-apps/index.md b/content/enterprise-onboarding/github-apps/index.md index f320c5b5ceed..4a6dc10b394b 100644 --- a/content/enterprise-onboarding/github-apps/index.md +++ b/content/enterprise-onboarding/github-apps/index.md @@ -9,6 +9,7 @@ topics: - Enterprise - GitHub Apps children: + - /automations-in-your-enterprise - /create-enterprise-apps - /install-enterprise-apps --- \ No newline at end of file diff --git a/content/enterprise-onboarding/index.md b/content/enterprise-onboarding/index.md index a4c66d693bda..535e14c947c5 100644 --- a/content/enterprise-onboarding/index.md +++ b/content/enterprise-onboarding/index.md @@ -1,70 +1,62 @@ --- title: Enterprise onboarding intro: 'Onboard your company to {% data variables.product.prodname_ghe_cloud %} by following our recommended plan. You will set up teams with the access they need, create a policy framework to ensure compliance, and automate processes securely throughout your enterprise.' -featuredLinks: - startHere: - - '/enterprise-onboarding/getting-started-with-your-enterprise' - - '/enterprise-onboarding/adding-users-to-your-enterprise' - - '/enterprise-onboarding/setting-up-organizations-and-teams' - - '/enterprise-onboarding/support-for-your-enterprise' - popular: - - '/enterprise-onboarding/govern-people-and-repositories' - - '/enterprise-onboarding/github-actions-for-your-enterprise' layout: journey-landing journeyTracks: - id: 'getting_started' title: 'Getting started with your enterprise' description: 'Master the fundamentals of {% data variables.product.prodname_ghe_cloud %} and get started with a trial.' guides: - - '/enterprise-onboarding/getting-started-with-your-enterprise/choose-an-enterprise-type' - - '/enterprise-onboarding/getting-started-with-your-enterprise/setting-up-a-trial-of-github-enterprise' - - '/enterprise-onboarding/getting-started-with-your-enterprise/adding-users-to-your-enterprise' - - '/enterprise-onboarding/getting-started-with-your-enterprise/about-enterprise-billing' - - '/enterprise-onboarding/getting-started-with-your-enterprise/about-migrating-to-github-enterprise-cloud' + - href: '/enterprise-onboarding/getting-started-with-your-enterprise/choose-an-enterprise-type' + - href: '/enterprise-onboarding/getting-started-with-your-enterprise/setting-up-a-trial-of-github-enterprise' + - href: '/enterprise-onboarding/getting-started-with-your-enterprise/adding-users-to-your-enterprise' + - href: '/enterprise-onboarding/getting-started-with-your-enterprise/about-enterprise-billing' + - href: '/enterprise-onboarding/getting-started-with-your-enterprise/about-migrating-to-github-enterprise-cloud' - id: 'setting_up_organizations_and_teams' title: 'Setting up organizations and teams in your enterprise' description: 'Organize work effectively and ensure people have the access they need to resources and administrative settings.' guides: - - '/enterprise-onboarding/setting-up-organizations-and-teams/best-practices' - - '/enterprise-onboarding/setting-up-organizations-and-teams/setting-up-an-organization' - - '/enterprise-onboarding/setting-up-organizations-and-teams/about-roles-in-an-enterprise' - - '/enterprise-onboarding/setting-up-organizations-and-teams/identify-role-requirements' - - '/enterprise-onboarding/setting-up-organizations-and-teams/creating-custom-roles' - - '/enterprise-onboarding/setting-up-organizations-and-teams/about-teams-in-an-enterprise' - - '/enterprise-onboarding/setting-up-organizations-and-teams/creating-teams' - - '/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/best-practices' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/setting-up-an-organization' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/about-roles-in-an-enterprise' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/identify-role-requirements' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/creating-custom-roles' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/about-teams-in-an-enterprise' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/creating-teams' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users' + - href: '/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource' - id: 'support_for_your_enterprise' title: 'Creating a support model for your enterprise' description: 'Find out how to get help and choose who will be able to contact Support.' guides: - - '/enterprise-onboarding/support-for-your-enterprise/understanding-support' - - '/enterprise-onboarding/support-for-your-enterprise/using-the-support-portal' - - '/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements' + - href: '/enterprise-onboarding/support-for-your-enterprise/understanding-support' + - href: '/enterprise-onboarding/support-for-your-enterprise/using-the-support-portal' + - href: '/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements' - id: 'govern_people_and_repositories' title: 'Governing people and repositories' description: 'Implement policies, custom properties, and rulesets to govern users and repositories across your enterprise.' guides: - - '/enterprise-onboarding/govern-people-and-repositories/about-enterprise-policies' - - '/enterprise-onboarding/govern-people-and-repositories/create-custom-properties' - - '/enterprise-onboarding/govern-people-and-repositories/create-repository-policies' - - '/enterprise-onboarding/govern-people-and-repositories/protect-branches' - - '/enterprise-onboarding/govern-people-and-repositories/using-the-audit-log-for-your-enterprise' - - '/enterprise-onboarding/govern-people-and-repositories/about-enterprise-security' + - href: '/enterprise-onboarding/govern-people-and-repositories/about-enterprise-policies' + - href: '/enterprise-onboarding/govern-people-and-repositories/create-custom-properties' + - href: '/enterprise-onboarding/govern-people-and-repositories/create-repository-policies' + - href: '/enterprise-onboarding/govern-people-and-repositories/protect-branches' + - href: '/enterprise-onboarding/govern-people-and-repositories/using-the-audit-log-for-your-enterprise' + - href: '/enterprise-onboarding/govern-people-and-repositories/about-enterprise-security' - id: 'github_apps' title: 'Automating processes with GitHub Apps' description: 'Create and install apps to automate processes securely in your enterprise and organizations.' guides: - - '/enterprise-onboarding/github-apps/create-enterprise-apps' - - '/enterprise-onboarding/github-apps/install-enterprise-apps' + - href: '/enterprise-onboarding/github-apps/create-enterprise-apps' + - href: '/enterprise-onboarding/github-apps/install-enterprise-apps' - id: 'github_actions_for_your_enterprise' title: 'Setting up CI/CD with GitHub Actions' description: 'Explore {% data variables.product.prodname_actions %}, plan your rollout, and get started.' guides: - - '/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises' - - '/enterprise-onboarding/github-actions-for-your-enterprise/actions-components' - - '/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions' - - '/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions' - - '/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud' + - href: '/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises' + - href: '/enterprise-onboarding/github-actions-for-your-enterprise/actions-components' + - href: '/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions' + - href: '/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions' + - href: '/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud' versions: ghec: '*' topics: diff --git a/content/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users.md b/content/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users.md index f094b2be794b..f93b6e9a6e50 100644 --- a/content/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users.md +++ b/content/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users.md @@ -14,4 +14,4 @@ topics: ## Next steps -Now that you've set up organizations and teams to manage people's access to work in your enterprise, learn about support so you can get help when you need it. See [AUTOTITLE](/enterprise-onboarding/support-for-your-enterprise/understanding-support). +Learn how to set up a culture of innersource in your enterprise to allow teams to collaborate and work efficiently. See [AUTOTITLE](/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource). diff --git a/content/enterprise-onboarding/setting-up-organizations-and-teams/index.md b/content/enterprise-onboarding/setting-up-organizations-and-teams/index.md index 9104a0749977..31379229d62a 100644 --- a/content/enterprise-onboarding/setting-up-organizations-and-teams/index.md +++ b/content/enterprise-onboarding/setting-up-organizations-and-teams/index.md @@ -17,5 +17,6 @@ children: - /about-teams-in-an-enterprise - /creating-teams - /assigning-roles-to-teams-and-users + - /use-innersource --- diff --git a/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md b/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md new file mode 100644 index 000000000000..f52b22374034 --- /dev/null +++ b/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md @@ -0,0 +1,19 @@ +--- +title: Using innersource in your enterprise +shortTitle: Use innersource +intro: Help dispersed teams to collaborate by setting up open source–style workflows in your enterprise, without compromising on security. +versions: + ghec: '*' +contentType: concepts +topics: + - Accounts + - Enterprise + - Fundamentals +allowTitleToDifferFromFilename: true +--- + +{% data reusables.enterprise-onboarding.use-innersource %} + +## Next steps + +Now that you've set up organizations and teams, learn about support so you can get help when you need it. See [AUTOTITLE](/enterprise-onboarding/support-for-your-enterprise/understanding-support). diff --git a/content/get-started/git-basics/set-up-git.md b/content/get-started/git-basics/set-up-git.md index 6720f0774066..3d628b57e19c 100644 --- a/content/get-started/git-basics/set-up-git.md +++ b/content/get-started/git-basics/set-up-git.md @@ -27,7 +27,7 @@ topics: --- ## Using Git -To use Git on the command line, you will need to download, install, and configure Git on your computer. You can also install {% data variables.product.prodname_cli %} to use {% data variables.product.prodname_dotcom %} from the command line. For more information, see [AUTOTITLE](/github-cli/github-cli/about-github-cli). +To use Git on the command line, you need to download, install, and configure Git on your computer. You can also install {% data variables.product.prodname_cli %} to use {% data variables.product.prodname_dotcom %} from the command line. For more information, see [AUTOTITLE](/github-cli/github-cli/about-github-cli). If you want to work with Git locally, but do not want to use the command line, you can download and install the [{% data variables.product.prodname_desktop %}]({% data variables.product.desktop_link %}) client. For more information, see [AUTOTITLE](/desktop/overview/about-github-desktop). @@ -54,10 +54,10 @@ If you do not need to work with files locally, {% data variables.product.github ## Authenticating with {% data variables.product.github %} from Git -When you connect to a {% data variables.product.github %} repository from Git, you will need to authenticate with {% data variables.product.github %} using either HTTPS or SSH. +When you connect to a {% data variables.product.github %} repository from Git, you need to authenticate with {% data variables.product.github %} using either HTTPS or SSH. > [!NOTE] -> You can authenticate to {% data variables.product.github %} using {% data variables.product.prodname_cli %}, for either HTTP or SSH. For more information, see [`gh auth login`](https://cli.github.com/manual/gh_auth_login). +> You can authenticate to {% data variables.product.github %} using {% data variables.product.prodname_cli %}, for either HTTPS or SSH. For more information, see [`gh auth login`](https://cli.github.com/manual/gh_auth_login). ### Connecting over HTTPS (recommended) @@ -69,7 +69,8 @@ If you clone with SSH, you must generate SSH keys on each computer you use to pu ## Next steps -You now have Git and {% data variables.product.github %} all set up. You may now choose to create a repository where you can put your projects. Saving your code in a repository allows you to back up your code and share it around the world. +You now have Git and {% data variables.product.github %} all set up. You can now choose to create a repository where you can store your projects. Saving your code in a repository allows you to back up your work and share it around the world. + * {% data reusables.getting-started.create-a-repository %} diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md index 52ef92c875ef..a94f580fcc01 100644 --- a/content/get-started/learning-about-github/about-github-advanced-security.md +++ b/content/get-started/learning-about-github/about-github-advanced-security.md @@ -143,7 +143,7 @@ To learn about what you need to know to plan your deployment of {% ifversion gha ## Enabling features -{% ifversion ghes %} +{% ifversion ghes < 3.15 %} A site administrator must enable {% data variables.product.prodname_AS %} for {% data variables.location.product_location %} before you can use these features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise). {% endif %} diff --git a/content/get-started/learning-about-github/types-of-github-accounts.md b/content/get-started/learning-about-github/types-of-github-accounts.md index 269b602bc0e4..4d98833fe394 100644 --- a/content/get-started/learning-about-github/types-of-github-accounts.md +++ b/content/get-started/learning-about-github/types-of-github-accounts.md @@ -40,7 +40,7 @@ User accounts are intended for humans, but you can create accounts to automate a {% ifversion fpt or ghec %} -There are two types of user account: +There are two types of user accounts: * [Personal accounts](#personal-accounts) * [{% data variables.enterprise.prodname_managed_users_caps %}](#managed-user-accounts) diff --git a/content/get-started/start-your-journey/index.md b/content/get-started/start-your-journey/index.md index 7c6d81be2987..8fad16bcef0f 100644 --- a/content/get-started/start-your-journey/index.md +++ b/content/get-started/start-your-journey/index.md @@ -1,6 +1,6 @@ --- title: Start your journey -intro: 'Learn the basics of {% data variables.product.github %}.' +intro: "Brand new to {% data variables.product.github %}? Learn the basics here." versions: fpt: '*' ghes: '*' @@ -22,4 +22,18 @@ children: redirect_from: - /github/getting-started-with-github/quickstart - /get-started/quickstart +layout: journey-landing +journeyTracks: + - id: 'learn_the_basics' + title: 'Get started' + description: 'Master the fundamentals of {% data variables.product.github %} and Git.' + guides: + - href: '/get-started/start-your-journey/about-github-and-git' + - href: '/get-started/start-your-journey/creating-an-account-on-github' + - href: '/get-started/start-your-journey/hello-world' + - href: '/get-started/start-your-journey/setting-up-your-profile' + - href: '/get-started/start-your-journey/finding-inspiration-on-github' + - href: '/get-started/start-your-journey/downloading-files-from-github' + - href: '/get-started/start-your-journey/uploading-a-project-to-github' + - href: '/get-started/start-your-journey/git-and-github-learning-resources' --- diff --git a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md index f426e12ea8c7..910ddae27080 100644 --- a/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md +++ b/content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md @@ -24,7 +24,7 @@ To create a heading, add one to six # symbols before your heading tex ![Screenshot of rendered GitHub Markdown showing sample h1, h2, and h3 headers, which descend in type size and visual weight to show hierarchy level.](/assets/images/help/writing/headings-rendered.png) -When you use two or more headings, GitHub automatically generates a table of contents that you can access by clicking {% octicon "list-unordered" aria-label="The unordered list icon" %} within the file header. Each heading title is listed in the table of contents and you can click a title to navigate to the selected section. +When you use two or more headings, GitHub automatically generates a table of contents that you can access by clicking the "Outline" menu icon {% octicon "list-unordered" aria-label="Table of Contents" %} within the file header. Each heading title is listed in the table of contents and you can click a title to navigate to the selected section. ![Screenshot of a README file with the drop-down menu for the table of contents exposed. The table of contents icon is outlined in dark orange.](/assets/images/help/repository/headings-toc.png) diff --git a/content/github-cli/github-cli/about-github-cli.md b/content/github-cli/github-cli/about-github-cli.md index dca96a80b060..802b3cbab97d 100644 --- a/content/github-cli/github-cli/about-github-cli.md +++ b/content/github-cli/github-cli/about-github-cli.md @@ -26,7 +26,7 @@ For more information about what you can do with {% data variables.product.prodna The Git command line interface (`git`) allows you to work with a local or remote Git repository. The remote repository may be hosted on {% data variables.product.prodname_dotcom %} or it may be hosted by another service. -{% data variables.product.prodname_cli %} (`gh`) is specifically for working with {% data variables.product.prodname_dotcom %}. It allows you to use the command line to interact with {% data variables.product.prodname_dotcom %} in all sorts of ways, as illustrated by the previous list. If you tend to work on the command line you may prefer using {% data variables.product.prodname_cli %} instead of using {% data variables.product.prodname_dotcom %} in a browser. {% data variables.product.prodname_cli %} also makes it easier for you to create scripts to automate {% data variables.product.prodname_dotcom %} operations. +{% data variables.product.prodname_cli %} (`gh`) is specifically for working with {% data variables.product.prodname_dotcom %}. It allows you to use the command line to interact with {% data variables.product.prodname_dotcom %} in all sorts of ways, as illustrated by the previous list. If you tend to work on the command line, you may prefer using {% data variables.product.prodname_cli %} instead of using {% data variables.product.prodname_dotcom %} in a browser. {% data variables.product.prodname_cli %} also makes it easier for you to create scripts to automate {% data variables.product.prodname_dotcom %} operations. ## Installing {% data variables.product.prodname_cli %} diff --git a/content/github-cli/github-cli/quickstart.md b/content/github-cli/github-cli/quickstart.md index 9ff050fc017b..319c93d6694a 100644 --- a/content/github-cli/github-cli/quickstart.md +++ b/content/github-cli/github-cli/quickstart.md @@ -61,7 +61,7 @@ To create a pull request, enter `gh pr create` and follow the on-screen instruct To create a new codespace, enter `gh codespace create` and follow the on-screen instructions. -To display your existing codespaces, enter `gh codespace list`. To open a codespace in the web version of {% data variables.product.prodname_vscode_shortname %} enter `gh codespace code -w` and choose a codespace . +To display your existing codespaces, enter `gh codespace list`. To open a codespace in the web version of {% data variables.product.prodname_vscode_shortname %} enter `gh codespace code -w` and choose a codespace. In all of these commands you can substitute `cs` for `codespace`. diff --git a/content/github-cli/github-cli/using-multiple-accounts.md b/content/github-cli/github-cli/using-multiple-accounts.md index 216fa82d4c5b..a530190a537a 100644 --- a/content/github-cli/github-cli/using-multiple-accounts.md +++ b/content/github-cli/github-cli/using-multiple-accounts.md @@ -25,7 +25,7 @@ The {% data variables.product.prodname_cli %} **can't automatically detect** you * The {% data variables.product.prodname_cli %} will default to {% data variables.product.prodname_dotcom_the_website %}. * You can set the `GH_HOST` environment variable to change the default target for these kinds of requests. See [gh environment](https://cli.github.com/manual/gh_help_environment) in the {% data variables.product.prodname_cli %} manual. -* Some commands allow you allow you to specify your target environment with the `--hostname` option, such as `gh api`, or pass the full URL for a repository, such as `gh pr view`. +* Some commands allow you to specify your target environment with the `--hostname` option, such as `gh api`, or pass the full URL for a repository, such as `gh pr view`. ## Can I use multiple accounts on the same platform? diff --git a/content/index.md b/content/index.md index fbdf0f8dd205..b255d3c68d3f 100644 --- a/content/index.md +++ b/content/index.md @@ -125,11 +125,10 @@ childGroups: - name: Security and quality octicon: ShieldLockIcon children: - - code-security/secret-scanning - - code-security/supply-chain-security - - code-security/dependabot - - code-security/code-scanning - - code-security/code-quality + - code-security/how-tos/secure-your-secrets + - code-security/how-tos/secure-your-supply-chain + - code-security/how-tos/scan-code-for-vulnerabilities + - code-security/how-tos/maintain-quality-code - name: Client apps octicon: DeviceMobileIcon children: @@ -146,7 +145,7 @@ childGroups: octicon: OrganizationIcon children: - organizations - - code-security/securing-your-organization + - code-security/how-tos/secure-at-scale - enterprise-onboarding - admin - name: Developers diff --git a/content/integrations/concepts/about-building-integrations.md b/content/integrations/concepts/about-building-integrations.md index 65bc440752e4..5546c0c10a6a 100644 --- a/content/integrations/concepts/about-building-integrations.md +++ b/content/integrations/concepts/about-building-integrations.md @@ -9,6 +9,9 @@ versions: ghec: '*' topics: - Integration +category: + - Learn about integrations + - Build integrations --- Integrations are tools that extend {% data variables.product.company_short %}'s functionality. Integrations can do things on {% data variables.product.company_short %} like open issues, comment on pull requests, and manage projects. They can also do things outside of {% data variables.product.company_short %} based on events that happen on {% data variables.product.company_short %}. For example, an integration can post on Slack when an issue is opened on {% data variables.product.company_short %}. diff --git a/content/integrations/concepts/about-integrations.md b/content/integrations/concepts/about-integrations.md index 31c550fe0bd0..7b8f4fce9250 100644 --- a/content/integrations/concepts/about-integrations.md +++ b/content/integrations/concepts/about-integrations.md @@ -11,6 +11,8 @@ versions: ghec: '*' topics: - Integration +category: + - Learn about integrations --- Integrations are tools that extend {% data variables.product.github %} functionality by allowing you to connect your {% data variables.product.github %} account with other applications and services, enabling you to streamline your workflow and enhance collaboration. diff --git a/content/integrations/concepts/featured-github-integrations.md b/content/integrations/concepts/featured-github-integrations.md index 87add9b20197..ebb603220341 100644 --- a/content/integrations/concepts/featured-github-integrations.md +++ b/content/integrations/concepts/featured-github-integrations.md @@ -16,6 +16,8 @@ versions: shortTitle: Featured integrations topics: - Integration +category: + - Learn about integrations --- {% ifversion fpt or ghec %} diff --git a/content/integrations/concepts/github-developer-program.md b/content/integrations/concepts/github-developer-program.md index 14ee412929db..46421562264d 100644 --- a/content/integrations/concepts/github-developer-program.md +++ b/content/integrations/concepts/github-developer-program.md @@ -11,6 +11,9 @@ versions: topics: - API - Integration +category: + - Learn about integrations + - Build integrations --- Building an application that integrates with {% data variables.product.prodname_dotcom %}? Register for our Developer Program! The possibilities are endless, and you enjoy the kudos. [Register now](https://github.com/developer/register). diff --git a/content/integrations/how-tos/slack/customize-notifications.md b/content/integrations/how-tos/slack/customize-notifications.md index e86ea1de07e3..60b3d4e1d041 100644 --- a/content/integrations/how-tos/slack/customize-notifications.md +++ b/content/integrations/how-tos/slack/customize-notifications.md @@ -9,6 +9,8 @@ versions: topics: - Integration contentType: reference +category: + - Use integrations --- You can customize your notifications by subscribing to activity that is relevant to your Slack channel, and unsubscribing from activity that is less helpful to your project. diff --git a/content/integrations/how-tos/slack/integrate-github-with-slack.md b/content/integrations/how-tos/slack/integrate-github-with-slack.md index 132526560173..377c53b51a4f 100644 --- a/content/integrations/how-tos/slack/integrate-github-with-slack.md +++ b/content/integrations/how-tos/slack/integrate-github-with-slack.md @@ -8,7 +8,8 @@ versions: ghec: '*' topics: - Integration - +category: + - Administer integrations --- ## About the {% data variables.product.github %} integration for Slack diff --git a/content/integrations/how-tos/slack/use-github-in-slack.md b/content/integrations/how-tos/slack/use-github-in-slack.md index b5b1011bf1da..fa8f6be9e502 100644 --- a/content/integrations/how-tos/slack/use-github-in-slack.md +++ b/content/integrations/how-tos/slack/use-github-in-slack.md @@ -8,6 +8,8 @@ versions: ghec: '*' topics: - Integration +category: + - Use integrations --- The {% data variables.product.github %} integration for Slack allows you to connect your {% data variables.product.github %} account to the {% data variables.product.github %} app in Slack. Once connected, you can use slash commands to interact with {% data variables.product.github %}, receive notifications about repository activity, and collaborate with your team directly within Slack. @@ -35,6 +37,7 @@ To use a slash command, type `/github` followed by the command you want to execu |`/github close [issue link]`|Closes the specified issue as completed.| |`/github close [issue link] reason:"not planned"`|Closes the specified issue with a reason. Replace `"not planned"` with your reason.| |`/github reopen [issue link]`|Reopens the specified issue.| +|`/github signin`|Restarts the "Connect your GitHub account" workflow.| >[!NOTE] When you subscribe a channel to a repository, the channel will receive notifications for all `open`, `close`, and `reopen` events on pull requests and issues in that repository. The channel will also receive notifications of any `push` events directly to the repository's default branch. diff --git a/content/integrations/index.md b/content/integrations/index.md index 1181890128c2..16da03f54a5f 100644 --- a/content/integrations/index.md +++ b/content/integrations/index.md @@ -2,12 +2,20 @@ title: GitHub integrations intro: 'Learn how to connect, extend, and customize GitHub with apps and tools.' shortTitle: Integrations -layout: product-landing +layout: discovery-landing +heroImage: /assets/images/banner-images/hero-2 +introLinks: + overview: /integrations/concepts/about-integrations children: - /concepts - /how-tos - /reference - /tutorials +featuredLinks: + startHere: + - /integrations/how-tos/slack/integrate-github-with-slack + - /integrations/how-tos/slack/use-github-in-slack + - /integrations/how-tos/slack/customize-notifications versions: fpt: '*' ghes: '*' @@ -15,4 +23,10 @@ versions: contentType: landing topics: - Integration +includedCategories: + - Learn about integrations + - Administer integrations + - Use integrations + - Build integrations + - Troubleshoot integrations --- diff --git a/content/integrations/reference/slack-permissions.md b/content/integrations/reference/slack-permissions.md index 0dcbe02e36f8..d470f7525c68 100644 --- a/content/integrations/reference/slack-permissions.md +++ b/content/integrations/reference/slack-permissions.md @@ -9,6 +9,8 @@ versions: topics: - Integration contentType: reference +category: + - Learn about integrations --- By granting the {% data variables.product.github %} app access to your Slack workspace, you are providing necessary authorizations to your {% data variables.product.github %} account and your Slack workspace. These permissions enable the app to perform its functions and provide you with a seamless experience when using GitHub in Slack. diff --git a/content/integrations/tutorials/slack/create-issues.md b/content/integrations/tutorials/slack/create-issues.md index 452540f2b984..db0ec0e7e5d6 100644 --- a/content/integrations/tutorials/slack/create-issues.md +++ b/content/integrations/tutorials/slack/create-issues.md @@ -9,6 +9,8 @@ versions: topics: - Integration contentType: reference +category: + - Use integrations --- ## Creating issues with the {% data variables.product.github %} integration in Slack diff --git a/content/integrations/tutorials/slack/manage-issues.md b/content/integrations/tutorials/slack/manage-issues.md index b1b5514d2c76..f58df98ba7dc 100644 --- a/content/integrations/tutorials/slack/manage-issues.md +++ b/content/integrations/tutorials/slack/manage-issues.md @@ -9,6 +9,8 @@ versions: topics: - Integration contentType: reference +category: + - Use integrations --- ## Managing issues in Slack diff --git a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md index 62a9775778b2..785392c0f956 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md @@ -216,9 +216,10 @@ With issue and pull request search terms, you can: * Filter out search terms by using `-` before the term: `state:open is:issue -author:octocat` > [!TIP] -> You can filter issues by label using logical OR or using logical AND. -> * To filter issues using logical OR, use the comma syntax: `label:"bug","wip"`. -> * To filter issues using logical AND, use separate label filters: `label:"bug" label:"wip"`. +> * You can filter issues by label using logical OR or using logical AND. +> * To filter issues using logical OR, use the comma syntax: `label:"bug","wip"`. +> * To filter issues using logical AND, use separate label filters: `label:"bug" label:"wip"`. +> * You can use `@copilot` with qualifiers like `assignee:` and `author:` to search for issues and pull requests assigned to or authored by {% data variables.product.prodname_copilot_short %}. For example, `assignee:@copilot` or `author:@copilot`. For issues, you can also use search to: diff --git a/content/migrations/ado/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md b/content/migrations/ado/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md index 02003b38b1da..e11a3c15b9f7 100644 --- a/content/migrations/ado/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md +++ b/content/migrations/ado/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md @@ -27,7 +27,7 @@ contentType: other {% endapi %} {% ifversion repo-rules-enterprise %} -{% data reusables.enterprise-migration-tool.deploy-key-bypass %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} {% endif %} ## Prerequisites diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md index 2604ad515f8a..178be86294f3 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products.md @@ -23,7 +23,7 @@ If your migration source is an account on {% data variables.product.prodname_dot The data that {% data variables.product.prodname_importer_proper_name %} migrates depends on the source of the migration and whether you are migrating a repository or organization. {% ifversion repo-rules-enterprise %} -{% data reusables.enterprise-migration-tool.deploy-key-bypass %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} {% endif %} ## Considerations for migrations to {% data variables.product.prodname_ghe_cloud %} @@ -130,9 +130,7 @@ When you migrate a repository, either directly or as part of an organization mig Currently, the following data is **not** migrated. -* {% data variables.product.prodname_codespaces %} secrets {% data reusables.enterprise-migration-tool.data-not-migrated %} -* User access to the repository When you migrate a repository directly, teams and team access to repositories are not migrated. diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md index 3669df26d5ad..f0004c4d090d 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md @@ -142,7 +142,9 @@ If the source of your migration is {% data variables.product.prodname_ghe_server ### IP ranges for {% data variables.enterprise.data_residency_site %} -{% data reusables.enterprise-migration-tool.ip-ranges-ghecom %} +You can get an up-to-date list of IP ranges used by {% data variables.product.prodname_importer_proper_name %} at any time with the "Get {% data variables.product.github %} meta information" endpoint of the REST API. + +The `github_enterprise_importer` key in the response contains a list of IP ranges used for migrations. In addition, if you are migrating from {% data variables.product.prodname_ghe_server %} and using a blob storage account with firewall rules: diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-organizations-from-githubcom-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-organizations-from-githubcom-to-github-enterprise-cloud.md index e0d67fe57a4f..d649ec4c3df2 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-organizations-from-githubcom-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-organizations-from-githubcom-to-github-enterprise-cloud.md @@ -26,6 +26,10 @@ Migrations to {% data variables.product.prodname_ghe_cloud %} include migrations {% data reusables.enterprise-migration-tool.gei-tool-switcher-cli %} {% endapi %} +{% ifversion repo-rules-enterprise %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} +{% endif %} + ## Prerequisites * {% data reusables.enterprise-migration-tool.github-trial-prerequisite %} diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md index c8723b000a79..3b4aa29920e8 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md @@ -47,6 +47,10 @@ To migrate your repositories from {% data variables.product.prodname_ghe_server {% endapi %} +{% ifversion repo-rules-enterprise %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} +{% endif %} + ## Prerequisites * {% data reusables.enterprise-migration-tool.github-trial-prerequisite %} diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md index 5eea87d3c797..fad9d61e2f04 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-githubcom-to-github-enterprise-cloud.md @@ -27,7 +27,7 @@ Migrations to {% data variables.product.prodname_ghe_cloud %} include migrations {% endapi %} {% ifversion repo-rules-enterprise %} -{% data reusables.enterprise-migration-tool.deploy-key-bypass %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} {% endif %} ## Prerequisites diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md index e0c99a0a22eb..0457d6e901c0 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md @@ -19,7 +19,7 @@ You can migrate individual repositories or all repositories from a BitBucket Ser At this time, migrating from Bitbucket Server with the {% data variables.product.prodname_dotcom %} API is not supported. {% ifversion repo-rules-enterprise %} -{% data reusables.enterprise-migration-tool.deploy-key-bypass %} +{% data reusables.enterprise-migration-tool.repository-migrations-bypass %} {% endif %} ## Prerequisites diff --git a/content/nonprofit/troubleshooting/frequently-asked-questions.md b/content/nonprofit/troubleshooting/frequently-asked-questions.md index b7a5dae0fdb6..e1e47a6c4f4d 100644 --- a/content/nonprofit/troubleshooting/frequently-asked-questions.md +++ b/content/nonprofit/troubleshooting/frequently-asked-questions.md @@ -40,12 +40,6 @@ The following elements should be included in your GitHub for Nonprofits applicat * A summary of what your nonprofit organization does * Confirmation that your organization is nongovernmental, nonacademic, noncommercial, and nonpolitical * If your application is denied, please check that your submission included all of these details. If you were missing some of these elements, consider applying again through GitHub for Nonprofits with complete information. - -* Please note religious or faith-based organizations in India are ineligible.Tweaking slightly so that this added bullet point follows a similar patterns to the existing ones, and also specified that this link is external to our docs site as per our style guide. - -Updating the link so it follows our content model. - -Suggested change * Please note religious or faith-based organizations in India are ineligible. See [mission eligibility exceptions](https://www.microsoft.com/en-us/nonprofits/eligibility) in the Microsoft documentation. ## Why can't I select the free GitHub Team plan? diff --git a/content/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch.md b/content/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch.md index 50e3e1be9f13..7bf363403545 100644 --- a/content/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch.md +++ b/content/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch.md @@ -27,4 +27,4 @@ When you create a new organization from scratch, it doesn't have any repositorie {% ifversion fpt or ghec %} * [AUTOTITLE](/billing/managing-your-billing/managing-your-payment-and-billing-information){% endif %} * [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations) -* [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization) +{% ifversion ghes < 3.21 %}* [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization){% endif %} diff --git a/content/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile.md b/content/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile.md index 0e8a7a71ce0f..48331a3066d3 100644 --- a/content/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile.md +++ b/content/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile.md @@ -46,6 +46,8 @@ If you manage multiple organizations with an enterprise account, you can help me ## Adding a public organization profile README +>[!NOTE] Public organization profiles are not available with {% data variables.product.prodname_emus %}. + The content of public `README.md` will appear on your organization's public profile. 1. If your organization does not already have a public `.github` repository, create a public `.github` repository. diff --git a/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md b/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md index 1b84013b47ac..245e23882f32 100644 --- a/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md +++ b/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md @@ -18,37 +18,55 @@ shortTitle: Remove a member permissions: Organization owners can remove members from an organization. --- +## 1. Understand the effects of removing a member + +When you remove members from an organization: + {% ifversion fpt or ghec %} -> [!WARNING] -> When you remove members from an organization: -> * The paid license count does not automatically downgrade. To pay for fewer licenses after removing users from your organization, follow the steps in [AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan). -> * Removed members will lose access to private forks of your organization's private repositories, but they may still have local copies. However, they cannot sync local copies with your organization's repositories. Their private forks can be restored if the user is [reinstated as an organization member](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization) within three months of being removed from the organization. Ultimately, you are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property. -> * When private repositories are forked to other organizations, those organizations are able to control access to the fork network. This means users may retain access to the forks even after losing access to the original organization because they will still have explicit access via a fork. -{%- ifversion ghec %} -> * Removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization owned by the same enterprise account. For more information, see [AUTOTITLE](/admin/overview/about-enterprise-accounts). -{%- endif %} -> * Any organization invitations sent by a removed member, that have not been accepted, are canceled and will not be accessible. +* If you use volume license billing, the paid license count does not automatically downgrade. To pay for fewer licenses after removing users from your organization, follow the steps in [AUTOTITLE](/billing/managing-the-plan-for-your-github-account/downgrading-your-accounts-plan). +* Removed members will lose access to private forks of your organization's private repositories, but they may still have local copies. However, they cannot sync local copies with your organization's repositories. Ultimately, you are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property. +* When private repositories are forked to other organizations, those organizations are able to control access to the fork network. This means users may retain access to the forks even after losing access to the original organization because they will still have explicit access via a fork. +* Removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization owned by the same enterprise account. +* Any organization invitations sent by a removed member, that have not been accepted, are canceled and will not be accessible. +* If the organization is part of an enterprise on {% data variables.product.prodname_ghe_cloud %} and the user is still a member of at least one other organization in the enterprise, the user will retain access to repositories with internal visibility in the organization that they are removed from. +* If the organization is part of an enterprise on {% data variables.product.prodname_ghe_cloud %} and the user is no longer a member of any organizations in it, the user will either become an enterprise unaffiliated member or be removed from the enterprise, depending on your settings. See [AUTOTITLE](/enterprise-cloud@latest/admin/concepts/identity-and-access-management/user-offboarding). +* When you remove a user from your organization, their membership data is saved for three months. You can restore their data, or any private forks they owned of your organization's repositories, if you invite the user to rejoin the organization within that time frame. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). {% else %} -> [!WARNING] -> When you remove members from an organization: -> * Removed members will lose access to private forks of your organization's private repositories, but may still have local copies. However, they cannot sync local copies with your organization's repositories. Their private forks can be restored if the user is [reinstated as an organization member](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization) within three months of being removed from the organization. Ultimately, you are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property. -> * Removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization in your enterprise. -> * Any organization invitations sent by the removed user, that have not been accepted, are canceled and will not be accessible. +* Removed members will lose access to private forks of your organization's private repositories, but may still have local copies. However, they cannot sync local copies with your organization's repositories. Their private forks can be restored if the user is [reinstated as an organization member](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization) within three months of being removed from the organization. Ultimately, you are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property. +* Removed members will also lose access to private forks of your organization's internal repositories, if the removed member is not a member of any other organization in your enterprise. +* Any organization invitations sent by the removed user, that have not been accepted, are canceled and will not be accessible. +* When you remove a user from your organization, their membership data is saved for three months. You can restore their data, or any private forks they owned of your organization's repositories, if you invite the user to rejoin the organization within that time frame. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). {% endif %} {% ifversion fpt or ghec %} +## 2. Share best practices + To help the person you're removing from your organization transition and help ensure they delete confidential information or intellectual property, we recommend sharing a checklist of best practices for leaving your organization. For an example, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/best-practices-for-leaving-your-company). +## 3. Understand how you manage organization membership (enterprises only) + +If the organization is on {% data variables.product.prodname_ghe_cloud %}, you may manage organization membership from an identity provider. + +If you have an enterprise with personal accounts, check if you are using SCIM provisioning in the organization to manage membership. If you are, remove the user from the {% data variables.product.github %} application in your IdP and from any IdP groups that are linked to teams with access to the organization. See [AUTOTITLE](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations). + +If you use {% data variables.product.prodname_emus %}, check the "member type" of the user to see if their membership is managed manually or by IdP groups. If the user is "Managed by IdP groups", remove the user from any IdP groups that are linked to teams with access to the organization. See [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users). + +{% else %} + +## 2. Understand how you manage membership + +If you have enabled user provisioning with SCIM on your {% data variables.product.prodname_ghe_server %} instance, check the member type of the user. If the user is "Managed by IdP groups", remove the user from any IdP groups that are linked to teams with access to the organization. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-account-type-saml-and-scim). + {% endif %} -{% data reusables.organizations.data_saved_for_reinstating_a_former_org_member %} +## {% ifversion fpt or ghec %}4.{% else %}3.{% endif %} Remove the user manually -## Revoking the user's membership +If the user's organization membership is **not** managed with by a SCIM integration, you can remove the user from an organization manually. {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md index be07decf8ef4..4d9e9019ffdd 100644 --- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md +++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md @@ -13,7 +13,7 @@ shortTitle: Repository custom properties ## About custom properties -{% data reusables.enterprise.custom-properties-intro %}. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties). +{% data reusables.enterprise.custom-properties-intro %}{% ifversion ghec or ghes > 3.20 %} See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-properties).{% endif %} This article relates to **repository custom properties.** @@ -35,7 +35,7 @@ You can add custom properties to your organization and set values for those prop 1. To add a new custom property, click **New property** in the upper right corner. 1. In the "Name" field, type the name you'd like to use for your custom property. The name can't contain spaces, and cannot exceed 75 characters in length. 1. Optionally, in the "Description" field, fill in a description of your custom property. -1. Under "Type", select the type of property you'd like to add. This can either be a text string{% ifversion ghes < 3.15 %} or a single select field{% else %}, a single select field, a multi select field, or a true/false boolean{% endif %}. +1. Under "Type", select the type of property you'd like to add. This can either be a text string{% ifversion ghes < 3.15 %} or a single select field{% else %}, a single select field, a multi select field, {% ifversion ghes > 3.20 %}a URL, {% endif %}or a true/false boolean{% endif %}. 1. Optionally, you can select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level "custom properties" fine-grained permission will be able to set and update the property value for their repository. 1. Optionally, you can select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your organization have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value. 1. Click **Save property**. diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md index 2cbb2b6746f2..c100d45d8435 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md @@ -69,6 +69,9 @@ Organization permissions do not grant read, write, or administrator access to an | {% ifversion secret-scanning-alert-dismiss-custom-role %} | | Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests | Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning) | | {% endif %} | +| {% ifversion copilot %} | +| View organization {% data variables.product.prodname_copilot_short %} metrics | View {% data variables.product.prodname_copilot_short %} usage metrics for your organization. | [AUTOTITLE](/copilot/concepts/copilot-metrics) | +| {% endif %} | {% endrowheaders %} diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md index f301d7a2f06a..433ebe1a5f73 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md @@ -205,6 +205,10 @@ Some of the features listed below are limited to organizations using {% data var | {% ifversion security-delegated-alert-dismissal %} | | Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests (see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)) | | | | | | | {% endif %} | +| {% ifversion dependabot-delegated-alert-dismissal %} | +| Review {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | | | | | | +| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | | | | | | +| {% endif %} | {% endrowheaders %} @@ -242,6 +246,10 @@ Some of the features listed below are limited to organizations using {% data var | {% ifversion security-delegated-alert-dismissal %} | | Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests | | | | | {% endif %} | +| {% ifversion dependabot-delegated-alert-dismissal %} | +| Review {% data variables.product.prodname_dependabot %} alert dismissal requests | | | | +| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests | | | | +| {% endif %} | | Manage {% data variables.product.prodname_dependabot_security_updates %} (see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)) | | | | | Manage an organization's SSH certificate authorities (see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)) | | | | | {% ifversion projects-v1 %} | diff --git a/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md b/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md index 78f84356120f..14fc272ad498 100644 --- a/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md +++ b/content/organizations/managing-programmatic-access-to-your-organization/about-programmatic-access-in-your-organization.md @@ -20,9 +20,11 @@ versions: ## {% data variables.product.prodname_github_apps %} -Organization owners can install {% data variables.product.prodname_github_apps %} on their organization. Repository admins can also install a {% data variables.product.prodname_github_app %} on the organization if the app does not request organization resources and if they only grant the app access to repositories where they are an admin. Organization members can submit a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization).{% else %}[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps).{% endif %} +Organization owners can install {% data variables.product.prodname_github_apps %} on their organization. Repository admins can also install a {% data variables.product.prodname_github_app %} on the organization if the app does not request organization resources and if they only grant the app access to repositories where they are an admin. Organization members and outside collaborators can submit a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization).{% else %}[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps).{% endif %} -Organization owners can prevent outside collaborators from requesting {% data variables.product.prodname_github_apps %} or from installing a {% data variables.product.prodname_github_app %} even if the collaborator is a repository admin. For more information, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests). +{% ifversion fpt or ghec or ghes > 3.19 %}Organization owners can restrict {% data variables.product.prodname_github_app %} installation to only organization owners. When this restriction is enabled, repository admins cannot install {% data variables.product.prodname_github_apps %} for their repositories and must instead use the request flow to ask organization owners to install apps.{% endif %} + +Organization owners can prevent users from requesting {% data variables.product.prodname_github_apps %} or from installing a {% data variables.product.prodname_github_app %} even if they are a repository admin. For more information, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests). Organization owners can review the {% data variables.product.prodname_github_apps %} that are installed on their organization and modify the repositories that each app can access. For more information, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-github-apps-installed-in-your-organization). @@ -32,7 +34,7 @@ To help maintain {% data variables.product.prodname_github_apps %} owned by thei ## {% data variables.product.prodname_oauth_apps %} -Organization managers can restrict {% data variables.product.prodname_oauth_apps %} from accessing organization resources. When these restrictions are enabled, organization members and outside collaborators can still request approval for individual {% data variables.product.prodname_oauth_apps %}. For more information, see [AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions). +Organization managers must approve {% data variables.product.prodname_oauth_apps %} that users would like to use in their organization. When this requirement is enabled, organization members and outside collaborators must request approval for individual {% data variables.product.prodname_oauth_apps %}. For more information, see [AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions) and [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests). {% endif %} diff --git a/content/organizations/managing-programmatic-access-to-your-organization/index.md b/content/organizations/managing-programmatic-access-to-your-organization/index.md index 305ee87228de..c807f0af1473 100644 --- a/content/organizations/managing-programmatic-access-to-your-organization/index.md +++ b/content/organizations/managing-programmatic-access-to-your-organization/index.md @@ -20,7 +20,7 @@ children: - /setting-a-personal-access-token-policy-for-your-organization - /managing-requests-for-personal-access-tokens-in-your-organization - /reviewing-and-revoking-personal-access-tokens-in-your-organization - - /limiting-oauth-app-and-github-app-access-requests + - /limiting-oauth-app-and-github-app-access-requests-and-installations - /viewing-api-insights-in-your-organization shortTitle: Manage programmatic access --- diff --git a/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations.md b/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations.md new file mode 100644 index 000000000000..add6ce259943 --- /dev/null +++ b/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations.md @@ -0,0 +1,58 @@ +--- +title: Limiting OAuth app and GitHub App access requests and installations +intro: 'As an organization owner, you can control which users can request organization access for apps{% ifversion fpt or ghec or ghes > 3.19 %}, and whether repository admins can install {% data variables.product.prodname_github_apps %}{% endif %}.' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +permissions: Organization owners can limit who can make app access requests to the organization{% ifversion fpt or ghec or ghes > 3.19 %} and who can install apps{% endif %}. +topics: + - Organizations + - GitHub Apps + - OAuth apps +shortTitle: Limit app requests and installations +redirect_from: + - /organizations/managing-organization-settings/limiting-oauth-app-and-github-app-access-requests + - /organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests +--- + +## About app access requests + +When app access requests are enabled, members and outside collaborators can request organization access for {% data variables.product.prodname_github_apps %}{% ifversion fpt or ghec %} and {% data variables.product.prodname_oauth_apps %}{% endif %} which have not yet been approved by your organization. For {% data variables.product.prodname_github_apps %} this is a request for installation, which grants the app access to your organization directly.{% ifversion fpt or ghec %} For {% data variables.product.prodname_oauth_apps %} this is a request to allow the app through the [AUTOTITLE](/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions), which allows the app to access your organization after it's signed in a user.{% endif %} + +You can control if {% ifversion fpt or ghec or ghes > 3.20 %}members or {% endif %}outside collaborators are able to request unapproved apps for your organization. Users can still consent to apps for use in their personal accounts, and use them with your organization if you've approved those apps for use. + +By default, app access requests are enabled. If your organization has a large number of {% ifversion fpt or ghec or ghes > 3.20 %}members or {% endif %}outside collaborators, you may want to disable app access requests to reduce the number of requests you have to review. + +## Enabling or disabling app access requests + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.profile.org_member_privileges %} +1. Under "{% ifversion fpt or ghec or ghes > 3.20 %}App{% else %}Integration{% endif %} access requests" select which users should be allowed to request apps and click **Save**. + +{% ifversion fpt or ghec or ghes > 3.20 %}Blocking app access requests from organization members is in public preview.{% endif %} + +{% ifversion fpt or ghec or ghes > 3.19 %} + +## About {% data variables.product.prodname_github_app %} installation restrictions + +By default, repository admins can install {% data variables.product.prodname_github_apps %} on repositories within your organization if the app does not request organization permissions or the "repository administration" permission. As an organization owner, you can restrict {% data variables.product.prodname_github_app %} installations to only organization owners. When this restriction is enabled: + +* Repository admins, including outside collaborators with repository admin access, cannot install {% data variables.product.prodname_github_apps %} on their repositories. +* Repository admins must use the request flow to ask organization owners to install apps on their repositories. +* Repository admins cannot add their repositories to existing {% data variables.product.prodname_github_app %} installations in the organization. + +This installation restriction applies to {% data variables.product.prodname_github_apps %} only. {% data variables.product.prodname_oauth_apps %} require organization approval by default and cannot be approved on a per-repository basis. + +> [!NOTE] +> If you have also disabled app access requests, users with repository admin access will be blocked from both installing apps and requesting installations. + +## Restricting {% data variables.product.prodname_github_app %} installation to organization owners + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.profile.org_member_privileges %} +1. Under "{% data variables.product.prodname_github_apps %}", deselect **Allow repository admins to install {% data variables.product.prodname_github_apps %} for their repositories** and click **Save**. + +{% endif %} diff --git a/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests.md b/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests.md deleted file mode 100644 index 43aaf45898d7..000000000000 --- a/content/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Limiting OAuth app and GitHub App access requests -intro: 'As an organization owner, you can choose whether to allow outside collaborators to request organization access for {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %}.' -versions: - fpt: '*' - ghes: '*' - ghec: '*' -permissions: Organization owners can limit who can make app access requests to the organization. -topics: - - Organizations - - GitHub Apps - - OAuth apps -shortTitle: Limit app access requests -redirect_from: - - /organizations/managing-organization-settings/limiting-oauth-app-and-github-app-access-requests ---- - -## About integration access requests - -When integration access requests are enabled, outside collaborators can request organization access for {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} which have not yet been approved by your organization. If you disable integration access requests, only organization members will be able to request organization access for unapproved {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}. Outside collaborators will still be able to consent to pre-approved {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} accessing the same resources the requesting outside collaborator has access to. - -By default, integration access requests are enabled. If your organization has a large number of outside collaborators, you may want to disable integration access requests, to reduce the number of requests you have to review. - -## Enabling or disabling integration access requests - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.profile.org_member_privileges %} -1. Under "Integration access requests" select or deselect **Allow integration requests from outside collaborators** and click **Save**. diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md index 81ca423d1e7d..6ae2a323e7e6 100644 --- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md +++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md @@ -166,7 +166,6 @@ Some of the features listed below are limited to organizations using {% data var | [Move a discussion to a different category](/discussions/managing-discussions-for-your-community/managing-discussions) | | {% ifversion discussions-moderators-control-who-can-report %}{% endif %} | | | | | [Transfer a discussion](/discussions/managing-discussions-for-your-community/managing-discussions) to a new repository| | | | | | | [Manage pinned discussions](/discussions/managing-discussions-for-your-community/managing-discussions) | | | | | | -| [Convert issues to discussions in bulk](/discussions/managing-discussions-for-your-community/managing-discussions) | | | | | | | [Lock and unlock discussions](/discussions/managing-discussions-for-your-community/moderating-discussions) | | | | | | | [Individually convert issues to discussions](/discussions/managing-discussions-for-your-community/moderating-discussions) | | | | | | | [Create new discussions and comment on existing discussions](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion) | | | | | | diff --git a/content/organizations/organizing-members-into-teams/about-teams.md b/content/organizations/organizing-members-into-teams/about-teams.md index 65f60763bd4a..29c27039578d 100644 --- a/content/organizations/organizing-members-into-teams/about-teams.md +++ b/content/organizations/organizing-members-into-teams/about-teams.md @@ -54,11 +54,11 @@ Each team has its own page within an organization. On a team's page, you can vie ## Nested teams -You can reflect your group or company's hierarchy within your {% data variables.product.github %} organization with multiple levels of nested teams. A parent team can have multiple child teams, while each child team only has one parent team. You cannot nest secret teams. +You can reflect your group or company's hierarchy within your {% data variables.product.github %} organization with multiple levels of nested teams. A parent team can have multiple child teams, while each child team only has one parent team. You cannot nest secret teams. Each nested team functions as a distinct entity with its own unique URL and directory within your organization. Child teams inherit the parent's access permissions, simplifying permissions management for large groups. Members of child teams also receive notifications when the parent team is @mentioned, simplifying communication with multiple groups of people. -For example, if your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access. If you @mention the Identity Team or any team at the bottom of the organization hierarchy, they're the only ones who will receive a notification. +For example, if your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access. If you @mention the Identity Team or any team at the bottom of the organization hierarchy, they're the only ones who will receive a notification. When mentioning a team, you do not need to include the full hierarchical path. Even though a team is nested, it retains a flat handle for mentions. To easily understand who shares a parent team's permissions and mentions, you can see all of the members of a parent team's child teams on the Members tab of the parent team's page. Members of a child team are not direct members of the parent team. diff --git a/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md b/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md index 6c17c703d342..0c93cc62954d 100644 --- a/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md +++ b/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md @@ -23,6 +23,7 @@ Organization owners can change the parent of any team. Team maintainers can chan > [!TIP] > * You cannot change a team's parent to a secret team. For more information, see [AUTOTITLE](/organizations/organizing-members-into-teams/about-teams). > * You cannot nest a parent team beneath one of its child teams. +> * Adding an existing child team to a new parent team removes it from its previous parent team. {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} diff --git a/content/packages/learn-github-packages/introduction-to-github-packages.md b/content/packages/learn-github-packages/introduction-to-github-packages.md index 95b39b5b0422..ea9e92ee35e3 100644 --- a/content/packages/learn-github-packages/introduction-to-github-packages.md +++ b/content/packages/learn-github-packages/introduction-to-github-packages.md @@ -43,6 +43,25 @@ The permissions for a package are either inherited from the repository where the {% data reusables.package_registry.public-or-private-packages %} +{% ifversion virtual-registry %} + +## About linked artifacts for organizations + +The {% data variables.product.virtual_registry %} is an alternative view that you can also access in the "Packages" section of an organization's settings. + +Like {% data variables.product.prodname_registry %}, the {% data variables.product.virtual_registry %} allows you to collect information about your organization's builds in a single place. Teams can use the {% data variables.product.virtual_registry %} to find an artifact's source code, build details, and deployment history. + +Unlike {% data variables.product.prodname_registry %}, the {% data variables.product.virtual_registry %} does **not** host the package or image files themselves. Instead, it provides an authoritative source for the metadata associated with each package or image. + +Your organization may benefit from using the {% data variables.product.virtual_registry %} either: + +* **Alongside** {% data variables.product.prodname_registry %}, as an complementary view focused on the compliance and security aspects of package consumption +* **As an alternative to** {% data variables.product.prodname_registry %}, allowing you to store your packages on an external registry of your choice while maintaining visibility of the packages on {% data variables.product.github %} + +For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). + +{% endif %} + {% ifversion fpt or ghec %} ## About billing for {% data variables.product.prodname_registry %} diff --git a/content/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks.md b/content/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks.md index 9a795f4fec90..e18a320c50a4 100644 --- a/content/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks.md +++ b/content/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks.md @@ -22,7 +22,7 @@ Anyone with write permissions to a repository can set the state for any status c You can see the overall state of the last commit to a branch on your repository's branches page or in your repository's list of pull requests. -{% data reusables.pull_requests.required-checks-must-pass-to-merge %} +If status checks are required for a repository, they must pass before you can merge your branch into the protected branch. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging). {% data reusables.actions.workflows.skipped-job-status-checks-passing %} diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md index ae7843547532..b6f81a382f41 100644 --- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md +++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md @@ -1,6 +1,6 @@ --- title: About pull requests -intro: 'Learn about pull requests and draft pull requests on {% data variables.product.github %}. Pull requests communicate changes to a branch in a repository. Once a pull request is opened, you can review changes with collaborators and add follow-up commits.' +intro: 'Pull requests let you propose, review, and merge code changes.' redirect_from: - /github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests - /articles/using-pull-requests @@ -15,42 +15,23 @@ topics: - Pull requests --- -## About pull requests +Pull requests are proposals to merge code changes into a project. A pull request is {% data variables.product.github %}'s foundational **collaboration feature**, letting you discuss and review changes before merging them. This helps teams work together, catch issues early, and maintain code quality. -A pull request is a proposal to merge a set of changes from one branch into another. In a pull request, collaborators can review and discuss the proposed set of changes before they integrate the changes into the main codebase. Pull requests display the differences, or diffs, between the content in the source branch and the content in the target branch. +View your pull requests {% octicon "link-external" height:16 aria-label="link-external" %} -> [!NOTE] -> When working with pull requests, keep the following in mind: -> * If you're working in the [shared repository model](/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models), we recommend that you use a topic branch for your pull request. While you can send pull requests from any branch or commit, with a topic branch you can push follow-up commits if you need to update your proposed changes. -> * Be very careful when force pushing commits to a pull request. Force pushing changes the repository history and can corrupt your pull request. If other collaborators branch the project before a force push, the force push may overwrite commits that collaborators based their work on. +## Working with pull requests -You can create pull requests on {% data variables.product.prodname_dotcom_the_website %}, with {% data variables.product.prodname_desktop %}{% ifversion fpt or ghec %}, in {% data variables.product.prodname_github_codespaces %}{% endif %}, on {% data variables.product.prodname_mobile %}, and when using GitHub CLI. +The **Conversation** tab of a pull request displays a description of the changes, a timeline of events, and comments and reviews from collaborators. This central hub lets you track the discussion and progress of the proposed changes. -After initializing a pull request, you'll see a review page that shows a high-level overview of the changes between your branch (the compare branch) and the repository's base branch. You can add a summary of the proposed changes, review the changes made by commits, add labels, milestones, and assignees, and @mention individual contributors or teams. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). +The **Commits** tab shows all commits made to the pull request branch in chronological order. This helps you understand the development history and see how the changes evolved over time. -Once you've created a pull request, you can push commits from your topic branch to add them to your existing pull request. These commits will appear in chronological order within your pull request and the changes will be visible in the "Files changed" tab. +The **Checks** tab displays the status of any automated tests, builds, or other continuous integration workflows that run when you push commits. These checks help ensure your changes meet quality standards before merging. -Other contributors can review your proposed changes, add review comments, contribute to the pull request discussion, and even add commits to the pull request. {% ifversion pull-request-approval-limit %}{% data reusables.pull_requests.code-review-limits %}{% endif %} - -{% ifversion fpt or ghec %} -You can see information about the branch's current deployment status and past deployment activity on the "Conversation" tab. See [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-deployment-activity-for-your-repository). -{% endif %} - -After you're happy with the proposed changes, you can merge the pull request. If you're working in a shared repository model, you create a pull request and you, or someone else, will merge your changes from your feature branch into the base branch you specify in your pull request. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request). - -{% data reusables.pull_requests.required-checks-must-pass-to-merge %} - -{% data reusables.pull_requests.close-issues-using-keywords %} - -> [!TIP] -> * To toggle between collapsing and expanding all outdated review comments in a pull request, hold down OptionAltAlt and click **Show outdated** or **Hide outdated**. For more shortcuts, see [AUTOTITLE](/get-started/accessibility/keyboard-shortcuts). -> * You can squash commits when merging a pull request to gain a more streamlined view of changes. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges). - -You can visit your dashboard to quickly find links to recently updated pull requests you're working on or subscribed to. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard). +The **Files changed** tab shows the differences between the proposed changes and the existing code, making it easy to see what will change when the pull request merges. ## Draft pull requests -When you create a pull request, you can choose to create a pull request that is ready for review or a draft pull request. Draft pull requests cannot be merged, and code owners are not automatically requested to review draft pull requests. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) and [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). +When you create a pull request, you can choose to make it a draft pull request. Draft pull requests cannot be merged, and code owners are not automatically requested to review them. This is useful when you want to share work-in-progress without formally requesting reviews. {% data reusables.pull_requests.mark-ready-review %} You can convert a pull request to a draft at any time. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). @@ -59,11 +40,10 @@ When you create a pull request, you can choose to create a pull request that is The compare and pull request pages use different methods to calculate the diff for changed files: * Compare pages show the diff between the tip of the head ref and the current common ancestor (that is, the merge base) of the head and base ref. -* Pull request pages show the diff between the tip of the head ref and the common ancestor of the head and base ref at the time when the pull request was created. Consequently, the merge base used for the comparison might be different. +* Pull request pages show the diff between the tip of the head ref and the common ancestor of the head and base ref at the time when the pull request was created. As a result, the merge base used for the comparison might be different. ## Further reading -* [AUTOTITLE](/get-started/learning-about-github/github-glossary#pull-request) in the {% data variables.product.prodname_dotcom %} glossary +* [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) * [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches) * [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request) -* [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request) diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews.md index 370f5b33f37c..4cc440566f1e 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews.md @@ -1,6 +1,6 @@ --- title: About pull request reviews -intro: 'Reviews allow collaborators to comment on the changes proposed in pull requests, approve the changes, or request further changes before the pull request is merged. Repository administrators can require that all pull requests are approved before being merged.' +intro: 'Collaborate on pull requests to improve code quality.' redirect_from: - /github/collaborating-with-issues-and-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews - /articles/about-pull-request-reviews @@ -14,51 +14,31 @@ topics: - Pull requests shortTitle: About PR reviews --- -## About pull request reviews -After a pull request is opened, anyone with _read_ access can review and comment on the changes it proposes. You can also suggest specific changes to lines of code, which the author can apply directly from the pull request. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request). +Pull request reviews are one of the primary ways people collaborate on {% data variables.product.github %}. Reviewers can comment on changes, suggest improvements, and approve or request changes before code is merged. This collaborative process enables teams to ensure code quality and share knowledge. -{% ifversion pull-request-approval-limit %}{% data reusables.pull_requests.code-review-limits %}{% endif %} +{% raw %}View pull requests awaiting your review{% endraw %} -Repository owners and collaborators can request a pull request review from a specific person. Organization members can also request a pull request review from a team with read access to the repository. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). You can specify a subset of team members to be automatically assigned in the place of the whole team. For more information, see [AUTOTITLE](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team). +## Reviewing pull requests -Reviews allow for discussion of proposed changes and help ensure that the changes meet the repository's contributing guidelines and other quality standards. You can define which individuals or teams own certain types or areas of code in a CODEOWNERS file. When a pull request modifies code that has a defined owner, that individual or team will automatically be requested as a reviewer. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). +Anyone with read access can review and comment on proposed changes. When submitting a review, choose one of three statuses: -For an introduction to requesting and providing pull request reviews, see the [Review pull requests](https://github.com/skills/review-pull-requests) {% data variables.product.prodname_learning %} course. +* **Comment**: Share feedback without approving or requesting changes. +* **Approve**: Approve the changes for merging. +* **Request changes**: Identify issues that must be fixed before merging. -{% ifversion fpt or ghec %}You can schedule reminders for pull requests that need to be reviewed. For more information, see [AUTOTITLE](/organizations/organizing-members-into-teams/managing-scheduled-reminders-for-your-team).{% endif %} +You can comment on specific lines, suggest changes for authors to apply directly, and discuss implementation approaches. Reviews appear in the conversation timeline and merge box. Mark conversation threads as resolved to track addressed feedback. -A review has three possible statuses: -* **Comment:** Submit general feedback without explicitly approving the changes or requesting additional changes. -* **Approve:** Submit feedback and approve merging the changes proposed in the pull request. -* **Request changes:** Submit feedback that must be addressed before the pull request can be merged. +## Requesting reviews -{% data reusables.repositories.request-changes-tips %} - -You can view all of the reviews a pull request has received in the Conversation timeline, and you can see reviews by repository owners and collaborators in the pull request's merge box. - -![Screenshot of the merge box for a pull request. A review by Octocat with requested changes is listed.](/assets/images/help/pull_requests/merge_box/pr-reviews-in-merge-box.png) - -{% data reusables.search.requested_reviews_search_tip %} - -{% data reusables.pull_requests.resolving-conversations %} - -## Re-requesting a review - -{% data reusables.pull_requests.re-request-review %} +Repository owners and collaborators can request reviews from specific people or teams. When you define code owners in a CODEOWNERS file, they're automatically requested as reviewers when a pull request modifies their code. You can re-request reviews after making significant changes. ## Required reviews -{% data reusables.pull_requests.required-reviews-for-prs-summary %} For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). - -> [!TIP] -> If necessary, people with _admin_ or _write_ access to a repository can dismiss a pull request review. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review). +Repository administrators can require approvals before pull requests are merged, ensuring code quality and preventing accidental merges. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). ## Further reading * [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request) -* [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/viewing-a-pull-request-review) -* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors){% ifversion copilot %} -* [AUTOTITLE](/copilot/using-github-copilot/code-review/using-copilot-code-review) -* [AUTOTITLE](/copilot/using-github-copilot/coding-agent/using-copilot-to-work-on-an-issue){% endif %}{% ifversion code-quality %} -* [AUTOTITLE](/code-security/code-quality/tutorials/fix-findings-in-prs){% endif %} +* [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) +* Learn more in the [Review pull requests](https://github.com/skills/review-pull-requests?ref_product=github&ref_type=engagement&ref_style=text) {% data variables.product.prodname_learning %} course diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request.md index c47b8101bfe4..a95b8e915b75 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request.md @@ -54,7 +54,23 @@ To reply to an existing line or file comment, you'll need to navigate to the com Anyone watching the pull request or repository will receive a notification of your comments. Batching your comments avoids multiple notifications being sent. {% ifversion copilot %}If you are commenting on a pull request created by {% data variables.product.prodname_copilot_short %}, batching your comments prevents {% data variables.product.prodname_copilot_short %} from starting to work on individual comments before you have completed your review. See [AUTOTITLE](/copilot/using-github-copilot/coding-agent/using-copilot-to-work-on-an-issue).{% endif %} -{% data reusables.pull_requests.resolving-conversations %} +### Resolving conversations + +You can resolve a conversation in a pull request if you opened the pull request or if you have write access to the repository where the pull request was opened. + +To indicate that a conversation on the **Files changed** tab is complete, click **Resolve conversation**. + +The entire conversation will be collapsed and marked as resolved, making it easier to find conversations that still need to be addressed. + +If the suggestion in a comment is out of your pull request's scope, you can open a new issue that tracks the feedback and links back to the original comment. For more information, see [AUTOTITLE](/issues/tracking-your-work-with-issues/creating-an-issue#creating-an-issue-from-a-comment). + +#### Discovering and navigating conversations + +You can discover and navigate to all the conversations in your pull request using the **Conversations** menu that's shown at the top of the **Files Changed** tab. + +From this view, you can see which conversations are unresolved, resolved, and outdated. This makes it easy to discover and resolve conversations. + +![Screenshot of the "Conversations" menu on the "Files Changed" tab of a pull request.](/assets/images/help/pull_requests/conversations-menu.png) ## Further reading diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request.md index b7935b568244..f02f6fe0aaa4 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request.md @@ -38,7 +38,8 @@ Each person who suggested a change included in the commit will be a co-author of ## Re-requesting a review -{% data reusables.pull_requests.re-request-review %} +You can re-request a review, for example, after you've made substantial changes to your pull request. +To request a fresh review from a reviewer, in the sidebar of the **Conversation** tab, click the {% octicon "sync" aria-label="The sync icon" %} icon. ## Opening an issue for an out-of-scope suggestion diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md index 95edbe3c99ff..7c61a876801a 100644 --- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md +++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md @@ -135,7 +135,25 @@ Optionally, you can require a merge type of merge, squash, or rebase. This means {% endif %} {% ifversion repo-rules-required-reviewer %} -Optionally, you can require review from specific teams. This means you can add a select number of reviewers who must submit a specific number of reviews for specific files and folders. + +#### Required reviewers + +Optionally, you can require review or approval from specific teams when a pull request changes certain files or directories. You can specify up to 15 different teams, and for each team you can require a certain number of approvals from team members. + +The **Reviewer** dropdown allows you to select any team which is in scope where the rule is being defined. + +* **Organization-wide rules**: The team must belong to the organization. +* **Repository-level rules**: The team must belong to the organization that owns the repository. + +This rule is not available on user-owned repositories as they do not contain teams. + +Required approvals can be set from 0 (zero) to 10. Requiring zero approvals means that the team will be added for visibility, but the team does not need to approve the request. + +For each team, you can specify a list of file patterns which determines what files the setting applies to. The format of this file list is the same as a standard [`.gitignore`](/get-started/git-basics/ignoring-files) file: + +* A pattern starting with an exclamation mark (`!`) is a negation. This will cause paths matching earlier patterns to *not* require approvals. +* Patterns are matched in order, so negated patterns can "unmatch" files which matched previous rules. + {% endif %} ## Require status checks to pass before merging diff --git a/content/repositories/creating-and-managing-repositories/about-repositories.md b/content/repositories/creating-and-managing-repositories/about-repositories.md index 1db94dffe657..2492d26efe52 100644 --- a/content/repositories/creating-and-managing-repositories/about-repositories.md +++ b/content/repositories/creating-and-managing-repositories/about-repositories.md @@ -100,7 +100,7 @@ People with admin permissions for a repository can change an existing repository ## About internal repositories -{% data reusables.repositories.about-internal-repos %} For more information on innersource, see {% data variables.product.prodname_dotcom %}'s whitepaper [An introduction to innersource](https://resources.github.com/whitepapers/introduction-to-innersource/). +{% data reusables.repositories.about-internal-repos %} For more information on innersource, see [AUTOTITLE](/admin/concepts/enterprise-best-practices/use-innersource). {% ifversion ghec %} diff --git a/content/repositories/creating-and-managing-repositories/deleting-a-repository.md b/content/repositories/creating-and-managing-repositories/deleting-a-repository.md index 4ae04495d95c..7e172dd88ad5 100644 --- a/content/repositories/creating-and-managing-repositories/deleting-a-repository.md +++ b/content/repositories/creating-and-managing-repositories/deleting-a-repository.md @@ -20,7 +20,7 @@ topics: Deleting a public repository will not delete any forks of the repository. > [!WARNING] -> * Deleting a repository will **permanently** delete release attachments and team permissions. This action **cannot** be undone. +> * Deleting a repository will **permanently** delete team permissions. This action **cannot** be undone. > * Deleting a private{% ifversion ghes or ghec %} or internal{% endif %} repository will delete all forks of the repository. Some deleted repositories can be restored within 90 days of deletion. {% ifversion ghes %}Your site administrator may be able to restore a deleted repository for you. For more information, see [AUTOTITLE](/admin/user-management/managing-repositories-in-your-enterprise/restoring-a-deleted-repository). {% else %}For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/restoring-a-deleted-repository).{% endif %} diff --git a/content/repositories/creating-and-managing-repositories/index.md b/content/repositories/creating-and-managing-repositories/index.md index 36516d42b6d1..b5d0753944ff 100644 --- a/content/repositories/creating-and-managing-repositories/index.md +++ b/content/repositories/creating-and-managing-repositories/index.md @@ -27,6 +27,7 @@ children: - /transferring-a-repository - /deleting-a-repository - /restoring-a-deleted-repository + - /viewing-all-your-repositories shortTitle: Create & manage repositories --- diff --git a/content/repositories/creating-and-managing-repositories/restoring-a-deleted-repository.md b/content/repositories/creating-and-managing-repositories/restoring-a-deleted-repository.md index 55b03b13a75c..6c08a3cbcc84 100644 --- a/content/repositories/creating-and-managing-repositories/restoring-a-deleted-repository.md +++ b/content/repositories/creating-and-managing-repositories/restoring-a-deleted-repository.md @@ -36,7 +36,7 @@ If you want to restore a repository that was part of a fork network that is not It can take up to an hour after a repository is deleted before that repository is available for restoration. -Restoring a repository will not restore release attachments or team permissions. Issues that are restored will not be labeled. +Restoring a repository will not restore team permissions. Issues that are restored will not be labeled. ## Restoring a deleted repository that was owned by a personal account diff --git a/content/repositories/creating-and-managing-repositories/viewing-all-your-repositories.md b/content/repositories/creating-and-managing-repositories/viewing-all-your-repositories.md new file mode 100644 index 000000000000..dd7eee192f4b --- /dev/null +++ b/content/repositories/creating-and-managing-repositories/viewing-all-your-repositories.md @@ -0,0 +1,47 @@ +--- +title: Viewing all repositories +intro: 'The repository dashboard lists the repositories you''ve created as well as where you''ve made contributions. You can use search and filters to find the right repositories and create saved views.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.22' +topics: + - Repositories +shortTitle: View all repositories +type: how_to +--- + +## Viewing repositories + +Your repository dashboard is available at the top of any page. On the dashboard, you can see repositories by `My contributions`, `My repositories`, and `My forks`. + +1. At the top of any page, click **{% octicon "repo" aria-hidden="true" aria-label="repo" %}** to see your repositories. + +1. Optionally, choose a filter or use the search bar to filter for more specific results. Refine your search using filters like `visibility`, `language`, `organization`, and more. Sort by relevance to intelligently surface the repositories you're most active in. + +{% ifversion issues-saved-views %} + +## Tracking repositories with saved views + +To help you better monitor and find repositories across multiple organizations, you can create saved views on the repository dashboard. + +You can create up to 25 saved views. + +### Create a saved view + +1. At the top of any page, click **{% octicon "repo" aria-hidden="true" aria-label="repo" %}** to see your repositories. +1. On the left sidebar, under "Views", click **{% octicon "plus" aria-label="Create view" %}**. +1. Add a title, description, and custom icon for your view. +1. Under "Query", build your search query using the advanced filters. For help using filters, see [AUTOTITLE](/search-github/searching-on-github/searching-for-repositories). + > [!TIP] Use the `organization:` filter followed by `props.key:value` to find repositories by organization custom properties. +1. Click **Save view**. + +### Edit, duplicate, or delete a saved view + +1. At the top of any page, click **{% octicon "repo" aria-hidden="true" aria-label="repo" %}** to see your repositories. +1. On the left sidebar, under "Views", click the saved view you want to edit, duplicate or delete. +1. To the right of the name of the saved view, click **{% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}**. +1. Click **{% octicon "pencil" aria-hidden="true" aria-label="pencil" %} Edit** to modify the view, **{% octicon "duplicate" aria-hidden="true" aria-label="duplicate" %} Duplicate** to create a copy of the view, or **{% octicon "trash" aria-hidden="true" aria-label="trash" %} Delete** to remove the view. + +{% endif %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes.md b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes.md index cae4d6ac9f3f..e2466d4fe321 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes.md @@ -38,7 +38,7 @@ When your README is viewed on GitHub, any content beyond 500 KiB will be truncat ## Auto-generated table of contents for markdown files -For the rendered view of any Markdown file in a repository, including README files, {% data variables.product.github %} will automatically generate a table of contents based on section headings. You can view the table of contents for a README file by clicking the {% octicon "list-unordered" aria-label="Table of Contents" %} menu icon in the top corner of the rendered page. +For the rendered view of any Markdown file in a repository, including README files, {% data variables.product.github %} will automatically generate a table of contents based on section headings. You can view the table of contents for a README file by clicking the "Outline" menu icon {% octicon "list-unordered" aria-label="Table of Contents" %} in the top corner of the rendered page. ## Section links in markdown files and blob pages diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-pull-requests.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-pull-requests.md new file mode 100644 index 000000000000..a2520c580672 --- /dev/null +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-pull-requests.md @@ -0,0 +1,31 @@ +--- +title: Disabling pull requests +intro: You may wish to modify pull request access for your repository if you want to restrict contributions, or disable them entirely. +redirect_from: + - /github/managing-your-work-on-github/managing-your-work-with-issues-and-pull-requests/disabling-pull-requests + - /articles/disabling-pull-requests + - /github/managing-your-work-on-github/disabling-pull-requests + - /github/administering-a-repository/managing-repository-settings/disabling-pull-requests +versions: + feature: disable-restrict-prs +topics: + - Pull requests +--- +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +1. To disable pull requests entirely, under "Features", deselect **Pull requests**. + +If you decide to enable pull requests again in the future, any pull requests that were previously added will be available. + +1. To restrict pull requests to collaborators only, in the dropdown under "Pull requests" select **Collaborators only**. + + In personal repositories, a collaborator is anyone who has been invited to the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/repository-access-and-collaboration/permission-levels-for-a-personal-account-repository#collaborator-access-for-a-repository-owned-by-a-personal-account). + + In organization repositories, a collaborator is a user who has been granted the write, maintain, or admin role for the repository. For more information about organization roles, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization#repository-roles-for-organizations). + +{% ifversion fpt or ghec %} + +> [!TIP] +> Please contact us through the {% data variables.contact.contact_support_portal %} if you want to turn off pull requests because of abuse from strangers. {% data reusables.policies.abuse %} + +{% endif %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/index.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/index.md index 3cbed24690a4..d7f4aea7324f 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/index.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/index.md @@ -9,6 +9,7 @@ topics: - Repositories children: - /disabling-issues + - /disabling-pull-requests - /disabling-projects-in-a-repository - /managing-github-actions-settings-for-a-repository - /enabling-or-disabling-github-discussions-for-a-repository diff --git a/content/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository.md b/content/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository.md index b533de17ef28..243da2acfc7e 100644 --- a/content/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository.md +++ b/content/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository.md @@ -1,7 +1,7 @@ --- title: Viewing traffic to a repository intro: 'Anyone with push access to a repository can view its traffic, including full clones (not fetches), visitors from the past 14 days, referring sites, and popular content in the traffic graph.' -product: 'This repository insights graph is available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}.{% ifversion fpt %} For more information, see [About repository graphs](/articles/about-repository-graphs) and [{% data variables.product.prodname_dotcom %}''s products](/articles/github-s-products).{% endif %}' +product: 'This repository insights graph is available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}. It is not available on {% data variables.enterprise.data_residency_site %}.{% ifversion fpt %} For more information, see [About repository graphs](/articles/about-repository-graphs) and [{% data variables.product.prodname_dotcom %}''s products](/articles/github-s-products).{% endif %}' redirect_from: - /articles/viewing-traffic-to-a-repository - /github/visualizing-repository-data-with-graphs/viewing-traffic-to-a-repository @@ -27,5 +27,7 @@ Referring sites and popular content are ordered by views and unique visitors. Fu {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} + 1. In the left sidebar, click **Traffic**. + ![Screenshot of the "Traffic" tab. The tab is highlighted with a dark orange outline.](/assets/images/help/graphs/traffic-tab.png) diff --git a/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md b/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md index c69eddc04874..3a706893a3c3 100644 --- a/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md +++ b/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md @@ -23,7 +23,7 @@ shortTitle: Add a file Files that you add to a repository via a browser are limited to {% data variables.large_files.max_github_browser_size %} per file. You can add larger files, up to {% data variables.large_files.max_github_size %} each, via the command line. For more information, see [Adding a file to a repository using the command line](#adding-a-file-to-a-repository-using-the-command-line). To add files larger than {% data variables.large_files.max_github_size %}, you must use {% data variables.large_files.product_name_long %}. For more information, see [AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github). -You can upload multiple files to {% data variables.product.github %} at the same time. +You can upload up to 100 files to {% data variables.product.github %} at the same time. {% data reusables.repositories.protected-branches-block-web-edits-uploads %} diff --git a/content/rest/billing/cost-centers.md b/content/rest/billing/cost-centers.md index 8e06b9263d7f..8e49f282328c 100644 --- a/content/rest/billing/cost-centers.md +++ b/content/rest/billing/cost-centers.md @@ -8,5 +8,12 @@ topics: autogenerated: rest allowTitleToDifferFromFilename: true --- +## Required roles + +The following roles can access cost center API endpoints: + +* **Enterprise owners** +* **Billing managers** +* **Organization owners** diff --git a/content/rest/billing/usage.md b/content/rest/billing/usage.md index 345e5f538903..2386b7ea6f63 100644 --- a/content/rest/billing/usage.md +++ b/content/rest/billing/usage.md @@ -10,4 +10,13 @@ autogenerated: rest allowTitleToDifferFromFilename: true --- +The endpoints on this page return usage that is billed to the account associated with the endpoint. For help deciding which level of usage to report on, see [AUTOTITLE](/billing/tutorials/automate-usage-reporting#step-1-decide-what-level-to-report-on). + +* User endpoints return {% data variables.product.prodname_copilot_short %} usage that is billed directly to an individual user’s personal account. These endpoints are only applicable if the user has purchased their own {% data variables.product.prodname_copilot_short %} plan. +* If a user’s {% data variables.product.prodname_copilot_short %} license is managed and billed through an organization or enterprise, their usage is not included in user-level endpoints. In that case, you must use the organization- or enterprise-level endpoints instead. + +{% ifversion fpt %}To view enterprise-level endpoints, select the dropdown menu at the top of the page and switch from Free, Pro, & Team to {% data variables.product.prodname_ghe_cloud %}. + +{% else %}To view user- and organization-level endpoints, select the dropdown menu at the top of the page and switch from {% data variables.product.prodname_ghe_cloud %} to Free, Pro, & Team.{% endif %} + diff --git a/content/rest/copilot/copilot-metrics.md b/content/rest/copilot/copilot-metrics.md index 42df36aa7635..06460081d9d0 100644 --- a/content/rest/copilot/copilot-metrics.md +++ b/content/rest/copilot/copilot-metrics.md @@ -13,6 +13,8 @@ redirect_from: - /rest/copilot/copilot-usage --- +{% data reusables.copilot.copilot-metrics-closing-down %} + You can use these endpoints to get a breakdown of aggregated metrics for various {% data variables.product.prodname_copilot %} features. The API includes: * Data for the last 100 days @@ -20,6 +22,4 @@ You can use these endpoints to get a breakdown of aggregated metrics for various * Breakdowns by language and IDE * The option to view metrics for an enterprise, organization, or team -{% data reusables.copilot.metrics-api-ghecom %} - diff --git a/content/rest/copilot/copilot-usage-metrics.md b/content/rest/copilot/copilot-usage-metrics.md index 075e5b5d0db1..d8caefa952e1 100644 --- a/content/rest/copilot/copilot-usage-metrics.md +++ b/content/rest/copilot/copilot-usage-metrics.md @@ -10,4 +10,13 @@ autogenerated: rest allowTitleToDifferFromFilename: true --- + + + +{% data reusables.copilot.usage-metrics-preview %} + + + +To enable these endpoints, the "{% data variables.product.prodname_copilot_short %} usage metrics" policy must be set to **Enabled everywhere** for the enterprise. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies#defining-policies-for-your-enterprise). + diff --git a/content/rest/dependabot/alert-dismissal-requests.md b/content/rest/dependabot/alert-dismissal-requests.md new file mode 100644 index 000000000000..23d97a9c145c --- /dev/null +++ b/content/rest/dependabot/alert-dismissal-requests.md @@ -0,0 +1,14 @@ +--- +title: REST API endpoints for {% data variables.product.prodname_dependabot %} alert dismissal requests +shortTitle: Alert dismissal requests +intro: 'Use the REST API to manage {% data variables.product.prodname_dependabot %} alert dismissal requests for a repository.' +versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 + ghec: '*' + ghes: '>=3.19' +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +--- + + diff --git a/content/rest/dependabot/index.md b/content/rest/dependabot/index.md index 9960a6843631..74eb364ab0c1 100644 --- a/content/rest/dependabot/index.md +++ b/content/rest/dependabot/index.md @@ -1,8 +1,10 @@ --- -title: 'REST API endpoints for {% data variables.product.prodname_dependabot %}' +title: REST API endpoints for {% data variables.product.prodname_dependabot %} shortTitle: Dependabot intro: >- - Use the REST API to interact with {% data variables.product.prodname_dependabot_alerts %} and secrets for an organization or repository. + Use the REST API to interact with {% data + variables.product.prodname_dependabot_alerts %} and secrets for an + organization or repository. allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -11,6 +13,7 @@ versions: topics: - API children: + - /alert-dismissal-requests - /alerts - /repository-access - /secrets diff --git a/content/rest/metrics/traffic.md b/content/rest/metrics/traffic.md index c69156ab4f0c..774491581886 100644 --- a/content/rest/metrics/traffic.md +++ b/content/rest/metrics/traffic.md @@ -15,4 +15,11 @@ autogenerated: rest You can use these endpoints to retrieve information provided in your repository graph, for repositories that you have write access to. For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository). +{% ifversion ghec %} + +> [!NOTE] +> Repository traffic stats are not available through the REST API or UI on {% data variables.enterprise.data_residency_site %}. + +{% endif %} + diff --git a/content/rest/migrations/orgs.md b/content/rest/migrations/orgs.md index 561c1063ec81..5184e82ca95e 100644 --- a/content/rest/migrations/orgs.md +++ b/content/rest/migrations/orgs.md @@ -22,4 +22,6 @@ These endpoints are only available to authenticated organization owners. For mor {% data variables.migrations.organization_migrations_intro %} +{% ifversion ghec %}{% data variables.migrations.enterprise_cloud_with_data_residency %}{% endif %} + diff --git a/content/rest/migrations/users.md b/content/rest/migrations/users.md index c3b771b13009..99093ee1aa2b 100644 --- a/content/rest/migrations/users.md +++ b/content/rest/migrations/users.md @@ -24,4 +24,6 @@ To download an archive, you'll need to start a user migration first. Once the st Once you've created a migration archive, it will be available to download for seven days. But, you can delete the user migration archive sooner if you'd like. You can unlock your repository when the migration is `exported` to begin using your repository again or delete the repository if you no longer need the source data. +{% ifversion ghec %}{% data variables.migrations.enterprise_cloud_with_data_residency %}{% endif %} + diff --git a/content/rest/orgs/artifact-metadata.md b/content/rest/orgs/artifact-metadata.md index 079d6190e59f..cd3d7533bd70 100644 --- a/content/rest/orgs/artifact-metadata.md +++ b/content/rest/orgs/artifact-metadata.md @@ -11,6 +11,6 @@ autogenerated: rest allowTitleToDifferFromFilename: true --- -When you view {% data variables.product.prodname_dependabot %} or {% data variables.product.prodname_code_scanning %} alerts for an organization, you can use artifact metadata to filter and prioritize alerts, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code). +You can use these endpoints to upload storage and deployment records for software that your organization builds with {% data variables.product.prodname_actions %}. The records are displayed on the organization's {% data variables.product.virtual_registry %}. See [AUTOTITLE](/code-security/concepts/supply-chain-security/linked-artifacts). diff --git a/content/rest/orgs/custom-properties-for-orgs.md b/content/rest/orgs/custom-properties-for-orgs.md index 499f0ddc8701..a035a0e3d222 100644 --- a/content/rest/orgs/custom-properties-for-orgs.md +++ b/content/rest/orgs/custom-properties-for-orgs.md @@ -1,9 +1,8 @@ --- title: REST API endpoints for an organization's custom property values shortTitle: Custom properties for organizations -intro: 'Use the REST API to manage custom property values for an organization' +intro: Use the REST API to manage custom property values for an organization versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - fpt: '*' ghec: '*' topics: - API diff --git a/content/rest/projects-classic/cards.md b/content/rest/projects-classic/cards.md index 5aead9540e68..7f62e7d84d77 100644 --- a/content/rest/projects-classic/cards.md +++ b/content/rest/projects-classic/cards.md @@ -8,7 +8,6 @@ intro: >- Use the REST API to create and manage cards on a {% data variables.projects.projects_v1_board %}. versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - ghec: '*' ghes: <=3.16 topics: - API diff --git a/content/rest/projects-classic/collaborators.md b/content/rest/projects-classic/collaborators.md index a49e23eaa290..9922e6c090da 100644 --- a/content/rest/projects-classic/collaborators.md +++ b/content/rest/projects-classic/collaborators.md @@ -1,14 +1,14 @@ --- -title: 'REST API endpoints for {% data variables.product.prodname_project_v1_caps %} collaborators' +title: >- + REST API endpoints for {% data variables.product.prodname_project_v1_caps %} + collaborators shortTitle: Collaborators allowTitleToDifferFromFilename: true intro: >- Use the REST API to manage collaborators on a {% data variables.projects.projects_v1_board %}. versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - fpt: '*' - ghec: '*' - ghes: '*' + ghes: <=3.16 topics: - API autogenerated: rest diff --git a/content/rest/projects-classic/columns.md b/content/rest/projects-classic/columns.md index 8b8c828001ec..f9c13a28cc9b 100644 --- a/content/rest/projects-classic/columns.md +++ b/content/rest/projects-classic/columns.md @@ -1,14 +1,14 @@ --- -title: 'REST API endpoints for {% data variables.product.prodname_project_v1_caps %} columns' +title: >- + REST API endpoints for {% data variables.product.prodname_project_v1_caps %} + columns shortTitle: Columns allowTitleToDifferFromFilename: true intro: >- Use the REST API to create and manage columns on a {% data variables.projects.projects_v1_board %}. versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - fpt: '*' - ghec: '*' - ghes: '*' + ghes: <=3.16 topics: - API autogenerated: rest diff --git a/content/rest/projects/fields.md b/content/rest/projects/fields.md index 702b1fdfe4c0..80ab225c7f0a 100644 --- a/content/rest/projects/fields.md +++ b/content/rest/projects/fields.md @@ -5,7 +5,6 @@ intro: Use the REST API to manage Project fields versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 fpt: '*' ghec: '*' - ghes: '>=3.19' topics: - API autogenerated: rest diff --git a/content/rest/projects/index.md b/content/rest/projects/index.md index 1ec807fba81e..a6083c992b73 100644 --- a/content/rest/projects/index.md +++ b/content/rest/projects/index.md @@ -9,9 +9,9 @@ children: - /fields - /items - /projects + - /views versions: fpt: '*' ghec: '*' - ghes: '>=3.19' --- diff --git a/content/rest/projects/items.md b/content/rest/projects/items.md index cf0746f581e4..ac308d203fc9 100644 --- a/content/rest/projects/items.md +++ b/content/rest/projects/items.md @@ -5,7 +5,6 @@ intro: Use the REST API to manage Project items versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 fpt: '*' ghec: '*' - ghes: '>=3.19' topics: - API autogenerated: rest diff --git a/content/rest/projects/projects.md b/content/rest/projects/projects.md index a206a4d9383d..4043bfec3f5d 100644 --- a/content/rest/projects/projects.md +++ b/content/rest/projects/projects.md @@ -5,7 +5,6 @@ intro: Use the REST API to manage Projects versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 fpt: '*' ghec: '*' - ghes: '>=3.19' topics: - API autogenerated: rest diff --git a/content/rest/projects/views.md b/content/rest/projects/views.md new file mode 100644 index 000000000000..db856e60211c --- /dev/null +++ b/content/rest/projects/views.md @@ -0,0 +1,14 @@ +--- +title: REST API endpoints for Project views +shortTitle: Project views +intro: Use the REST API to manage Project views +versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 + fpt: '*' + ghec: '*' +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +--- + + diff --git a/content/rest/repos/attestations.md b/content/rest/repos/attestations.md new file mode 100644 index 000000000000..b507c02e9aa7 --- /dev/null +++ b/content/rest/repos/attestations.md @@ -0,0 +1,14 @@ +--- +title: REST API endpoints for repository attestations +shortTitle: Attestations +intro: Use the REST API to manage repository attestations. +versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 + fpt: '*' + ghec: '*' +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +--- + + diff --git a/content/rest/repos/index.md b/content/rest/repos/index.md index 6b237623025b..ce1e0855ddec 100644 --- a/content/rest/repos/index.md +++ b/content/rest/repos/index.md @@ -15,6 +15,7 @@ versions: topics: - API children: + - /attestations - /autolinks - /bypass-requests - /contents diff --git a/content/rest/teams/discussion-comments.md b/content/rest/teams/discussion-comments.md deleted file mode 100644 index d783a6525003..000000000000 --- a/content/rest/teams/discussion-comments.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: REST API endpoints for team discussion comments -allowTitleToDifferFromFilename: true -shortTitle: Discussion comments -intro: >- - Use the REST API to get, create, edit, and delete discussion comments on a - [team discussion](/rest/reference/teams#discussions) post. -versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - API -autogenerated: rest ---- - -{% data reusables.organizations.team-discussions-api-deprecation %} - - diff --git a/content/rest/teams/discussions.md b/content/rest/teams/discussions.md deleted file mode 100644 index cc9c0d59f74c..000000000000 --- a/content/rest/teams/discussions.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: REST API endpoints for team discussions -allowTitleToDifferFromFilename: true -shortTitle: Discussions -intro: >- - Use the REST API to get, create, edit, and delete discussion posts on a team's - page. -versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - API -autogenerated: rest ---- - -{% data reusables.organizations.team-discussions-api-deprecation %} - - diff --git a/content/rest/teams/index.md b/content/rest/teams/index.md index 107846967f91..4f97d6519d92 100644 --- a/content/rest/teams/index.md +++ b/content/rest/teams/index.md @@ -2,7 +2,9 @@ title: REST API endpoints for teams shortTitle: Teams allowTitleToDifferFromFilename: true -intro: 'Use the REST API to create and manage teams in your {% data variables.product.github %} organization.' +intro: >- + Use the REST API to create and manage teams in your {% data + variables.product.github %} organization. redirect_from: - /v3/teams - /rest/reference/teams @@ -13,12 +15,10 @@ versions: topics: - API children: - - /teams - - /discussion-comments - - /discussions - /external-groups - /members - /team-sync + - /teams autogenerated: rest --- diff --git a/content/rest/using-the-rest-api/using-pagination-in-the-rest-api.md b/content/rest/using-the-rest-api/using-pagination-in-the-rest-api.md index 47cef2093892..ef1498a76c4b 100644 --- a/content/rest/using-the-rest-api/using-pagination-in-the-rest-api.md +++ b/content/rest/using-the-rest-api/using-pagination-in-the-rest-api.md @@ -127,7 +127,7 @@ const octokit = new Octokit({ {% ifversion ghes %} {% endif %}}); async function getPaginatedData(url) { - const nextPattern = /(?<=<)([\S]*)(?=>; rel="Next")/i; + const nextPattern = /(?<=<)([\S]*)(?=>; rel="next")/i; let pagesRemaining = true; let data = []; diff --git a/content/site-policy/other-site-policies/github-government-takedown-policy.md b/content/site-policy/other-site-policies/github-government-takedown-policy.md index 8e521f28356f..a60fd481341e 100644 --- a/content/site-policy/other-site-policies/github-government-takedown-policy.md +++ b/content/site-policy/other-site-policies/github-government-takedown-policy.md @@ -14,11 +14,13 @@ redirect_from: From time to time, GitHub receives requests from governments to remove content that has been declared unlawful in their local jurisdiction. Although we may not always agree with those laws, we may need to block content if we receive a complete request from a government official so that our users in that jurisdiction may continue to have access to GitHub to collaborate and build software. -## What is a complete government takedown request? +## How to submit a government takedown request -To count as a complete request, a request or notice must +If you are a government official and wish to request the removal of content under this policy, you can submit your request using our [Government Takedown Requests Form](https://support.github.com/contact/government-takedown). + +To count as complete, a request must * come from a relevant, official government agency * identify illegal content * specify the source of illegality in that jurisdiction (law or court order). diff --git a/content/site-policy/privacy-policies/github-candidate-privacy-policy.md b/content/site-policy/privacy-policies/github-candidate-privacy-policy.md index bf041f5687f3..3037ca4edb33 100644 --- a/content/site-policy/privacy-policies/github-candidate-privacy-policy.md +++ b/content/site-policy/privacy-policies/github-candidate-privacy-policy.md @@ -1,5 +1,6 @@ --- -title: GitHub Candidate Privacy Policy +title: GitHub Global Data Privacy Notice for Candidates +allowTitleToDifferFromFilename: true versions: fpt: '*' topics: @@ -9,69 +10,320 @@ redirect_from: - /github/site-policy/github-candidate-privacy-policy --- -Effective Date: March 8, 2021 +**GitHub Global Data Privacy Notice for Candidates** -This GitHub Candidate Privacy Policy explains what information we collect about you during the application or recruitment process for employment with GitHub, as well as the purposes for which we collect and use that information. +Last Updated: December 2025 -For the purposes of this policy: +**Table of Contents** -“Candidate” includes applicants and candidates who are part of the GitHub application or recruitment process; and +[Overview](#overview) -"Candidate Personal Information" refers to any information we collect about one of our Candidates during the application or recruitment process which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. +[Personal Data that We Process](#personal-data-that-we-process) -This policy does not apply to the use of GitHub services, which are covered under our [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement). +[Why We Process Personal Data](#why-we-process-personal-data) -## What Candidate Personal Information do we collect? +[Change of Purpose](#change-of-purpose) -The Candidate Personal Information we collect, use, and maintain (or “process”) can include the following, but is not limited to: +[How and Why We Disclose Personal Data](#how-and-why-we-disclose-personal-data) -**Identification and contact information**, including your name, email address, phone number, location, GitHub profile, and any other information you provide (such as referrals and references). +[Your Rights to Your Personal Data](#your-rights-to-your-personal-data) -**National identifiers**, such as your citizenship status, residency and work permit status. +[Use of Cookies and Web Beacons](#use-of-cookies-and-web-beacons) -**Employment and education history**, such as your resume or CV, cover letter, details of how you heard about the position you are applying for, information about any previous employment at GitHub or affiliates of GitHub, or other information you provide to us in support of an application and/or the application and recruitment process. +[Security of Your Personal Data](#security-of-your-personal-data) -**Professional or employment information**, including your desired salary or terms related to benefits, willingness to relocate, other job preferences, interview details, reference information and/or information received from background checks (where applicable), and information from publicly available resources (such as your LinkedIn profile or website). +[Where We Store and Process Personal Data](#where-we-store-and-process-personal-data) -**Sensitive or demographic information**, such as your gender, medical or health information, veteran status, or your racial or ethnic origin. +[Our Retention of Personal Data](#our-retention-of-personal-data) -## How do we use the Candidate Personal Information we collect? +[Changes to this Privacy Notice](#changes-to-this-privacy-notice) -We use the Candidate Personal Information for the following purposes: - * To assess your skills, qualifications and interests for employment opportunities with GitHub; - * To verify the information provided by you or others, including checking your references; - * To communicate with you about your application and the recruitment process, including informing you of other potential employment opportunities at GitHub; - * If you were referred, to inform the referrer of the status of your application; - * If you are offered a position, to prepare your offer letter and conduct a background check (to the extent permitted by applicable law); - * If you are offered a position and where requested by you, to assist you with obtaining an immigration visa or work permit; - * To comply with local laws, regulations, legal processes or enforceable government requests; and - * To prepare and submit reports as required under local laws and regulations; - * To manage and improve our application and recruitment process (such as making the application process more efficient and improving our diversity practices). +[How to Contact Us](#how-to-contact-us) -## How do we share your Candidate Personal Information? +[Addenda](#addenda) -GitHub will share your Candidate Personal Information with those who have a legitimate business need for it. Whenever we permit a third party to access your Candidate Personal Information, we will make sure the information is used in a manner consistent with this policy. Your Candidate Personal Information may be shared with our affiliates (such as Microsoft) and other third parties (such as vendors) for the following purposes: -1. In order to carry out the uses of Candidate Personal Information described above; -1. To enable third parties to provide products or services to us or on our behalf (such as to facilitate the application process or conduct background checks). -1. To comply with our legal obligations, regulations or contracts, or to respond to a court order, administrative or judicial process (such as subpoena, government audit or search warrant) or, in response to lawful requests by public authorities (such as national security or law enforcement); -1. As necessary to establish, exercise, or defend against potential or pending litigation; -1. Where necessary to protect GitHub, your vital interests (such as safety and security), or those of another person; or -1. With your consent (such to contact your references). It is your responsibility to obtain consent from references before providing their personal information to GitHub. +[California Addendum](#california-addendum) -## Your rights to your Candidate Personal Information +[Canada Addendum](#canada-addendum) -In some locations, Candidates may have certain rights under applicable local privacy laws (such as the European General Data Protection Regulation). However, regardless of your location, we provide the same high standard of privacy protection to all of our Candidates around the world. +[European Union (EU) and United Kingdom (UK)](#european-union-eu-and-united-kingdom-uk) -This includes the rights to request access or correct your information, request that your information be deleted, or object to or restrict GitHub from using it for certain purposes. +## Overview -You can make a request to do so by contacting privacy@github.com. We will respond to all requests in accordance with applicable data protection laws. +Your privacy is important to GitHub (“we”, “us”, “our” or “GitHub”). We respect the privacy rights of all individuals and we are committed to handling personal data responsibly and in accordance with applicable laws. This privacy notice, together with the Addenda and other notices we may provide to you at the time of data collection, explain what personal data GitHub processes about you, how we use this personal data, and your rights to this personal data. -## How long do we retain your Candidate Personal Information? +Please note that this privacy notice applies to the handling of your personal data as a candidate. -Candidate Personal Information will be stored for one year after your application to comply with our legal obligations. After that time, we will contact you and ask for your consent to continue to retain your personal information so that we can consider you for any future job opportunities at GitHub. +This notice does not cover your use of GitHub consumer products as a consumer, or outside of your candidacy with GitHub. GitHub consumer products may include services, websites, apps, software, servers, and devices. To learn more about GitHub’s data collection practices that cover your use of GitHub products as a consumer, please read our [GitHub Privacy Statement](https://site-policy/privacy-policies/github-general-privacy-statement). -If you are hired for a position at GitHub, we will retain the information provided during the application and recruitment process as part of your employee record. +This notice is not intended and shall not be read to create any express or implied promise or contract for employment, for any benefit, or for specific treatment in specific situations. Nothing in this notice should be construed to interfere with GitHub’s ability to process candidate data for purposes of complying with our legal obligations, or for investigating alleged misconduct or violations of company policy or law, subject to compliance with local legal requirements. -## Changes to this Policy +GitHub's processing of personal data is in all cases subject to the requirements of applicable local law, internal policy, and where applicable or appropriate, any consultation requirements with worker representatives. To the extent this notice conflicts with local law in your jurisdictions, local law controls. -We may occasionally update this GitHub Candidate Privacy Policy. When we do make changes to this page, we will update the "last updated" date. +### Personal Data that We Process +(This may include data that you provide to us, that we collect or generate about you, or that we assign to you.) + +We collect, use, and store (collectively “process”) different types of personal data about you in the operation of our business. If you are a candidate, the type of personal data we process is generally limited to what we need to engage with you about GitHub career opportunities, consideration of your application for employment to specific roles at GitHub, including candidate screening, interview scheduling and management, lawful background screening, and to on-board you at GitHub if you receive and accept an offer of employment with us. + +The personal data we process can include, but is not limited to, the following: + +**Name and contact data**. Your first and last name, employee identification number, email address, mailing address, phone number, photo, beneficiary and emergency contact details, and other similar contact data. Additionally, you may opt to provide GitHub with additional contact information such as personal email address(es) and/or cell phone number(s). + +**Demographic data**. Your date of birth and gender as well as more sensitive personal data (also known as special category data) including information relating to racial and ethnic origin, religious, political or philosophical beliefs, trade union membership or information about your health, disabilities, sexual orientation, gender identity, and transgender status. We may also ask about your parental status and military status. + +**National identifiers**. Your national ID/passport, citizenship status, residency and work permit status, social security number, or other taxpayer/government identification number. + +**Employment details**. Your job title/position, account credentials, office location and/or remote working location, employment contract, offer letter, hire date, termination date, performance history and disciplinary records, hours worked, badge activity information, training records, leave of absence, sick time, and vacation/holiday records. + +**Spouse’s/partner’s and dependents’ information**. Your spouse and dependents’ first and last names, dates of birth, and contact details. + +**Background information**. Your academic and professional qualifications, education, CV/Resume, credit history and criminal records data. + +**Video, voice and image**. We may collect and use your video, voice and image data, subject to the requirements of local law, internal policy, and any consultation requirements with worker representatives (where appropriate). + +**Financial information**. Your bank account details, tax information, salary, retirement account information, company allowances and other information necessary to administer payroll, taxes, benefits, and equity and incentive compensation. + +**Inferences**. Inferences to create a profile reflecting your personal characteristics (such as work history and experience), abilities, and aptitudes. + +**Sources of Personal Data** + +In addition to collecting personal data from you (directly or indirectly), we obtain personal data about you from data sources other than you, including: + +* Inference data that we generate or derive about you from personal data we process about you. +* References provided by or about you, including from former and current employers. +* Third parties or public sources (e.g. information from public professional networking sources, such as your LinkedIn profile, for recruitment purposes). +* Our vendors and other providers, such as when we conduct lawful background screenings, to the extent permitted by law, through a third-party vendor who provides us information about your past education, employment, credit and/or criminal history. + +### Why We Process Personal Data + +We collect and process your personal data for the purposes set out below, which may include but are not limited to the following. Failure to provide your personal data when requested may prevent us from being able to carry out these tasks and/or comply with our legal obligations. + +**Recruitment and Hiring**. For our recruitment and hiring purposes, including engaging with you concerning job opportunities at GitHub, considering your application for employment to specific roles, candidate screening, interview scheduling and management, lawful vetting and background screening, and preparing an offer letter. + +**Payroll, Compensation, and Accounting**. For our payroll and compensation activities, including tax reporting, administering equity and incentive compensation, administering Rewards, expense reimbursement, and other accounting tasks. + +**Benefits Registration**. For activities related to benefits registration. + +**Career Planning and Development**. For activities related to career planning and development, including assessing and providing your GitHub career opportunities. + +**Equal Opportunity Assessment and Accommodations**. To manage and assess our equal employment opportunity, diversity, inclusion and accessibility programs, including monitoring and ensuring equal treatment and opportunity, providing work-related accommodations or adjustments, and for our global equal opportunity initiatives. + +**Legal and Policy Compliance Administration and Enforcement**. To administer and enforce our legal and policy compliance programs and requirements, including fulfilling our obligations under our contracts, government clearances, and applicable GitHub policies; maintaining required records; collection or disclosure of personal data under judicial authorization (e.g. a court order, administrative or judicial process, or other lawful request by a public authority, in the U.S. or a foreign jurisdiction); performing lawful background screenings; for complying with laws and regulations (e.g. for minimum wage, working time, tax, health and safety, anti-discrimination laws, government reporting obligations, global migration, whistleblowing procedures, and data subject rights); and investigating potential violations of, exercising, or defending GitHub’s legal rights (including seeking legal advice, combatting fraud, and protecting the life and safety of employees and others). + +**Scientific Research**. For activities related to scientific research, including research viewed in the public interest and research attempting to contribute to generalizable knowledge, subject to appropriate technical and organizational controls (e.g. data anonymization and aggregation, adhering to our privacy standards, and conducting ethics and compliance reviews). + +**Personalization**. For personalization activities such as to understand your preferences to enhance your candidate experience, including storing and honoring your preferences and settings and enabling you to sign-in or otherwise access and use our Systems and assets. + +**AI and Automated Decisions**. As GitHub enables AI supported experiences in its products, your personal data may also be processed by AI to facilitate certain features and experiences deployed on the GitHub tenant – including AI features such as chatbot features, summarization features, and the like. Where permissible, artificial intelligence (AI) and machine learning (ML) technologies may also be used to process your data for the business purposes described in this section. GitHub’s processing of your data will comply with its commitment to responsible AI. We may also use automated decision-making systems to identify trends and outages and monitor and secure our Systems and data, to provide chatbots and other interactive services, and monitor compliance with our policies and procedures. + +**General Business Operations**. For our general business operations, including general management of the business, implementing and managing our business applications and systems, and facilitating communications and collaboration. + +We may combine data from different sources for the above purposes. + +Use of personal data for the above purposes, such as general business operations, may include AI-supported experiences deployed on the GitHub tenant, including AI features such as chatbot and summarization features. Processing involving these experiences will comply with GitHub’s commitment to responsible AI. + +We may also process personal data for other legitimate business purposes as permitted under applicable law as necessary to manage our business relationship with you. + +Where required by law, we will seek your consent for the above uses; and where your consent is sought, we will ensure your consent is informed, voluntary, and that you suffer no adverse consequence from any decision to withhold or revoke your consent. + +### Change of Purpose + +We will use your personal data only for the purposes for which it was collected, unless we reasonably need it for another compatible purpose and there is a legal basis for further processing. For example, relying upon our legitimate interest in recruiting candidates for roles at GitHub, we may process the personal data you provided while researching job openings. However, once you apply for and are successful in obtaining a role, we may process your personal data for the purpose of entering into an employment relationship with you. + +### How and Why We Disclose Personal Data + +GitHub will only disclose your personal data with those who have a legitimate business need for it. Whenever we disclose your personal data, we will ensure the personal data is used in a manner consistent with this privacy notice (and any applicable internal data handling guidelines consistent with the sensitivity and classification of the personal data). Your personal data may be disclosed to our subsidiaries and affiliates and other third parties, including service providers, for the following legitimate purposes: + +* To carry out the purposes of our personal data processing as described above (see section titled: “Why We Process Personal Data”); +* To enable third parties to provide services on behalf of GitHub; +* To comply with our legal obligations, regulations, government clearances, or contracts, or to respond to data subject rights, a court order, administrative or judicial process, such as a subpoena, government audit or search warrant. Categories of recipients would include counterparties to contracts, judicial and governmental bodies; +* In response to lawful requests by public authorities (such as regulatory bodies, law enforcement authorities, and national security organizations); +* To seek legal advice from external lawyers and advice from other external professionals such as accountants, management consultants, etc.; +* As necessary to establish, exercise or defend against potential, threatened or actual litigation; +* Where necessary to protect GitHub, your vital interests, such as safety and security, or the vital interests of other persons; or +* Otherwise in accordance with your consent. + +Please note that where legal requirements limit the disclosure of your personal data, GitHub will respect such requirements. + +### Your Rights to Your Personal Data + +In some regions, you may have certain rights under applicable data protection laws (such as the European Union and United Kingdom General Data Protection Regulation). Please see the [Addenda](#addenda) to this notice for additional information by region/country. + +### Use of Cookies and Web Beacons + +Site pages may use cookies (small text files placed on your device) and similar technologies. These cookies and similar technologies allow us to store and honor your preferences and settings; enable you to sign-in; combat fraud; and analyze how our websites and online services are performing. + +We also use “web beacons” to help deliver cookies and gather usage and performance data. Our websites may include web beacons, and cookies, or similar technologies from third-party service providers. + +You have a variety of tools to control the data collected by cookies, web beacons and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. + +### Security of Your Personal Data + +GitHub is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on limited access computer servers that are located in controlled facilities, and we protect certain highly confidential or sensitive personal data through encryption in transfer and at rest. + +### Where We Store and Process Personal Data + +GitHub operates globally and therefore personal data may need to be transferred to countries outside of where the personal data was originally collected. For example, because we are headquartered in the United States, personal data collected in other countries is routinely transferred to the United States for processing. We transfer personal data from the European Economic Area and the United Kingdom to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts such as the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where GitHub processes personal data, see this article on the [European Commission website](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en). We may also transfer personal data when (i) you have consented to disclosure abroad; (ii) it is necessary for the conclusion or performance of a contract; (iii) it is necessary to safeguard an overriding public interest or to establish, exercise, or enforce legal rights; (iv) it is necessary to protect the life or the physical integrity of you or another person, and it is not possible to obtain your consent within a reasonable time; (v) you have made the data generally accessible and have not explicitly prohibited processing; or (vi) the data originates from a statutory register to which we have legitimate access. + +GitHub complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. GitHub has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. In the context of an onward transfer, GitHub has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. GitHub remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless GitHub can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the [U.S. Department of Commerce’s Data Privacy Framework website](https://www.dataprivacyframework.gov/). + +If you have a question or complaint related to participation by GitHub in the DPF Frameworks, we encourage you to contact us via email [dpo@github.com](mailto:dpo@github.com). For any complaints related to the DPF Frameworks that GitHub cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals and the UK Information Commissioner (for UK individuals). Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. GitHub is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). + +### Our Retention of Personal Data + +We will store personal data in accordance with applicable laws or regulatory requirements and retain data for as long as necessary to fulfill the purposes for which the personal data was collected, as documented in our corporate data retention schedule. + +### Changes to this Privacy Notice + +We may occasionally update this privacy notice. When we do, we will revise the "last updated" date at the top of the privacy notice. We encourage you to periodically review this privacy notice to learn how GitHub protects your personal data. + +### How to Contact Us + +If you have a privacy concern or question related to this privacy notice, please contact dpo@github.com. + +Our addresses are: + +GitHub B.V. Prins Bernhardplein 200, Amsterdam 1097JB The Netherlands + +GitHub, Inc. 88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States + +## Addenda + +### California Addendum + +Last Updated: June 2025 + +California: Your Rights + +If you are a candidate that resides in California, this section applies to you and supplements the information shared in the privacy notice. + +California residents have specific rights regarding their personal information under the California Consumer Privacy Act of 2020 (as amended) (“CCPA”). This section describes your rights and explains how to exercise those rights. Please note that in the preceding twelve (12) months, we have not sold your personal information or shared such information for cross context behavioral advertising. We may disclose certain personal information, such as your first and last name, email address, and other similar contact data, and inferences with our subsidiaries and affiliates and other third parties, including service providers who provide services on behalf of GitHub. + +* You have a right to receive this notice of our Personal Information collection, use, retention, and disclosure practices at or before collection of Personal Information. +* You may request notice of and access to certain information about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable request, we may disclose to you: + * The categories of personal information we collected about you. + * The categories of sources for the personal information we collected about you. + * Our business or commercial purpose for collecting that personal information. + * The categories of third parties with whom we disclosed that personal information. + * The specific pieces of personal information we collected about you (also called a data portability request). + * If we disclosed your personal information for a business purpose, a list of disclosures identifying the personal information categories that each category of recipient obtained. +* You may request that we correct personal information about you that is inaccurate. +* You may request that we delete your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete or de-identify (and direct our service providers to delete or de-identify) your personal information from our records, unless an exception applies. +* We do not “sell” or “share” personal information and have not done so in the past 12 months. +* We do not use or disclose Sensitive Personal Information for purposes of inferring individual characteristics or for additional purposes. + +None of these rights are absolute and there may be circumstances in which we are required or permitted under applicable law not to address your request. + +Only you or an authorized agent that you authorize to act on your behalf may make a verifiable request to access, correct, or delete your personal information. + +Any verifiable request (including those to delete data) must: + +* Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (such as by requiring you to provide a signed written authorization that the agent is authorized to make a request on your behalf). +* Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. + +We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us. + +We will not penalize you for exercising any of your rights where prohibited by law. + +You may exercise your rights under the CCPA through one of the following means: + +* Submitting a request to [dpo@github.com](mailto:dpo@github.com) + +### Canada Addendum + +Last updated: October 2023 + +The following additional provisions apply to candidates in Canada. + +Manner of Collection + +We collect personal data that you provide directly to us (such as through the job application process) as well as information devices provide to us automatically, as described above. We may also collect personal data indirectly with consent. For example, we collect background verification information from third-party background screening providers and we may also obtain personal data from recruitment agencies or job references. Please see the section titled “Personal Data that We Process” for more information about personal data we collect. + +Transfer of Personal Data + +We and our service providers (including affiliates) may access, store and otherwise process personal data outside of your province (including, for Quebec residents, outside of Quebec), including in other parts of Canada, the United States, and other foreign jurisdictions where we or our service providers are located. We, our affiliates and our service providers may disclose your personal data if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement or other government authorities in the jurisdictions in which we or our service providers operate. + +Retention + +We will process and keep your personal data for as long as is necessary to meet the purposes for which the information was collected as set out in this policy and to meet our legal or business requirements, as documented in our corporate data retention schedule. + +Your Rights + +Subject to limited exceptions under applicable law, you have the right to access, update, rectify and correct inaccuracies in your personal data in our custody and control and withdraw your consent to our collection, use and disclosure of your personal data (although an employee cannot withdraw consent to the collection of personal data necessary to administer their employment). You may request access, updates, rectification, and corrections of inaccuracies in your personal data in our custody or control or withdraw your consent by emailing [dpo@github.com](mailto:dpo@github.com). We may require certain personal data for the purpose of verifying your identity or the identity of the individual making the request. + +How to Contact Us + +If you have any questions or comments about this privacy notice or the manner in which we or our service providers (including our service providers outside Canada) treat your personal data, or to request access to or correction of your personal data, or to withdraw your consent, please contact us by emailing [dpo@github.com](mailto:dpo@github.com). + +### European Union (EU) and United Kingdom (UK) + +Last updated: June 2025 + +European Union and United Kingdom: Your Data Subject Rights + +In addition to the information shared in the privacy notice, EU and UK candidates (including individuals in the EU and UK, or in some circumstances individuals who normally reside in the EU and UK who are abroad) may have certain rights under applicable data protection laws, including the EU and UK General Data Protection Regulation (collectively, the “GDPR”) and local laws implementing or supplementing the GDPR, including the rights to: + +* Request access to and obtain a copy of your personal data; +* Request rectification (or correction) of inaccurate personal data you have provided; +* Request erasure (or deletion) of personal data that is no longer necessary to fulfill the purposes for which it was collected, or does not need to be retained by GitHub for other legitimate purposes; +* Restrict or object to the processing of your personal data; and +* If applicable, request your personal data be ported (transferred) to another company. + +Please note that certain conditions, exceptions apply to these rights and that application of the above rights may vary depending on the type of personal data involved, and GitHub’s particular basis for processing the personal data. + +To make a request to exercise one of the above rights, please contact dpo@github.com by email or by letter to one of the following address: + +GitHub B.V. Prins Bernhardplein 200, Amsterdam 1097JB The Netherlands + +GitHub, Inc. 88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States + +We will consider and act upon any requests in accordance with applicable data protection laws. Please note that we may request certain information from you to enable us to confirm your identity. We may, in limited circumstances, charge you a reasonable fee for administrative costs in relation to responding to your request; however, we will advise you of any fee in advance. + +If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before withdrawal of consent. + +EU and UK candidates (including individuals in the EU and UK, or individuals who normally reside in the EU and UK who are abroad) may also direct questions about how we handle personal data to our Data Protection Officer by emailing [dpo@github.com](mailto:dpo@github.com). + +While we hope we can answer any questions that you may have, if you have unresolved concerns, you also have the right to complain to a relevant data protection supervisory authority in the EU and UK. + +For candidates, the controller of your personal data is the GitHub entity to which you have applied for a role. GitHub is also a controller of certain personal data of the above-mentioned data subjects. Any privacy-related queries for your data controller should be directed to dpo@github.com or by letter to one of the following address: + +GitHub B.V. Prins Bernhardplein 200, Amsterdam 1097JB The Netherlands + +GitHub, Inc. 88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States + +In addition, the contact information of the controller of your data is provided in your contract or job application. + +For EU and UK candidates (including individuals working in the EU and UK, or individuals in the EU and UK who are abroad), we rely on different lawful bases for collecting and processing personal data about you (as described in the DPN), for example, as necessary to operate our business, meet our contractual and legal obligations, protect the security of our systems and our data, or fulfil other legitimate interests. These lawful bases include the following (or as otherwise communicated to from time to time): + +Performance of a Contract: + +* Management of the Employment or Working Relationship +* Payroll, Compensation, and Accounting +* Benefits Registration and Administration + +Protect a Vital Interest: + +* Emergency Notifications + +Performance of a Task Carried out in the Public Interest: + +* Scientific Research + +Compliance with a Legal Obligation: + +* Equal Opportunity Assessment and Accommodations +* Legal and Policy Compliance Administration and Enforcement +* Corporate Transactions + +For our Legitimate Interest: + +* Recruitment and Hiring +* Career Planning and Development +* General HR Administration +* Equal Opportunity Assessment and Accommodations +* Legal and Policy Compliance Administration and Enforcement +* Personalization +* Automated Decisions +* General Business Operations + +Where we process your Personal Data based on legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your personal data unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. diff --git a/content/site-policy/privacy-policies/github-codespaces-privacy-statement.md b/content/site-policy/privacy-policies/github-codespaces-privacy-statement.md deleted file mode 100644 index d8839e2e268c..000000000000 --- a/content/site-policy/privacy-policies/github-codespaces-privacy-statement.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: GitHub Codespaces Privacy Statement -redirect_from: - - /github/site-policy/github-codespaces-privacy-policy - - /github/site-policy/github-codespaces-privacy-statement -versions: - fpt: '*' -topics: - - Policy - - Legal ---- - -Effective Date: August 10, 2021 - -Use of GitHub Codespaces is subject to the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement). - -Activity on github.dev is subject to [GitHub's Beta Previews terms](/site-policy/github-terms/github-terms-of-service#j-beta-previews) - -## Using {% data variables.product.prodname_vscode %} - -GitHub Codespaces and github.dev allow for use of {% data variables.product.prodname_vscode %} in the web browser. When using {% data variables.product.prodname_vscode_shortname %} in the web browser, some telemetry collection is enabled by default and is [explained in detail on the {% data variables.product.prodname_vscode_shortname %} website](https://code.visualstudio.com/docs/configure/telemetry). Users can opt out of telemetry by going to File > Preferences > Settings under the top left menu. - -If a user chooses to opt out of telemetry capture in {% data variables.product.prodname_vscode_shortname %} while inside of a codespace as outlined, this will sync the disable telemetry preference across all future web sessions in GitHub Codespaces and github.dev. diff --git a/content/site-policy/privacy-policies/github-cookies.md b/content/site-policy/privacy-policies/github-cookies.md index e3dcdede7170..05fd11422ec4 100644 --- a/content/site-policy/privacy-policies/github-cookies.md +++ b/content/site-policy/privacy-policies/github-cookies.md @@ -49,6 +49,7 @@ GitHub | `show_cookie_banner` | Set based on the client’s region and used to d GitHub | `social_csrf_token` | This cookie is set by the social initiate path to ensure that the user that started the flow is the same user that completes it. | 5 minutes GitHub | `tz` | This cookie allows us to customize timestamps to your time zone. | Session GitHub | `user_session` | This cookie is used to log you in. | Two weeks +[HockeyStack](https://www.hockeystack.com/legal/privacy-policy) | `HockeyStack_Website_Tracking_Fingerprint` | This cookie is used for analytics to store and track visits across GitHub Resource sites | Until user closes browser or completes authentication request [Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ai_session` | Application Insights session ID | One year [Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ai_user` | Application Insights user ID | 30 minutes [Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ANONCHK` | This Microsoft Clarity cookie monitors website performance | One year diff --git a/content/site-policy/privacy-policies/github-general-privacy-statement.md b/content/site-policy/privacy-policies/github-general-privacy-statement.md index 5228f566e243..d56ac0f754cf 100644 --- a/content/site-policy/privacy-policies/github-general-privacy-statement.md +++ b/content/site-policy/privacy-policies/github-general-privacy-statement.md @@ -10,6 +10,7 @@ redirect_from: - /github/site-policy/github-privacy-statement - /site-policy/privacy-policies/global-privacy-practices - /site-policy/privacy-policies/github-privacy-statement + - /site-policy/privacy-policies/github-codespaces-privacy-statement versions: fpt: '*' topics: diff --git a/content/site-policy/privacy-policies/github-subprocessors.md b/content/site-policy/privacy-policies/github-subprocessors.md index dcd098f7641b..d48545c366ac 100644 --- a/content/site-policy/privacy-policies/github-subprocessors.md +++ b/content/site-policy/privacy-policies/github-subprocessors.md @@ -30,7 +30,7 @@ If you have questions about this list, please contact us at | Amazon Web Services Inc (AWS) | Cloud Hosted Infrastructure, Data Hosting, AI Inference and AI Services | United States | United States | | Anthropic PBC | AI Inference and AI Services | United States | United States | | Cloudflare | Content delivery service | United States | United States | -| CoreWeave, Inc. | Cloud Hosted Infrastructure | United States | United States | +| Elasticsearch, Inc. | Cloud Hosted Infrastructure | United States | United States | | Fastly | Content delivery service | United States | United States | | Fireworks AI | AI Inference and AI Services | United States, Iceland, Germany | United States | | FullStory, Inc. | Customer support ticketing analysis | United States | United States | diff --git a/content/site-policy/privacy-policies/index.md b/content/site-policy/privacy-policies/index.md index aef6d92cf7e6..e26a5f1176af 100644 --- a/content/site-policy/privacy-policies/index.md +++ b/content/site-policy/privacy-policies/index.md @@ -9,7 +9,6 @@ children: - /github-general-privacy-statement - /github-subprocessors - /github-cookies - - /github-codespaces-privacy-statement - /github-candidate-privacy-policy redirect_from: - /github/site-policy/github-data-protection-addendum diff --git a/content/site-policy/security-policies/github-sirt-description-rfc-2350.md b/content/site-policy/security-policies/github-sirt-description-rfc-2350.md index 240e844bc840..7c6b155a6a44 100644 --- a/content/site-policy/security-policies/github-sirt-description-rfc-2350.md +++ b/content/site-policy/security-policies/github-sirt-description-rfc-2350.md @@ -14,7 +14,7 @@ TLP:CLEAR ### 1.1 Date of Last Update -Version 1.01, updated 2025-01-30. +Version 1.02, updated 2025-12-18. ### 1.2 Distribution List for Notifications @@ -76,23 +76,23 @@ This relays email to the human(s) on duty for GitHub SIRT. GitHub SIRT has a PGP public key: -* Key ID: `78DCCCE9923E5CFB3CAA5D5AB79DBDA3BE944D9E` -* Key expiry: `2025-09-12` +* Key ID: `B0614CADF0EAF85433C715A508F419AA6FB92A90` +* Key expiry: `2027-12-18` ```text -----BEGIN PGP PUBLIC KEY BLOCK----- -mDMEZQHKOxYJKwYBBAHaRw8BAQdAzvtu6OfJTspbWTVVU2uDeljmfEr1qYkvD25w -NKB2twq0JUdpdEh1YiBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0aHViLmNvbT6ImQQT -FgoAQRYhBHjczOmSPlz7PKpdWredvaO+lE2eBQJlAco7AhsDBQkDwmcABQsJCAcC -AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJELedvaO+lE2e1voA/31lJyof7nWI1Mxs -x3MHhwp5sFh2P/pFucuNKb7ciwMMAQCCAk39cSFs2WWw8aZC7lqXNJcFiMn0r+wm -i6I3pWjiA7g4BGUByjsSCisGAQQBl1UBBQEBB0C0jKXWh6G8atXCJi2xsy71+NzX -0Y2WN8yj3f59MGHYfAMBCAeIfgQYFgoAJhYhBHjczOmSPlz7PKpdWredvaO+lE2e -BQJlAco7AhsMBQkDwmcAAAoJELedvaO+lE2eozABAIbzLwvaACiKFzXYjp9Zpenv -GEHeqggLGzHpEheyoBMkAP96NI0kzYvj+zhJZ/4Y3TIDZaOD8OXezwia9E2Bxf5O -Aw== -=4+TC +mDMEaURZwxYJKwYBBAHaRw8BAQdAg7ZWj5TyaA/C590af0ldWITh7zd8Z17NYH0f +7FGKcLe0JUdpdEh1YiBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0aHViLmNvbT6ImQQT +FgoAQRYhBLBhTK3w6vhUM8cVpQj0GapvuSqQBQJpRFnDAhsDBQkDwmcABQsJCAcC +AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEAj0GapvuSqQlLkBANp/JNGXDOIkQL8J +Fwmhr+ITQ1gudJtf29GS8h05jm9iAQCoEiDUQLgngX/qxjT0OEdTXjYk39JGItNE +klI0rrZzCLg4BGlEWcMSCisGAQQBl1UBBQEBB0A+yeNKyL9TqzHVzo4yksCfOiDo +Y7bbI9gr1a/LAIRaKQMBCAeIfgQYFgoAJhYhBLBhTK3w6vhUM8cVpQj0GapvuSqQ +BQJpRFnDAhsMBQkDwmcAAAoJEAj0GapvuSqQnOMA/ik/dvObq/da3zEbRt90Z10p +A5CG9QOixXSNJ7Jj6DIlAQChy/9nM6olIwmoBl8x0FtZoqzYxFcocLxFElJfk0tk +Cw== +=yWk0 -----END PGP PUBLIC KEY BLOCK----- ``` diff --git a/content/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice.md b/content/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice.md index ac1f59066d7b..2e6486323202 100644 --- a/content/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice.md +++ b/content/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice.md @@ -25,11 +25,10 @@ When setting up a sponsorship, organizations paying by invoice have the option t ### Requirements -* The organization needs to sign the sponsorship agreement which is a 3 year commitment. The {% data variables.product.company_short %} Invoiced Sponsor Agreement is separate from other services. -* The organization needs a minimum spend of 5,000 US dollars (USD) per year on sponsoring. +* The minimum amount for each invoice is 5,000 US dollars (USD). * The organization needs to pay the invoice within 30 days. -Once the organization reaches the yearly minimum spend, they can opt out of being invoiced for the rest of the year. +Organizations can request invoices as needed, as long as each invoice meets the $5,000 minimum. Once an invoice is paid, the amount paid will be credited to the organization's account and can be used over time without expiration. ## Switching to paying by invoice diff --git a/content/support/learning-about-github-support/about-github-special-events-support.md b/content/support/learning-about-github-support/about-github-special-events-support.md index 8ca3fc9e8c58..80ab9c68ad90 100644 --- a/content/support/learning-about-github-support/about-github-special-events-support.md +++ b/content/support/learning-about-github-support/about-github-special-events-support.md @@ -17,7 +17,7 @@ At {% data variables.product.github %}, we work to understand customers and thei ## What's included with {% data variables.contact.special_events_support %}? -{% data variables.contact.special_events_support %} provides tailored 24- or 48-hour support packages led by Support Engineers. These packages include: +{% data variables.contact.special_events_support %} provides tailored, support packages in 24 hour increments, led by Support Engineers. These packages include: * Strategic pre-event planning and system health checks to make sure you’re prepared. * Rapid, real-time response via a designated channel throughout your event. diff --git a/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md b/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md index 43633de31457..db26d222ec92 100644 --- a/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md +++ b/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md @@ -46,10 +46,12 @@ To deliver webhooks to your local server for testing, you can use a webhook forw ## Failed to connect to host -The `failed to connect to host` error occurs when {% data variables.product.company_short %} attempts a webhook delivery but could not resolve the webhook's URL to an IP address. +The `failed to connect to host` error occurs when {% data variables.product.company_short %} attempts a webhook delivery but could not resolve the webhook's URL to an IP address or there are network restrictions preventing connection to the host. To check whether a host name resolves to an IP address, you can use `nslookup`. For example, if your payload URL is `https://octodex.github.com/webhooks`, you can run `nslookup octodex.github.com`. If the host name could not be resolved to an IP address, the nslookup command will indicate that the server can't find the host name. +You should make sure that your server allows connections from {% data variables.product.company_short %}'s IP addresses. You can use the `GET /meta` endpoint to find the current list of {% data variables.product.company_short %}'s IP addresses. For more information, see [AUTOTITLE](/rest/meta/meta#get-github-meta-information). {% data variables.product.company_short %} occasionally makes changes to its IP addresses, so you should update your IP allow list periodically. + ## Failed to connect to network The `failed to connect to network` error indicates that your server refused the connection when {% data variables.product.company_short %} attempted to deliver a webhook. diff --git a/data/code-languages.yml b/data/code-languages.yml index f40c63a8cee5..5162abfb4f9f 100644 --- a/data/code-languages.yml +++ b/data/code-languages.yml @@ -8,7 +8,7 @@ bicep: name: Bicep comment: slash copilot: - name: Copilot Chat prompt + name: Copilot prompt comment: none csharp: name: C# diff --git a/data/features/code-secret-alert-assignees-ga.yml b/data/features/code-secret-alert-assignees-ga.yml new file mode 100644 index 000000000000..8626521874c9 --- /dev/null +++ b/data/features/code-secret-alert-assignees-ga.yml @@ -0,0 +1,6 @@ +# Reference: #20436 +# Assignees for code scanning and secret scanning alerts [GA] +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.20' diff --git a/data/features/code-secret-alert-assignees.yml b/data/features/code-secret-alert-assignees.yml index dfdb09c57dcb..c30cf7646d7b 100644 --- a/data/features/code-secret-alert-assignees.yml +++ b/data/features/code-secret-alert-assignees.yml @@ -1,5 +1,5 @@ # Reference: #18652 and #17468 -# Assignees for code scanning and secret scanning alerts +# Assignees for code scanning and secret scanning alerts (public preview) versions: fpt: '*' ghec: '*' diff --git a/data/features/dependabot-auto-triage-rules.yml b/data/features/dependabot-auto-triage-rules.yml deleted file mode 100644 index b11f1f6dcf8a..000000000000 --- a/data/features/dependabot-auto-triage-rules.yml +++ /dev/null @@ -1,9 +0,0 @@ -# References: -# Issue #10052 - Safe auto-dismissals for Dependabot alerts (low impact npm devDependencies) [Public Beta] -# Issue #10089 - Alert rules: user-configured dismiss rules for Dependabot alerts -# Issue #10068 - Dependabot alert custom rules updates (option to create a PR, org level rules) - -versions: - fpt: '*' - ghec: '*' - ghes: '>3.11' diff --git a/data/features/dependabot-community-ecosystems.yml b/data/features/dependabot-community-ecosystems.yml new file mode 100644 index 000000000000..17d086922278 --- /dev/null +++ b/data/features/dependabot-community-ecosystems.yml @@ -0,0 +1,6 @@ +# Reference: #20647 +# Adding community ecosystems to Dependabot docs #20647 +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.19' diff --git a/data/features/dependabot-delegated-alert-dismissal.yml b/data/features/dependabot-delegated-alert-dismissal.yml new file mode 100644 index 000000000000..de7d60e74f62 --- /dev/null +++ b/data/features/dependabot-delegated-alert-dismissal.yml @@ -0,0 +1,6 @@ +# Reference: #20482 +# Delegated alert dismissal for Dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.20' diff --git a/data/features/dependabot-julia-support.yml b/data/features/dependabot-julia-support.yml new file mode 100644 index 000000000000..bbe849d53b70 --- /dev/null +++ b/data/features/dependabot-julia-support.yml @@ -0,0 +1,6 @@ +# Reference: #20205 +# Dependabot version updates now support Julia +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.19' diff --git a/data/features/dependabot-opentofu-support.yml b/data/features/dependabot-opentofu-support.yml new file mode 100644 index 000000000000..c552dfec6193 --- /dev/null +++ b/data/features/dependabot-opentofu-support.yml @@ -0,0 +1,6 @@ +# Reference: #20650 +# OpenTofu support for Dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.19' diff --git a/data/features/dependabot-option-cooldown.yml b/data/features/dependabot-option-cooldown.yml index 8d8f85b970eb..45ff416811aa 100644 --- a/data/features/dependabot-option-cooldown.yml +++ b/data/features/dependabot-option-cooldown.yml @@ -3,4 +3,4 @@ versions: fpt: '*' ghec: '*' - ghes: '>3.19' + ghes: '>3.18' diff --git a/data/features/dependabot-self-hosted-labels.yml b/data/features/dependabot-self-hosted-labels.yml new file mode 100644 index 000000000000..edf6345af946 --- /dev/null +++ b/data/features/dependabot-self-hosted-labels.yml @@ -0,0 +1,6 @@ +# Reference: #19800 +# Custom labels for Dependabot self-hosted runners [GA] +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.19' diff --git a/data/features/dependabot-uv-security-support.yml b/data/features/dependabot-uv-security-support.yml new file mode 100644 index 000000000000..c5fef6d8c740 --- /dev/null +++ b/data/features/dependabot-uv-security-support.yml @@ -0,0 +1,6 @@ +# Reference: #16918 +# UV security update support for Dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.20' diff --git a/data/features/dependabot-uv-support.yml b/data/features/dependabot-uv-support.yml new file mode 100644 index 000000000000..d4a02bf1e299 --- /dev/null +++ b/data/features/dependabot-uv-support.yml @@ -0,0 +1,6 @@ +# Reference: #16918 +# UV support for Dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.16' diff --git a/data/features/disable-restrict-prs.yml b/data/features/disable-restrict-prs.yml new file mode 100644 index 000000000000..eac3e94f6cec --- /dev/null +++ b/data/features/disable-restrict-prs.yml @@ -0,0 +1,6 @@ +# Reference: #21073 +# Disable/restrict pull requests for a repository +versions: + fpt: '*' + ghec: '*' + ghes: '>= 3.21' diff --git a/data/features/push-protection-delegated-bypass-configurations-enterprise.yml b/data/features/push-protection-delegated-bypass-configurations-enterprise.yml new file mode 100644 index 000000000000..5df70d2de1eb --- /dev/null +++ b/data/features/push-protection-delegated-bypass-configurations-enterprise.yml @@ -0,0 +1,5 @@ +# Issue 1518825892 - Secret scanning push protection bypass added to enterprises +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.20' diff --git a/data/features/push-protection-delegated-bypass.yml b/data/features/push-protection-delegated-bypass.yml deleted file mode 100644 index 9f01b22087b7..000000000000 --- a/data/features/push-protection-delegated-bypass.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Issue 10362 - Push protection delegated bypass -# Ref 17108 Advanced Security available to Team plans -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.14' diff --git a/data/features/secret-scanning-non-provider-patterns.yml b/data/features/secret-scanning-non-provider-patterns.yml deleted file mode 100644 index 5f943660505e..000000000000 --- a/data/features/secret-scanning-non-provider-patterns.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Reference: #10154. -# Secret scanning for non-provider patterns [Public Beta] -# Ref 17108 Advanced Security available to Team plans -versions: - fpt: '*' - ghec: '*' - ghes: '>3.11' diff --git a/data/features/security-configurations-ga.yml b/data/features/security-configurations-ga.yml deleted file mode 100644 index 0ce24ebcb38d..000000000000 --- a/data/features/security-configurations-ga.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #13288 -# Documentation for security configurations and global settings. -versions: - fpt: '*' - ghec: '*' - ghes: '>3.14' diff --git a/data/features/virtual-registry.yml b/data/features/virtual-registry.yml new file mode 100644 index 000000000000..01fe83711095 --- /dev/null +++ b/data/features/virtual-registry.yml @@ -0,0 +1,5 @@ +# The virtual registry or "Linked artifacts" page. Ref: 20118 + +versions: + fpt: '*' + ghec: '*' diff --git a/data/learning-tracks/admin.yml b/data/learning-tracks/admin.yml index f774338aa215..ae1878552846 100644 --- a/data/learning-tracks/admin.yml +++ b/data/learning-tracks/admin.yml @@ -158,13 +158,13 @@ configure_github_advanced_security: - >- /billing/concepts/product-billing/github-advanced-security - >- - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise + /code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/enabling-github-advanced-security-for-your-enterprise - >- - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance + /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-code-scanning-for-your-appliance - >- - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance + /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-dependency-review-for-your-appliance - >- - /admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance + /code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance - >- /admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise get_started_with_your_enterprise_account: diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml index fbe340ca1d74..5f8d1ef387a0 100644 --- a/data/learning-tracks/code-security.yml +++ b/data/learning-tracks/code-security.yml @@ -5,58 +5,58 @@ security_advisories: vulnerability and get a CVE. guides: - >- - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities + /code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities - >- - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database + /code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database - >- - /code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories + /code-security/concepts/vulnerability-reporting-and-management/about-global-security-advisories - >- - /code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories + /code-security/concepts/vulnerability-reporting-and-management/about-repository-security-advisories - >- - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories + /code-security/tutorials/fix-reported-vulnerabilities/write-security-advisories - >- - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability + /code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability - >- - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities - >- - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository + /code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository - >- - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization + /code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/configuring-private-vulnerability-reporting-for-an-organization - >- - /code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/creating-a-repository-security-advisory - >- - /code-security/security-advisories/working-with-repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/adding-a-collaborator-to-a-repository-security-advisory - >- - /code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability + /code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork - >- - /code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/publishing-a-repository-security-advisory - >- - /code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-a-repository-security-advisory - >- - /code-security/security-advisories/working-with-repository-security-advisories/deleting-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/deleting-a-repository-security-advisory - >- - /code-security/security-advisories/working-with-repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory + /code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/removing-a-collaborator-from-a-repository-security-advisory dependabot_alerts: title: Get notifications for insecure dependencies description: >- Set up Dependabot to alert you to new vulnerabilities or malware in your dependencies. guides: - - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts + - /code-security/concepts/supply-chain-security/about-dependabot-alerts - >- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository - >- - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts + /code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts - >- - /code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules + /code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules - >- - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-notifications-for-dependabot-alerts - >- - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates - >- - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + /code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-detection-of-vulnerable-dependencies - >- - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors + /code-security/reference/supply-chain-security/dependabot-errors dependabot_security_updates: title: Get pull requests to update your vulnerable dependencies description: >- @@ -64,17 +64,17 @@ dependabot_security_updates: reported. guides: - >- - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates + /code-security/concepts/supply-chain-security/about-dependabot-security-updates - >- - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates + /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates - >- - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-notifications-for-dependabot-alerts - >- /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository - >- - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates - >- - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + /code-security/how-tos/secure-your-supply-chain/troubleshoot-dependency-security/troubleshooting-the-detection-of-vulnerable-dependencies dependency_version_updates: title: Keep your dependencies up-to-date description: >- @@ -82,103 +82,103 @@ dependency_version_updates: your dependencies. guides: - >- - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + /code-security/concepts/supply-chain-security/about-dependabot-version-updates - >- - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates + /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates - >- - /code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs + /code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs - >- - /code-security/dependabot/working-with-dependabot/dependabot-options-reference + /code-security/reference/supply-chain-security/dependabot-options-reference - >- - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot + /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot - >- - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + /code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions - >- - /code-security/dependabot/troubleshooting-dependabot/listing-dependencies-configured-for-version-updates + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/listing-dependencies-configured-for-version-updates - >- - /code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot - >- - /code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/guidance-for-the-configuration-of-private-registries-for-dependabot - >- - /code-security/dependabot/maintain-dependencies/removing-dependabot-access-to-public-registries + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/removing-dependabot-access-to-public-registries - >- - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-pull-requests-for-dependency-updates - >- - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors + /code-security/reference/supply-chain-security/dependabot-errors secret_scanning: title: Scan for secrets description: >- Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository. guides: - - /code-security/secret-scanning/introduction/about-secret-scanning - - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository - - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository + - /code-security/concepts/secret-security/about-secret-scanning + - /code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-your-repository + - /code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository - >- {% ifversion secret-scanning-validity-check-partner-patterns %} - /code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository{% endif %} + /code-security/how-tos/secure-your-secrets/customize-leak-detection/enabling-validity-checks-for-your-repository{% endif %} - >- {% ifversion not fpt - %}/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning{% + %}/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning{% endif %} - - /code-security/secret-scanning/managing-alerts-from-secret-scanning - - /code-security/secret-scanning/introduction/supported-secret-scanning-patterns + - /code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts + - /code-security/reference/secret-security/supported-secret-scanning-patterns - >- {% ifversion secret-scanning-push-protection - %}/code-security/secret-scanning/introduction/about-push-protection{% + %}/code-security/concepts/secret-security/about-push-protection{% endif %} - >- {% ifversion secret-scanning-push-protection-for-users - %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users{% + %}/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users{% endif %} - >- {% ifversion secret-scanning-push-protection - %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line{% + %}/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-from-the-command-line{% endif %} - >- {% ifversion secret-scanning-push-protection - %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui{% + %}/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/working-with-push-protection-in-the-github-ui{% endif %} - >- - /code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning + /code-security/reference/secret-security/secret-scanning-detection-scope security_alerts: title: Explore and manage security alerts description: Learn where to find and resolve security alerts. guides: - >- {% ifversion ghec or ghes - %}/code-security/security-overview/about-security-overview {% endif %} + %}/code-security/concepts/security-at-scale/about-security-overview {% endif %} - >- {% ifversion ghec or ghes - %}/code-security/security-overview/assessing-adoption-code-security {% + %}/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/security-overview/assessing-code-security-risk {% endif + %}/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/secret-scanning/managing-alerts-from-secret-scanning {% + %}/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts {% endif %} - >- {% ifversion ghec or ghes - %}/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository{% + %}/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts{% + %}/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests{% + %}/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts{% + %}/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts{% endif %} - >- {% ifversion ghec or ghes - %}/code-security/getting-started/auditing-security-alerts {% endif %} + %}/code-security/concepts/security-at-scale/auditing-security-alerts {% endif %} code_security_actions: title: Run code scanning with GitHub Actions description: >- @@ -186,28 +186,28 @@ code_security_actions: errors out of your repository. guides: - >- - /code-security/code-scanning/introduction-to-code-scanning/about-code-scanning + /code-security/concepts/code-scanning/about-code-scanning - >- - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning + /code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning - >- - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning + /code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/customizing-your-advanced-setup-for-code-scanning - >- - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + /code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/codeql-code-scanning-for-compiled-languages - >- - /code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container - - /code-security/code-scanning/troubleshooting-code-scanning + /code-security/tutorials/customize-code-scanning/running-codeql-code-scanning-in-a-container + - /code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors - >- - /code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page + /code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/about-the-tool-status-page code_security_integration: title: Integrate with code scanning description: Upload code analysis results from third-party systems to GitHub using SARIF. guides: - >- - /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning + /code-security/concepts/code-scanning/about-integration-with-code-scanning - >- - /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github + /code-security/how-tos/scan-code-for-vulnerabilities/integrate-with-existing-tools/uploading-a-sarif-file-to-github - >- - /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning + /code-security/reference/code-scanning/sarif-support-for-code-scanning - /rest/code-scanning end_to_end_supply_chain: title: End-to-end supply chain @@ -216,9 +216,9 @@ end_to_end_supply_chain: process. guides: - >- - /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview + /code-security/tutorials/implement-supply-chain-best-practices/end-to-end-supply-chain-overview - >- - /code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts - - /code-security/supply-chain-security/end-to-end-supply-chain/securing-code + /code-security/tutorials/implement-supply-chain-best-practices/securing-accounts + - /code-security/tutorials/implement-supply-chain-best-practices/securing-code - >- - /code-security/supply-chain-security/end-to-end-supply-chain/securing-builds + /code-security/tutorials/implement-supply-chain-best-practices/securing-builds diff --git a/data/release-notes/enterprise-server/3-14/18.yml b/data/release-notes/enterprise-server/3-14/18.yml index c614e1d71c4f..2df790b09c1a 100644 --- a/data/release-notes/enterprise-server/3-14/18.yml +++ b/data/release-notes/enterprise-server/3-14/18.yml @@ -17,8 +17,6 @@ sections: changes: - | For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`. - - | - Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks. known_issues: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. diff --git a/data/release-notes/enterprise-server/3-14/20.yml b/data/release-notes/enterprise-server/3-14/20.yml index 334303848c59..9e93d741c475 100644 --- a/data/release-notes/enterprise-server/3-14/20.yml +++ b/data/release-notes/enterprise-server/3-14/20.yml @@ -1,6 +1,8 @@ date: '2025-12-02' sections: security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06] - | **HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program. - | @@ -27,6 +29,8 @@ sections: Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. diff --git a/data/release-notes/enterprise-server/3-14/21.yml b/data/release-notes/enterprise-server/3-14/21.yml new file mode 100644 index 000000000000..3e901c642458 --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/21.yml @@ -0,0 +1,41 @@ +date: '2025-12-09' +sections: + security_fixes: + - | + **HIGH:** An attacker could inject HTML elements with IDs that collided with server-initialized data islands due to insufficient sanitization. When a privileged user viewed crafted content in certain Project views, these injected elements could overwrite critical application state objects, resulting in unintended server-side POST requests or other unauthorized backend interactions. GitHub has requested CVE ID [CVE-2025-14046](https://www.cve.org/cverecord?id=CVE-2025-14046) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Due to a regression in a recent patch release, Dependabot did not respond to some commands on pull requests, such as rebases, because webhook deliveries to loopback addresses were blocked. Webhook deliveries to the Dependabot endpoint now succeed, although deliveries to other endpoints on loopback addresses are still blocked. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repo overview page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-14/22.yml b/data/release-notes/enterprise-server/3-14/22.yml new file mode 100644 index 000000000000..91a829021df0 --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/22.yml @@ -0,0 +1,51 @@ +date: '2026-01-06' +sections: + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + Input validation wasnt correctly being applied to the "Password and authentication policies" section on the Management Console, allowing administrators to specify invalid values for "Login attempt limit for all users" and "Lockout time for Management Console users". + - | + The highlighted section on the sidebar of the Management Console settings page would not always accurately show what content was currently scrolled into view for an administrator. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the ` ENTERPRISE_ ` prefix for this variable. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-15/13.yml b/data/release-notes/enterprise-server/3-15/13.yml index c809f31d1bd4..56769db6f976 100644 --- a/data/release-notes/enterprise-server/3-15/13.yml +++ b/data/release-notes/enterprise-server/3-15/13.yml @@ -19,8 +19,6 @@ sections: For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`. - | Administrators can no longer run the `ghe-upgrade` command on a replica node if a configuration apply is running or has failed on the primary node. This change helps prevent upgrade conflicts and ensures more reliable high availability maintenance workflows. - - | - Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks. - | Administrators monitoring Elasticsearch index repair jobs benefit from improved log clarity. Log messages provide more detailed and actionable information, making it easier to troubleshoot and track the progress of index repair operations. known_issues: @@ -63,4 +61,4 @@ sections: - | Upgrading to this version from GHES 3.14.19 and higher will cause the upgrade to fail due to this version containing an older version of MySQL. To avoid this issue please upgrade to GHES 3.15.14 or higher. - [Updated: 2025-11-24] \ No newline at end of file + [Updated: 2025-11-24] diff --git a/data/release-notes/enterprise-server/3-15/15.yml b/data/release-notes/enterprise-server/3-15/15.yml index ae7b24804e24..442f67f1afb8 100644 --- a/data/release-notes/enterprise-server/3-15/15.yml +++ b/data/release-notes/enterprise-server/3-15/15.yml @@ -1,6 +1,8 @@ date: '2025-12-02' sections: security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06] - | **HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program. - | @@ -13,7 +15,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -26,11 +28,13 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-15/16.yml b/data/release-notes/enterprise-server/3-15/16.yml new file mode 100644 index 000000000000..a7e757ddd6cc --- /dev/null +++ b/data/release-notes/enterprise-server/3-15/16.yml @@ -0,0 +1,47 @@ +date: '2025-12-09' +sections: + security_fixes: + - | + **HIGH:** An attacker could inject HTML elements with IDs that collided with server-initialized data islands due to insufficient sanitization. When a privileged user viewed crafted content in certain Project views, these injected elements could overwrite critical application state objects, resulting in unintended server-side POST requests or other unauthorized backend interactions. GitHub has requested CVE ID [CVE-2025-14046](https://www.cve.org/cverecord?id=CVE-2025-14046) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Due to a regression in a recent patch release, Dependabot did not respond to some commands on pull requests, such as rebases, because webhook deliveries to loopback addresses were blocked. Webhook deliveries to the Dependabot endpoint now succeed, although deliveries to other endpoints on loopback addresses are still blocked. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repo overview page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-15/17.yml b/data/release-notes/enterprise-server/3-15/17.yml new file mode 100644 index 000000000000..610c1e93fd77 --- /dev/null +++ b/data/release-notes/enterprise-server/3-15/17.yml @@ -0,0 +1,61 @@ +date: '2026-01-06' +sections: + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + In the "Password and authentication policies" section of the Management Console, administrators could specify invalid values for the "Login attempt limit for all users" and "Lockout time for Management Console users" settings, because inputs were not correctly validated. + - | + The highlighted section on the sidebar of the Management Console settings page did not always accurately reflect the content currently scrolled into view. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Administrators could encounter inaccurate free disk space calculations when setting Elasticsearch watermarks, as incorrect methods were used for determining root and data disk sizes. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the `ENTERPRISE_` prefix for this variable. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + - | + When administrators enabled GitHub Advanced Security features in bulk, enablement progress was not always tracked accurately. As a result, subsequent bulk scans for GitHub Secret Protection could be triggered or grouped incorrectly. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-16/11.yml b/data/release-notes/enterprise-server/3-16/11.yml index 2732fe0af220..0fe10b0a672a 100644 --- a/data/release-notes/enterprise-server/3-16/11.yml +++ b/data/release-notes/enterprise-server/3-16/11.yml @@ -1,6 +1,8 @@ date: '2025-12-02' sections: security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06] - | **HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program. - | @@ -11,7 +13,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -30,9 +32,11 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-16/12.yml b/data/release-notes/enterprise-server/3-16/12.yml new file mode 100644 index 000000000000..243a93765ba2 --- /dev/null +++ b/data/release-notes/enterprise-server/3-16/12.yml @@ -0,0 +1,51 @@ +date: '2025-12-09' +sections: + security_fixes: + - | + **HIGH:** An attacker could inject HTML elements with IDs that collided with server-initialized data islands due to insufficient sanitization. When a privileged user viewed crafted content in certain Project views, these injected elements could overwrite critical application state objects, resulting in unintended server-side POST requests or other unauthorized backend interactions. GitHub has requested CVE ID [CVE-2025-14046](https://www.cve.org/cverecord?id=CVE-2025-14046) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Add missing `nvme_core.io_timeout=240` kernel parameter to Azure GRUB configuration to ensure NVMe readiness. + - | + Due to a regression in a recent patch release, Dependabot did not respond to some commands on pull requests, such as rebases, because webhook deliveries to loopback addresses were blocked. Webhook deliveries to the Dependabot endpoint now succeed, although deliveries to other endpoints on loopback addresses are still blocked. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repo overview page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-16/13.yml b/data/release-notes/enterprise-server/3-16/13.yml new file mode 100644 index 000000000000..388686a17f70 --- /dev/null +++ b/data/release-notes/enterprise-server/3-16/13.yml @@ -0,0 +1,71 @@ +date: '2026-01-06' +sections: + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + In the "Password and authentication policies" section of the Management Console, administrators could specify invalid values for the "Login attempt limit for all users" and "Lockout time for Management Console users" settings, because inputs were not correctly validated. + - | + The highlighted section on the sidebar of the Management Console settings page did not always accurately reflect the content currently scrolled into view. + - | + After selecting "local storage" for migration storage in the Management Console, administrators would find that the setting appeared to be cleared when the settings page refreshed. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Administrators could encounter inaccurate free disk space calculations when setting Elasticsearch watermarks, as incorrect methods were used for determining root and data disk sizes. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the `ENTERPRISE_` prefix for this variable. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + - | + When administrators enabled GitHub Advanced Security features in bulk, enablement progress was not always tracked accurately. As a result, subsequent bulk scans for GitHub Secret Protection could be triggered or grouped incorrectly. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + - | + To help large instances run more efficiently, enterprise administrators can more easily opt out of the behavior where GitHub generates a rebase commit every time we check whether a pull request can be merged. This change consolidates prior handling of multiple repository rule variables and backend feature flags. + + Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked. + known_issues: + - | + When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access to the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-16/9.yml b/data/release-notes/enterprise-server/3-16/9.yml index a842f5d1cca5..9cdb4d4bee4c 100644 --- a/data/release-notes/enterprise-server/3-16/9.yml +++ b/data/release-notes/enterprise-server/3-16/9.yml @@ -27,8 +27,6 @@ sections: For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`. - | Administrators can no longer run the `ghe-upgrade` command on a replica node if a configuration apply is running or has failed on the primary node. This change helps prevent upgrade conflicts and ensures more reliable high availability maintenance workflows. - - | - Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks. known_issues: - | Custom firewall rules are removed during the upgrade process. @@ -74,4 +72,4 @@ sections: Upgrading to this version from GHES 3.14.19 and higher or 3.15.14 and higher will cause the upgrade to fail due to this version containing an older version of MySQL. To avoid this issue please upgrade to GHES 3.16.10 or higher. [Updated: 2025-11-24] - \ No newline at end of file + diff --git a/data/release-notes/enterprise-server/3-17/10.yml b/data/release-notes/enterprise-server/3-17/10.yml new file mode 100644 index 000000000000..b4427a69808e --- /dev/null +++ b/data/release-notes/enterprise-server/3-17/10.yml @@ -0,0 +1,79 @@ +date: '2026-01-06' +sections: + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + In the "Password and authentication policies" section of the Management Console, administrators could specify invalid values for the "Login attempt limit for all users" and "Lockout time for Management Console users" settings, because inputs were not correctly validated. + - | + The highlighted section on the sidebar of the Management Console settings page did not always accurately reflect the content currently scrolled into view. + - | + After selecting "local storage" for migration storage in the Management Console, administrators found that the setting appeared to be cleared when the settings page refreshed. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Site administrators could not generate a CSV list of SCIM-provisioned users with the `ghe-scim-identities-csv` command because its wrapper script was missing from `/usr/local/bin`. + - | + Administrators encountered inaccurate free disk space calculations when setting Elasticsearch watermarks, as incorrect methods were used for determining root and data disk sizes. + - | + Upgrading an instance from 3.17.x or 3.18.x to 3.19.x would reset existing observability metrics settings. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the `ENTERPRISE_` prefix for this variable. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + - | + When administrators enabled GitHub Advanced Security features in bulk, enablement progress was not always tracked accurately. As a result, subsequent bulk scans for GitHub Secret Protection could be triggered or grouped incorrectly. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + - | + Developers can see code scanning annotations listed with errors first, followed by warnings and notes, in newly generated annotation lists. Previously, annotation order was random, which could make critical issues less visible, especially when some annotations were omitted due to high alert volume. This improves the clarity and prioritization of code scanning results. + - | + To help large instances run more efficiently, enterprise administrators can more easily opt out of the behavior where GitHub generates a rebase commit every time we check whether a pull request can be merged. This change consolidates prior handling of multiple repository rule variables and backend feature flags. + + Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked. + known_issues: + - | + When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access to the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. diff --git a/data/release-notes/enterprise-server/3-17/8.yml b/data/release-notes/enterprise-server/3-17/8.yml index 52fec958e650..44833dde37d1 100644 --- a/data/release-notes/enterprise-server/3-17/8.yml +++ b/data/release-notes/enterprise-server/3-17/8.yml @@ -1,6 +1,8 @@ date: '2025-12-02' sections: security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06] - | **HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program. - | @@ -11,7 +13,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Site administrators using the Management Console would see overly verbose error messages on the maintenance page. These error messages were not cleared when a new request was made, and no message was displayed when maintenance mode changes were saved successfully. - | @@ -34,11 +36,13 @@ sections: When new Elasticsearch indexes were created, index routing memos could go to a read-only MySQL replica and fail, causing delays in audit log indexing after monthly rollovers. The memos are now written to the primary database rather than a read-only replica. changes: - | - A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. + A new weekly job automatically disables Elasticsearch deprecation logging and removes existing deprecation logs every Saturday at midnight. This helps administrators manage disk space by regularly cleaning up deprecation data streams and log indices that are no longer needed. - | Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-17/9.yml b/data/release-notes/enterprise-server/3-17/9.yml new file mode 100644 index 000000000000..b116bd57cd98 --- /dev/null +++ b/data/release-notes/enterprise-server/3-17/9.yml @@ -0,0 +1,51 @@ +date: '2025-12-09' +sections: + security_fixes: + - | + **HIGH:** An attacker could inject HTML elements with IDs that collided with server-initialized data islands due to insufficient sanitization. When a privileged user viewed crafted content in certain Project views, these injected elements could overwrite critical application state objects, resulting in unintended server-side POST requests or other unauthorized backend interactions. GitHub has requested CVE ID [CVE-2025-14046](https://www.cve.org/cverecord?id=CVE-2025-14046) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Due to a regression in a recent patch release, Dependabot did not respond to some commands on pull requests, such as rebases, because webhook deliveries to loopback addresses were blocked. Webhook deliveries to the Dependabot endpoint now succeed, although deliveries to other endpoints on loopback addresses are still blocked. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repo overview page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. diff --git a/data/release-notes/enterprise-server/3-18/2.yml b/data/release-notes/enterprise-server/3-18/2.yml index 9a8d524a43b0..a8ec039b0e9e 100644 --- a/data/release-notes/enterprise-server/3-18/2.yml +++ b/data/release-notes/enterprise-server/3-18/2.yml @@ -1,6 +1,8 @@ date: '2025-12-02' sections: security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06] - | **HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program. - | @@ -13,7 +15,7 @@ sections: - | On instances with a "No Proxy" setting configured for GitHub Actions with MinIO or AWS remote blob providers, administrators sometimes experienced failures reading or writing Actions logs, artifacts, or caches because some traffic was incorrectly routed through the instances proxy. - | - New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. + New Microsoft Teams integrations failed to set up because the required `tenant_id` field was missing from the configuration, following Microsoft's deprecation of multi-tenant bot creation. - | Administrators running the `ghe-repl-decommission` script received an error. - | @@ -43,6 +45,8 @@ sections: Administrators can add security key-backed (SK) SSH certificate authorities. - | Administrators and users experience faster and more efficient searching of GitHub Actions workflow runs, with lower compute and networking resource usage. Searches for workflow runs within a repository are now always scoped to an associated repository. + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] known_issues: - | Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-18/3.yml b/data/release-notes/enterprise-server/3-18/3.yml new file mode 100644 index 000000000000..24bfcdd4ee0b --- /dev/null +++ b/data/release-notes/enterprise-server/3-18/3.yml @@ -0,0 +1,55 @@ +date: '2025-12-09' +sections: + security_fixes: + - | + **HIGH:** An attacker could inject HTML elements with IDs that collided with server-initialized data islands due to insufficient sanitization. When a privileged user viewed crafted content in certain Project views, these injected elements could overwrite critical application state objects, resulting in unintended server-side POST requests or other unauthorized backend interactions. GitHub has requested CVE ID [CVE-2025-14046](https://www.cve.org/cverecord?id=CVE-2025-14046) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Due to a regression in a recent patch release, Dependabot did not respond to some commands on pull requests, such as rebases, because webhook deliveries to loopback addresses were blocked. Webhook deliveries to the Dependabot endpoint now succeed, although deliveries to other endpoints on loopback addresses are still blocked. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repo overview page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + The setting to define private registries at the organization level for code scanning is only available if dependabot is also enabled for the instance. + - | + Custom NTP settings are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-18/4.yml b/data/release-notes/enterprise-server/3-18/4.yml new file mode 100644 index 000000000000..a654815383a8 --- /dev/null +++ b/data/release-notes/enterprise-server/3-18/4.yml @@ -0,0 +1,93 @@ +date: '2026-01-06' +sections: + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + In the "Password and authentication policies" section of the Management Console, administrators could specify invalid values for the "Login attempt limit for all users" and "Lockout time for Management Console users" settings, because inputs were not correctly validated. + - | + The highlighted section on the sidebar of the Management Console settings page did not always accurately reflect the content currently scrolled into view. + - | + After selecting "local storage" for migration storage in the Management Console, administrators found that the setting appeared to be cleared when the settings page refreshed. + - | + Administrators saw errors about missing or incomplete Actions cluster configuration in the Management Console, even on instances where GitHub Actions was not enabled. + - | + Custom network time protocol (NTP) settings could be removed after upgrades. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Site administrators could not generate a CSV list of SCIM-provisioned users with the `ghe-scim-identities-csv` command because its wrapper script was missing from `/usr/local/bin`. + - | + Administrators encountered inaccurate free disk space calculations when setting Elasticsearch watermarks, as incorrect methods were used for determining root and data disk sizes. + - | + Upgrading an instance from 3.17.x or 3.18.x to 3.19.x would reset existing observability metrics settings. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the `ENTERPRISE_` prefix for this variable. + - | + Deleted organizations were still accessible from users' organization dashboards for a period of time. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + - | + The site admin bar displayed debugging information used by GitHub. + - | + When administrators enabled GitHub Advanced Security features in bulk, enablement progress was not always tracked accurately. As a result, subsequent bulk scans for GitHub Secret Protection could be triggered or grouped incorrectly. + - | + On high-availability clusters with Elasticsearch Cross Cluster Replication (CCR) enabled, replication failed if the datacenter and consul-datacenter values didn’t match. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + - | + Developers can see code scanning annotations listed with errors first, followed by warnings and notes, in newly generated annotation lists. Previously, annotation order was random, which could make critical issues less visible, especially when some annotations were omitted due to high alert volume. This improves the clarity and prioritization of code scanning results. + - | + To help large instances run more efficiently, enterprise administrators can more easily opt out of the behavior where GitHub generates a rebase commit every time we check whether a pull request can be merged. This change consolidates prior handling of multiple repository rule variables and backend feature flags. + + Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked. + known_issues: + - | + When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access to the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + The setting to define private registries at the organization level for code scanning is only available if Dependabot is enabled for the instance. + - | + Custom NTP settings are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-19/0-rc1.yml b/data/release-notes/enterprise-server/3-19/0-rc1.yml index 21ec348f059b..390402ddb69e 100644 --- a/data/release-notes/enterprise-server/3-19/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-19/0-rc1.yml @@ -1,6 +1,6 @@ date: '2025-12-02' release_candidate: true -deprecated: false +deprecated: true intro: | > [!NOTE] Release candidate (RC) builds are intended solely for use in a test environment. Do not install an RC in a production environment. > @@ -245,7 +245,7 @@ sections: closing_down: # https://github.com/github/releases/issues/7007 - | - As announced in [this previous blog post](https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/), GitHub will stop supporting basic authentication to APIs using a username and password in the coming versions of GHES. Instead of using password authentication, [create a {% data variables.product.pat_generic %}]((/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) in limited situations like testing. You should authenticate apps in production by using the web applications flow. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps) + As announced in [this previous blog post](https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/), GitHub will stop supporting basic authentication to APIs using a username and password in the coming versions of GHES. Instead of using password authentication, [create a {% data variables.product.pat_generic %}](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) in limited situations like testing. You should authenticate apps in production by using the web applications flow. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps) # https://github.com/github/releases/issues/5771 - | The "reviewers" configuration option for Dependabot pull requests is retired. Reviewers are now determined by repository CODEOWNERS files. If your workflow depended on the "reviewers" option, update your automation to use CODEOWNERS for assigning pull request reviewers. diff --git a/data/release-notes/enterprise-server/3-19/0.yml b/data/release-notes/enterprise-server/3-19/0.yml new file mode 100644 index 000000000000..49441fb71a90 --- /dev/null +++ b/data/release-notes/enterprise-server/3-19/0.yml @@ -0,0 +1,261 @@ +date: '2025-12-09' +release_candidate: false +deprecated: false +intro: | + +sections: + # Remove section heading if the section contains no notes. + + features: + # Remove a sub-section heading if the heading contains no notes. If sections + # that regularly recur are missing, add placeholders to this template. + + - heading: Instance services + notes: + # + - | + You can configure which SSH and TLS ciphers are used on your instance. You can view the default ciphers and select preferred ones, providing you flexibility and ability to exclude weak ciphers. For more information, see [AUTOTITLE](/enterprise-server@3.19/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls-and-ssh-ciphers). + # https://github.com/github/releases/issues/6908 + - | + Starting 3.19, new installations of GHES will have OpenTelemetry metrics enabled and Collectd metrics disabled by default. You have the option to toggle between the two. Upgraded instances will retain their current settings. In about two to three releases, OpenTelemetry metrics will become the only supported metrics. To learn about OTel metrics, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics). + # https://github.com/github/releases/issues/6922 + - | + `ghe-repl-start` can now be executed without requiring a maintenance window when setting up a new replica, as long as `ghe-repl-setup` is immediately followed by `ghe-config-apply`. [Updated: 2025-12-17] + - | + You can configure multiple data disks to host MySQL and repository data. This capability is currently in public preview and is applicable only for standalone and high availability topologies. It does not apply to cluster topologies. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks). [Updated: 2026-01-19] + + - heading: Migrations + notes: + # https://github.com/github/releases/issues/6385 + - | + Administrators must update network allowlists with the new IP address ranges for GitHub Enterprise Importer migrations. Without this configuration, migration operations will fail due to blocked connectivity between environments. + + - heading: APIs + notes: + # https://github.com/github/releases/issues/4653 + - | + You can install GitHub Apps on the enterprise account and use them to manage your enterprise. Enterprise-installed GitHub Apps have access to a new set of permissions: + + * Managing GitHub App installations across the enterprise + * SCIM provisioning and SSO management + * Custom repository properties + * Custom organization roles owned by the enterprise + * Enterprise people management + + Managing GitHub Apps across the enterprise allows you to programmatically audit, install, and uninstall GitHub Apps for all of the organizations in your enterprise using a single token. This high-powered permission enables better organization management at scale. + # https://github.com/github/releases/issues/6053 + - | + Users can be made application managers of GitHub Apps owned by the enterprise. App Managers can update the application registration but do not have the ability to manage application installations. + + The app manager feature has also been updated to use the roles platform, which means that organization teams can be made app managers of individual organization-owned apps, and a new Organization App Manager role can be assigned to teams and users to give them access to _all_ of the apps owned by an organization. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers). + + - heading: GitHub Advanced Security + notes: + # https://github.com/github/releases/issues/5007 + - | + Administrators can delegate code scanning alert dismissal to repository users. This enables responsible users to manage security findings and streamline remediation directly from the repository. The delegated alert dismissal feature is now generally available. For more information, see [the changelog](https://github.blog/changelog/2025-07-01-delegated-alert-dismissal-for-code-scanning-is-now-generally-available/) + # https://github.com/github/releases/issues/5327 + - | + Administrators and security teams can now choose between default and advanced CodeQL setups for code scanning. The advanced setup allows for custom queries and more granular configuration, while the default setup offers a simplified workflow for standard security analysis. For more information, see [the changelog](https://github.blog/changelog/2025-07-15-security-configurations-support-for-running-codeql-in-either-default-or-advanced-setup/) + # https://github.com/github/releases/issues/6181 + - | + The REST API for secret scanning now returns `first_location_detected` and `has_more_locations` fields in its responses. + # https://github.com/github/releases/issues/5332 + - | + Administrators can specify which secret scanning patterns are included in push protection to enhance control over exposure prevention workflows. This update allows finer-tuning of push protected secrets. + # https://github.com/github/releases/issues/6436 + - | + Organization and security admins can now run a free scan to understand how their repositories are affected by secret leaks and exposures. These secret risk assessments can be run at the organization level from the `Security` tab. + # https://github.com/github/releases/issues/6232 + - | + When uploading analysis results for code scanning using SARIF files, each run in a multi-run SARIF file is now processed as a separate scan. Previously, multiple runs in one SARIF file were combined into a single scan, which could cause confusion in results and reporting. For more information, see [the changelog](https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/). + # https://github.com/github/releases/issues/6435 + - | + GitHub secret scanning now detects and alerts you on secrets found in GitHub wikis, in addition to previously supported locations, including GitHub issues, pull requests, and discussions. + + Secrets, like API keys, passwords, and tokens, can hide in many places. If these leaks aren't managed correctly, each one of them could pose a substantial risk. To help protect you from leaked secrets, anywhere within your GitHub perimeter, GitHub provides visibility across all major surfaces for hundreds of supported token formats. + - | + This release comes installed with version 2.22.4 of the CodeQL CLI, used in the CodeQL action for code scanning. Significant updates since the default version installed on GitHub Enterprise Server 3.18 include: + * Users can analyze Go codebases more comprehensively, as CodeQL 2.22.0 improves coverage for Go. The release extends support for Go's generics and enhances the precision of dataflow analysis, enabling identification of vulnerabilities and defects in a wider variety of Go code patterns. + * Users working with Swift can analyze projects using Swift 6.1.2, with CodeQL now supporting this version. This enhancement enables security and quality analyses for organizations adopting the latest Swift updates. + * Users can now analyze Rust projects using CodeQL, with Rust support available in public preview. Organizations developing in Rust can begin early adoption of vulnerability detection and quality analyses in this language. Rust support is subject to change as feedback is gathered during the preview period. + * Users analyzing Go codebases can scan projects built with Go 1.25, as CodeQL adds support for this new Go release. + * View more in the changelogs for versions [CodeQL 2.22.0](https://github.blog/changelog/2025-06-12-codeql-2-22-0-improves-coverage-for-go-and-adds-support-for-swift-6-1-2/), [CodeQL 2.22.1](https://github.blog/changelog/2025-07-03-codeql-2-22-1-bring-rust-support-to-public-preview/), and [CodeQL 2.22.4](https://github.blog/changelog/2025-09-03-codeql-2-22-4-adds-support-for-go-1-25-and-accuracy-improvements/). + + + - heading: Dependabot + notes: + # https://github.com/github/releases/issues/5745 + - | + Administrators and security teams can prioritize security fixes using the new Dependabot metrics page. The page provides insights on open vulnerable dependencies and other metrics to inform vulnerability management. This feature is now generally available for GitHub Advanced Security customers. + # https://github.com/github/releases/issues/5979 + - | + Administrators and security teams can use the new Dependabot metrics page to prioritize remediation efforts. The page displays summary metrics and detailed insights to help track code security status over time. + # https://github.com/github/releases/issues/6156 + - | + Dependabot now supports Gradle lockfiles in GHES, enabling users to keep dependencies up to date and improve supply chain security by automatically creating pull requests when newer versions are detected. This helps maintainers ensure project stability and security when managing Gradle projects. + # https://github.com/github/releases/issues/5454 + - | + Administrators can optionally configure Dependabot to wait for a package to reach a specified minimum age before updating dependencies in their `dependabot.yml` files. + # https://github.com/github/releases/issues/6149 + - | + Administrators can configure Dependabot in the dependabot.yml file to create a single pull request that updates dependencies across multiple package ecosystems within a repository. + # https://github.com/github/releases/issues/5747 + - | + Administrators can centrally manage configurations for private registries used by Dependabot. This allows for streamlined setup and maintenance of registry credentials, improving the workflow for managing dependencies securely across the organization. + # https://github.com/github/releases/issues/6400 + - | + Users can keep vcpkg dependencies up to date with Dependabot version updates. For more information, see the [changelog](https://github.blog/changelog/2025-08-12-dependabot-version-updates-now-support-vcpkg/). + # https://github.com/github/releases/issues/6401 + - | + Administrators and users can automate version updates for Rust toolchain dependencies using Dependabot. This enhancement streamlines the process of keeping Rust environments up to date and secure, reducing manual overhead for dependency management. For details, see the [changelog](https://github.blog/changelog/2025-08-19-dependabot-now-supports-rust-toolchain-updates/). + # https://github.com/github/releases/issues/6480 + - | + Administrators and repository maintainers can now configure Dependabot to exclude automatic pull requests for dependency manifests located in selected subdirectories. This update helps users manage updates more flexibly and avoid unnecessary PRs for specific project paths. For more information, see the [changelog](https://github.blog/changelog/2025-08-26-dependabot-can-now-exclude-automatic-pull-requests-for-manifests-in-selected-subdirectories/). + # https://github.com/github/releases/issues/6264 + - | + You can now choose a "Not set" option for GitHub Code Security features in your organization's security configurations. Previously, you could only enable or disable features like code scanning and Dependabot at the organization level. With the new "Not set" option, you can enforce some security settings (such as secret scanning) while letting repository administrators decide whether to enable GitHub Code Security features on their repositories. + + This update gives organizations more flexibility in managing security requirements and helps repository administrators tailor their security setup to their specific needs. + + To learn more about configuring security settings at the organization level, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). + # https://github.com/github/releases/issues/6381 + - | + Administrators can configure expanded cooldown windows for Dependabot alerts, allowing more flexible alert suppression during periods of high activity. Additionally, Dependabot now supports additional package managers, simplifying workflows for enterprises using diverse ecosystems. For the full list, see [AUTOTITLE](/enterprise-server@3.19/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories). + # https://github.com/github/releases/issues/6351 + - | + Administrators and repository owners can manage Dependabot alerts using batched updates for dependencies. This feature reduces alert noise by grouping related alerts and allowing simultaneous remediation, streamlining workflow and improving oversight for security and maintenance. + # https://github.com/github/releases/issues/6612 + - | + Dependabot can now update private Go modules hosted on enterprise registries and behind GOPROXY-compatible private proxies, as well as public modules, within the same workflow. This enables automated version and security updates for internal Go libraries. + + - heading: GitHub Actions + notes: + # Required Actions Runner version + - | + {% data reusables.actions.actions-runner-release-note %} + # https://github.com/github/releases/issues/4277 + - | + Enterprise administrators can assign fine-grained permissions for GitHub Actions through custom repository roles. This update enables precise control over workflow access, improving security and flexibility for automation management in repositories. + # + - | + Administrators can enforce policies to block specific actions and require SHA-based pinning when workflows use actions from public repositories. These policies help improve security for workflows by ensuring only approved actions are used and referenced by immutable SHAs. + + - heading: Community experience + notes: + # https://github.com/github/releases/issues/6393 + - | + Users can view a repository's contributing guidelines directly from both the repository's main tab and the sidebar. This feature makes it easier for contributors to find and follow project-specific contribution instructions, supporting a more accessible and collaborative workflow. + + - heading: Organizations + notes: + # https://github.com/github/releases/issues/6098 + - | + Enterprise administrators can create custom organization roles that are available in every organization in the enterprise, setting a standard set of roles for your organization owners to assign. These roles cannot be edited by organization owners. + + As part of this update, the number of custom roles that can be created in enterprises and organizations has been raised to 20 per role type and owner. This means that an organization owner can have up to 40 custom roles to pick from. + + - heading: Repositories + notes: + # https://github.com/github/releases/issues/5128 + - | + Enterprise administrators can manage rules more efficiently with the general availability of ruleset history, import, and export. Ruleset history allows tracking and rolling back changes, while import and export simplify sharing and reusing rulesets, including [GitHub's ruleset-recipes](https://github.com/github/ruleset-recipes). + + - heading: Issues + notes: + # https://github.com/github/releases/issues/6233 + - | + Users can duplicate issues to any repository with a Duplicate issue action in the sidebar. The new form prepopulates title, description, assignees, labels, type, projects, and milestone, helping reuse formats, split large tasks, and create variants across repositories. Edit details before creation to tailor scope. + # https://github.com/github/releases/issues/6290 + - | + Users can attach a wider range of code, data, document, image, audio, and log files in issues, pull requests, discussions, and comments: .py .yaml .yml .css .xml .html .htm .js .sql .java .c .cpp .sh .php .ts .tsx .cs .ipynb .pdb .xlsm .tsv .drawio .bin .rtf .doc .debug .msg .eml .copilotmd .bmp .tif .tiff .mp3 and .wav. + + - heading: Commits + notes: + # https://github.com/github/releases/issues/4321 + - | + Users benefit from a refreshed commit details page that enhances code review and navigation. The improved experience displays comment counts directly in the file tree, enables seamless switching between unified and split views, and introduces settings for line height and minimizing comments shown in diffs. + + - heading: Pull requests + notes: + # https://github.com/github/releases/issues/6195 + - | + The improved "Files changed" experience for pull requests introduces a streamlined interface with enhanced navigation and filtering options, making it easier to review and manage changes. This feature is in public preview and subject to change. + # https://github.com/github/releases/issues/6257 + - | + Pull request search in the web interface and via GraphQL and REST APIs now uses Elasticsearch as its dedicated backend, matching the existing issues search infrastructure. This update improves reliability and helps prevent timeouts when searching for pull requests in large repositories. + + - heading: Accessibility + notes: + # https://github.com/github/releases/issues/6281 + - | + Improved accessibility for pull request reviewer status indicators. Users with assistive technologies can more easily identify reviewer status, supporting a more inclusive code review experience across pull requests. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews#about-pull-request-reviews). + + changes: + # https://github.com/github/releases/issues/6326 + - | + The code viewer and editor consistently respect each user's defined tab width preference across files and sessions. Previously, tab width settings could be inconsistently applied, causing code to display with unexpected indentation. This update ensures a uniform code viewing experience. + # https://github.com/github/releases/issues/6398 + - | + The default tab size for code rendering is now set to 4 spaces instead of 8. This change provides a more consistent and readable display for code across the platform, aligning with common coding standards and improving the experience for developers who view or review code. + # https://github.com/github/releases/issues/6420 + - | + Email notifications for issues and pull requests include additional headers to improve filtering and organization in email clients. These new custom headers give users and administrators more options for managing and sorting notification emails. + # https://github.com/github/releases/issues/6385 + - | + Enterprises using IP allowlists should verify and update their network settings to include the newly required IP ranges for importer migrations. Failure to allow these addresses prevents successful migrations. + # https://github.com/github/releases/issues/6019 + - | + Projects now support up to 50,000 active items and 10,000 archived items. The previous limit was 1,200 items total. There is no option to opt out of this increased limit. + - | + YJIT, Ruby's Just-In-Time (JIT) compiler, is enabled by default. Users may experience faster application performance and improved resource efficiency across their instance. [Updated: 2025-12-17] + + known_issues: + # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a No such object error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators are unable to be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + Users may see a mismatch between repository-level Dependabot alerts and the overall Security Risk dashboard metrics. This can be resolved by reloading the page. + - | + The setting to define private registries at the organization level for code scanning is only available if dependabot is also enabled for the instance. + + closing_down: + # https://github.com/github/releases/issues/7007 + - | + As announced in [this previous blog post](https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/), GitHub will stop supporting basic authentication to APIs using a username and password in the coming versions of GHES. Instead of using password authentication, [create a {% data variables.product.pat_generic %}](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) in limited situations like testing. You should authenticate apps in production by using the web applications flow. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps) + # https://github.com/github/releases/issues/5771 + - | + The "reviewers" configuration option for Dependabot pull requests is retired. Reviewers are now determined by repository CODEOWNERS files. If your workflow depended on the "reviewers" option, update your automation to use CODEOWNERS for assigning pull request reviewers. + # https://github.com/github/releases/issues/6651 + - | + Starting 3.21, networking-related syscalls will be disabled by default in the pre-receive hook environment. For enhanced security, hook environments will be placed in dedicated network namespaces. You will be able to override the default setting by setting pre-receive-hook-networking to enabled. As an alternative to many pre-receive hooks, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets#push-rulesets). + - | + In 3.20, we will be retiring `Telegraf`. For context, this was a dark-shipped service running in the background and not part of any customer workflows. If you have discovered it and notice it is missing in a future release, we want to you to know we have intentionally removed it. diff --git a/data/release-notes/enterprise-server/3-19/1.yml b/data/release-notes/enterprise-server/3-19/1.yml new file mode 100644 index 000000000000..c5878bb8249d --- /dev/null +++ b/data/release-notes/enterprise-server/3-19/1.yml @@ -0,0 +1,95 @@ +date: '2026-01-06' +sections: + security_fixes: + - | + **HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically. + - | + In the "Password and authentication policies" section of the Management Console, administrators could specify invalid values for the "Login attempt limit for all users" and "Lockout time for Management Console users" settings, because inputs were not correctly validated. + - | + The highlighted section on the sidebar of the Management Console settings page did not always accurately reflect the content currently scrolled into view. + - | + After selecting "local storage" for migration storage in the Management Console, administrators found that the setting appeared to be cleared when the settings page refreshed. + - | + Administrators saw errors about missing or incomplete Actions cluster configuration in the Management Console, even on instances where GitHub Actions was not enabled. + - | + Custom network time protocol (NTP) settings could be removed after upgrades. + - | + Site administrators could not easily identify when a configuration run for their instance failed in the Management Console. Failed runs were indicated only by a header and steps could remain in a "pending" state. + - | + Site administrators could not generate a CSV list of SCIM-provisioned users with the `ghe-scim-identities-csv` command because its wrapper script was missing from `/usr/local/bin`. + - | + Administrators encountered inaccurate free disk space calculations when setting Elasticsearch watermarks, as incorrect methods were used for determining root and data disk sizes. + - | + Upgrading an instance from 3.17.x or 3.18.x to 3.19.x would reset existing observability metrics settings. + - | + Administrators who set the `ELASTOMER_INDEX_LOCK_BACKOFF_ATTEMPTS` environment variable to configure Elasticsearch index lock backoff attempts saw no effect, as the instance required the `ENTERPRISE_` prefix for this variable. + - | + Commit authors who ignored notifications from a repository did not receive secret scanning alert emails when their credentials were detected in that repository. + - | + The site admin bar displayed debugging information used by GitHub. + - | + Users could not access pull requests authored by a GitHub App when the pull request targeted a branch protected by a rule. + - | + On high-availability clusters with Elasticsearch Cross Cluster Replication (CCR) enabled, replication failed if the datacenter and consul-datacenter values didn’t match. + - | + When administrators enabled GitHub Advanced Security features in bulk, enablement progress was not always tracked accurately. As a result, subsequent bulk scans for GitHub Secret Protection could be triggered or grouped incorrectly. + changes: + - | + Administrators can capture distributed tracing data for Nomad job allocations using the `usr/local/share/enterprise/ghe-capture-trace-data` command to help diagnose performance issues. This feature is available only on standalone instances and should be run with guidance from GitHub Support. + - | + Developers can see code scanning annotations listed with errors first, followed by warnings and notes, in newly generated annotation lists. Previously, annotation order was random, which could make critical issues less visible, especially when some annotations were omitted due to high alert volume. This improves the clarity and prioritization of code scanning results. + - | + To help large instances run more efficiently, enterprise administrators can more easily opt out of the behavior where GitHub generates a rebase commit every time we check whether a pull request can be merged. This change consolidates prior handling of multiple repository rule variables and backend feature flags. + + Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked. + - | + You can configure multiple data disks to host MySQL and repository data. This capability is currently in public preview and is applicable only for standalone and high availability topologies. It does not apply to cluster topologies. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks). [Updated: 2026-01-19] + known_issues: + - | + When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. + - | + Upgrading or hotpatching to 3.19.1 may fail on very old nodes that have been continuously upgraded from versions older than 2021 versions (i.e. 2.17). If this issue occurs, you will see log entries prefixed with `invalid secret` in ghe-config.log. If you are running nodes this old, it is recommended not to upgrade to 3.19.1. + If you must hotpatch to 3.19.1, first run `ghe-config 'secrets.session-manage' | tr -d '\n' | wc -c`. If the output is less than 64, run `ghe-config --unset 'secrets.session-manage'` and `ghe-config-apply` before you start the hotpatch. You can also run these same commands after the hotpatch to recover from the failure. [Updated: 2026-01-12] + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access to the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + The setting to define private registries at the organization level for code scanning is only available if Dependabot is enabled for the instance. + - | + In patch 3.19.1, we identified an issue in the Management Console where the Backups (Preview) and Updates tabs may fail to open and instead return an Internal Server Error. We recommend using the command line interface (CLI) for backups and updates until an updated patch is released. [Updated: 2026-01-13] diff --git a/data/reusables/actions/about-actions-usage-metrics-aggregation.md b/data/reusables/actions/about-actions-usage-metrics-aggregation.md index 41f88df43c8d..13221bf9d440 100644 --- a/data/reusables/actions/about-actions-usage-metrics-aggregation.md +++ b/data/reusables/actions/about-actions-usage-metrics-aggregation.md @@ -1,4 +1,4 @@ -The time period selection feature allows you to view {% data variables.product.prodname_actions %} metrics over predefined periods, as detailed in the following table. These metrics include skipped runs and those that use zero minutes. Data is presented using Coordinated Universal Time (UTC) days. +The time period selection feature allows you to view {% data variables.product.prodname_actions %} metrics over predefined periods, as detailed in the following table. These metrics exclude skipped runs and those that use zero minutes. Data is presented using Coordinated Universal Time (UTC) days. {% rowheaders %} diff --git a/data/reusables/actions/actions-billing.md b/data/reusables/actions/actions-billing.md index a25bb9d1c19f..d77925c3e9b5 100644 --- a/data/reusables/actions/actions-billing.md +++ b/data/reusables/actions/actions-billing.md @@ -1 +1 @@ -{% data variables.product.prodname_actions %} usage is free for standard {% data variables.product.prodname_dotcom %}-hosted runners in public repositories, and for self-hosted runners. See [AUTOTITLE](/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories). For private repositories, each {% data variables.product.prodname_dotcom %} account receives a quota of free minutes and storage for use with {% data variables.product.prodname_dotcom %}-hosted runners, depending on the account's plan. Any usage beyond the included amounts is billed to your account. +{% data variables.product.prodname_actions %} usage is free for standard {% data variables.product.prodname_dotcom %}-hosted runners in public repositories, and for self-hosted runners. See [AUTOTITLE](/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories). For private repositories, each {% data variables.product.prodname_dotcom %} account receives a quota of free minutes and storage for use with {% data variables.product.prodname_dotcom %}-hosted runners, depending on the account's plan. Any usage beyond the included amounts is billed to your account. \ No newline at end of file diff --git a/data/reusables/actions/actions-proxy-environment-variables-table.md b/data/reusables/actions/actions-proxy-environment-variables-table.md new file mode 100644 index 000000000000..eed476d5414a --- /dev/null +++ b/data/reusables/actions/actions-proxy-environment-variables-table.md @@ -0,0 +1,5 @@ +| Variable | Description | Example | +| ------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | +| `https_proxy` | Proxy URL for HTTPS traffic. You can include basic authentication if required. | `http://proxy.local`
`http://192.168.1.1:8080`
`http://username:password@proxy.local` | +| `http_proxy` | Proxy URL for HTTP traffic. You can include basic authentication if required. | `http://proxy.local`
`http://192.168.1.1:8080`
`http://username:password@proxy.local` | +| `no_proxy` | A comma-separated list of hosts or IP addresses that should bypass the proxy. Some clients only honor IP addresses when connections are made directly to the IP rather than a hostname. | `example.com`
`example.com,myserver.local:443,example.org` | \ No newline at end of file diff --git a/data/reusables/actions/add-hosted-runner.md b/data/reusables/actions/add-hosted-runner.md index 4ad6e7d8e3f5..4b319a7ef933 100644 --- a/data/reusables/actions/add-hosted-runner.md +++ b/data/reusables/actions/add-hosted-runner.md @@ -1,7 +1,7 @@ 1. Click **New runner**, then click **{% octicon "mark-github" aria-hidden="true" aria-label="mark-github" %} New {% data variables.product.prodname_dotcom %}-hosted runner**. 1. Complete the required details to configure your new runner: - * **Name:** Enter a name for your new runner. For easier identification, this should indicate its hardware and operating configuration, such as `ubuntu-20.04-16core`. + * **Name:** Enter a name for your new runner. For easier identification, this should indicate its hardware and operating configuration, such as `ubuntu-24.04-16core`. * **Platform:** Choose a platform from the available options. Once you've selected a platform, you will be able to choose a specific image. If you are building a custom image, the platform that you select for your runner must match the platform of the image you want to build. The platform of the runner can be one of the following: diff --git a/data/reusables/actions/allow-specific-actions-intro.md b/data/reusables/actions/allow-specific-actions-intro.md index 422954be0c6d..d3848577fa6a 100644 --- a/data/reusables/actions/allow-specific-actions-intro.md +++ b/data/reusables/actions/allow-specific-actions-intro.md @@ -26,11 +26,4 @@ When you choose {% data reusables.actions.policy-label-for-select-actions-workfl Use the `!` prefix to block patterns. For example, to allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} from the `space-org` organization, but block a specific action like `space-org/action`, you can specify `space-org/*, !space-org/action@*`. By default, only actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} specified in the list will be allowed. To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} while also blocking specific actions, you can specify `*, !space-org/action@*`. {% endif %} - {% ifversion fpt or ghec %} - - > [!NOTE] - > For {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, {% data variables.product.prodname_free_team %} for organizations, or {% data variables.product.prodname_team %} plans, the **Allow specified actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}** option is only available in public repositories. - - {% endif %} - This procedure demonstrates how to add specific actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} to the list. diff --git a/data/reusables/actions/attestation-virtual-registry.md b/data/reusables/actions/attestation-virtual-registry.md new file mode 100644 index 000000000000..3f11358cec43 --- /dev/null +++ b/data/reusables/actions/attestation-virtual-registry.md @@ -0,0 +1,4 @@ +The [attest](https://github.com/actions/attest) and [attest-build-provenance](https://github.com/actions/attest-build-provenance) actions automatically create storage records on the {% data variables.product.virtual_registry %} if both: + +* The `push-to-registry` option is set to `true` +* The workflow that includes the action has the `artifact-metadata: write` permission diff --git a/data/reusables/actions/azure-vnet-procedures-prereqs.md b/data/reusables/actions/azure-vnet-procedures-prereqs.md index b625ac5d6476..cbbfb75f49b0 100644 --- a/data/reusables/actions/azure-vnet-procedures-prereqs.md +++ b/data/reusables/actions/azure-vnet-procedures-prereqs.md @@ -8,6 +8,10 @@ You will use a script to automate configuring your Azure resources. * To ensure resource availability/data residency, resources must be created in the same Azure region. +* Outbound network traffic from the subnet **must not** be subject to TLS interception as our Virtual Machines will not be configured to trust intermediate certificates that your network uses to perform TLS interception. For more details, see [Certificates used by Azure Firewall Premium](https://learn.microsoft.com/en-us/azure/firewall/premium-certificates#certificates-used-by-azure-firewall-premium) in the Microsoft documentation. + + If you need to use TLS interception, you can install intermediate certificates via a custom image. See [AUTOTITLE](/actions/how-tos/manage-runners/larger-runners/use-custom-images). + * Save the following `.bicep` file. Name the file `actions-nsg-deployment.bicep`. The `.bicep` file we provide contains the minimal set of rules to use {% data variables.product.company_short %}-hosted runners with Azure VNET. You may need to add rules for your specific use case. diff --git a/data/reusables/actions/custom-images-public-preview-note.md b/data/reusables/actions/custom-images-public-preview-note.md new file mode 100644 index 000000000000..803079d4a30d --- /dev/null +++ b/data/reusables/actions/custom-images-public-preview-note.md @@ -0,0 +1,2 @@ +> [!NOTE] +> Custom images are in {% data variables.release-phases.public_preview %} and subject to change. diff --git a/data/reusables/actions/enable-debug-logging.md b/data/reusables/actions/enable-debug-logging.md index 5632522cef52..5b08831726df 100644 --- a/data/reusables/actions/enable-debug-logging.md +++ b/data/reusables/actions/enable-debug-logging.md @@ -1,2 +1,2 @@ -1. Optionally, to enable runner diagnostic logging and step debug logging for the re-run, select **Enable debug logging**. +1. Optionally, to enable runner diagnostic logging and step debug logging for the re-run, select **Enable debug logging**. For more information, see [AUTOTITLE](/actions/how-tos/monitor-workflows/enable-debug-logging). 1. Click **Re-run jobs**. diff --git a/data/reusables/actions/inputs-vs-github-event-inputs.md b/data/reusables/actions/inputs-vs-github-event-inputs.md index cf9dff3cbbc1..c2cace7aa046 100644 --- a/data/reusables/actions/inputs-vs-github-event-inputs.md +++ b/data/reusables/actions/inputs-vs-github-event-inputs.md @@ -1,4 +1,4 @@ > [!NOTE] > * The workflow will also receive the inputs in the `github.event.inputs` context. The information in the `inputs` context and `github.event.inputs` context is identical except that the `inputs` context preserves Boolean values as Booleans instead of converting them to strings. The `choice` type resolves to a string and is a single selectable option. -> * The maximum number of top-level properties for `inputs` is 10. +> * The maximum number of top-level properties for `inputs` is {% ifversion fpt or ghec %}25 {% else %}10 {% endif %}. > * The maximum payload for `inputs` is 65,535 characters. diff --git a/data/reusables/actions/jobs/example-runs-on-labels-and-groups.md b/data/reusables/actions/jobs/example-runs-on-labels-and-groups.md index 17a4cb297461..fae7f2d9dd75 100644 --- a/data/reusables/actions/jobs/example-runs-on-labels-and-groups.md +++ b/data/reusables/actions/jobs/example-runs-on-labels-and-groups.md @@ -1,6 +1,6 @@ When you combine groups and labels, the runner must meet both requirements to be eligible to run the job. -In this example, a runner group called `ubuntu-runners` is populated with Ubuntu runners, which have also been assigned the label `ubuntu-20.04-16core`. The `runs-on` key combines `group` and `labels` so that the job is routed to any available runner within the group that also has a matching label: +In this example, a runner group called `ubuntu-runners` is populated with Ubuntu runners, which have also been assigned the label `ubuntu-24.04-16core`. The `runs-on` key combines `group` and `labels` so that the job is routed to any available runner within the group that also has a matching label: ```yaml name: learn-github-actions @@ -9,7 +9,7 @@ jobs: check-bats-version: runs-on: group: ubuntu-runners - labels: ubuntu-20.04-16core + labels: ubuntu-24.04-16core steps: - uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-setup-node %} diff --git a/data/reusables/actions/larger-runners-table.md b/data/reusables/actions/larger-runners-table.md index 51082c35cbcc..ae2c35d3a70d 100644 --- a/data/reusables/actions/larger-runners-table.md +++ b/data/reusables/actions/larger-runners-table.md @@ -1,4 +1,4 @@ | Runner Size | Architecture| Processor (CPU)| Memory (RAM) | Storage (SSD) | Workflow label | | ------------| ------------| -------------- | ------------- | ------------- |--------------------------------------------------------------------------------------------------------------------------------------------------| -| Large | Intel | 12 | 30 GB | 14 GB | macos-latest-large, macos-13-large, macos-14-large, macos-15-large (latest) | -| XLarge | arm64 (M2) | 5 (+ 8 GPU hardware acceleration) | 14 GB | 14 GB | macos-latest-xlarge, macos-13-xlarge, macos-14-xlarge, macos-15-xlarge (latest), macos-26-xlarge ({% data variables.release-phases.public_preview %}) | +| Large | Intel | 12 | 30 GB | 14 GB | macos-latest-large, macos-14-large, macos-15-large (latest), macos-26-large ({% data variables.release-phases.public_preview %}) | +| XLarge | arm64 (M2) | 5 (+ 8 GPU hardware acceleration) | 14 GB | 14 GB | macos-latest-xlarge, macos-14-xlarge, macos-15-xlarge (latest), macos-26-xlarge ({% data variables.release-phases.public_preview %}) | diff --git a/data/reusables/actions/macos-runner-limitations.md b/data/reusables/actions/macos-runner-limitations.md index 2672d25dc804..5dcd752feb07 100644 --- a/data/reusables/actions/macos-runner-limitations.md +++ b/data/reusables/actions/macos-runner-limitations.md @@ -1,5 +1,5 @@ * All actions provided by {% data variables.product.prodname_dotcom %} are compatible with arm64 {% data variables.product.prodname_dotcom %}-hosted runners. However, community actions may not be compatible with arm64 and need to be manually installed at runtime. -* Nested-virtualization and Metal Performance Shaders (MPS) are not supported due to the limitation of Apple's Virtualization Framework. +* Nested-virtualization is not supported due to the limitation of Apple's Virtualization Framework. * Networking capabilities such as Azure private networking and assigning static IPs are not currently available for macOS larger runners. * The arm64 macOS runners do not have a static UUID/UDID assigned to them because Apple does not support this feature. However, Intel MacOS runners are assigned a static UDID, specifically `4203018E-580F-C1B5-9525-B745CECA79EB`. If you are building and signing on the same host you plan to test the build on, you can sign with a [development provisioning profile](https://developer.apple.com/help/account/provisioning-profiles/create-a-development-provisioning-profile/). If you do require a static UDID, you can use Intel runners and add their UDID to your Apple Developer account. {%- ifversion ghec %} diff --git a/data/reusables/actions/permissions-statement-secrets-variables-repository.md b/data/reusables/actions/permissions-statement-secrets-variables-repository.md index f1c4a073ca28..d75f883e6820 100644 --- a/data/reusables/actions/permissions-statement-secrets-variables-repository.md +++ b/data/reusables/actions/permissions-statement-secrets-variables-repository.md @@ -1 +1 @@ -{% ifversion repo-ci-cd-admin %}To create secrets or variables on {% data variables.product.prodname_dotcom %} for an organization repository, you must have `write` access.{% else %}To create secrets or variables on {% data variables.product.prodname_dotcom %} for an organization repository, you must have `admin` access.{% endif %} For a personal account repository, you must be the repository owner to create secrets or variable in the web UI or a repository collaborator to create secrets or variables through the REST API. +{% ifversion repo-ci-cd-admin %}To create secrets or variables on {% data variables.product.prodname_dotcom %} for an organization repository, you must have `write` access.{% else %}To create secrets or variables on {% data variables.product.prodname_dotcom %} for an organization repository, you must have `admin` access.{% endif %} For a personal account repository, you must be a repository collaborator. \ No newline at end of file diff --git a/data/reusables/actions/single-cpu-table-row.md b/data/reusables/actions/single-cpu-table-row.md index 3a7de45e91f5..6c86a8dfa9b2 100644 --- a/data/reusables/actions/single-cpu-table-row.md +++ b/data/reusables/actions/single-cpu-table-row.md @@ -5,6 +5,6 @@ 14 GB x64 - ubuntu-slim ({% data variables.release-phases.public_preview %}) + ubuntu-slim diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md index 8cfb8859e219..7f4808a693e1 100644 --- a/data/reusables/actions/supported-github-runners.md +++ b/data/reusables/actions/supported-github-runners.md @@ -36,6 +36,7 @@ For public repositories, jobs using the workflow labels shown in the table below windows-latest, windows-2025, + windows-2025-vs2026 ({% data variables.release-phases.public_preview %}), windows-2022 @@ -67,7 +68,6 @@ For public repositories, jobs using the workflow labels shown in the table below 14 GB Intel - macos-13, macos-15-intel @@ -81,7 +81,7 @@ For public repositories, jobs using the workflow labels shown in the table below macos-latest, macos-14, macos-15, - macos-26 ({% data variables.release-phases.public_preview %}) + macos-26 ({% data variables.release-phases.public_preview %}), @@ -108,7 +108,7 @@ For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using Linux 2 - 7 GB + 8 GB 14 GB x64 @@ -120,7 +120,7 @@ For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using Windows 2 - 7 GB + 8 GB 14 GB x64 @@ -129,6 +129,27 @@ For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using windows-2022 + + Linux + 2 + 8 GB + 14 GB + arm64 + + ubuntu-24.04-arm, + ubuntu-22.04-arm + + + + Windows + 2 + 8 GB + 14 GB + arm64 + + windows-11-arm + + macOS 4 @@ -136,7 +157,6 @@ For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using 14 GB Intel - macos-13, macos-15-intel diff --git a/data/reusables/actions/workflow-templates-metadata-example.md b/data/reusables/actions/workflow-templates-metadata-example.md new file mode 100644 index 000000000000..0f2a52a7711f --- /dev/null +++ b/data/reusables/actions/workflow-templates-metadata-example.md @@ -0,0 +1,15 @@ +```json copy +{ + "name": "Octo Organization Workflow", + "description": "Octo Organization CI workflow template.", + "iconName": "example-icon", + "categories": [ + "Go" + ], + "filePatterns": [ + "package.json$", + "^Dockerfile", + ".*\\.md$" + ] +} +``` diff --git a/data/reusables/actions/workflow-templates-metadata-keys.md b/data/reusables/actions/workflow-templates-metadata-keys.md new file mode 100644 index 000000000000..c691f2d5d55e --- /dev/null +++ b/data/reusables/actions/workflow-templates-metadata-keys.md @@ -0,0 +1,11 @@ +* `name` - **Required.** The name of the workflow. This is displayed in the list of available workflows. +* `description` - **Required.** The description of the workflow. This is displayed in the list of available workflows. +* `iconName` - **Optional.** Specifies an icon for the workflow that is displayed in the list of workflows. `iconName` can be one of the following types: + * An SVG file that is stored in the `workflow-templates` directory. To reference a file, the value must be the file name without the file extension. For example, an SVG file named `example-icon.svg` is referenced as `example-icon`. + * An icon from {% data variables.product.prodname_dotcom %}'s set of [Octicons](https://primer.style/octicons/). To reference an octicon, the value must be `octicon `. For example, `octicon smiley`. +* `categories` - **Optional.** Defines the categories that the workflow is shown under. You can use category names from the following lists: + * General category names from the [starter-workflows](https://github.com/actions/starter-workflows/blob/main/README.md#categories) repository. + * Linguist languages from the list in the [linguist](https://github.com/github-linguist/linguist/blob/main/lib/linguist/languages.yml) repository. + * Supported tech stacks from the list in the [starter-workflows](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml) repository. + +* `filePatterns` - **Optional.** Allows the workflow to be used if the user's repository has a file in its root directory that matches a defined regular expression. diff --git a/data/reusables/apps/oauth-app-access-restrictions.md b/data/reusables/apps/oauth-app-access-restrictions.md index b6da84930079..6e51b828e100 100644 --- a/data/reusables/apps/oauth-app-access-restrictions.md +++ b/data/reusables/apps/oauth-app-access-restrictions.md @@ -1 +1 @@ -When {% data variables.product.prodname_oauth_app %} access restrictions are enabled, organization members and outside collaborators cannot authorize {% data variables.product.prodname_oauth_app %} access to organization resources. Organization members can request owner approval for {% data variables.product.prodname_oauth_apps %} they'd like to use, and organization owners receive a notification of pending requests. +When {% data variables.product.prodname_oauth_app %} access restrictions are enabled, organization members and outside collaborators cannot authorize {% data variables.product.prodname_oauth_app %} access to organization resources. Users can request owner approval for {% data variables.product.prodname_oauth_apps %} they'd like to use, and organization owners receive a notification of pending requests. diff --git a/data/reusables/apps/repo-admin-install-restriction.md b/data/reusables/apps/repo-admin-install-restriction.md new file mode 100644 index 000000000000..ae7d071eae5f --- /dev/null +++ b/data/reusables/apps/repo-admin-install-restriction.md @@ -0,0 +1 @@ +Repository admins can install {% data variables.product.prodname_github_apps %} in the organization that owns the repository if the app does not request any organization permissions nor the "repository administration" permission. When doing so, they can only install the app with access to the repositories that they admin. {% ifversion fpt or ghec or ghes > 3.19 %}Organization owners can restrict {% data variables.product.prodname_github_app %} installation by repository admins. When this restriction is enabled, repository admins cannot install {% data variables.product.prodname_github_apps %} and must instead request that organization owners install the desired app. For more information, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests).{% endif %} \ No newline at end of file diff --git a/data/reusables/billing/actions-standard-runner-prices.md b/data/reusables/billing/actions-standard-runner-prices.md new file mode 100644 index 000000000000..569d08abd4c6 --- /dev/null +++ b/data/reusables/billing/actions-standard-runner-prices.md @@ -0,0 +1,8 @@ +| Operating system | Billing SKU | Per-minute rate (USD) | +| ------------------------------------ | --------------------- | --------------------- | +| Linux 1-core (x64) | `actions_linux_slim` | $0.002 | +| Linux 2-core (x64) | `actions_linux` | $0.006 | +| Linux 2-core (arm64) | `actions_linux_arm` | $0.005 | +| Windows 2-core (x64) | `actions_windows` | $0.010 | +| Windows 2-core (arm64) | `actions_windows_arm` | $0.010 | +| macOS 3-core or 4-core (M1 or Intel) | `actions_macos` | $0.062 | diff --git a/data/reusables/billing/display-usage-view.md b/data/reusables/billing/display-usage-view.md new file mode 100644 index 000000000000..846b1601e410 --- /dev/null +++ b/data/reusables/billing/display-usage-view.md @@ -0,0 +1 @@ +1. In the left sidebar, click **Usage** . For enterprises, then click **Metered usage**. diff --git a/data/reusables/billing/premium-request-analytics-start.md b/data/reusables/billing/premium-request-analytics-start.md index 94ebd042fbf4..c052161099ae 100644 --- a/data/reusables/billing/premium-request-analytics-start.md +++ b/data/reusables/billing/premium-request-analytics-start.md @@ -1,2 +1,8 @@ > [!NOTE] > Premium request analytics data are available from **August 1, 2025** onward. Separate usage data for features that use premium requests is available from **November 1, 2025** for {% data variables.product.prodname_copilot_short %}, {% data variables.product.prodname_spark_short %}, and {% data variables.copilot.copilot_coding_agent %}. + + +User-level analytics have different access permissions depending on your role. + +* Enterprise owners and billing managers can see premium request analytics by user. +* Organization owners cannot view premium request analytics by user or use the `user` parameter in the API. To view user-level usage, these users can download a premium request usage report. See [AUTOTITLE](/billing/how-tos/products/view-productlicense-use#downloading-usage-reports). diff --git a/data/reusables/cli/preview-note-cli-body.md b/data/reusables/cli/preview-note-cli-body.md new file mode 100644 index 000000000000..7afa16d21ed5 --- /dev/null +++ b/data/reusables/cli/preview-note-cli-body.md @@ -0,0 +1 @@ +{% data variables.copilot.copilot_cli %} is in {% data variables.release-phases.public_preview_dpa %} and subject to change. diff --git a/data/reusables/cli/preview-note-cli.md b/data/reusables/cli/preview-note-cli.md index ef76aad76946..8e0fabee84ba 100644 --- a/data/reusables/cli/preview-note-cli.md +++ b/data/reusables/cli/preview-note-cli.md @@ -1,2 +1,2 @@ > [!NOTE] -> {% data variables.copilot.copilot_cli %} is in {% data variables.release-phases.public_preview_dpa %} and subject to change. +> {% data reusables.cli.preview-note-cli-body %} diff --git a/data/reusables/code-quality/codeql-query-tables/csharp.md b/data/reusables/code-quality/codeql-query-tables/csharp.md new file mode 100644 index 000000000000..eba44234ce4d --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/csharp.md @@ -0,0 +1,77 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| [Block code with a single Response.Write()](https://codeql.github.com/codeql-query-help/csharp/cs-asp-response-write/) | Maintainability | Recommendation | +| [Call to obsolete method](https://codeql.github.com/codeql-query-help/csharp/cs-call-to-obsolete-method/) | Maintainability | Warning | +| [Class has same name as super class](https://codeql.github.com/codeql-query-help/csharp/cs-class-name-matches-base-class/) | Maintainability | Recommendation | +| [Class implements ICloneable](https://codeql.github.com/codeql-query-help/csharp/cs-class-implements-icloneable/) | Maintainability | Recommendation | +| [Constant condition](https://codeql.github.com/codeql-query-help/csharp/cs-constant-condition/) | Maintainability | Warning | +| [Container contents are never accessed](https://codeql.github.com/codeql-query-help/csharp/cs-unused-collection/) | Maintainability | Error | +| [Field masks field in super class](https://codeql.github.com/codeql-query-help/csharp/cs-field-masks-base-field/) | Maintainability | Warning | +| [Futile conditional](https://codeql.github.com/codeql-query-help/csharp/cs-useless-if-statement/) | Maintainability | Warning | +| [Local scope variable shadows member](https://codeql.github.com/codeql-query-help/csharp/cs-local-shadows-member/) | Maintainability | Recommendation | +| [Missed 'readonly' opportunity](https://codeql.github.com/codeql-query-help/csharp/cs-missed-readonly-modifier/) | Maintainability | Recommendation | +| [Missed 'using' opportunity](https://codeql.github.com/codeql-query-help/csharp/cs-missed-using-statement/) | Maintainability | Recommendation | +| [Missed opportunity to use All](https://codeql.github.com/codeql-query-help/csharp/cs-linq-missed-all/) | Maintainability | Recommendation | +| [Missed opportunity to use Cast](https://codeql.github.com/codeql-query-help/csharp/cs-linq-missed-cast/) | Maintainability | Recommendation | +| [Missed opportunity to use OfType](https://codeql.github.com/codeql-query-help/csharp/cs-linq-missed-oftype/) | Maintainability | Recommendation | +| [Missed opportunity to use Select](https://codeql.github.com/codeql-query-help/csharp/cs-linq-missed-select/) | Maintainability | Recommendation | +| [Missed opportunity to use Where](https://codeql.github.com/codeql-query-help/csharp/cs-linq-missed-where/) | Maintainability | Recommendation | +| [Missed ternary opportunity](https://codeql.github.com/codeql-query-help/csharp/cs-missed-ternary-operator/) | Maintainability | Recommendation | +| [Nested 'if' statements can be combined](https://codeql.github.com/codeql-query-help/csharp/cs-nested-if-statements/) | Maintainability | Recommendation | +| [Redundant Select](https://codeql.github.com/codeql-query-help/csharp/cs-linq-useless-select/) | Maintainability | Warning | +| [Redundant ToString() call](https://codeql.github.com/codeql-query-help/csharp/cs-useless-tostring-call/) | Maintainability | Recommendation | +| [Static field written by instance method](https://codeql.github.com/codeql-query-help/csharp/cs-static-field-written-by-instance/) | Maintainability | Recommendation | +| [Unnecessarily complex Boolean expression](https://codeql.github.com/codeql-query-help/csharp/cs-simplifiable-boolean-expression/) | Maintainability | Recommendation | +| [Unused label](https://codeql.github.com/codeql-query-help/csharp/cs-unused-label/) | Maintainability | Warning | +| [Useless assignment to local variable](https://codeql.github.com/codeql-query-help/csharp/cs-useless-assignment-to-local/) | Maintainability | Warning | +| [Useless call to GetHashCode()](https://codeql.github.com/codeql-query-help/csharp/cs-useless-gethashcode-call/) | Maintainability | Recommendation | +| [A lock is held during a wait](https://codeql.github.com/codeql-query-help/csharp/cs-locked-wait/) | Reliability | Warning | +| [Call to 'System.IO.Path.Combine' may silently drop its earlier arguments](https://codeql.github.com/codeql-query-help/csharp/cs-path-combine/) | Reliability | Recommendation | +| [Call to GC.Collect()](https://codeql.github.com/codeql-query-help/csharp/cs-call-to-gc/) | Reliability | Warning | +| [Call to ReferenceEquals(...) on value type expressions](https://codeql.github.com/codeql-query-help/csharp/cs-reference-equality-on-valuetypes/) | Reliability | Error | +| [Calls to unmanaged code](https://codeql.github.com/codeql-query-help/csharp/cs-call-to-unmanaged-code/) | Reliability | Recommendation | +| [Cast of 'this' to a type parameter](https://codeql.github.com/codeql-query-help/csharp/cs-cast-of-this-to-type-parameter/) | Reliability | Recommendation | +| [Character passed to StringBuilder constructor](https://codeql.github.com/codeql-query-help/csharp/cs-stringbuilder-initialized-with-character/) | Reliability | Error | +| [Comparison is constant](https://codeql.github.com/codeql-query-help/csharp/cs-constant-comparison/) | Reliability | Warning | +| [Comparison of identical values](https://codeql.github.com/codeql-query-help/csharp/cs-comparison-of-identical-expressions/) | Reliability | Warning | +| [Container contents are never initialized](https://codeql.github.com/codeql-query-help/csharp/cs-empty-collection/) | Reliability | Error | +| [Container size compared to zero](https://codeql.github.com/codeql-query-help/csharp/cs-test-for-negative-container-size/) | Reliability | Warning | +| [Dereferenced variable is always null](https://codeql.github.com/codeql-query-help/csharp/cs-dereferenced-value-is-always-null/) | Reliability | Error | +| [Dereferenced variable may be null](https://codeql.github.com/codeql-query-help/csharp/cs-dereferenced-value-may-be-null/) | Reliability | Warning | +| [Dubious downcast of 'this'](https://codeql.github.com/codeql-query-help/csharp/cs-downcast-of-this/) | Reliability | Warning | +| [Dubious type test of 'this'](https://codeql.github.com/codeql-query-help/csharp/cs-type-test-of-this/) | Reliability | Warning | +| [Empty branch of conditional, or empty loop body](https://codeql.github.com/codeql-query-help/csharp/cs-empty-block/) | Reliability | Warning | +| [Empty lock statement](https://codeql.github.com/codeql-query-help/csharp/cs-empty-lock-statement/) | Reliability | Warning | +| [Equality check on floating point values](https://codeql.github.com/codeql-query-help/csharp/cs-equality-on-floats/) | Reliability | Warning | +| [Equals on collections](https://codeql.github.com/codeql-query-help/csharp/cs-equals-on-arrays/) | Reliability | Recommendation | +| [Equals on incomparable types](https://codeql.github.com/codeql-query-help/csharp/cs-equals-on-unrelated-types/) | Reliability | Error | +| [Exposing internal representation](https://codeql.github.com/codeql-query-help/csharp/cs-expose-implementation/) | Reliability | Recommendation | +| [Futile synchronization on field](https://codeql.github.com/codeql-query-help/csharp/cs-unsafe-sync-on-field/) | Reliability | Error | +| [Generic catch clause](https://codeql.github.com/codeql-query-help/csharp/cs-catch-of-all-exceptions/) | Reliability | Recommendation | +| [Hashed value without GetHashCode definition](https://codeql.github.com/codeql-query-help/csharp/cs-gethashcode-is-not-defined/) | Reliability | Warning | +| [Impossible array cast](https://codeql.github.com/codeql-query-help/csharp/cs-impossible-array-cast/) | Reliability | Error | +| [Inconsistent lock sequence](https://codeql.github.com/codeql-query-help/csharp/cs-inconsistent-lock-sequence/) | Reliability | Error | +| [Inefficient use of ContainsKey](https://codeql.github.com/codeql-query-help/csharp/cs-inefficient-containskey/) | Reliability | Recommendation | +| [Invalid string formatting](https://codeql.github.com/codeql-query-help/csharp/cs-invalid-string-formatting/) | Reliability | Error | +| [Locking the 'this' object in a lock statement](https://codeql.github.com/codeql-query-help/csharp/cs-lock-this/) | Reliability | Warning | +| [Missing Dispose call on local IDisposable](https://codeql.github.com/codeql-query-help/csharp/cs-local-not-disposed/) | Reliability | Warning | +| [Nested loops with same variable](https://codeql.github.com/codeql-query-help/csharp/cs-nested-loops-with-same-variable/) | Reliability | Warning | +| [Null argument to Equals(object)](https://codeql.github.com/codeql-query-help/csharp/cs-null-argument-to-equals/) | Reliability | Warning | +| [Off-by-one comparison against container length](https://codeql.github.com/codeql-query-help/csharp/cs-index-out-of-bounds/) | Reliability | Error | +| [Poor error handling: catch of NullReferenceException](https://codeql.github.com/codeql-query-help/csharp/cs-catch-nullreferenceexception/) | Reliability | Warning | +| [Poor error handling: empty catch block](https://codeql.github.com/codeql-query-help/csharp/cs-empty-catch-block/) | Reliability | Recommendation | +| [Possible loss of precision](https://codeql.github.com/codeql-query-help/csharp/cs-loss-of-precision/) | Reliability | Error | +| [Potentially dangerous use of non-short-circuit logic](https://codeql.github.com/codeql-query-help/csharp/cs-non-short-circuit/) | Reliability | Error | +| [Property value is not used when setting a property](https://codeql.github.com/codeql-query-help/csharp/cs-unused-property-value/) | Reliability | Warning | +| [Recursive call to Equals(object)](https://codeql.github.com/codeql-query-help/csharp/cs-recursive-equals-call/) | Reliability | Error | +| [Rethrowing exception variable](https://codeql.github.com/codeql-query-help/csharp/cs-rethrown-exception-variable/) | Reliability | Warning | +| [Self-assignment](https://codeql.github.com/codeql-query-help/csharp/cs-self-assignment/) | Reliability | Error | +| [String concatenation in loop](https://codeql.github.com/codeql-query-help/csharp/cs-string-concatenation-in-loop/) | Reliability | Recommendation | +| [StringBuilder creation in loop](https://codeql.github.com/codeql-query-help/csharp/cs-stringbuilder-creation-in-loop/) | Reliability | Recommendation | +| [Unchecked cast in Equals method](https://codeql.github.com/codeql-query-help/csharp/cs-unchecked-cast-in-equals/) | Reliability | Warning | +| [Unmanaged code](https://codeql.github.com/codeql-query-help/csharp/cs-unmanaged-code/) | Reliability | Recommendation | +| [Use of default ToString()](https://codeql.github.com/codeql-query-help/csharp/cs-call-to-object-tostring/) | Reliability | Warning | + +{% endrowheaders %} diff --git a/data/reusables/code-quality/codeql-query-tables/go.md b/data/reusables/code-quality/codeql-query-tables/go.md new file mode 100644 index 000000000000..6d6f07987b9a --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/go.md @@ -0,0 +1,28 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| [Useless assignment to field](https://codeql.github.com/codeql-query-help/go/go-useless-assignment-to-field/) | Maintainability | Warning | +| [Useless assignment to local variable](https://codeql.github.com/codeql-query-help/go/go-useless-assignment-to-local/) | Maintainability | Warning | +| [Bitwise exclusive-or used like exponentiation](https://codeql.github.com/codeql-query-help/go/go-mistyped-exponentiation/) | Reliability | Warning | +| [Comparison of identical values](https://codeql.github.com/codeql-query-help/go/go-comparison-of-identical-expressions/) | Reliability | Warning | +| [Constant length comparison](https://codeql.github.com/codeql-query-help/go/go-constant-length-comparison/) | Reliability | Warning | +| [Duplicate 'if' branches](https://codeql.github.com/codeql-query-help/go/go-duplicate-branches/) | Reliability | Warning | +| [Duplicate 'if' condition](https://codeql.github.com/codeql-query-help/go/go-duplicate-condition/) | Reliability | Error | +| [Duplicate switch case](https://codeql.github.com/codeql-query-help/go/go-duplicate-switch-case/) | Reliability | Error | +| [Expression has no effect](https://codeql.github.com/codeql-query-help/go/go-useless-expression/) | Reliability | Warning | +| [Identical operands](https://codeql.github.com/codeql-query-help/go/go-redundant-operation/) | Reliability | Warning | +| [Impossible interface nil check](https://codeql.github.com/codeql-query-help/go/go-impossible-interface-nil-check/) | Reliability | Warning | +| [Inconsistent direction of for loop](https://codeql.github.com/codeql-query-help/go/go-inconsistent-loop-direction/) | Reliability | Error | +| [Missing error check](https://codeql.github.com/codeql-query-help/go/go-missing-error-check/) | Reliability | Warning | +| [Off-by-one comparison against length](https://codeql.github.com/codeql-query-help/go/go-index-out-of-bounds/) | Reliability | Error | +| [Redundant call to recover](https://codeql.github.com/codeql-query-help/go/go-redundant-recover/) | Reliability | Warning | +| [Redundant check for negative value](https://codeql.github.com/codeql-query-help/go/go-negative-length-check/) | Reliability | Warning | +| [Self assignment](https://codeql.github.com/codeql-query-help/go/go-redundant-assignment/) | Reliability | Warning | +| [Shift out of range](https://codeql.github.com/codeql-query-help/go/go-shift-out-of-range/) | Reliability | Warning | +| [Unreachable statement](https://codeql.github.com/codeql-query-help/go/go-unreachable-statement/) | Reliability | Warning | +| [Whitespace contradicts operator precedence](https://codeql.github.com/codeql-query-help/go/go-whitespace-contradicts-precedence/) | Reliability | Warning | +| [Wrapped error is always nil](https://codeql.github.com/codeql-query-help/go/go-unexpected-nil-value/) | Reliability | Warning | +| [Writable file handle closed without error handling](https://codeql.github.com/codeql-query-help/go/go-unhandled-writable-file-close/) | Reliability | Warning | + +{% endrowheaders %} diff --git a/data/reusables/code-quality/codeql-query-tables/java.md b/data/reusables/code-quality/codeql-query-tables/java.md new file mode 100644 index 000000000000..c7ae68164570 --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/java.md @@ -0,0 +1,95 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| [Access to unsupported JDK-internal API](https://codeql.github.com/codeql-query-help/java/java-jdk-internal-api-access/) | Maintainability | Recommendation | +| [Boxed variable is never null](https://codeql.github.com/codeql-query-help/java/java-non-null-boxed-variable/) | Maintainability | Warning | +| [Cast from abstract to concrete collection](https://codeql.github.com/codeql-query-help/java/java-abstract-to-concrete-cast/) | Maintainability | Warning | +| [Class has same name as super class](https://codeql.github.com/codeql-query-help/java/java-class-name-matches-super-class/) | Maintainability | Recommendation | +| [Confusing method names because of capitalization](https://codeql.github.com/codeql-query-help/java/java-confusing-method-name/) | Maintainability | Recommendation | +| [Confusing overloading of methods](https://codeql.github.com/codeql-query-help/java/java-confusing-method-signature/) | Maintainability | Recommendation | +| [Constant interface anti-pattern](https://codeql.github.com/codeql-query-help/java/java-constants-only-interface/) | Maintainability | Recommendation | +| [Container contents are never accessed](https://codeql.github.com/codeql-query-help/java/java-unused-container/) | Maintainability | Error | +| [Inefficient empty string test](https://codeql.github.com/codeql-query-help/java/java-inefficient-empty-string-test/) | Maintainability | Recommendation | +| [Inefficient String constructor](https://codeql.github.com/codeql-query-help/java/java-inefficient-string-constructor/) | Maintainability | Recommendation | +| [Inner class could be static](https://codeql.github.com/codeql-query-help/java/java-non-static-nested-class/) | Maintainability | Recommendation | +| [Interface cannot be implemented](https://codeql.github.com/codeql-query-help/java/java-unimplementable-interface/) | Maintainability | Warning | +| [Javadoc has impossible 'throws' tag](https://codeql.github.com/codeql-query-help/java/java-inconsistent-javadoc-throws/) | Maintainability | Recommendation | +| [Misleading indentation](https://codeql.github.com/codeql-query-help/java/java-misleading-indentation/) | Maintainability | Warning | +| [Missing Override annotation](https://codeql.github.com/codeql-query-help/java/java-missing-override-annotation/) | Maintainability | Recommendation | +| [Missing space in string literal](https://codeql.github.com/codeql-query-help/java/java-missing-space-in-concatenation/) | Maintainability | Recommendation | +| [Mocking all public methods of a class may indicate the unit test is testing too much](https://codeql.github.com/codeql-query-help/java/java-excessive-public-method-mocking/) | Maintainability | Recommendation | +| [Non-case label in switch statement](https://codeql.github.com/codeql-query-help/java/java-label-in-switch/) | Maintainability | Recommendation | +| [Non-explicit control and whitespace characters](https://codeql.github.com/codeql-query-help/java/java-non-explicit-control-and-whitespace-chars-in-literals/) | Maintainability | Warning | +| [Possible confusion of local and field](https://codeql.github.com/codeql-query-help/java/java-local-shadows-field/) | Maintainability | Recommendation | +| [Spurious Javadoc @param tags](https://codeql.github.com/codeql-query-help/java/java-unknown-javadoc-parameter/) | Maintainability | Recommendation | +| [Subtle call to inherited method](https://codeql.github.com/codeql-query-help/java/java-subtle-inherited-call/) | Maintainability | Warning | +| [Underscore used as identifier](https://codeql.github.com/codeql-query-help/java/java-underscore-identifier/) | Maintainability | Recommendation | +| [Unread local variable](https://codeql.github.com/codeql-query-help/java/java-local-variable-is-never-read/) | Maintainability | Recommendation | +| [Unused classes and interfaces](https://codeql.github.com/codeql-query-help/java/java-unused-reference-type/) | Maintainability | Recommendation | +| [Unused format argument](https://codeql.github.com/codeql-query-help/java/java-unused-format-argument/) | Maintainability | Warning | +| [Unused label](https://codeql.github.com/codeql-query-help/java/java-unused-label/) | Maintainability | Recommendation | +| [Use of VisibleForTesting in production code](https://codeql.github.com/codeql-query-help/java/java-visible-for-testing-abuse/) | Maintainability | Warning | +| [Useless null check](https://codeql.github.com/codeql-query-help/java/java-useless-null-check/) | Maintainability | Warning | +| [Useless parameter](https://codeql.github.com/codeql-query-help/java/java-unused-parameter/) | Maintainability | Recommendation | +| [Useless toString on String](https://codeql.github.com/codeql-query-help/java/java-useless-tostring-call/) | Maintainability | Recommendation | +| [Useless type test](https://codeql.github.com/codeql-query-help/java/java-useless-type-test/) | Maintainability | Warning | +| [Array index out of bounds](https://codeql.github.com/codeql-query-help/java/java-index-out-of-bounds/) | Reliability | Error | +| [Character passed to StringBuffer or StringBuilder constructor](https://codeql.github.com/codeql-query-help/java/java-string-buffer-char-init/) | Reliability | Error | +| [Comparison of identical values](https://codeql.github.com/codeql-query-help/java/java-comparison-of-identical-expressions/) | Reliability | Error | +| [Constant loop condition](https://codeql.github.com/codeql-query-help/java/java-constant-loop-condition/) | Reliability | Warning | +| [Container contents are never initialized](https://codeql.github.com/codeql-query-help/java/java-empty-container/) | Reliability | Error | +| [Container size compared to zero](https://codeql.github.com/codeql-query-help/java/java-test-for-negative-container-size/) | Reliability | Warning | +| [Continue statement that does not continue](https://codeql.github.com/codeql-query-help/java/java-continue-in-false-loop/) | Reliability | Warning | +| [Contradictory type checks](https://codeql.github.com/codeql-query-help/java/java-contradictory-type-checks/) | Reliability | Error | +| [Dereferenced expression may be null](https://codeql.github.com/codeql-query-help/java/java-dereferenced-expr-may-be-null/) | Reliability | Warning | +| [Dereferenced variable is always null](https://codeql.github.com/codeql-query-help/java/java-dereferenced-value-is-always-null/) | Reliability | Error | +| [Dereferenced variable may be null](https://codeql.github.com/codeql-query-help/java/java-dereferenced-value-may-be-null/) | Reliability | Warning | +| [Direct call to a run() method](https://codeql.github.com/codeql-query-help/java/java-call-to-thread-run/) | Reliability | Recommendation | +| [Do not call `finalize()`](https://codeql.github.com/codeql-query-help/java/java-do-not-call-finalize/) | Reliability | Error | +| [Double-checked locking is not thread-safe](https://codeql.github.com/codeql-query-help/java/java-unsafe-double-checked-locking/) | Reliability | Error | +| [Equals method does not inspect argument type](https://codeql.github.com/codeql-query-help/java/java-unchecked-cast-in-equals/) | Reliability | Error | +| [Equals on incomparable types](https://codeql.github.com/codeql-query-help/java/java-equals-on-unrelated-types/) | Reliability | Error | +| [Equals or hashCode on arrays](https://codeql.github.com/codeql-query-help/java/java-equals-on-arrays/) | Reliability | Error | +| [Escaping](https://codeql.github.com/codeql-query-help/java/java-escaping/) | Reliability | Warning | +| [Exposing internal representation](https://codeql.github.com/codeql-query-help/java/java-internal-representation-exposure/) | Reliability | Recommendation | +| [Expression always evaluates to the same value](https://codeql.github.com/codeql-query-help/java/java-evaluation-to-constant/) | Reliability | Warning | +| [Hashed value without hashCode definition](https://codeql.github.com/codeql-query-help/java/java-hashing-without-hashcode/) | Reliability | Error | +| [Ignored error status of call](https://codeql.github.com/codeql-query-help/java/java-ignored-error-status-of-call/) | Reliability | Recommendation | +| [Ignored serialization member of record class](https://codeql.github.com/codeql-query-help/java/java-ignored-serialization-member-of-record-class/) | Reliability | Warning | +| [Implicit conversion from array to string](https://codeql.github.com/codeql-query-help/java/java-print-array/) | Reliability | Recommendation | +| [Inconsistent equals and hashCode](https://codeql.github.com/codeql-query-help/java/java-inconsistent-equals-and-hashcode/) | Reliability | Error | +| [Inconsistent synchronization of getter and setter](https://codeql.github.com/codeql-query-help/java/java-unsynchronized-getter/) | Reliability | Error | +| [Inefficient output stream](https://codeql.github.com/codeql-query-help/java/java-inefficient-output-stream/) | Reliability | Warning | +| [Inefficient primitive constructor](https://codeql.github.com/codeql-query-help/java/java-inefficient-boxed-constructor/) | Reliability | Recommendation | +| [Inefficient use of key set iterator](https://codeql.github.com/codeql-query-help/java/java-inefficient-key-set-iterator/) | Reliability | Recommendation | +| [Iterable wrapping an iterator](https://codeql.github.com/codeql-query-help/java/java-iterable-wraps-iterator/) | Reliability | Warning | +| [Iterator implementing Iterable](https://codeql.github.com/codeql-query-help/java/java-iterator-implements-iterable/) | Reliability | Warning | +| [Left shift by more than the type width](https://codeql.github.com/codeql-query-help/java/java-lshift-larger-than-type-width/) | Reliability | Warning | +| [Missing `@Nested` annotation on JUnit 5 inner test class](https://codeql.github.com/codeql-query-help/java/java-junit5-missing-nested-annotation/) | Reliability | Warning | +| [Missing catch of NumberFormatException](https://codeql.github.com/codeql-query-help/java/java-uncaught-number-format-exception/) | Reliability | Recommendation | +| [Missing format argument](https://codeql.github.com/codeql-query-help/java/java-missing-format-argument/) | Reliability | Error | +| [Non-final method invocation in constructor](https://codeql.github.com/codeql-query-help/java/java-non-final-call-in-constructor/) | Reliability | Error | +| [Non-synchronized override of synchronized method](https://codeql.github.com/codeql-query-help/java/java-non-sync-override/) | Reliability | Warning | +| [Not thread-safe](https://codeql.github.com/codeql-query-help/java/java-not-threadsafe/) | Reliability | Warning | +| [Potential database resource leak](https://codeql.github.com/codeql-query-help/java/java-database-resource-leak/) | Reliability | Warning | +| [Potential input resource leak](https://codeql.github.com/codeql-query-help/java/java-input-resource-leak/) | Reliability | Warning | +| [Potential output resource leak](https://codeql.github.com/codeql-query-help/java/java-output-resource-leak/) | Reliability | Warning | +| [Race condition in double-checked locking object initialization](https://codeql.github.com/codeql-query-help/java/java-unsafe-double-checked-locking-init-order/) | Reliability | Warning | +| [Reference equality test of boxed types](https://codeql.github.com/codeql-query-help/java/java-reference-equality-of-boxed-types/) | Reliability | Error | +| [Result of multiplication cast to wider type](https://codeql.github.com/codeql-query-help/java/java-integer-multiplication-cast-to-long/) | Reliability | Warning | +| [Safe publication](https://codeql.github.com/codeql-query-help/java/java-safe-publication/) | Reliability | Warning | +| [Self assignment](https://codeql.github.com/codeql-query-help/java/java-redundant-assignment/) | Reliability | Error | +| [Suspicious date format](https://codeql.github.com/codeql-query-help/java/java-suspicious-date-format/) | Reliability | Warning | +| [Synchronization on boxed types or strings](https://codeql.github.com/codeql-query-help/java/java-sync-on-boxed-types/) | Reliability | Error | +| [Type mismatch on container access](https://codeql.github.com/codeql-query-help/java/java-type-mismatch-access/) | Reliability | Error | +| [Type mismatch on container modification](https://codeql.github.com/codeql-query-help/java/java-type-mismatch-modification/) | Reliability | Error | +| [Unreachable catch clause](https://codeql.github.com/codeql-query-help/java/java-unreachable-catch-clause/) | Reliability | Warning | +| [Use of `String#replaceAll` with a first argument which is not a regular expression](https://codeql.github.com/codeql-query-help/java/java-string-replace-all-with-non-regex/) | Reliability | Recommendation | +| [Use of default toString()](https://codeql.github.com/codeql-query-help/java/java-call-to-object-tostring/) | Reliability | Recommendation | +| [Useless comparison test](https://codeql.github.com/codeql-query-help/java/java-constant-comparison/) | Reliability | Warning | +| [Whitespace contradicts operator precedence](https://codeql.github.com/codeql-query-help/java/java-whitespace-contradicts-precedence/) | Reliability | Warning | +| [Wrong NaN comparison](https://codeql.github.com/codeql-query-help/java/java-comparison-with-nan/) | Reliability | Error | +| [Zero threads set for `java.util.concurrent.ScheduledThreadPoolExecutor`](https://codeql.github.com/codeql-query-help/java/java-java-util-concurrent-scheduledthreadpoolexecutor/) | Reliability | Recommendation | + +{% endrowheaders %} diff --git a/data/reusables/code-quality/codeql-query-tables/javascript.md b/data/reusables/code-quality/codeql-query-tables/javascript.md new file mode 100644 index 000000000000..05e09d5629ff --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/javascript.md @@ -0,0 +1,104 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| [Call to eval-like DOM function](https://codeql.github.com/codeql-query-help/javascript/js-eval-like-call/) | Maintainability | Recommendation | +| [Duplicate dependency](https://codeql.github.com/codeql-query-help/javascript/js-angular-duplicate-dependency/) | Maintainability | Warning | +| [Duplicate HTML element attributes](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-html-attribute/) | Maintainability | Warning | +| [Duplicate property](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-property/) | Maintainability | Warning | +| [Duplicate variable declaration](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-variable-declaration/) | Maintainability | Recommendation | +| [Expression has no effect](https://codeql.github.com/codeql-query-help/javascript/js-useless-expression/) | Maintainability | Warning | +| [Misleading indentation after control statement](https://codeql.github.com/codeql-query-help/javascript/js-misleading-indentation-after-control-statement/) | Maintainability | Warning | +| [Misleading indentation of dangling 'else'](https://codeql.github.com/codeql-query-help/javascript/js-misleading-indentation-of-dangling-else/) | Maintainability | Warning | +| [Missing space in string concatenation](https://codeql.github.com/codeql-query-help/javascript/js-missing-space-in-concatenation/) | Maintainability | Warning | +| [Repeated dependency injection](https://codeql.github.com/codeql-query-help/javascript/js-angular-repeated-dependency-injection/) | Maintainability | Warning | +| [Semicolon insertion](https://codeql.github.com/codeql-query-help/javascript/js-automatic-semicolon-insertion/) | Maintainability | Recommendation | +| [Unclear precedence of nested operators](https://codeql.github.com/codeql-query-help/javascript/js-unclear-operator-precedence/) | Maintainability | Recommendation | +| [Unneeded defensive code](https://codeql.github.com/codeql-query-help/javascript/js-unneeded-defensive-code/) | Maintainability | Recommendation | +| [Unused variable, import, function or class](https://codeql.github.com/codeql-query-help/javascript/js-unused-local-variable/) | Maintainability | Recommendation | +| [Use of for-in comprehension blocks](https://codeql.github.com/codeql-query-help/javascript/js-for-in-comprehension/) | Maintainability | Error | +| [Use of platform-specific language features](https://codeql.github.com/codeql-query-help/javascript/js-non-standard-language-feature/) | Maintainability | Warning | +| [Useless assignment to local variable](https://codeql.github.com/codeql-query-help/javascript/js-useless-assignment-to-local/) | Maintainability | Warning | +| [Useless assignment to property](https://codeql.github.com/codeql-query-help/javascript/js-useless-assignment-to-property/) | Maintainability | Warning | +| [Useless return in setter](https://codeql.github.com/codeql-query-help/javascript/js-setter-return/) | Maintainability | Warning | +| [Variable not declared before use](https://codeql.github.com/codeql-query-help/javascript/js-use-before-declaration/) | Maintainability | Warning | +| [With statement](https://codeql.github.com/codeql-query-help/javascript/js-with-statement/) | Maintainability | Warning | +| [Access to let-bound variable in temporal dead zone](https://codeql.github.com/codeql-query-help/javascript/js-variable-use-in-temporal-dead-zone/) | Reliability | Error | +| [Arguments redefined](https://codeql.github.com/codeql-query-help/javascript/js-arguments-redefinition/) | Reliability | Recommendation | +| [Arrow method on Vue instance](https://codeql.github.com/codeql-query-help/javascript/js-vue-arrow-method-on-vue-instance/) | Reliability | Warning | +| [Assignment to constant](https://codeql.github.com/codeql-query-help/javascript/js-assignment-to-constant/) | Reliability | Error | +| [Assignment to exports variable](https://codeql.github.com/codeql-query-help/javascript/js-node-assignment-to-exports-variable/) | Reliability | Warning | +| [Assignment to property of primitive value](https://codeql.github.com/codeql-query-help/javascript/js-property-assignment-on-primitive/) | Reliability | Error | +| [Back reference into negative lookahead assertion](https://codeql.github.com/codeql-query-help/javascript/js-regex-back-reference-to-negative-lookahead/) | Reliability | Error | +| [Back reference precedes capture group](https://codeql.github.com/codeql-query-help/javascript/js-regex-back-reference-before-group/) | Reliability | Error | +| [Comparison between inconvertible types](https://codeql.github.com/codeql-query-help/javascript/js-comparison-between-incompatible-types/) | Reliability | Warning | +| [Comparison with NaN](https://codeql.github.com/codeql-query-help/javascript/js-comparison-with-nan/) | Reliability | Error | +| [Conditional comments](https://codeql.github.com/codeql-query-help/javascript/js-conditional-comment/) | Reliability | Warning | +| [Conflicting function declarations](https://codeql.github.com/codeql-query-help/javascript/js-function-declaration-conflict/) | Reliability | Error | +| [Conflicting variable initialization](https://codeql.github.com/codeql-query-help/javascript/js-variable-initialization-conflict/) | Reliability | Error | +| [Default parameter references nested function](https://codeql.github.com/codeql-query-help/javascript/js-nested-function-reference-in-default-parameter/) | Reliability | Error | +| [Deleting non-property](https://codeql.github.com/codeql-query-help/javascript/js-deletion-of-non-property/) | Reliability | Warning | +| [Dependency mismatch](https://codeql.github.com/codeql-query-help/javascript/js-angular-dependency-injection-mismatch/) | Reliability | Warning | +| [Direct state mutation](https://codeql.github.com/codeql-query-help/javascript/js-react-direct-state-mutation/) | Reliability | Warning | +| [Duplicate 'if' condition](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-condition/) | Reliability | Warning | +| [Duplicate character in character class](https://codeql.github.com/codeql-query-help/javascript/js-regex-duplicate-in-character-class/) | Reliability | Warning | +| [Duplicate parameter names](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-parameter-name/) | Reliability | Error | +| [Duplicate switch case](https://codeql.github.com/codeql-query-help/javascript/js-duplicate-switch-case/) | Reliability | Warning | +| [Empty character class](https://codeql.github.com/codeql-query-help/javascript/js-regex-empty-character-class/) | Reliability | Warning | +| [Identical operands](https://codeql.github.com/codeql-query-help/javascript/js-redundant-operation/) | Reliability | Warning | +| [Ignoring result from pure array method](https://codeql.github.com/codeql-query-help/javascript/js-ignore-array-result/) | Reliability | Warning | +| [Illegal invocation](https://codeql.github.com/codeql-query-help/javascript/js-illegal-invocation/) | Reliability | Error | +| [Implicit operand conversion](https://codeql.github.com/codeql-query-help/javascript/js-implicit-operand-conversion/) | Reliability | Warning | +| [Incompatible dependency injection](https://codeql.github.com/codeql-query-help/javascript/js-angular-incompatible-service/) | Reliability | Error | +| [Inconsistent direction of for loop](https://codeql.github.com/codeql-query-help/javascript/js-inconsistent-loop-direction/) | Reliability | Error | +| [Inconsistent use of 'new'](https://codeql.github.com/codeql-query-help/javascript/js-inconsistent-use-of-new/) | Reliability | Warning | +| [Ineffective parameter type](https://codeql.github.com/codeql-query-help/javascript/js-ineffective-parameter-type/) | Reliability | Warning | +| [Invalid prototype value](https://codeql.github.com/codeql-query-help/javascript/js-invalid-prototype-value/) | Reliability | Error | +| [Invocation of non-function](https://codeql.github.com/codeql-query-help/javascript/js-call-to-non-callable/) | Reliability | Error | +| [Loop iteration skipped due to shifting](https://codeql.github.com/codeql-query-help/javascript/js-loop-iteration-skipped-due-to-shifting/) | Reliability | Warning | +| [Malformed id attribute](https://codeql.github.com/codeql-query-help/javascript/js-malformed-html-id/) | Reliability | Warning | +| [Missing '.length' in comparison](https://codeql.github.com/codeql-query-help/javascript/js-missing-dot-length-in-comparison/) | Reliability | Warning | +| [Missing 'this' qualifier](https://codeql.github.com/codeql-query-help/javascript/js-missing-this-qualifier/) | Reliability | Error | +| [Missing await](https://codeql.github.com/codeql-query-help/javascript/js-missing-await/) | Reliability | Warning | +| [Missing explicit dependency injection](https://codeql.github.com/codeql-query-help/javascript/js-angular-missing-explicit-injection/) | Reliability | Warning | +| [Missing exports qualifier](https://codeql.github.com/codeql-query-help/javascript/js-node-missing-exports-qualifier/) | Reliability | Error | +| [Missing variable declaration](https://codeql.github.com/codeql-query-help/javascript/js-missing-variable-declaration/) | Reliability | Warning | +| [Misspelled variable name](https://codeql.github.com/codeql-query-help/javascript/js-misspelled-variable-name/) | Reliability | Warning | +| [Non-case label in switch statement](https://codeql.github.com/codeql-query-help/javascript/js-label-in-switch/) | Reliability | Warning | +| [Non-linear pattern](https://codeql.github.com/codeql-query-help/javascript/js-non-linear-pattern/) | Reliability | Error | +| [Off-by-one comparison against length](https://codeql.github.com/codeql-query-help/javascript/js-index-out-of-bounds/) | Reliability | Warning | +| [Overwritten property](https://codeql.github.com/codeql-query-help/javascript/js-overwritten-property/) | Reliability | Error | +| [Potentially inconsistent state update](https://codeql.github.com/codeql-query-help/javascript/js-react-inconsistent-state-update/) | Reliability | Warning | +| [Property access on null or undefined](https://codeql.github.com/codeql-query-help/javascript/js-property-access-on-non-object/) | Reliability | Error | +| [Regular expression always matches](https://codeql.github.com/codeql-query-help/javascript/js-regex-always-matches/) | Reliability | Warning | +| [Return statement assigns local variable](https://codeql.github.com/codeql-query-help/javascript/js-useless-assignment-in-return/) | Reliability | Warning | +| [Self assignment](https://codeql.github.com/codeql-query-help/javascript/js-redundant-assignment/) | Reliability | Warning | +| [Shift out of range](https://codeql.github.com/codeql-query-help/javascript/js-shift-out-of-range/) | Reliability | Error | +| [String instead of regular expression](https://codeql.github.com/codeql-query-help/javascript/js-string-instead-of-regex/) | Reliability | Warning | +| [Superfluous trailing arguments](https://codeql.github.com/codeql-query-help/javascript/js-superfluous-trailing-arguments/) | Reliability | Warning | +| [Suspicious method name declaration](https://codeql.github.com/codeql-query-help/javascript/js-suspicious-method-name-declaration/) | Reliability | Warning | +| [Template syntax in string literal](https://codeql.github.com/codeql-query-help/javascript/js-template-syntax-in-string-literal/) | Reliability | Warning | +| [Unbound back reference](https://codeql.github.com/codeql-query-help/javascript/js-regex-unbound-back-reference/) | Reliability | Warning | +| [Unbound event handler receiver](https://codeql.github.com/codeql-query-help/javascript/js-unbound-event-handler-receiver/) | Reliability | Error | +| [Unhandled error in stream pipeline](https://codeql.github.com/codeql-query-help/javascript/js-unhandled-error-in-stream-pipeline/) | Reliability | Warning | +| [Unknown directive](https://codeql.github.com/codeql-query-help/javascript/js-unknown-directive/) | Reliability | Warning | +| [Unmatchable caret in regular expression](https://codeql.github.com/codeql-query-help/javascript/js-regex-unmatchable-caret/) | Reliability | Error | +| [Unmatchable dollar in regular expression](https://codeql.github.com/codeql-query-help/javascript/js-regex-unmatchable-dollar/) | Reliability | Error | +| [Unreachable method overloads](https://codeql.github.com/codeql-query-help/javascript/js-unreachable-method-overloads/) | Reliability | Warning | +| [Unreachable statement](https://codeql.github.com/codeql-query-help/javascript/js-unreachable-statement/) | Reliability | Warning | +| [Unsupported state update in lifecycle method](https://codeql.github.com/codeql-query-help/javascript/js-react-unsupported-state-update-in-lifecycle-method/) | Reliability | Warning | +| [Unused index variable](https://codeql.github.com/codeql-query-help/javascript/js-unused-index-variable/) | Reliability | Warning | +| [Unused loop iteration variable](https://codeql.github.com/codeql-query-help/javascript/js-unused-loop-variable/) | Reliability | Error | +| [Unused or undefined state property](https://codeql.github.com/codeql-query-help/javascript/js-react-unused-or-undefined-state-property/) | Reliability | Warning | +| [Use of AngularJS markup in URL-valued attribute](https://codeql.github.com/codeql-query-help/javascript/js-angular-expression-in-url-attribute/) | Reliability | Warning | +| [Use of call stack introspection in strict mode](https://codeql.github.com/codeql-query-help/javascript/js-strict-mode-call-stack-introspection/) | Reliability | Error | +| [Use of incompletely initialized object](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-object-initialization/) | Reliability | Error | +| [Use of returnless function](https://codeql.github.com/codeql-query-help/javascript/js-use-of-returnless-function/) | Reliability | Warning | +| [Useless comparison test](https://codeql.github.com/codeql-query-help/javascript/js-useless-comparison-test/) | Reliability | Warning | +| [Useless conditional](https://codeql.github.com/codeql-query-help/javascript/js-trivial-conditional/) | Reliability | Warning | +| [Useless type test](https://codeql.github.com/codeql-query-help/javascript/js-useless-type-test/) | Reliability | Error | +| [Whitespace contradicts operator precedence](https://codeql.github.com/codeql-query-help/javascript/js-whitespace-contradicts-precedence/) | Reliability | Warning | +| [Wrong use of 'this' for static method](https://codeql.github.com/codeql-query-help/javascript/js-mixed-static-instance-this-access/) | Reliability | Error | +| [Yield in non-generator function](https://codeql.github.com/codeql-query-help/javascript/js-yield-outside-generator/) | Reliability | Error | + +{% endrowheaders %} diff --git a/data/reusables/code-quality/codeql-query-tables/python.md b/data/reusables/code-quality/codeql-query-tables/python.md new file mode 100644 index 000000000000..3360acd49b7c --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/python.md @@ -0,0 +1,107 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| ['import *' may pollute namespace](https://codeql.github.com/codeql-query-help/python/py-polluting-import/) | Maintainability | Recommendation | +| [Backspace escape in regular expression](https://codeql.github.com/codeql-query-help/python/py-regex-backspace-escape/) | Maintainability | Recommendation | +| [Commented-out code](https://codeql.github.com/codeql-query-help/python/py-commented-out-code/) | Maintainability | Recommendation | +| [Comparison of constants](https://codeql.github.com/codeql-query-help/python/py-comparison-of-constants/) | Maintainability | Warning | +| [Comparison of identical values](https://codeql.github.com/codeql-query-help/python/py-comparison-of-identical-expressions/) | Maintainability | Warning | +| [Constant in conditional expression or statement](https://codeql.github.com/codeql-query-help/python/py-constant-conditional-expression/) | Maintainability | Warning | +| [Duplicate key in dict literal](https://codeql.github.com/codeql-query-help/python/py-duplicate-key-dict-literal/) | Maintainability | Warning | +| [Duplication in regular expression character class](https://codeql.github.com/codeql-query-help/python/py-regex-duplicate-in-character-class/) | Maintainability | Warning | +| [First parameter of a class method is not named 'cls'](https://codeql.github.com/codeql-query-help/python/py-not-named-cls/) | Maintainability | Recommendation | +| [First parameter of a method is not named 'self'](https://codeql.github.com/codeql-query-help/python/py-not-named-self/) | Maintainability | Recommendation | +| [Implicit string concatenation in a list](https://codeql.github.com/codeql-query-help/python/py-implicit-string-concatenation-in-list/) | Maintainability | Warning | +| [Imprecise assert](https://codeql.github.com/codeql-query-help/python/py-imprecise-assert/) | Maintainability | Recommendation | +| [Module imports itself](https://codeql.github.com/codeql-query-help/python/py-import-own-module/) | Maintainability | Recommendation | +| [Module is imported more than once](https://codeql.github.com/codeql-query-help/python/py-repeated-import/) | Maintainability | Recommendation | +| [Module is imported with 'import' and 'import from'](https://codeql.github.com/codeql-query-help/python/py-import-and-import-from/) | Maintainability | Recommendation | +| [Nested loops with same variable](https://codeql.github.com/codeql-query-help/python/py-nested-loops-with-same-variable/) | Maintainability | Recommendation | +| [Overly complex `__del__` method](https://codeql.github.com/codeql-query-help/python/py-overly-complex-delete/) | Maintainability | Recommendation | +| [Redundant comparison](https://codeql.github.com/codeql-query-help/python/py-redundant-comparison/) | Maintainability | Warning | +| [Should use a 'with' statement](https://codeql.github.com/codeql-query-help/python/py-should-use-with/) | Maintainability | Recommendation | +| [Statement has no effect](https://codeql.github.com/codeql-query-help/python/py-ineffectual-statement/) | Maintainability | Recommendation | +| [Unnecessary 'else' clause in loop](https://codeql.github.com/codeql-query-help/python/py-redundant-else/) | Maintainability | Warning | +| [Unnecessary lambda](https://codeql.github.com/codeql-query-help/python/py-unnecessary-lambda/) | Maintainability | Recommendation | +| [Unnecessary pass](https://codeql.github.com/codeql-query-help/python/py-unnecessary-pass/) | Maintainability | Warning | +| [Unreachable code](https://codeql.github.com/codeql-query-help/python/py-unreachable-statement/) | Maintainability | Warning | +| [Unused argument in a formatting call](https://codeql.github.com/codeql-query-help/python/py-str-format-surplus-argument/) | Maintainability | Warning | +| [Unused global variable](https://codeql.github.com/codeql-query-help/python/py-unused-global-variable/) | Maintainability | Recommendation | +| [Unused import](https://codeql.github.com/codeql-query-help/python/py-unused-import/) | Maintainability | Recommendation | +| [Unused local variable](https://codeql.github.com/codeql-query-help/python/py-unused-local-variable/) | Maintainability | Recommendation | +| [Unused named argument in formatting call](https://codeql.github.com/codeql-query-help/python/py-str-format-surplus-named-argument/) | Maintainability | Warning | +| [Use of 'global' at module level](https://codeql.github.com/codeql-query-help/python/py-redundant-global-declaration/) | Maintainability | Warning | +| [Use of the return value of a procedure](https://codeql.github.com/codeql-query-help/python/py-procedure-return-value-used/) | Maintainability | Warning | +| [Variable defined multiple times](https://codeql.github.com/codeql-query-help/python/py-multiple-definition/) | Maintainability | Warning | +| [`__del__` is called explicitly](https://codeql.github.com/codeql-query-help/python/py-explicit-call-to-delete/) | Reliability | Warning | +| [`__eq__` not overridden when adding attributes](https://codeql.github.com/codeql-query-help/python/py-missing-equals/) | Reliability | Warning | +| [`__init__` method calls overridden method](https://codeql.github.com/codeql-query-help/python/py-init-calls-subclass/) | Reliability | Warning | +| [`__init__` method is a generator](https://codeql.github.com/codeql-query-help/python/py-init-method-is-generator/) | Reliability | Error | +| [`__init__` method returns a value](https://codeql.github.com/codeql-query-help/python/py-explicit-return-in-init/) | Reliability | Error | +| [`__iter__` method returns a non-iterator](https://codeql.github.com/codeql-query-help/python/py-iter-returns-non-iterator/) | Reliability | Error | +| [An assert statement has a side-effect](https://codeql.github.com/codeql-query-help/python/py-side-effect-in-assert/) | Reliability | Error | +| [Asserting a tuple](https://codeql.github.com/codeql-query-help/python/py-asserts-tuple/) | Reliability | Error | +| [Comparison using is when operands support `__eq__`](https://codeql.github.com/codeql-query-help/python/py-comparison-using-is/) | Reliability | Warning | +| [Conflicting attributes in base classes](https://codeql.github.com/codeql-query-help/python/py-conflicting-attributes/) | Reliability | Warning | +| [Empty except](https://codeql.github.com/codeql-query-help/python/py-empty-except/) | Reliability | Recommendation | +| [Encoding error](https://codeql.github.com/codeql-query-help/python/py-encoding-error/) | Reliability | Error | +| [Except block handles 'BaseException'](https://codeql.github.com/codeql-query-help/python/py-catch-base-exception/) | Reliability | Recommendation | +| [Explicit export is not defined](https://codeql.github.com/codeql-query-help/python/py-undefined-export/) | Reliability | Error | +| [Explicit returns mixed with implicit (fall through) returns](https://codeql.github.com/codeql-query-help/python/py-mixed-returns/) | Reliability | Recommendation | +| [File is not always closed](https://codeql.github.com/codeql-query-help/python/py-file-not-closed/) | Reliability | Warning | +| [First argument to super() is not enclosing class](https://codeql.github.com/codeql-query-help/python/py-super-not-enclosing-class/) | Reliability | Error | +| [Formatted object is not a mapping](https://codeql.github.com/codeql-query-help/python/py-percent-format-not-mapping/) | Reliability | Error | +| [Formatting string mixes implicitly and explicitly numbered fields](https://codeql.github.com/codeql-query-help/python/py-str-format-mixed-fields/) | Reliability | Error | +| [Illegal raise](https://codeql.github.com/codeql-query-help/python/py-illegal-raise/) | Reliability | Error | +| [Incomplete ordering](https://codeql.github.com/codeql-query-help/python/py-incomplete-ordering/) | Reliability | Warning | +| [Inconsistent equality and hashing](https://codeql.github.com/codeql-query-help/python/py-equals-hash-mismatch/) | Reliability | Warning | +| [Inconsistent equality and inequality](https://codeql.github.com/codeql-query-help/python/py-inconsistent-equality/) | Reliability | Warning | +| [Inconsistent method resolution order](https://codeql.github.com/codeql-query-help/python/py-inconsistent-mro/) | Reliability | Error | +| [Iterable can be either a string or a sequence](https://codeql.github.com/codeql-query-help/python/py-iteration-string-and-sequence/) | Reliability | Error | +| [Iterator does not return self from `__iter__` method](https://codeql.github.com/codeql-query-help/python/py-iter-returns-non-self/) | Reliability | Error | +| [Loop variable capture](https://codeql.github.com/codeql-query-help/python/py-loop-variable-capture/) | Reliability | Error | +| [Maybe missing 'self' in comparison](https://codeql.github.com/codeql-query-help/python/py-comparison-missing-self/) | Reliability | Warning | +| [Membership test with a non-container](https://codeql.github.com/codeql-query-help/python/py-member-test-non-container/) | Reliability | Error | +| [Mismatch between signature and use of an overridden method](https://codeql.github.com/codeql-query-help/python/py-inheritance-incorrect-overridden-signature/) | Reliability | Recommendation | +| [Mismatch between signature and use of an overriding method](https://codeql.github.com/codeql-query-help/python/py-inheritance-incorrect-overriding-signature/) | Reliability | Error | +| [Mismatch in multiple assignment](https://codeql.github.com/codeql-query-help/python/py-mismatched-multiple-assignment/) | Reliability | Error | +| [Missing call to superclass `__del__` during object destruction](https://codeql.github.com/codeql-query-help/python/py-missing-call-to-delete/) | Reliability | Error | +| [Missing call to superclass `__init__` during object initialization](https://codeql.github.com/codeql-query-help/python/py-missing-call-to-init/) | Reliability | Error | +| [Missing named arguments in formatting call](https://codeql.github.com/codeql-query-help/python/py-str-format-missing-named-argument/) | Reliability | Error | +| [Missing part of special group in regular expression](https://codeql.github.com/codeql-query-help/python/py-regex-incomplete-special-group/) | Reliability | Warning | +| [Modification of dictionary returned by locals()](https://codeql.github.com/codeql-query-help/python/py-modification-of-locals/) | Reliability | Warning | +| [Modification of parameter with default](https://codeql.github.com/codeql-query-help/python/py-modification-of-default-value/) | Reliability | Error | +| [Multiple calls to `__del__` during object destruction](https://codeql.github.com/codeql-query-help/python/py-multiple-calls-to-delete/) | Reliability | Warning | +| [Multiple calls to `__init__` during object initialization](https://codeql.github.com/codeql-query-help/python/py-multiple-calls-to-init/) | Reliability | Warning | +| [Mutation of descriptor in `__get__` or `__set__` method](https://codeql.github.com/codeql-query-help/python/py-mutable-descriptor/) | Reliability | Error | +| [Nested loops with same variable reused after inner loop body](https://codeql.github.com/codeql-query-help/python/py-nested-loops-with-same-variable-reused/) | Reliability | Error | +| [Non-callable called](https://codeql.github.com/codeql-query-help/python/py-call-to-non-callable/) | Reliability | Error | +| [Non-exception in 'except' clause](https://codeql.github.com/codeql-query-help/python/py-useless-except/) | Reliability | Error | +| [Non-iterable used in for loop](https://codeql.github.com/codeql-query-help/python/py-non-iterable-in-for-loop/) | Reliability | Error | +| [Non-standard exception raised in special method](https://codeql.github.com/codeql-query-help/python/py-unexpected-raise-in-special-method/) | Reliability | Recommendation | +| [Raising `NotImplemented`](https://codeql.github.com/codeql-query-help/python/py-raise-not-implemented/) | Reliability | Warning | +| [Redundant assignment](https://codeql.github.com/codeql-query-help/python/py-redundant-assignment/) | Reliability | Error | +| [Returning tuples with varying lengths](https://codeql.github.com/codeql-query-help/python/py-mixed-tuple-returns/) | Reliability | Recommendation | +| [Signature mismatch in overriding method](https://codeql.github.com/codeql-query-help/python/py-inheritance-signature-mismatch/) | Reliability | Warning | +| [Special method has incorrect signature](https://codeql.github.com/codeql-query-help/python/py-special-method-wrong-signature/) | Reliability | Error | +| [Superclass attribute shadows subclass method](https://codeql.github.com/codeql-query-help/python/py-attribute-shadows-method/) | Reliability | Error | +| [Suspicious unused loop iteration variable](https://codeql.github.com/codeql-query-help/python/py-unused-loop-variable/) | Reliability | Error | +| [Syntax error](https://codeql.github.com/codeql-query-help/python/py-syntax-error/) | Reliability | Error | +| [Testing equality to None](https://codeql.github.com/codeql-query-help/python/py-test-equals-none/) | Reliability | Recommendation | +| [Too few arguments in formatting call](https://codeql.github.com/codeql-query-help/python/py-str-format-missing-argument/) | Reliability | Error | +| [Unhashable object hashed](https://codeql.github.com/codeql-query-help/python/py-hash-unhashable-value/) | Reliability | Error | +| [Unmatchable caret in regular expression](https://codeql.github.com/codeql-query-help/python/py-regex-unmatchable-caret/) | Reliability | Error | +| [Unmatchable dollar in regular expression](https://codeql.github.com/codeql-query-help/python/py-regex-unmatchable-dollar/) | Reliability | Error | +| [Unreachable `except` block](https://codeql.github.com/codeql-query-help/python/py-unreachable-except/) | Reliability | Error | +| [Unsupported format character](https://codeql.github.com/codeql-query-help/python/py-percent-format-unsupported-character/) | Reliability | Error | +| [Unused exception object](https://codeql.github.com/codeql-query-help/python/py-unused-exception-object/) | Reliability | Error | +| [Use of a print statement at module level](https://codeql.github.com/codeql-query-help/python/py-print-during-import/) | Reliability | Recommendation | +| [Use of exit() or quit()](https://codeql.github.com/codeql-query-help/python/py-use-of-exit-or-quit/) | Reliability | Warning | +| [Wrong name for an argument in a call](https://codeql.github.com/codeql-query-help/python/py-call-wrong-named-argument/) | Reliability | Error | +| [Wrong name for an argument in a class instantiation](https://codeql.github.com/codeql-query-help/python/py-call-wrong-named-class-argument/) | Reliability | Error | +| [Wrong number of arguments for format](https://codeql.github.com/codeql-query-help/python/py-percent-format-wrong-arguments/) | Reliability | Error | +| [Wrong number of arguments in a call](https://codeql.github.com/codeql-query-help/python/py-call-wrong-arguments/) | Reliability | Error | +| [Wrong number of arguments in a class instantiation](https://codeql.github.com/codeql-query-help/python/py-call-wrong-number-class-arguments/) | Reliability | Error | + +{% endrowheaders %} diff --git a/data/reusables/code-quality/codeql-query-tables/ruby.md b/data/reusables/code-quality/codeql-query-tables/ruby.md new file mode 100644 index 000000000000..9e1532753e90 --- /dev/null +++ b/data/reusables/code-quality/codeql-query-tables/ruby.md @@ -0,0 +1,9 @@ +{% rowheaders %} + +| Query name | Category | Severity | +| --- | --- | --- | +| [Useless assignment to local variable](https://codeql.github.com/codeql-query-help/ruby/rb-useless-assignment-to-local/) | Maintainability | Warning | +| [Database query in a loop](https://codeql.github.com/codeql-query-help/ruby/rb-database-query-in-loop/) | Reliability | Info | +| [Potentially uninitialized local variable](https://codeql.github.com/codeql-query-help/ruby/rb-uninitialized-local-variable/) | Reliability | Error | + +{% endrowheaders %} diff --git a/data/reusables/code-scanning/alerts-found-in-generated-code.md b/data/reusables/code-scanning/alerts-found-in-generated-code.md index 3ddaeb6faa28..cd216e608db2 100644 --- a/data/reusables/code-scanning/alerts-found-in-generated-code.md +++ b/data/reusables/code-scanning/alerts-found-in-generated-code.md @@ -1,3 +1,3 @@ -For compiled languages like Java, Kotlin, Go, C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore). +When using `build-mode: autobuild` or `build-mode: manual`, for compiled languages like Java, Kotlin, Go, C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore). -For languages like JavaScript, Python, and TypeScript, that {% data variables.product.prodname_codeql %} analyzes without compiling the source code, you can specify additional configuration options to limit the amount of code to analyze. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan). +For languages like JavaScript, Python, and TypeScript, that {% data variables.product.prodname_codeql %} analyzes without compiling the source code, or for a compiled language using `build-mode: none`, you can specify additional configuration options to limit the amount of code to analyze. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan). diff --git a/data/reusables/code-scanning/choose-alert-dismissal-reason.md b/data/reusables/code-scanning/choose-alert-dismissal-reason.md index b09bebf5b144..36ddfc3964eb 100644 --- a/data/reusables/code-scanning/choose-alert-dismissal-reason.md +++ b/data/reusables/code-scanning/choose-alert-dismissal-reason.md @@ -1 +1 @@ -It's important to choose the appropriate reason from the drop-down menu as this may affect whether a query continues to be included in future analysis. Optionally, you can comment on a dismissal to record the context of an alert dismissal. The dismissal comment is added to the alert timeline and can be used as justification during auditing and reporting. You can retrieve or set a comment by using the code scanning REST API. The comment is contained in `dismissed_comment` for the `alerts/{alert_number}` endpoint. For more information, see [AUTOTITLE](/rest/code-scanning#update-a-code-scanning-alert). +It's important to choose the appropriate reason from the drop-down menu as this may affect whether a query continues to be included in future analysis. Optionally, you can comment on a dismissal to record the context of an alert dismissal. The dismissal comment is added to the alert timeline and can be used as justification during auditing and reporting. You can retrieve or set a comment by using the code scanning REST API. The comment is contained in `dismissed_comment` for the `alerts/{alert_number}` endpoint. For more information, see [AUTOTITLE](/rest/code-scanning/code-scanning#update-a-code-scanning-alert). diff --git a/data/reusables/code-scanning/codeql-query-tables/go.md b/data/reusables/code-scanning/codeql-query-tables/go.md index 7bb25f200e8c..c08ffe20849a 100644 --- a/data/reusables/code-scanning/codeql-query-tables/go.md +++ b/data/reusables/code-scanning/codeql-query-tables/go.md @@ -7,6 +7,8 @@ | [Bad redirect check](https://codeql.github.com/codeql-query-help/go/go-bad-redirect-check/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/go/go-clear-text-logging/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Command built from user-controlled sources](https://codeql.github.com/codeql-query-help/go/go-command-injection/) | 078 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Cookie 'HttpOnly' attribute is not set to true](https://codeql.github.com/codeql-query-help/go/go-cookie-httponly-not-set/) | 1004 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Cookie 'Secure' attribute is not set to true](https://codeql.github.com/codeql-query-help/go/go-cookie-secure-not-set/) | 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Cross-site scripting via HTML template escaping bypass](https://codeql.github.com/codeql-query-help/go/go-html-template-escaping-bypass-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/go/go-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Disabled TLS certificate check](https://codeql.github.com/codeql-query-help/go/go-disabled-certificate-check/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | @@ -26,6 +28,8 @@ | [Suspicious characters in a regular expression](https://codeql.github.com/codeql-query-help/go/go-suspicious-character-in-regex/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Uncontrolled data used in network request](https://codeql.github.com/codeql-query-help/go/go-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/go/go-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | +| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/go/go-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/go/go-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Use of a weak cryptographic key](https://codeql.github.com/codeql-query-help/go/go-weak-crypto-key/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Use of constant `state` value in OAuth 2.0 URL](https://codeql.github.com/codeql-query-help/go/go-constant-oauth2-state/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | [Use of insecure HostKeyCallback implementation](https://codeql.github.com/codeql-query-help/go/go-insecure-hostkeycallback/) | 322 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | diff --git a/data/reusables/code-scanning/codeql-query-tables/links-to-all-tables.md b/data/reusables/code-scanning/codeql-query-tables/links-to-all-tables.md index b202e9e78371..896c581f0d1c 100644 --- a/data/reusables/code-scanning/codeql-query-tables/links-to-all-tables.md +++ b/data/reusables/code-scanning/codeql-query-tables/links-to-all-tables.md @@ -1,13 +1,12 @@ {% ifversion code-scanning-actions-language %} -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/actions-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/actions-built-in-queries) {% endif %} -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/github-actions-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/rust-built-in-queries) -* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/c-cpp-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/csharp-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/go-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/java-kotlin-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/javascript-typescript-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/python-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/ruby-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/rust-built-in-queries) +* [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries/swift-built-in-queries) diff --git a/data/reusables/code-scanning/codeql-query-tables/rust.md b/data/reusables/code-scanning/codeql-query-tables/rust.md index f18c7c47b8f5..44f52774c133 100644 --- a/data/reusables/code-scanning/codeql-query-tables/rust.md +++ b/data/reusables/code-scanning/codeql-query-tables/rust.md @@ -7,7 +7,9 @@ | [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Cleartext storage of sensitive information in a database](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-storage-database/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-transmission/) | 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Cross-site scripting](https://codeql.github.com/codeql-query-help/rust/rust-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/rust/rust-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | +| [Disabled TLS certificate check](https://codeql.github.com/codeql-query-help/rust/rust-disabled-certificate-check/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Failure to use HTTPS URLs](https://codeql.github.com/codeql-query-help/rust/rust-non-https-url/) | 319, 345 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Hard-coded cryptographic value](https://codeql.github.com/codeql-query-help/rust/rust-hard-coded-cryptographic-value/) | 259, 321, 798, 1204 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | | [Regular expression injection](https://codeql.github.com/codeql-query-help/rust/rust-regex-injection/) | 020, 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | diff --git a/data/reusables/code-scanning/merge-protection-rulesets-conditions.md b/data/reusables/code-scanning/merge-protection-rulesets-conditions.md index e350d73dc92c..1a3f3a9715ee 100644 --- a/data/reusables/code-scanning/merge-protection-rulesets-conditions.md +++ b/data/reusables/code-scanning/merge-protection-rulesets-conditions.md @@ -1,3 +1,3 @@ -* A required tool found a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in a ruleset. -* A required {% data variables.product.prodname_code_scanning %} tool's analysis is still in progress. -* A required {% data variables.product.prodname_code_scanning %} tool is not configured for the repository. +* A required tool finds a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in the ruleset. +* A required tool's analysis is still in progress. +* A required tool is not configured for the repository. diff --git a/data/reusables/code-scanning/require-actions-ghcs.md b/data/reusables/code-scanning/require-actions-ghcs.md index 5b4fe6630ef3..5f6a243284c9 100644 --- a/data/reusables/code-scanning/require-actions-ghcs.md +++ b/data/reusables/code-scanning/require-actions-ghcs.md @@ -1,3 +1,3 @@ -* {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt or ghec %} +* {% data variables.product.prodname_actions %} is enabled.{% ifversion fpt or ghec %} * It is publicly visible, or {% data variables.product.prodname_GH_code_security %} is enabled.{%- elsif ghes %} * {% data variables.product.prodname_GH_code_security %} is enabled.{% endif %} diff --git a/data/reusables/code-scanning/upload-sarif-alert-limit.md b/data/reusables/code-scanning/upload-sarif-alert-limit.md index 0691e32e0fdb..e8d843d2e552 100644 --- a/data/reusables/code-scanning/upload-sarif-alert-limit.md +++ b/data/reusables/code-scanning/upload-sarif-alert-limit.md @@ -1 +1 @@ -You can check that the SARIF properties have the supported size for upload and that the file is compatible with code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#validating-your-sarif-file). +You can check that the SARIF properties have the supported size for upload and that the file is compatible with code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#file-compatibility). diff --git a/data/reusables/codespaces/data-residency-availability.md b/data/reusables/codespaces/data-residency-availability.md deleted file mode 100644 index 66a2b24fdd42..000000000000 --- a/data/reusables/codespaces/data-residency-availability.md +++ /dev/null @@ -1 +0,0 @@ ->[!NOTE] {% data variables.product.prodname_github_codespaces %} is not available on subdomains of {% data variables.enterprise.data_residency_site %}, such as `octocorp.ghe.com`. diff --git a/data/reusables/contributing/content-linter-rules.md b/data/reusables/contributing/content-linter-rules.md index 11010f9ce8e8..9486cf26ed00 100644 --- a/data/reusables/contributing/content-linter-rules.md +++ b/data/reusables/contributing/content-linter-rules.md @@ -57,13 +57,14 @@ | GHD047 | table-column-integrity | Tables must have consistent column counts across all rows | error | tables, accessibility, formatting | | GHD051 | frontmatter-versions-whitespace | Versions frontmatter should not contain unnecessary whitespace | error | frontmatter, versions | | GHD054 | third-party-actions-reusable | Code examples with third-party actions must include disclaimer reusable | error | actions, reusable, third-party | -| GHD056 | frontmatter-landing-recommended | Only landing pages can have recommended articles, there should be no duplicate recommended articles, and all recommended articles must exist | error | frontmatter, landing, recommended | +| GHD056 | frontmatter-landing-carousels | Only landing pages can have carousels, there should be no duplicate articles, and all articles must exist | error | frontmatter, landing, carousels | | GHD057 | ctas-schema | CTA URLs must conform to the schema | error | ctas, schema, urls | | GHD058 | journey-tracks-liquid | Journey track properties must use valid Liquid syntax | error | frontmatter, journey-tracks, liquid | | GHD059 | journey-tracks-guide-path-exists | Journey track guide paths must reference existing content files | error | frontmatter, journey-tracks | | GHD060 | journey-tracks-unique-ids | Journey track IDs must be unique within a page | error | frontmatter, journey-tracks, unique-ids | | GHD061 | frontmatter-hero-image | Hero image paths must be absolute, extensionless, and point to valid images in /assets/images/banner-images/ | error | frontmatter, images | | GHD062 | frontmatter-intro-links | introLinks keys must be valid keys defined in data/ui.yml under product_landing | error | frontmatter, single-source | +| GHD063 | frontmatter-children | Children frontmatter paths must exist. Supports relative paths and absolute /content/ paths for cross-product inclusion. | error | frontmatter, children | | [search-replace](https://github.com/OnkarRuikar/markdownlint-rule-search-replace) | deprecated liquid syntax: octicon- | The octicon liquid syntax used is deprecated. Use this format instead `octicon "" aria-label=""` | error | | | [search-replace](https://github.com/OnkarRuikar/markdownlint-rule-search-replace) | deprecated liquid syntax: site.data | Catch occurrences of deprecated liquid data syntax. | error | | | [search-replace](https://github.com/OnkarRuikar/markdownlint-rule-search-replace) | developer-domain | Catch occurrences of developer.github.com domain. | error | | diff --git a/data/reusables/copilot/access-copilot-metrics-dashboard.md b/data/reusables/copilot/access-copilot-metrics-dashboard.md index 6a06eeb2df6d..3be6a3702bdc 100644 --- a/data/reusables/copilot/access-copilot-metrics-dashboard.md +++ b/data/reusables/copilot/access-copilot-metrics-dashboard.md @@ -1,2 +1,2 @@ -1. Go to the [Enterprises](https://github.com/settings/enterprises) page and select your enterprise. +1. Go to the [Enterprises](https://github.com/settings/enterprises?ref_product=ghec&ref_type=engagement&ref_style=text) page and select your enterprise. 1. Click the **Insights** tab. diff --git a/data/reusables/copilot/byok-intro.md b/data/reusables/copilot/byok-intro.md index 74fc03a47743..b20755c1cc1c 100644 --- a/data/reusables/copilot/byok-intro.md +++ b/data/reusables/copilot/byok-intro.md @@ -1,15 +1,16 @@ >[!NOTE] >{% data reusables.copilot.byok-preview-note %} -> ->Some models require the Responses API which is not currently supported. You can bring your own API keys to {% data variables.product.prodname_copilot %}, and enable teams to use your preferred large language model (LLM) providers with {% data variables.copilot.copilot_byok_supported_features %}. API keys from the following providers are supported: * Anthropic +* AWS Bedrock +* Google AI Studio * Microsoft Foundry * OpenAI +* OpenAI-compatible providers * xAI Fine-tuned models are also supported, but functionality and quality of results can vary depending on the fine-tuning setup. You should test your model and review its outputs carefully before using it in production. \ No newline at end of file diff --git a/data/reusables/copilot/ce-product-callout.md b/data/reusables/copilot/ce-product-callout.md deleted file mode 100644 index 9597e035efc7..000000000000 --- a/data/reusables/copilot/ce-product-callout.md +++ /dev/null @@ -1 +0,0 @@ -Organizations with a {% data variables.copilot.copilot_enterprise_short %} plan diff --git a/data/reusables/copilot/change-the-ai-model-copilot-coding-agent.md b/data/reusables/copilot/change-the-ai-model-copilot-coding-agent.md new file mode 100644 index 000000000000..6eed3e0c72c0 --- /dev/null +++ b/data/reusables/copilot/change-the-ai-model-copilot-coding-agent.md @@ -0,0 +1 @@ +You can change the model {% data variables.product.prodname_copilot_short %} uses. You may find that different models perform better, or provide more useful responses, depending on the type of task you give Copilot. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model). diff --git a/data/reusables/copilot/ci-support-agents-all.md b/data/reusables/copilot/ci-support-agents-all.md new file mode 100644 index 000000000000..de42772a4c32 --- /dev/null +++ b/data/reusables/copilot/ci-support-agents-all.md @@ -0,0 +1 @@ +
  •  Agent instructions (using AGENTS.md, CLAUDE.md or GEMINI.md files).
    • diff --git a/data/reusables/copilot/ci-support-agents-only.md b/data/reusables/copilot/ci-support-agents-only.md new file mode 100644 index 000000000000..33b4e9fcef4b --- /dev/null +++ b/data/reusables/copilot/ci-support-agents-only.md @@ -0,0 +1 @@ +
  •  Agent instructions (using an AGENTS.md file).
    • diff --git a/data/reusables/copilot/ci-support-organization.md b/data/reusables/copilot/ci-support-organization.md new file mode 100644 index 000000000000..765a5db5b6d7 --- /dev/null +++ b/data/reusables/copilot/ci-support-organization.md @@ -0,0 +1 @@ +
  •  Organization instructions.
    • diff --git a/data/reusables/copilot/ci-support-path.md b/data/reusables/copilot/ci-support-path.md new file mode 100644 index 000000000000..ddc4a5888d6e --- /dev/null +++ b/data/reusables/copilot/ci-support-path.md @@ -0,0 +1 @@ +
  •  Path-specific instructions (using .github/instructions/**/*.instructions.md files).
    • diff --git a/data/reusables/copilot/ci-support-personal.md b/data/reusables/copilot/ci-support-personal.md new file mode 100644 index 000000000000..277ddfcf96a9 --- /dev/null +++ b/data/reusables/copilot/ci-support-personal.md @@ -0,0 +1 @@ +
  •  Personal instructions.
    • diff --git a/data/reusables/copilot/ci-support-repository.md b/data/reusables/copilot/ci-support-repository.md new file mode 100644 index 000000000000..d9bbbd261365 --- /dev/null +++ b/data/reusables/copilot/ci-support-repository.md @@ -0,0 +1 @@ +
  •  Repository-wide instructions (using the .github/copilot-instructions.md file).
    • diff --git a/data/reusables/copilot/claude-promo-period.md b/data/reusables/copilot/claude-promo-period.md deleted file mode 100644 index ea437677b145..000000000000 --- a/data/reusables/copilot/claude-promo-period.md +++ /dev/null @@ -1 +0,0 @@ -> [!Important] {% data variables.copilot.copilot_claude_opus_45 %} has a promotional multiplier of **1** through Friday, December 5, 2025. After that date, the multiplier will change to **3**. diff --git a/data/reusables/copilot/code-review/custom-instructions-information.md b/data/reusables/copilot/code-review/custom-instructions-information.md index adc29e42a2a5..e35af5103f25 100644 --- a/data/reusables/copilot/code-review/custom-instructions-information.md +++ b/data/reusables/copilot/code-review/custom-instructions-information.md @@ -2,7 +2,7 @@ You can customize {% data variables.copilot.copilot_code-review_short %} by addi Repository custom instructions can either be repository wide or path specific. You specify repository-wide custom instructions in a `.github/copilot-instructions.md` file in your repository. You can use this file to store information that you want {% data variables.product.prodname_copilot_short %} to consider when reviewing code anywhere in the repository. -You can also write instructions that {% data variables.product.prodname_copilot_short %} will only use when reviewing code in files that match a specified path. You write these instructions in one or more `.github/instructions/**/NAME.instructions.md` files. +You can also write instructions that {% data variables.product.prodname_copilot_short %} will only use when reviewing code in files that match a specified path. You write these instructions in one or more `.github/instructions/**/*.instructions.md` files. For more information, see [AUTOTITLE](/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot). diff --git a/data/reusables/copilot/coding-agent/agent-management-intro.md b/data/reusables/copilot/coding-agent/agent-management-intro.md index d4731bb8b73e..6cdf8cd973ea 100644 --- a/data/reusables/copilot/coding-agent/agent-management-intro.md +++ b/data/reusables/copilot/coding-agent/agent-management-intro.md @@ -1,4 +1 @@ -When utilizing {% data variables.product.github %}'s agentic features, you can use the [Agents tab](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text) as a centralized control page where you can initiate, monitor, and manage agent tasks across {% data variables.product.github %}. - ->[!NOTE] -> The Agents tab is in public preview and subject to change. +When utilizing {% data variables.product.github %}'s agentic features, you can use the **Agents** tab within a repository that has {% data variables.copilot.copilot_coding_agent %} enabled to initiate, monitor, and manage agent sessions without leaving your workflow. You can also use the [Agents page](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text) to view and start agent sessions. To learn how to enable {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/access-management). diff --git a/data/reusables/copilot/coding-agent/create-hooks-instructions.md b/data/reusables/copilot/coding-agent/create-hooks-instructions.md new file mode 100644 index 000000000000..d72fc05da5d2 --- /dev/null +++ b/data/reusables/copilot/coding-agent/create-hooks-instructions.md @@ -0,0 +1,53 @@ +1. Create a new `hooks.json` file with the name of your choice in the `.github/hooks/` folder of your repository. The hooks configuration file **must be present** on your repository's default branch to be used by {% data variables.copilot.copilot_coding_agent %}. For {% data variables.copilot.copilot_cli %}, hooks are loaded from your current working directory. + +1. In your text editor, copy and paste the following hook template. Remove any hooks you don't plan on using from the `hooks` array. + + ```json copy + { + "version": 1, + "hooks": { + "sessionStart": [...], + "sessionEnd": [...], + "userPromptSubmitted": [...], + "preToolUse": [...], + "postToolUse": [...], + "errorOccurred": [...] + } + } + ``` + +1. Configure your hook syntax under the `bash` or `powershell` keys, or directly reference script files you have created. + + * This example runs a script that outputs the start date of the session to a log file using the `sessionStart` hook: + + ```json copy + "sessionStart": [ + { + "type": "command", + "bash": "echo \"Session started: $(date)\" >> logs/session.log", + "powershell": "Add-Content -Path logs/session.log -Value \"Session started: $(Get-Date)\"", + "cwd": ".", + "timeoutSec": 10 + } + ], + ``` + + * This example calls out to an external `log-prompt` script: + + ```json copy + "userPromptSubmitted": [ + { + "type": "command", + "bash": "./scripts/log-prompt.sh", + "powershell": "./scripts/log-prompt.ps1", + "cwd": "scripts", + "env": { + "LOG_LEVEL": "INFO" + } + } + ], + ``` + + For a full reference on the input JSON from agent sessions along with sample scripts, see [AUTOTITLE](/copilot/reference/hooks-configuration). + +1. Commit the file to the repository and merge it into the default branch. Your hooks will now run during agent sessions. \ No newline at end of file diff --git a/data/reusables/copilot/coding-agent/hooks-intro.md b/data/reusables/copilot/coding-agent/hooks-intro.md new file mode 100644 index 000000000000..b29864ac987a --- /dev/null +++ b/data/reusables/copilot/coding-agent/hooks-intro.md @@ -0,0 +1 @@ +Hooks allow you to extend and customize the behavior of {% data variables.product.prodname_copilot %} agents by executing custom shell commands at key points during agent execution. For a conceptual overview of hooks, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks). diff --git a/data/reusables/copilot/coding-agent/new-agent-task-form-instructions.md b/data/reusables/copilot/coding-agent/new-agent-task-form-instructions.md index 95691361f782..67bf8ca896b0 100644 --- a/data/reusables/copilot/coding-agent/new-agent-task-form-instructions.md +++ b/data/reusables/copilot/coding-agent/new-agent-task-form-instructions.md @@ -4,7 +4,8 @@ For example, `Implement a user friendly message for common errors.` 1. Optionally, select a base branch for {% data variables.product.prodname_copilot_short %}'s pull request. {% data variables.product.prodname_copilot_short %} will create a new branch based on this branch, then push the changes to a pull request targeting that branch. -1. {% data reusables.copilot.optional-select-custom-agent %} -1. Click **{% octicon "paper-airplane" aria-label="Start task" %} Start task** or press Return. +1. {% data reusables.copilot.optional-select-custom-agent-dotcom %} +{% data reusables.copilot.optional-select-copilot-coding-agent-model %} +1. Click **{% octicon "paper-airplane" aria-label="Start task" %}** or press Enter. {% data variables.product.prodname_copilot_short %} will start a new session, which will appear in the list below the prompt box. {% data variables.product.prodname_copilot_short %} will work on the task and push changes to its pull request, then add you as a reviewer when it has finished, triggering a notification. diff --git a/data/reusables/copilot/coding-agent/raycast-intro.md b/data/reusables/copilot/coding-agent/raycast-intro.md index e2baec59bcc2..f40d12899f12 100644 --- a/data/reusables/copilot/coding-agent/raycast-intro.md +++ b/data/reusables/copilot/coding-agent/raycast-intro.md @@ -1 +1 @@ -[Raycast](https://www.raycast.com/) is an extensible launcher for macOS. With the {% data variables.product.prodname_copilot %} extension for Raycast, you can start and track {% data variables.copilot.copilot_coding_agent %} tasks wherever you are on your computer. +[Raycast](https://www.raycast.com/) is an extensible launcher for Windows and macOS. With the {% data variables.product.prodname_copilot %} extension for Raycast, you can start and track {% data variables.copilot.copilot_coding_agent %} tasks wherever you are on your computer. diff --git a/data/reusables/copilot/coding-agent/raycast-oauth-access-restrictions.md b/data/reusables/copilot/coding-agent/raycast-oauth-access-restrictions.md new file mode 100644 index 000000000000..ddbb1fcb6073 --- /dev/null +++ b/data/reusables/copilot/coding-agent/raycast-oauth-access-restrictions.md @@ -0,0 +1,3 @@ +> [!NOTE] +> +> If you are unable to select a specific repository when starting a task, the organization that owns the repository may have enabled {% data variables.product.prodname_oauth_app %} access restrictions. To learn how to request approval for the "{% data variables.product.prodname_copilot %} for Raycast" {% data variables.product.prodname_oauth_app %}, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/requesting-organization-approval-for-oauth-apps). \ No newline at end of file diff --git a/data/reusables/copilot/coding-agent/troubleshoot-hooks.md b/data/reusables/copilot/coding-agent/troubleshoot-hooks.md new file mode 100644 index 000000000000..4c5ba983c708 --- /dev/null +++ b/data/reusables/copilot/coding-agent/troubleshoot-hooks.md @@ -0,0 +1,35 @@ +If you run into problems using hooks, use the following table to troubleshoot. + +| Issue | Action | +| --- | --- | +| Hooks are not executing |
    • Verify the JSON file is in the `.github/hooks/` directory.
    • Check for valid JSON syntax (for example, `jq . hooks.json`).
    • Ensure `version: 1` is specified in your `hooks.json` file.
    • Verify the script you are calling from your hook is executable (`chmod +x script.sh`)
    • Check that the script has a proper shebang (for example, `#!/bin/bash`)
    | +| Hooks are timing out |
    • The default timeout is 30 seconds. Increase `timeoutSec` in the configuration if needed.
    • Optimize script performance by avoiding unnecessary operations.
    | +| Invalid JSON output |
    • Ensure the output is on a single line.
    • On Unix, use `jq -c` to compact and validate the JSON output.
    • On Windows, use the `ConvertTo-Json -Compress` command in PowerShell to do the same.
    | + +## Debugging + +You can debug hooks using the following methods: + +* **Enable verbose logging** in the script to inspect the input data and trace script execution. + + ```shell copy + #!/bin/bash + set -x # Enable bash debug mode + INPUT=$(cat) + echo "DEBUG: Received input" >&2 + echo "$INPUT" >&2 + # ... rest of script + ``` + +* **Test hooks locally** by piping test input into your hook to validate its behavior: + + ```shell copy + # Create test input + echo '{"timestamp":1704614400000,"cwd":"/tmp","toolName":"bash","toolArgs":"{\"command\":\"ls\"}"}' | ./my-hook.sh + + # Check exit code + echo $? + + # Validate output is valid JSON + ./my-hook.sh | jq . + ``` \ No newline at end of file diff --git a/data/reusables/copilot/copilot-coding-agent-auto-models.md b/data/reusables/copilot/copilot-coding-agent-auto-models.md new file mode 100644 index 000000000000..19de1dfaf54c --- /dev/null +++ b/data/reusables/copilot/copilot-coding-agent-auto-models.md @@ -0,0 +1 @@ +* {% data variables.copilot.copilot_claude_sonnet_45 %} \ No newline at end of file diff --git a/data/reusables/copilot/copilot-coding-agent-non-auto-models.md b/data/reusables/copilot/copilot-coding-agent-non-auto-models.md new file mode 100644 index 000000000000..4c7a642532a9 --- /dev/null +++ b/data/reusables/copilot/copilot-coding-agent-non-auto-models.md @@ -0,0 +1,4 @@ +* {% data variables.copilot.copilot_claude_opus_45 %} +* {% data variables.copilot.copilot_claude_opus_46 %} +* {% data variables.copilot.copilot_gpt_51_codex_max %} +* {% data variables.copilot.copilot_gpt_52_codex %} diff --git a/data/reusables/copilot/copilot-metrics-closing-down.md b/data/reusables/copilot/copilot-metrics-closing-down.md new file mode 100644 index 000000000000..7aebb1aceb7f --- /dev/null +++ b/data/reusables/copilot/copilot-metrics-closing-down.md @@ -0,0 +1,2 @@ +>[!WARNING] +> These {% data variables.product.prodname_copilot_short %} metrics endpoints will be {% data variables.release-phases.closing_down %} on April 2, 2026. We recommend using the **{% data variables.product.prodname_copilot_short %} usage metrics** endpoints instead, which provide more depth and flexibility. For more details, see [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2026-01-29-closing-down-notice-of-legacy-copilot-metrics-apis/). diff --git a/data/reusables/copilot/cultural-factors-intro.md b/data/reusables/copilot/cultural-factors-intro.md index f226cbadac7c..457da137a262 100644 --- a/data/reusables/copilot/cultural-factors-intro.md +++ b/data/reusables/copilot/cultural-factors-intro.md @@ -1,3 +1,3 @@ -Alongside your rollout of {% data variables.product.prodname_copilot %}, you should also address any social or cultural factors that could prevent you from achieving your goals. +Alongside your rollout of {% data variables.product.prodname_copilot %}, address any social or cultural factors that could prevent you from achieving your goals. The following examples are drawn from the "Anti-Patterns" section in the ESSP. diff --git a/data/reusables/copilot/custom-instructions-about.md b/data/reusables/copilot/custom-instructions-about.md index bd8260771ea1..3e8b06343bc0 100644 --- a/data/reusables/copilot/custom-instructions-about.md +++ b/data/reusables/copilot/custom-instructions-about.md @@ -4,7 +4,7 @@ * **Path-specific custom instructions**, which apply to requests made in the context of files that match a specified path. - These are specified in one or more `NAME.instructions.md` files within the `.github/instructions` directory in the repository. + These are specified in one or more `NAME.instructions.md` files within or below the `.github/instructions` directory in the repository. By using path-specific instructions you can avoid overloading your repository-wide instructions with information that only applies to files of certain types, or in certain directories. @@ -12,6 +12,6 @@ These are specified in files called `AGENTS.md`, `CLAUDE.md`, or `GEMINI.md`. -See the table below for details of support for each of these types of repository custom instructions across different {% data variables.product.prodname_copilot_short %} features. +For details of support for each of these types of repository custom instructions across different {% data variables.product.prodname_copilot_short %} features, see [AUTOTITLE](/copilot/reference/custom-instructions-support). For a curated collection of examples, see [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions). diff --git a/data/reusables/copilot/custom-instructions-chat-precedence.md b/data/reusables/copilot/custom-instructions-chat-precedence.md index 5fccbb7d86dc..cfd7c93fc79f 100644 --- a/data/reusables/copilot/custom-instructions-chat-precedence.md +++ b/data/reusables/copilot/custom-instructions-chat-precedence.md @@ -1 +1 @@ -Multiple types of custom instructions can apply to a request sent to {% data variables.product.prodname_copilot_short %}. Personal instructions take the highest priority, followed by repository instructions, with organization instructions prioritized last. However, all sets of relevant instructions are still combined and provided to {% data variables.product.prodname_copilot_short %}. +Multiple types of custom instructions can apply to a request sent to {% data variables.product.prodname_copilot_short %}. Personal instructions take the highest priority. Repository instructions come next, and then organization instructions are prioritized last. However, all sets of relevant instructions are provided to {% data variables.product.prodname_copilot_short %}. diff --git a/data/reusables/copilot/custom-instructions-conflict.md b/data/reusables/copilot/custom-instructions-conflict.md index 197e94373be4..3a930373f6e5 100644 --- a/data/reusables/copilot/custom-instructions-conflict.md +++ b/data/reusables/copilot/custom-instructions-conflict.md @@ -1 +1 @@ -Whenever possible, you should avoid providing conflicting sets of instructions. If you are concerned about response quality, you can also choose to temporarily disable repository instructions. See [AUTOTITLE](/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot?tool=webui#enabling-or-disabling-repository-custom-instructions). +Whenever possible, try to avoid providing conflicting sets of instructions. If you are concerned about response quality, you can temporarily disable repository instructions. See [AUTOTITLE](/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot?tool=webui#enabling-or-disabling-repository-custom-instructions). diff --git a/data/reusables/copilot/custom-instructions-note.md b/data/reusables/copilot/custom-instructions-note.md new file mode 100644 index 000000000000..c4f83f7a74f2 --- /dev/null +++ b/data/reusables/copilot/custom-instructions-note.md @@ -0,0 +1,11 @@ +{% note %} + +Did you successfully add a custom instructions file to your repository? + +Yes No + +{% endnote %} + +## Custom instructions in use + +The instructions in the file(s) are available for use by {% data variables.product.prodname_copilot_short %} as soon as you save the file(s). Instructions are automatically added to requests that you submit to {% data variables.product.prodname_copilot_short %}. diff --git a/data/reusables/copilot/custom-instructions-path.md b/data/reusables/copilot/custom-instructions-path.md index 526d6c36d281..8a7e0a30c8a6 100644 --- a/data/reusables/copilot/custom-instructions-path.md +++ b/data/reusables/copilot/custom-instructions-path.md @@ -1,7 +1,6 @@ 1. Create the `.github/instructions` directory if it does not already exist. - +1. Optionally, create subdirectories of `.github/instructions` to organize your instruction files. 1. Create one or more `NAME.instructions.md` files, where `NAME` indicates the purpose of the instructions. The file name must end with `.instructions.md`. - 1. At the start of the file, create a frontmatter block containing the `applyTo` keyword. Use glob syntax to specify what files or directories the instructions apply to. For example: diff --git a/data/reusables/copilot/differences-cfi-cfb-table.md b/data/reusables/copilot/differences-cfi-cfb-table.md index dba95f7a3c94..94c0934fc205 100644 --- a/data/reusables/copilot/differences-cfi-cfb-table.md +++ b/data/reusables/copilot/differences-cfi-cfb-table.md @@ -18,6 +18,7 @@ | Agent mode | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | {% data variables.product.prodname_copilot_short %} code review | Only "Review selection" in {% data variables.product.prodname_vscode_shortname %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | | Model Context Protocol (MCP) | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | +| Third-party Agents ({% data variables.release-phases.public_preview %}) | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% endrowheaders %} diff --git a/data/reusables/copilot/evaluate-options-intro.md b/data/reusables/copilot/evaluate-options-intro.md index 1671343f224c..5433fc2e8db6 100644 --- a/data/reusables/copilot/evaluate-options-intro.md +++ b/data/reusables/copilot/evaluate-options-intro.md @@ -1,3 +1,3 @@ -The next step is to evaluate and agree on solutions to address the barriers you identified in step one. In this guide, we'll focus on the impact {% data variables.product.prodname_copilot %} can have on the goal you've identified. Bear in mind that successful rollouts of a new tool also require changes to culture and processes. +The next step is to evaluate and agree on solutions to address the barriers you identified in step one. In this guide, we'll focus on the impact {% data variables.product.prodname_copilot %} can have on the goal you've identified. Successful rollouts of a new tool also require changes to culture and processes. -You will run trials of new tools and processes with pilot groups to gather feedback and measure success. For training resources and metrics to use during trials, you can look ahead at the [3. Implement changes](#3-implement-changes) and [Metrics to watch](#metrics-to-watch) sections. +Run trials of new tools and processes with pilot groups to gather feedback and measure success. For training resources and metrics to use during trials, see [3. Implement changes](#3-implement-changes) and [Metrics to watch](#metrics-to-watch) sections. diff --git a/data/reusables/copilot/grok-promo-period.md b/data/reusables/copilot/grok-promo-period.md index fbda965f2191..590efbe43f3f 100644 --- a/data/reusables/copilot/grok-promo-period.md +++ b/data/reusables/copilot/grok-promo-period.md @@ -1 +1 @@ -> [!Important] Complimentary access to {% data variables.copilot.copilot_grok_code %} is continuing past the previously announced end time. A new end date has not been set. We may update or conclude this promotion at any time. [Regular pricing](/copilot/reference/ai-models/supported-models#model-multipliers) applies after the extension ends. +> [!Important] Complimentary access to {% data variables.copilot.copilot_grok_code %} will end on February 15, 2026. [Regular pricing](/copilot/reference/ai-models/supported-models#model-multipliers) applies after complimentary access ends. diff --git a/data/reusables/copilot/implement-changes-intro.md b/data/reusables/copilot/implement-changes-intro.md index b9a4f00dd672..b0c3bf226fbd 100644 --- a/data/reusables/copilot/implement-changes-intro.md +++ b/data/reusables/copilot/implement-changes-intro.md @@ -1,3 +1,3 @@ -When you've identified the right approach to overcome your barriers, you will scale the solutions you identified. For a successful rollout of a new tool or process, it's important to assign ownership to each part of the rollout, communicate transparently about your goals, provide effective training, and measure your outcomes. +When you've identified the right approach to overcome your barriers, scale the solutions you identified. For a successful rollout of a new tool or process, assign ownership to each part of the rollout, communicate transparently about your goals, provide effective training, and measure your outcomes. -This section provides example scenarios, best practices, and resources for developers. We recommend using this section to **plan communications and training sessions** to help employees use {% data variables.product.prodname_copilot_short %} in a way that aligns with your goal. +This section provides example scenarios, best practices, and resources for developers. Use this section to **plan communications and training sessions** to help employees use {% data variables.product.prodname_copilot_short %} in a way that aligns with your goal. diff --git a/data/reusables/copilot/measure-changes-intro.md b/data/reusables/copilot/measure-changes-intro.md index c6672763a1cd..91eb531357b6 100644 --- a/data/reusables/copilot/measure-changes-intro.md +++ b/data/reusables/copilot/measure-changes-intro.md @@ -1,3 +1,3 @@ -To assess trials of new tools and make sure your full rollouts are delivering consistent improvements, you should monitor results and make adjustments when needed. In general, we recommend considering the key zones of **quality, velocity, and developer happiness**, and how these zones come together to contribute to business outcomes. +To assess trials of new tools and make sure your full rollouts are delivering consistent improvements, monitor results and make adjustments when needed. We recommend considering the key zones of **quality, velocity, and developer happiness**, and how these zones come together to contribute to business outcomes. -Here are some metrics that we recommend looking at to assess {% data variables.product.prodname_copilot_short %}'s impact on this specific goal. +Here are some metrics to assess {% data variables.product.prodname_copilot_short %}'s impact on this specific goal. diff --git a/data/reusables/copilot/metrics-api-ghecom.md b/data/reusables/copilot/metrics-api-ghecom.md deleted file mode 100644 index ce6f064b635f..000000000000 --- a/data/reusables/copilot/metrics-api-ghecom.md +++ /dev/null @@ -1 +0,0 @@ ->[!NOTE] The {% data variables.product.prodname_copilot_short %} metrics endpoints are **not** available for {% data variables.enterprise.data_residency %} on {% data variables.enterprise.data_residency_site %}. diff --git a/data/reusables/copilot/model-use-cases/gpt-5.md b/data/reusables/copilot/model-use-cases/gpt-5.md deleted file mode 100644 index 7a59405da965..000000000000 --- a/data/reusables/copilot/model-use-cases/gpt-5.md +++ /dev/null @@ -1 +0,0 @@ - {% data variables.copilot.copilot_gpt_5 %} supports image input so that developers can bring visual context into tasks like UI inspection, diagram analysis, or layout debugging. This makes {% data variables.copilot.copilot_gpt_5 %} particularly useful for scenarios where image-based input enhances problem-solving, such as asking {% data variables.product.prodname_copilot_short %} to analyze a UI screenshot for accessibility issues or to help understand a visual bug in a layout. diff --git a/data/reusables/copilot/model-use-cases/gpt-52.md b/data/reusables/copilot/model-use-cases/gpt-52.md new file mode 100644 index 000000000000..4034110a9bdd --- /dev/null +++ b/data/reusables/copilot/model-use-cases/gpt-52.md @@ -0,0 +1 @@ + {% data variables.copilot.copilot_gpt_52 %} supports image input so that developers can bring visual context into tasks like UI inspection, diagram analysis, or layout debugging. This makes {% data variables.copilot.copilot_gpt_52 %} particularly useful for scenarios where image-based input enhances problem-solving, such as asking {% data variables.product.prodname_copilot_short %} to analyze a UI screenshot for accessibility issues or to help understand a visual bug in a layout. diff --git a/data/reusables/copilot/open-agents-panel-or-page.md b/data/reusables/copilot/open-agents-panel-or-page.md index d38706d05205..e155f4fe6356 100644 --- a/data/reusables/copilot/open-agents-panel-or-page.md +++ b/data/reusables/copilot/open-agents-panel-or-page.md @@ -1,4 +1,5 @@ 1. Open the agents panel or tab: + * Open the **{% octicon "agent" aria-label="The Agents icon" %} Agents** tab in a repository. + * **Navigate to the agents page**: Go to [github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). You can also get here by opening the agents panel, then clicking **View all**. * **Open the agents panel**: Click {% octicon "agent" aria-label="The Agents icon" %} in the navigation bar at the top right of {% data variables.product.github %}. - * **Navigate to the agents tab**: Go to [github.com/copilot/agents](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text). You can also get here by opening the agents panel, then clicking **View all**. diff --git a/data/reusables/copilot/optional-select-copilot-coding-agent-model.md b/data/reusables/copilot/optional-select-copilot-coding-agent-model.md new file mode 100644 index 000000000000..7e14bea59112 --- /dev/null +++ b/data/reusables/copilot/optional-select-copilot-coding-agent-model.md @@ -0,0 +1 @@ +1. Optionally, if you are a {% data variables.copilot.copilot_pro %} or {% data variables.copilot.copilot_pro_plus %} user, you can use the dropdown menu to select the model that {% data variables.product.prodname_copilot_short %} will use. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model). \ No newline at end of file diff --git a/data/reusables/copilot/optional-select-custom-agent-dotcom.md b/data/reusables/copilot/optional-select-custom-agent-dotcom.md new file mode 100644 index 000000000000..80ba04956203 --- /dev/null +++ b/data/reusables/copilot/optional-select-custom-agent-dotcom.md @@ -0,0 +1,2 @@ +1. Optionally, you can click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %} to open the agent dropdown menu, if you want to assign a coding agent or a {% data variables.copilot.copilot_custom_agent_short %} with specialized behavior and tools. You can select an existing {% data variables.copilot.copilot_custom_agent_short %} from your repository, organization, or enterprise. You can also click **{% octicon "plus" aria-label="Plus button" %} Create an agent** to create a new {% data variables.copilot.agent_profile %} in your selected repository and branch. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). + > [!NOTE] Third-party coding agents are available in the {% data variables.copilot.copilot_pro_plus %} and {% data variables.copilot.copilot_enterprise_short %} plans. diff --git a/data/reusables/copilot/optional-select-custom-agent-generic.md b/data/reusables/copilot/optional-select-custom-agent-generic.md new file mode 100644 index 000000000000..01cf636de879 --- /dev/null +++ b/data/reusables/copilot/optional-select-custom-agent-generic.md @@ -0,0 +1 @@ +1. Optionally, select a {% data variables.copilot.copilot_custom_agent_short %} with specialized behavior and tools from the dropdown menu. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). \ No newline at end of file diff --git a/data/reusables/copilot/optional-select-custom-agent.md b/data/reusables/copilot/optional-select-custom-agent.md deleted file mode 100644 index 1cc5352fccf4..000000000000 --- a/data/reusables/copilot/optional-select-custom-agent.md +++ /dev/null @@ -1 +0,0 @@ -1. Optionally, you can click {% octicon "copilot" aria-hidden="true" aria-label="copilot" %} to open the "Custom agent" dropdown menu, if you want to assign a {% data variables.copilot.copilot_custom_agent_short %} with specialized behavior and tools. You can select an existing {% data variables.copilot.copilot_custom_agent_short %} from your repository, organization, or enterprise. You can also click **{% octicon "plus" aria-label="Plus button" %} Create an agent** to create a new {% data variables.copilot.agent_profile %} in your selected repository and branch. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). diff --git a/data/reusables/copilot/org-copilot-usage-metrics.md b/data/reusables/copilot/org-copilot-usage-metrics.md new file mode 100644 index 000000000000..37ce071b9cfd --- /dev/null +++ b/data/reusables/copilot/org-copilot-usage-metrics.md @@ -0,0 +1 @@ +> [!NOTE] The {% data variables.product.prodname_copilot_short %} usage metrics dashboard reports data at the enterprise level. Organization-level metrics are available through the {% data variables.product.prodname_copilot_short %} usage metrics APIs only. See [AUTOTITLE](/rest/copilot/copilot-usage-metrics). diff --git a/data/reusables/copilot/personal-instructions-note.md b/data/reusables/copilot/personal-instructions-note.md index 3e6ccde45e6e..833aeb379e95 100644 --- a/data/reusables/copilot/personal-instructions-note.md +++ b/data/reusables/copilot/personal-instructions-note.md @@ -1 +1 @@ -> [!NOTE] Personal custom instructions are currently only supported for {% data variables.copilot.copilot_chat_dotcom %}. +> [!NOTE] Personal custom instructions are only supported for {% data variables.copilot.copilot_chat_dotcom %}. diff --git a/data/reusables/copilot/premium-request-entity-selection.md b/data/reusables/copilot/premium-request-entity-selection.md index d8eef4ee6dbb..0178dedd5fcd 100644 --- a/data/reusables/copilot/premium-request-entity-selection.md +++ b/data/reusables/copilot/premium-request-entity-selection.md @@ -1,2 +1,2 @@ > [!NOTE] -> If a user has licenses from multiple enterprises, or standalone organizations, they must make a selection using the "Usage billed to" drop down in order to utilize premium requests. The billing entity selected will be billed for any premium requests they make. See [AUTOTITLE](/copilot/managing-copilot/monitoring-usage-and-entitlements/monitoring-your-copilot-usage-and-entitlements#managing-premium-request-billing-with-multiple-copilot-licenses). +> If a user has licenses from multiple enterprises, or standalone organizations, they must make a selection using the "Usage billed to" drop down in order to utilize premium requests. The billing entity selected will be billed for any premium requests they make. If no billing entity is selected, premium requests will be blocked. See [AUTOTITLE](/copilot/managing-copilot/monitoring-usage-and-entitlements/monitoring-your-copilot-usage-and-entitlements#managing-premium-request-billing-with-multiple-copilot-licenses). diff --git a/data/reusables/copilot/repository-custom-instructions-support.md b/data/reusables/copilot/repository-custom-instructions-support.md deleted file mode 100644 index 58833e756c13..000000000000 --- a/data/reusables/copilot/repository-custom-instructions-support.md +++ /dev/null @@ -1,25 +0,0 @@ -### Support for repository custom instructions - -The following table shows which {% data variables.product.prodname_copilot_short %} features support custom instructions in various environments. - -{% rowheaders %} - -| | Eclipse | JetBrains IDEs | {% data variables.product.prodname_vs %} | {% data variables.product.prodname_vscode_shortname %} | {% data variables.product.prodname_dotcom_the_website %} | Xcode | -| --- | --- | --- | --- | --- | --- | --- | -| {% data variables.copilot.copilot_chat_short %} | {% octicon "check" aria-label="Included" %} 1 | {% octicon "check" aria-label="Included" %} 1 | {% octicon "check" aria-label="Included" %} 2 | {% octicon "check" aria-label="Included" %} 3 | {% octicon "check" aria-label="Included" %} 1 | {% octicon "check" aria-label="Included" %} 1 | -| {% data variables.copilot.copilot_coding_agent %} | N/A | N/A | N/A | {% octicon "check" aria-label="Included" %} 4 | {% octicon "check" aria-label="Included" %} 4 | N/A | -| {% data variables.copilot.copilot_code-review_short %} | N/A | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} 1 | {% octicon "check" aria-label="Included" %} 1 | {% octicon "check" aria-label="Included" %} 2 | {% octicon "x" aria-label="Not included" %} | - -{% endrowheaders %} - -**Types of custom instructions supported** - -**1:** Repository-wide instructions (using the `.github/copilot-instructions.md` file).
    -**2:** Repository-wide instructions and path-specific instructions (using `.github/instructions/**/NAME.instructions.md` files).
    -**3:** Repository-wide instructions, path-specific instructions, and agent instructions (using `AGENTS.md` files).
    -**4:** Repository-wide instructions, path-specific instructions, and agent instructions (using `AGENTS.md`, `CLAUDE.md` or `GEMINI.md` files).
    -**X:** Custom instructions are not supported.
    -**N/A:** Feature not available on this platform. - -> [!NOTE] -> {% data variables.copilot.copilot_code-review_short %} only reads the first 4,000 characters of any custom instruction file. Any instructions beyond this limit will not affect the reviews generated by {% data variables.copilot.copilot_code-review_short %}. This limit does not apply to {% data variables.copilot.copilot_chat_short %} or {% data variables.copilot.copilot_coding_agent %}. diff --git a/data/reusables/copilot/repository-custom-instructions-types.md b/data/reusables/copilot/repository-custom-instructions-types.md index f3ab16a7985a..3a3b988d7306 100644 --- a/data/reusables/copilot/repository-custom-instructions-types.md +++ b/data/reusables/copilot/repository-custom-instructions-types.md @@ -1,4 +1,4 @@ You can create repository custom instructions in two ways: * **Repository-wide instructions**: Create a single `copilot-instructions.md` file at the repository root that applies to all files in the repository. -* **Path-specific instructions**: Create one or more `.instructions.md` files with an `applyTo` field that apply only to specific files or directories. Path-specific instructions are currently supported for **{% data variables.copilot.copilot_chat_short %}** in {% data variables.product.prodname_vscode %} and **{% data variables.product.prodname_copilot %} coding agent**. +* **Path-specific instructions**: Create one or more `.instructions.md` files with an `applyTo` field that apply only to specific files or directories. Path-specific instructions are currently supported for **{% data variables.copilot.copilot_chat_short %}** in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and **{% data variables.product.prodname_copilot %} coding agent**. diff --git a/data/reusables/data-residency/when-you-adopt-data-residency.md b/data/reusables/data-residency/when-you-adopt-data-residency.md index d2301cbc0b41..3f34c59e575b 100644 --- a/data/reusables/data-residency/when-you-adopt-data-residency.md +++ b/data/reusables/data-residency/when-you-adopt-data-residency.md @@ -7,5 +7,6 @@ The available regions are: * EU * Australia * US +* Japan In the future, {% data variables.product.github %} plans to offer {% data variables.enterprise.data_residency_short %} in more regions. diff --git a/data/reusables/dependabot/community-maintained-intro.md b/data/reusables/dependabot/community-maintained-intro.md new file mode 100644 index 000000000000..3ada7ee51797 --- /dev/null +++ b/data/reusables/dependabot/community-maintained-intro.md @@ -0,0 +1 @@ +The following ecosystems are maintained by their upstream community maintainers. {% data variables.product.github %} integrates {% data variables.product.prodname_dependabot %} with these ecosystems but does not maintain them directly. diff --git a/data/reusables/dependabot/dependabot-alert-actions-semver.md b/data/reusables/dependabot/dependabot-alert-actions-semver.md index c178039bb022..3c799ff350e2 100644 --- a/data/reusables/dependabot/dependabot-alert-actions-semver.md +++ b/data/reusables/dependabot/dependabot-alert-actions-semver.md @@ -1 +1 @@ -{% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. You will not receive alerts for a vulnerable action that uses SHA versioning. If you use {% data variables.product.prodname_actions %} with SHA versioning, we recommend enabling {% data variables.product.prodname_dependabot_version_updates %} for your repository or organization to keep the actions you use updated to the latest versions. +For {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot_alerts %} are only generated for actions that use semantic versioning, not SHA versioning. diff --git a/data/reusables/dependabot/dependabot-alert-create-PR.md b/data/reusables/dependabot/dependabot-alert-create-PR.md deleted file mode 100644 index c0ac1d7d5069..000000000000 --- a/data/reusables/dependabot/dependabot-alert-create-PR.md +++ /dev/null @@ -1 +0,0 @@ -If you have enabled {% data variables.product.prodname_dependabot_security_updates %} for your repository, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates). diff --git a/data/reusables/dependabot/dependabot-oidc-credentials.md b/data/reusables/dependabot/dependabot-oidc-credentials.md new file mode 100644 index 000000000000..004698af0300 --- /dev/null +++ b/data/reusables/dependabot/dependabot-oidc-credentials.md @@ -0,0 +1 @@ +With OIDC, {% data variables.product.prodname_dependabot %} dynamically obtains short-lived credentials instead of using static credentials. diff --git a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md index d21724a7f473..e1c38ac87f53 100644 --- a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md +++ b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md @@ -1,7 +1,3 @@ -Repository administrators can enable or disable the dependency graph for all repositories owned by your user account, regardless of their visibility. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account). - -You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization).{% else %}[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization).{% endif %} - {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} diff --git a/data/reusables/dependabot/ghes-enabling-dependency-graph.md b/data/reusables/dependabot/ghes-enabling-dependency-graph.md index 9dc8c461b5a2..855766f3db11 100644 --- a/data/reusables/dependabot/ghes-enabling-dependency-graph.md +++ b/data/reusables/dependabot/ghes-enabling-dependency-graph.md @@ -1 +1 @@ -If the dependency graph is not available in your system, your enterprise owner can enable the dependency graph. For more information, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise). +If the dependency graph is not available on your {% data variables.product.prodname_ghe_server %} instance, ask an enterprise owner to enable it. For more information, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise). diff --git a/data/reusables/dependabot/no-dependabot-alerts-for-malware.md b/data/reusables/dependabot/no-dependabot-alerts-for-malware.md deleted file mode 100644 index 8549af2f6e1a..000000000000 --- a/data/reusables/dependabot/no-dependabot-alerts-for-malware.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_dependabot %} doesn't generate {% data variables.product.prodname_dependabot_alerts %} for malware. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#malware-advisories). diff --git a/data/reusables/dependabot/no-ubuntu-latest-label-self-hosted.md b/data/reusables/dependabot/no-ubuntu-latest-label-self-hosted.md new file mode 100644 index 000000000000..fd20ad046f68 --- /dev/null +++ b/data/reusables/dependabot/no-ubuntu-latest-label-self-hosted.md @@ -0,0 +1,2 @@ +> [!NOTE] +> {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} relies on the `ubuntu-latest` label to select the appropriate runner. To ensure {% data variables.product.prodname_dependabot %} runs on {% data variables.product.github %}-hosted runners, you should not use the label `ubuntu-latest` for self-hosted runners. diff --git a/data/reusables/dependabot/pull-request-introduction.md b/data/reusables/dependabot/pull-request-introduction.md deleted file mode 100644 index ceb23738f2a7..000000000000 --- a/data/reusables/dependabot/pull-request-introduction.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.product.prodname_dependabot %} raises pull requests to update dependencies. Depending on how your repository is configured, {% data variables.product.prodname_dependabot %} may raise pull requests for version updates and/or for security updates. You manage these pull requests in the same way as any other pull request, but there are also some extra commands available. For information about enabling {% data variables.product.prodname_dependabot %} dependency updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates). diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md index 417c5c998767..cc77bb32f64d 100644 --- a/data/reusables/dependabot/supported-package-managers.md +++ b/data/reusables/dependabot/supported-package-managers.md @@ -24,6 +24,9 @@ Composer | `composer` | {% ifversion dependabot-updates-composerv1-c | {% endif %} | [Helm Charts](#helm-charts) | `helm` | {% ifversion dependabot-helm-support %}v3{% else %}Not supported{% endif %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | Not applicable | Hex | `mix` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% ifversion dependabot-julia-support %} | +[Julia](#julia) | `julia` | >=v1.10 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% endif %} | elm-package | `elm` | v0.19 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | git submodule | `gitsubmodule` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | [{% data variables.product.prodname_actions %}](#github-actions) | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | @@ -32,6 +35,9 @@ Go modules | `gomod` | v1 | {% octicon "check" aria-l [Maven](#maven) | `maven` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | npm | `npm` | v7, v8, v9, v10, v11 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | [NuGet](#nuget-cli) | `nuget` | {% ifversion fpt or ghec or ghes > 3.14 %}<=6.12.0{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% ifversion dependabot-opentofu-support %} | +[OpenTofu](#opentofu) | `opentofu` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | Not applicable | +| {% endif %} | [pip](#pip-and-pip-compile) | `pip` | v21.1.2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | pipenv | `pip` | <= 2021-05-29 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | [pip-compile](#pip-and-pip-compile) | `pip` | 6.1.0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | @@ -43,7 +49,11 @@ poetry | `pip` | v1 | {% octicon "check" aria-l | {% endif %} | [Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} | [Terraform](#terraform) | `terraform` | >= 0.13, <= 1.13.x | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% ifversion dependabot-uv-security-support %} | +uv | `uv` | v0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% elsif dependabot-uv-support %} | uv | `uv` | v0 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% endif %} | | {% ifversion dependabot-vcpkg-support %} | [vcpkg](#vcpkg) | `vcpkg` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | Not applicable | | {% endif %} | @@ -56,25 +66,25 @@ For further information about ecosystem support for {% data variables.product.pr {% ifversion dependabot-bun-support %} -#### Bun +### Bun {% data variables.product.prodname_dependabot %} supports the current default text-based `bun.lock` file, but not the legacy binary `bun.lockb` file. The `bun.lock` file is supported in version 1.1.39 and above. For more information, see [Lockfile](https://bun.sh/docs/install/lockfile) in the Bun documentation. {% endif %} -#### Cargo +### Cargo Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo). {% ifversion dependabot-conda-support %} -#### Conda +### Conda {% data variables.product.prodname_dependabot %} support for Conda does **not include private registries, vendoring, or lock file updates**. {% endif %} -#### Dev containers +### Dev containers You can use `devcontainers` as a `package-ecosystem` in your `dependabot.yml` file to update Features in your `devcontainer.json` configuration files. For more information about this support, and for configuration file examples, see [General Availability of {% data variables.product.prodname_dependabot %} Integration](https://containers.dev/guide/dependabot) in the Development Containers documentation. @@ -84,7 +94,7 @@ This updater ensures Features are pinned to the latest `major` version in the as Features in any valid dev container location will be updated in a single pull request. For more information about the dev container specification, see [Specification](https://containers.dev/implementors/spec/#devcontainerjson) in the Development Containers documentation. -#### Docker +### Docker {% data variables.product.prodname_dependabot %} can add metadata from Docker images to pull requests for version updates. The metadata includes release notes, changelogs and the commit history. Repository administrators can use the metadata to quickly evaluate the stability risk of the dependency update. @@ -98,13 +108,13 @@ In order for {% data variables.product.prodname_dependabot %} to fetch Docker me {% ifversion dependabot-docker-compose-support %} -#### Docker Compose +### Docker Compose {% data variables.product.prodname_dependabot %} supports Docker Compose in a similar way to Docker. For more information, see [Docker](#docker). {% endif %} -#### {% data variables.product.prodname_actions %} +### {% data variables.product.prodname_actions %} {% data variables.product.prodname_dependabot %} supports version updates for {% data variables.product.prodname_actions %} with the following caveats. @@ -112,13 +122,22 @@ In order for {% data variables.product.prodname_dependabot %} to fetch Docker me For more information about using {% data variables.product.prodname_dependabot_version_updates %} with {% data variables.product.prodname_actions %}, see [AUTOTITLE](/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions#keeping-the-actions-in-your-workflows-secure-and-up-to-date). -#### Gradle +### Gradle + +{% data variables.product.prodname_dependabot %} supports updates to the following files without needing to run Gradle: -{% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to the following files: * `build.gradle`, `build.gradle.kts` (for Kotlin projects) * `gradle/libs.versions.toml` (for projects using a standard Gradle version catalog) +* `gradle.lockfile` (for projects using Gradle dependency locking) * Files included via the `apply` declaration that have `dependencies` in the filename. Note that `apply` does not support `apply to`, recursion, or advanced syntaxes (for example, Kotlin's `apply` with `mapOf`, filenames defined by property). +To update the Gradle Wrapper, {% data variables.product.prodname_dependabot %} runs Gradle and updates: + +* `gradle/wrapper/gradle-wrapper.properties` +* `gradlew` +* `gradlew.bat` +* `gradle/wrapper/gradle-wrapper.jar` + {% data variables.product.prodname_dependabot %} uses information from the `pom.xml` file of dependencies to add links to release information in update pull requests. If the information is omitted from the `pom.xml` file, then it cannot be included in {% data variables.product.prodname_dependabot %} pull requests, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot). For {% data variables.product.prodname_dependabot_security_updates %}, Gradle support is limited to manual uploads of the dependency graph data using the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). @@ -127,7 +146,7 @@ For {% data variables.product.prodname_dependabot_security_updates %}, Gradle su > * When you upload Gradle dependencies to the dependency graph using the {% data variables.dependency-submission-api.name %}, all project dependencies are uploaded, even transitive dependencies that aren't explicitly mentioned in any dependency file. When an alert is detected in a transitive dependency, {% data variables.product.prodname_dependabot %} isn't able to find the vulnerable dependency in the repository, and therefore won't create a security update for that alert. > * {% data variables.product.prodname_dependabot_version_updates %} will, however, create pull requests when the parent dependency is explicitly declared as a direct dependency in the project's manifest file. -#### Helm Charts +### Helm Charts {% data variables.product.prodname_dependabot %} supports using a username and password for registries. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#helm-registry). @@ -135,17 +154,17 @@ The `helm-registry` type only supports HTTP Basic Auth and does not support OCI- When configuring {% data variables.product.prodname_dependabot %} for Helm charts, it will also automatically update the Docker images referenced within those charts, ensuring that both the chart versions and their contained images stay up to date. -#### Maven +### Maven {% data variables.product.prodname_dependabot %} doesn't run Maven but supports updates to `pom.xml` files. {% data variables.product.prodname_dependabot %} uses information from the `pom.xml` file of dependencies to add links to release information in update pull requests. If the information is omitted from the `pom.xml` file, then it cannot be included in {% data variables.product.prodname_dependabot %} pull requests, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot). -#### NuGet CLI +### NuGet CLI {% data variables.product.prodname_dependabot %} doesn't run the NuGet CLI but does support most features up until version 6.8.0. -#### pip and pip-compile +### pip and pip-compile {% data variables.product.prodname_dependabot %} supports updates to any `.txt` file. @@ -155,24 +174,18 @@ In addition, {% data variables.product.prodname_dependabot %} supports updates t {% else %} -#### pnpm +### pnpm pnpm is supported for {% data variables.product.prodname_dependabot_version_updates %} (on v7, v8, v9, v10) and {% data variables.product.prodname_dependabot_security_updates %} (on v7 and v8 only). {% endif %} -#### poetry +### poetry The PEP 621 `project` section isn't currently supported for `poetry`. -#### pub - -{% data variables.product.prodname_dependabot %} won't perform an update for `pub` when the version that it tries to update to is ignored, even if an earlier version is available. - -You can use {% data variables.product.prodname_dependabot %} to keep Dart dependencies up-to-date if you use private hosted pub repositories. For information about allowing {% data variables.product.prodname_dependabot %} to access private {% data variables.product.prodname_dotcom %} dependencies, see [Allowing {% data variables.product.prodname_dependabot %} to access private dependencies](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies). - {% ifversion dependabot-rust-toolchain-support %} -#### Rust toolchain +### Rust toolchain {% data variables.product.prodname_dependabot %} supports automatic updates for Rust toolchain versions defined in `rust-toolchain.toml` and `rust-toolchain` files. @@ -183,11 +196,11 @@ Supported update patterns {% data variables.product.prodname_dependabot %} can u {% endif %} -#### Swift +### Swift Private registry support applies to git registries only. Swift registries are not supported. Non-declarative manifests are not supported. For more information on non-declarative manifests, see [Editing Non-Declarative Manifests](https://github.com/apple/swift-evolution/blob/7003da1439ad60896ec14657dfce829f04b0632c/proposals/0301-package-editing-commands.md#editing-non-declarative-manifests) in the Swift Evolution documentation. -#### Terraform +### Terraform Terraform support includes: * Modules hosted on Terraform Registry or a publicly reachable Git repository. @@ -196,12 +209,46 @@ Terraform support includes: {% ifversion dependabot-vcpkg-support %} -#### vcpkg +### vcpkg vcpkg support includes updating the `builtin-baseline` commit SHA from the vcpkg ports repository in your `vcpkg.json` manifest file. For more information visit the [`microsoft/vcpkg` repository](https://github.com/microsoft/vcpkg) on {% data variables.product.prodname_dotcom_the_website %} and see [What is manifest mode?](https://learn.microsoft.com/vcpkg/concepts/manifest-mode) in the Microsoft documentation. {% endif %} -#### yarn +### yarn Dependabot supports vendored dependencies for v2 onwards. + +{% ifversion dependabot-community-ecosystems %} + +## Supported community-maintained ecosystems + +{% data reusables.dependabot.community-maintained-intro %} {% ifversion dependabot-julia-support %} + +* [Julia](#julia) - Maintained by the Julia community{% endif %}{% ifversion dependabot-julia-support %} +* [OpenTofu](#opentofu) - Maintained by the OpenTofu community{% endif %} +* [Pub](#pub) - Maintained by The Dart Community + +{% ifversion dependabot-julia-support %} + +### Julia + +{% data variables.product.prodname_dependabot %} supports Julia projects that include `Project.toml`/`Manifest.toml` files. {% data variables.product.prodname_dependabot %} uses Julia's package manager to resolve and update dependencies. + +{% endif %} + +{% ifversion dependabot-opentofu-support %} + +### OpenTofu + +{% data variables.product.prodname_dependabot %} supports updating OpenTofu modules and providers in `.tf` and `.tofu` configuration files, including `terragrunt.hcl` files. If the `.terraform.lock.hcl` lockfile for provider checksums is present, {% data variables.product.prodname_dependabot %} will also update it. + +{% endif %} + +{% endif %} + +### Pub + +{% data variables.product.prodname_dependabot %} won't perform an update for `pub` when the version that it tries to update to is ignored, even if an earlier version is available. + +You can use {% data variables.product.prodname_dependabot %} to keep Dart dependencies up-to-date if you use private hosted pub repositories. For information about allowing {% data variables.product.prodname_dependabot %} to access private {% data variables.product.prodname_dotcom %} dependencies, see [Allowing {% data variables.product.prodname_dependabot %} to access private dependencies](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies). diff --git a/data/reusables/dependabot/version-updates-skip-scheduled-runs.md b/data/reusables/dependabot/version-updates-skip-scheduled-runs.md deleted file mode 100644 index 4b350eaf0c3b..000000000000 --- a/data/reusables/dependabot/version-updates-skip-scheduled-runs.md +++ /dev/null @@ -1 +0,0 @@ -Sometimes, due to a misconfiguration or an incompatible version, you might see that a {% data variables.product.prodname_dependabot %} run has failed. After 15 failed runs, {% data variables.product.prodname_dependabot_version_updates %} will skip subsequent scheduled runs until you manually trigger a check for updates from the dependency graph. {% data variables.product.prodname_dependabot_security_updates %} will still run as usual. diff --git a/data/reusables/dependabot/vnet-arc-note.md b/data/reusables/dependabot/vnet-arc-note.md index d08e19885220..7442b271204c 100644 --- a/data/reusables/dependabot/vnet-arc-note.md +++ b/data/reusables/dependabot/vnet-arc-note.md @@ -1,7 +1,7 @@ {% ifversion dependabot-vnet-support or dependabot-arc-support %} >[!NOTE] -> Private networking is supported with either an Azure Virtual Network (VNET) or the Actions Runner Controller (ARC) for {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet) for more information, and instruction. +> Private networking is supported with either an Azure Virtual Network (VNET) or the Actions Runner Controller (ARC) for {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet). {% else %} diff --git a/data/reusables/dependency-graph/supported-package-ecosystems.md b/data/reusables/dependency-graph/supported-package-ecosystems.md index f97dd896125c..faba07342cea 100644 --- a/data/reusables/dependency-graph/supported-package-ecosystems.md +++ b/data/reusables/dependency-graph/supported-package-ecosystems.md @@ -9,8 +9,14 @@ | {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.yml`, `.yaml` | {% octicon "x" aria-label="None" %} | | Go modules | Go | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `go.mod`| {% octicon "x" aria-label="None" %} | | Gradle | Java | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="None" %} | {% octicon "x" aria-label="None" %} | +| {% ifversion dependabot-julia-support %} | +| Julia | Julia | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Manifest.toml` | `Project.toml` | +| {% endif %} | | Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | `pom.xml` | {% octicon "x" aria-label="None" %} | | npm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `package-lock.json` | `package.json`| +| {% ifversion dependabot-opentofu-support %} | +| OpenTofu | HCL | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.terraform.lock.hcl` | `.tf`, `.tofu` | +| {% endif %} | | pip | Python | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | `requirements.txt`, `pipfile.lock` | `pipfile`, `setup.py` | | pnpm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `pnpm-lock.yaml` | `package.json` | | pub | Dart | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `pubspec.lock` | `pubspec.yaml` | @@ -20,7 +26,26 @@ | Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `yarn.lock` | `package.json` | > [!NOTE]{% ifversion transitive-dependency-labeling-npm %} +> > * The **Static transitive dependencies** column indicates whether static analysis will add `direct` and `transitive` labels for dependent packages in that ecosystem. Dependency submission actions (automatic or manually configured) can add transitive information for ecosystems where static analysis cannot. {% endif %} > * If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project. > * {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs..uses` will be parsed as dependencies. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions). > * {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). + +{% ifversion dependabot-community-ecosystems %} + +### Community-maintained ecosystems + +{% data reusables.dependabot.community-maintained-intro %} + +| Ecosystem | Maintained by | +| --- | --- | +| {% ifversion dependabot-julia-support %} | +| Julia | Julia community | +| {% endif %} | +| {% ifversion dependabot-opentofu-support %} | +| OpenTofu | OpenTofu community | +| {% endif %} | +| pub | Dart community | + +{% endif %} diff --git a/data/reusables/dependency-graph/used-by.md b/data/reusables/dependency-graph/used-by.md new file mode 100644 index 000000000000..6d8f01c31d58 --- /dev/null +++ b/data/reusables/dependency-graph/used-by.md @@ -0,0 +1 @@ +Some repositories have a "Used by" section in the sidebar of the **Code** tab. This section shows the number of public references to a package that were found, and displays the avatars of some of the owners of the dependent projects. diff --git a/data/reusables/dependency-submission/dependency-submission-link.md b/data/reusables/dependency-submission/dependency-submission-link.md index 73d50d1f628d..0ec804e1b8f0 100644 --- a/data/reusables/dependency-submission/dependency-submission-link.md +++ b/data/reusables/dependency-submission/dependency-submission-link.md @@ -1,2 +1,2 @@ -Additionally, you can use the {% data variables.dependency-submission-api.name %} to submit dependencies from the package manager or ecosystem of your choice, even if the ecosystem is not supported by dependency graph for manifest or lock file analysis. +You can use the {% data variables.dependency-submission-api.name %} to submit dependencies from the package manager or ecosystem of your choice, even if the ecosystem is not supported by dependency graph for manifest or lock file analysis. Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted. For more information on the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). diff --git a/data/reusables/enterprise-accounts/about-setup-user.md b/data/reusables/enterprise-accounts/about-setup-user.md new file mode 100644 index 000000000000..b13be593c054 --- /dev/null +++ b/data/reusables/enterprise-accounts/about-setup-user.md @@ -0,0 +1 @@ +For more information about the setup user, see [AUTOTITLE](/admin/concepts/identity-and-access-management/setup-user). diff --git a/data/reusables/enterprise-accounts/emu-recommend-password-manager.md b/data/reusables/enterprise-accounts/emu-recommend-password-manager.md index 381eb7306fd9..969a5789dbd5 100644 --- a/data/reusables/enterprise-accounts/emu-recommend-password-manager.md +++ b/data/reusables/enterprise-accounts/emu-recommend-password-manager.md @@ -1 +1 @@ -We strongly recommend **storing the credentials for the setup user** in your company's password management tool. Someone will need to sign in as this user to update authentication settings, migrate to another identity provider or authentication method, or use your enterprise's recovery codes. +1. We strongly recommend **storing the credentials for the setup user** in your company's password management tool. Someone will need to sign in as this user to update authentication settings, migrate to another identity provider or authentication method, or use your enterprise's recovery codes. diff --git a/data/reusables/enterprise-accounts/enterprise-apps-capabilities.md b/data/reusables/enterprise-accounts/enterprise-apps-capabilities.md new file mode 100644 index 000000000000..088a2d6c6bbc --- /dev/null +++ b/data/reusables/enterprise-accounts/enterprise-apps-capabilities.md @@ -0,0 +1,9 @@ +Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every enterprise API, but several APIs have already been updated to support {% data variables.product.prodname_github_apps %}. These APIs and GraphQL mutations include: + +* [List and create organizations in your enterprise](/graphql/reference/mutations#createenterpriseorganization) +* [Manage users in your enterprise](/graphql/reference/objects#enterprise) +* Create and manage {% data variables.product.prodname_github_app %} installations in your organizations +* Manage enterprise custom repository properties +* Call the enterprise SCIM APIs + +Check the [changelog](https://github.blog/changelog/) for updates on new APIs and permissions for {% data variables.product.prodname_github_apps %}. diff --git a/data/reusables/enterprise-accounts/github-apps-tab.md b/data/reusables/enterprise-accounts/github-apps-tab.md index 59f8acf85498..8ce0f568119f 100644 --- a/data/reusables/enterprise-accounts/github-apps-tab.md +++ b/data/reusables/enterprise-accounts/github-apps-tab.md @@ -1 +1 @@ -1. In the left sidebar, click **{% octicon "apps" aria-hidden="true" %} GitHub Apps**. +1. In the left sidebar, click **{% octicon "apps" aria-hidden="true" %} {% data variables.product.prodname_github_apps %}**. diff --git a/data/reusables/enterprise-accounts/org-custom-properties-public-preview.md b/data/reusables/enterprise-accounts/org-custom-properties-public-preview.md index 66b137396e66..5c5fee14d5a7 100644 --- a/data/reusables/enterprise-accounts/org-custom-properties-public-preview.md +++ b/data/reusables/enterprise-accounts/org-custom-properties-public-preview.md @@ -1,3 +1,2 @@ > [!NOTE] -> Organization custom properties are in public preview and subject to change. -> For {% data variables.product.prodname_ghe_server %}, this feature will only be available from version 3.22. +> For {% data variables.product.prodname_ghe_server %}, this feature will only be available from version 3.21. diff --git a/data/reusables/enterprise-accounts/payment-information-tab-both-platforms.md b/data/reusables/enterprise-accounts/payment-information-tab-both-platforms.md deleted file mode 100644 index 07a27a91dd3e..000000000000 --- a/data/reusables/enterprise-accounts/payment-information-tab-both-platforms.md +++ /dev/null @@ -1 +0,0 @@ -1. Under "Billing & Licensing", click **Payment information**. diff --git a/data/reusables/enterprise-migration-tool/data-not-migrated.md b/data/reusables/enterprise-migration-tool/data-not-migrated.md index 79cc2db94f0a..d3fd27bb12c3 100644 --- a/data/reusables/enterprise-migration-tool/data-not-migrated.md +++ b/data/reusables/enterprise-migration-tool/data-not-migrated.md @@ -1,5 +1,6 @@ * Audit logs * {% data variables.product.prodname_code_scanning_caps %} results +* {% data variables.product.prodname_codespaces %} secrets * Commit status checks * {% data variables.product.prodname_dependabot %} alerts * {% data variables.product.prodname_dependabot %} secrets @@ -10,6 +11,7 @@ * GitHub Apps and GitHub App installations * {% data variables.large_files.product_name_short %} objects and large binaries (repositories using {% data variables.large_files.product_name_short %} are still supported, see [Limitations of {% data variables.product.prodname_importer_proper_name %}](#limitations-of-github-enterprise-importer)) * Links from commits to pull requests that were rebase merged +* Mentions of users, teams, and organizations in pull request, issue, release, and comment bodies (the username originally mentioned is retained) * Packages in {% data variables.product.prodname_registry %}{% ifversion projects-v1 %} * Projects (classic) at the organization level{% endif %} * {% data variables.product.prodname_projects_v2 %} (the new projects experience) @@ -21,6 +23,8 @@ * Repository stars * Repository watchers * Rulesets +* Sub-issues (see [AUTOTITLE](/issues/tracking-your-work-with-issues/learning-about-issues/about-issues#about-sub-issues)) * Tag protection rules +* User access to the repository * Users' profiles, SSH keys, signing keys, or {% data variables.product.pat_generic_plural %} * Webhook secrets diff --git a/data/reusables/enterprise-migration-tool/deploy-key-bypass.md b/data/reusables/enterprise-migration-tool/deploy-key-bypass.md deleted file mode 100644 index 6d7e8d5b20f8..000000000000 --- a/data/reusables/enterprise-migration-tool/deploy-key-bypass.md +++ /dev/null @@ -1,3 +0,0 @@ -> [!NOTE] If the repository you are migrating has rulesets that the incoming repository doesn't match, the migration will be blocked. To bypass these rulesets and allow the migration, you can apply a ruleset bypass for all deploy keys in the target organization. -> -> Repository rulesets can be set at the organization level. If the incoming repository does not match any of these rulesets, you will need to use the deploy key bypass for each one. See [AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#granting-bypass-permissions-for-your-branch-or-tag-ruleset). diff --git a/data/reusables/enterprise-migration-tool/repository-migrations-bypass.md b/data/reusables/enterprise-migration-tool/repository-migrations-bypass.md new file mode 100644 index 000000000000..396da2dc8647 --- /dev/null +++ b/data/reusables/enterprise-migration-tool/repository-migrations-bypass.md @@ -0,0 +1,9 @@ +If the destination organization or enterprise of your migration has rulesets enabled, the migrated repository's history may violate those rules. To allow the migration without disabling your rulesets, add "Repository migrations" to the bypass list for each applicable ruleset. This bypass applies only during the migration. Once complete, rulesets will be enforced on all new contributions. + +To configure the bypass: + +1. Navigate to each enterprise or organization ruleset. +1. In the "Bypass list" section, click **Add bypass**. +1. Select **Repository migrations**. + +For more information, see [AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#granting-bypass-permissions-for-your-branch-or-tag-ruleset). diff --git a/data/reusables/enterprise-onboarding/automations.md b/data/reusables/enterprise-onboarding/automations.md new file mode 100644 index 000000000000..e7d8b700fdc4 --- /dev/null +++ b/data/reusables/enterprise-onboarding/automations.md @@ -0,0 +1,119 @@ +Automation on {% data variables.product.github %} typically involves multiple components working together. The most important {% data variables.product.github %} native components are: + +* **{% data variables.product.prodname_actions %} workflows**, which provide a runtime for executing automation logic. Out of the box, they work within a single repository, but they can be extended to automate across or even outside of repositories. +* **{% data variables.product.prodname_github_apps %}**, which do not have a runtime. Instead, they provide identity, permissions, and event delivery so your automations, whether external services or workflows, can authenticate and act securely. + +Most enterprise automation use {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together. For example, a workflow running in {% data variables.product.prodname_actions %} may use a {% data variables.product.prodname_github_app %} to obtain a short-lived token that allows it to perform tasks across repositories or organizations. + +This guide explains how {% data variables.product.prodname_github_apps %}, external automations, and {% data variables.product.prodname_actions %} complement each other, and when to use each in your enterprise. + +## {% data variables.product.prodname_github_apps %} + +A {% data variables.product.prodname_github_app %} provides the **identity, permissions, and webhook events** required for automation on or across repositories, organizations, or your enterprise. {% data variables.product.prodname_github_apps %} themselves do **not** execute logic, they enable other systems to do so. + +{% data variables.product.prodname_github_apps %} support enterprise automation by offering: + +* **Granular permissions** to follow least-privilege principles +* **Scoped installations** at the enterprise, organization, or repository level +* **Short-lived tokens** for secure access +* **Distinct identities** with full auditability +* **Delegated administration** through the {% data variables.product.prodname_github_app %} manager role +* **Consistency at scale** when owned by the enterprise account + +### What do {% data variables.product.prodname_github_apps %} enable? + +{% data variables.product.prodname_github_apps %} allow **automations you write elsewhere**—such as external services or workflow steps—to act on {% data variables.product.github %} APIs within the permissions you grant. For example: + +* Receiving webhook events and triggering external services +* Enabling a workflow to act outside its default repository scope +* Integrating {% data variables.product.github %} with third-party systems +* Coordinating changes across many repositories +* Running long-lived bots or services that monitor enterprise-level activity + +{% ifversion enterprise-installed-apps %} + +> [!NOTE] +> Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every API endpoint. See [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-on-your-enterprise#what-enterprise-installed-apps-can-do). + +{% endif %} + +## {% data variables.product.prodname_actions %} + +{% data variables.product.prodname_actions %} provide {% data variables.product.github %}’s built-in **runtime** for executing automation logic inside repositories. Workflows run on hosted or self-hosted runners and are ideal for tasks tied to code changes or repository events. + +Use {% data variables.product.prodname_actions %} for: + +* CI/CD (build, test, deploy) +* Pull request checks and validations +* Repository-level maintenance tasks +* Event-driven workflows responding to pushes, tags, or issue updates +* Scheduled jobs with cron + +### How {% data variables.product.prodname_actions %} uses {% data variables.product.prodname_github_apps %} + +{% data variables.product.prodname_actions %} and {% data variables.product.prodname_github_apps %} are deeply connected: + +* Workflow permissions map directly to {% data variables.product.prodname_github_app %} permissions. +* Workflows can authenticate as a specific {% data variables.product.prodname_github_app %} using `actions/create-github-app-token`. +* {% data variables.product.prodname_github_apps %} can trigger workflows through events such as `repository_dispatch`. + +## External automations and services + +External automations run outside {% data variables.product.github %} on your own infrastructure. These services typically: + +* Receive webhook events from a {% data variables.product.prodname_github_app %} +* Use the {% data variables.product.prodname_github_app %} to request short-lived installation tokens +* Execute long-running or cross-enterprise logic +* Integrate with external business systems + +Examples include: + +* Organization-wide configuration management +* Policy enforcement services +* Multi-repository code or metadata synchronization +* Compliance report generation +* Cross-organization issue or pull request management + +All of these rely on {% data variables.product.prodname_github_apps %} for authentication, identity, and events—**not** for execution. + +## How these components work together + +Most enterprise automation uses a combination of {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} to achieve robust, scalable workflows. + +For example: + +1. An enterprise {% data variables.product.prodname_github_app %} receives a webhook when a new repository is created, and sends the webhook payload to a server where an external service is running. +1. The external service standardizes required settings and provisions resources. +1. The service triggers a {% data variables.product.prodname_actions %} workflow in the repository. +1. The workflow performs CI, deploys templates, or configures scanning. + +Each component handles a different layer of automation. + +## When to use each type of automation + +Use **a {% data variables.product.prodname_github_app %}** when you need: + +* Authentication or permission to act across many repositories +* Integration with external systems +* Webhook-driven automations +* Long-lived or enterprise-wide workflows +* Auditability and identity separation + +Use **external automations** when you need: + +* Logic that runs continuously or outside {% data variables.product.github %} +* Integration with internal systems + +Use **{% data variables.product.prodname_actions %}** when you need: + +* CI/CD pipelines +* Repository-scoped automation +* Automated checks tied to repository events +* Execution of logic using {% data variables.product.github %}’s runner infrastructure + +Use **{% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together** when: + +* A workflow must act beyond the repository’s default permissions +* A {% data variables.product.prodname_github_app %} needs to trigger a workflow +* External logic orchestrates in-repo execution +* Enterprise-wide policies or workflows require both identity and runtime diff --git a/data/reusables/enterprise-onboarding/create-enterprise-teams.md b/data/reusables/enterprise-onboarding/create-enterprise-teams.md index f11d9c492dc9..4bcedd66806c 100644 --- a/data/reusables/enterprise-onboarding/create-enterprise-teams.md +++ b/data/reusables/enterprise-onboarding/create-enterprise-teams.md @@ -48,10 +48,10 @@ If you use {% data variables.product.prodname_emus %}, you can sync membership o #### Limits on IdP group sizes -If an IdP group goes over the team size limit of 500 users, the team will stop being synced. +If an IdP group goes over the team size limit of 5,000 users, the team will stop being synced. For example: * An enterprise team is initially synced with an IdP group of 5 users. -* 500 more users are added to the IdP group. Because the IdP group now has 505 users, the group isn't synced and the enterprise team remains at 5 members. -* 5 users are removed from the IdP group to bring it to 500 users. Syncing resumes and the enterprise team now contains the same 500 users as the IdP group. +* 5,000 more users are added to the IdP group. Because the IdP group now has 5,005 users, the group isn't synced and the enterprise team remains at 5 members. +* 5 users are removed from the IdP group to bring it to 5,000 users. Syncing resumes and the enterprise team now contains the same 5,000 users as the IdP group. diff --git a/data/reusables/enterprise-onboarding/identify-role-requirements.md b/data/reusables/enterprise-onboarding/identify-role-requirements.md index c2ff768987a9..9ba991d0150f 100644 --- a/data/reusables/enterprise-onboarding/identify-role-requirements.md +++ b/data/reusables/enterprise-onboarding/identify-role-requirements.md @@ -59,3 +59,9 @@ Not all tasks are best-suited to humans. Identify frequent, time-consuming, and * They have their own identity, which you can trace in audit logs. For more information about what apps can do, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps#understanding-what-type-of-github-app-to-build). + +## 6. Assign tasks to agents + +Another way to delegate frequent, time-consuming tasks is to assign work to {% data variables.copilot.copilot_coding_agent %}. You can define custom agents for specific roles in your enterprise. Custom agents are created using Markdown files called "agent profiles," which define the instructions and tools the agent needs to perform a task. For example, you could create a custom agent for writing README files or generating unit tests. + +For more information, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents). diff --git a/data/reusables/enterprise-onboarding/use-innersource.md b/data/reusables/enterprise-onboarding/use-innersource.md new file mode 100644 index 000000000000..51ef77ecbcc5 --- /dev/null +++ b/data/reusables/enterprise-onboarding/use-innersource.md @@ -0,0 +1,52 @@ +You can use innersource practices to drive collaboration and productivity in your enterprise. Innersource makes it easy for all employees to discover and reuse work. This allows development teams to learn from each other's work, share their expertise, and avoid duplicating effort to recreate common services. + +## Make repositories discoverable + +Unless they contain sensitive information, you should aim to make repositories visible to all employees. + +To do this, encourage employees to use **internal** visibility whenever possible. Internal visibility allows any member of any organization in the enterprise to view the repository, regardless of whether the user is a member of the organization that owns the repository. + +You should also set permissive **base permissions** for organizations. An organization's base permission policy determines the default level of access that members of that organization have to all the organization's repositories. Generally, organizations should have at least a "Read" base permission so that all organization members can see any repository. Organization owners can then use teams to grant people greater levels of access in specific repositories. + +If you have more sensitive repositories that should not be widely visible, you can set up a dedicated organization with a more restrictive base permission and add specific teams to this organization. + +For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization). + +## Document projects + +Organize and document your repositories so that people can search for work across the enterprise. + +Repository **READMEs** are effective because they're defined in files in the repository, so users can search for them like code. You can also create READMEs at the level of an organization or enterprise account to provide a higher-level overview of where to find different projects. For more formal internal documentation, consider setting up a **{% data variables.product.prodname_pages %} site** or **wikis**. + +You can use **repository topics** to group repositories that contain a certain programming language, are owned by a certain team, and so on. This is another way of making repositories easier to find. + +For more information, see: + +* [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes), [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile#adding-a-member-only-organization-profile-readme), and [AUTOTITLE](/admin/managing-your-enterprise-account/creating-a-readme-for-an-enterprise) +* [AUTOTITLE](/pages/getting-started-with-github-pages/creating-a-github-pages-site) +* [AUTOTITLE](/communities/documenting-your-project-with-wikis/adding-or-editing-wiki-pages) +* [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) + +## Set up a culture for sharing work + +Encourage teams to publicize their work and share resources with other teams. {% data variables.product.github %} has a number of features that make this easier. For example, teams can: + +* Use **discussions** to make their work more visible to other teams. See [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion#creating-a-discussion). +* Create a dedicated internal repository for sharing **actions and reusable {% data variables.product.prodname_actions %} workflows**, which anyone can reference when they write a workflow within the enterprise. See [AUTOTITLE](/actions/how-tos/reuse-automations/share-with-your-enterprise). +* Share reusable pieces of code in internal packages with **{% data variables.product.prodname_registry %}** registries. For enhanced security, you can give {% data variables.product.github %}'s security features access to these registries. See [AUTOTITLE](/packages/learn-github-packages/introduction-to-github-packages). +* Set up common templates and frameworks as **template repositories** that other people can copy to get started with a project. See [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-template-repository). + +Like with an open source project, you should ensure shared projects have a support model and a clearly defined team of maintainers, especially for services that many parts of your enterprise rely on. Ideally the maintainers team will contain representatives from the different teams that use the service. + +## Hide content from external collaborators + +If you have external contractors or collaborators who need access to your enterprise's projects, you can grant them a different level of access from regular employees. + +Specifically, you may want to hide internal repositories from an external collaborator. To do this: + +* If you use {% data variables.product.prodname_emus %}, provision an account for the user with the **guest collaborator** role. Guest collaborators don't have access to internal repositories by default, but they receive base permissions in organizations where they're added as members. They can also be added as repository collaborators in repositories. +* If you do not use {% data variables.product.prodname_emus %}, add the user as an **outside collaborator** in the required repositories, but ensure they are not added as a member of any organization. + +Outside collaborators (called **repository collaborators** if you use {% data variables.product.prodname_emus %}) only have access to a specific repository. These users are not full organization members, so they do not receive the base level of access for the organization, and they cannot automatically see internal repositories in the enterprise unless they are a member of another organization. + +For more information, see {% ifversion ghec %}[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators) and{% endif %} [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/adding-outside-collaborators-to-repositories-in-your-organization). diff --git a/data/reusables/enterprise/enterprise-teams-limits.md b/data/reusables/enterprise/enterprise-teams-limits.md index 666a1aa0f7f9..6ad030e812b0 100644 --- a/data/reusables/enterprise/enterprise-teams-limits.md +++ b/data/reusables/enterprise/enterprise-teams-limits.md @@ -1 +1 @@ -There are **limits on enterprise teams**. You can create up to 100 teams for a single enterprise and add up to 500 users to each team. Each team can be assigned to a maximum of 1,000 organizations. +There are **limits on enterprise teams**. You can create up to 2,500 teams for a single enterprise and add up to 5,000 users to each team. Each team can be assigned to a maximum of 1,000 organizations. diff --git a/data/reusables/enterprise_installation/replication-command.md b/data/reusables/enterprise_installation/replication-command.md index ef876aa65290..9f91871be081 100644 --- a/data/reusables/enterprise_installation/replication-command.md +++ b/data/reusables/enterprise_installation/replication-command.md @@ -4,5 +4,16 @@ ghe-repl-start ``` + {% ifversion ghes < 3.19 %} > [!WARNING] > `ghe-repl-start` causes a brief outage on the primary server, during which users may see internal server errors. To provide a friendlier message, run `ghe-maintenance -s` on the primary node before running `ghe-repl-start` on the replica node to put the appliance in maintenance mode. Once replication starts, disable maintenance mode with `ghe-maintenance -u`. Git replication will not progress while the primary node is in maintenance mode. + > If you are running version 3.14.20, 3.15.15, 3.16.11, 3.17.8, 3.18.2, or a later version including future releases like 3.19, you no longer need to put the primary in maintenance mode prior to running `ghe-repl-start`. This command is no longer expected to cause an outage on the primary server. However, when setting up a new replica, `ghe-repl-start` won't cause an outage as long as you run `ghe-config-apply` between `ghe-repl-setup` and `ghe-repl-start`. Skipping `ghe-config-apply` and going straight from `ghe-repl-setup` to `ghe-repl-start` will still result in an outage. + + {% else %} + > [!WARNING] + + > [!WARNING] + > To ensure uninterrupted service when setting up a new replica, run `ghe-config-apply` between `ghe-repl-setup` and `ghe-repl-start`. This allows the primary server to remain available throughout the replication setup process. + + + {% endif %} \ No newline at end of file diff --git a/data/reusables/gated-features/anthropic-claude.md b/data/reusables/gated-features/anthropic-claude.md new file mode 100644 index 000000000000..3665f5f6e98e --- /dev/null +++ b/data/reusables/gated-features/anthropic-claude.md @@ -0,0 +1 @@ +{% data variables.product.prodname_anthropic_claude %} is only available with the {% data variables.copilot.copilot_pro_plus %} plan. diff --git a/data/reusables/gated-features/copilot-cli.md b/data/reusables/gated-features/copilot-cli.md index 364b5c1ed532..43c44c5124ac 100644 --- a/data/reusables/gated-features/copilot-cli.md +++ b/data/reusables/gated-features/copilot-cli.md @@ -1,3 +1 @@ -{% data variables.copilot.copilot_cli %} is available with the {% data variables.copilot.copilot_pro %}, {% data variables.copilot.copilot_pro_plus %}, {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} plans. - -If you receive {% data variables.product.prodname_copilot_short %} from an organization, the {% data variables.copilot.copilot_cli_short %} policy must be enabled in the organization's settings. +{% data variables.copilot.copilot_cli %} is available with all {% data variables.product.prodname_copilot_short %} plans. If you receive {% data variables.product.prodname_copilot_short %} from an organization, the {% data variables.copilot.copilot_cli_short %} policy must be enabled in the organization's settings. diff --git a/data/reusables/gated-features/copilot-memory.md b/data/reusables/gated-features/copilot-memory.md new file mode 100644 index 000000000000..b02e4f47c178 --- /dev/null +++ b/data/reusables/gated-features/copilot-memory.md @@ -0,0 +1,2 @@ +* Enterprises and organizations with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} plan. +* Individual users with a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan. diff --git a/data/reusables/gated-features/dependabot-alerts.md b/data/reusables/gated-features/dependabot-alerts.md index 459882ca5361..240fbe452198 100644 --- a/data/reusables/gated-features/dependabot-alerts.md +++ b/data/reusables/gated-features/dependabot-alerts.md @@ -1,3 +1 @@ -{% data variables.product.prodname_dependabot_alerts %} is available for the following repositories: - - * Organization-owned and user-owned repositories +{% data variables.product.prodname_dependabot_alerts %} are available for organization-owned and user-owned repositories. diff --git a/data/reusables/gated-features/third-party-agents.md b/data/reusables/gated-features/third-party-agents.md new file mode 100644 index 000000000000..d93ce1814241 --- /dev/null +++ b/data/reusables/gated-features/third-party-agents.md @@ -0,0 +1 @@ +Third-party agents are available in the {% data variables.copilot.copilot_pro_plus %} and {% data variables.copilot.copilot_enterprise %} plans. \ No newline at end of file diff --git a/data/reusables/getting-started/configuring-security-features.md b/data/reusables/getting-started/configuring-security-features.md index 4ba3ffa6bb6f..2cca174c1d3a 100644 --- a/data/reusables/getting-started/configuring-security-features.md +++ b/data/reusables/getting-started/configuring-security-features.md @@ -1 +1 @@ -To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates. For more information, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization).{% else %}[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization).{% endif %} +To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates.{% ifversion secret-risk-assessment %} For more information, see [AUTOTITLE](/code-security/securing-your-organization).{% elsif ghes < 3.15 %} For more information, see [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization).{% endif %} diff --git a/data/reusables/identity-and-permissions/team-sync-usage-limits.md b/data/reusables/identity-and-permissions/team-sync-usage-limits.md index e08b2ea38815..e97b5fa26caf 100644 --- a/data/reusables/identity-and-permissions/team-sync-usage-limits.md +++ b/data/reusables/identity-and-permissions/team-sync-usage-limits.md @@ -5,3 +5,5 @@ There are usage limits for the team synchronization feature. Exceeding these lim * Maximum number of members in a GitHub team: 5,000 * Maximum number of members in a GitHub organization: 10,000 * Maximum number of teams in a GitHub organization: 1,500 + +These limits only apply to the use of the team synchronization feature. Your organization may have more members or teams than the limits above, but your use of the team synchronization feature will be impaired. These limits do not apply to SCIM-based linking of teams to SCIM groups. \ No newline at end of file diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index b70c6fdb95c5..600c79642096 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -1,4 +1,4 @@ -{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} +You can choose to receive notifications: * In your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**On {% data variables.product.prodname_dotcom %}** option). * By email. An email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email** option). diff --git a/data/reusables/organizations/additional-permissions.md b/data/reusables/organizations/additional-permissions.md index 4fac34bbeea8..caa9d92d570a 100644 --- a/data/reusables/organizations/additional-permissions.md +++ b/data/reusables/organizations/additional-permissions.md @@ -9,7 +9,7 @@ For more information, see [AUTOTITLE](/discussions). -### Issue and Pull Requests +### Issue and pull requests * Assign or remove a user * Add or remove a label @@ -21,14 +21,14 @@ For more information, see [AUTOTITLE](/discussions). * Delete an issue * Mark an issue as a duplicate -### Merge Queue +### Merge queue * Request a solo merge * Jump to the front of the queue For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue). -### Pull Request +### Pull request * Close a pull request * Reopen a closed pull request diff --git a/data/reusables/organizations/data_saved_for_reinstating_a_former_org_member.md b/data/reusables/organizations/data_saved_for_reinstating_a_former_org_member.md deleted file mode 100644 index 090bffd7957b..000000000000 --- a/data/reusables/organizations/data_saved_for_reinstating_a_former_org_member.md +++ /dev/null @@ -1,2 +0,0 @@ -> [!NOTE] -> When you remove a user from your organization, their membership data is saved for three months. You can restore their data, or any private forks they owned of your organization's repositories, if you invite the user to rejoin the organization within that time frame. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). diff --git a/data/reusables/organizations/team-discussions-api-deprecation.md b/data/reusables/organizations/team-discussions-api-deprecation.md deleted file mode 100644 index 3275cc2bde06..000000000000 --- a/data/reusables/organizations/team-discussions-api-deprecation.md +++ /dev/null @@ -1,11 +0,0 @@ -{% ifversion ghes %} - -> [!NOTE] -> The team discussions and team discussion comments endpoints are {% data variables.release-phases.closing_down %} in {% data variables.product.prodname_ghe_server %} 3.13 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see [AUTOTITLE](/discussions). - -{% elsif fpt or ghec %} - -> [!NOTE] -> The team discussions and team discussion comments endpoints are {% data variables.release-phases.closing_down %} on 2023-11-28 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see [AUTOTITLE](/discussions). - -{% endif %} diff --git a/data/reusables/permissions/security-overview-dependabot-metrics.md b/data/reusables/permissions/security-overview-dependabot-metrics.md new file mode 100644 index 000000000000..7e10f015dd3c --- /dev/null +++ b/data/reusables/permissions/security-overview-dependabot-metrics.md @@ -0,0 +1,4 @@ +Access requires: +* The `admin` role for the repository. +* A custom repository role with the "View {% data variables.product.prodname_dependabot_alerts %}" fine-grained permissions for the repository. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security). +* Access to alerts for the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). diff --git a/data/reusables/pull_requests/close-issues-using-keywords.md b/data/reusables/pull_requests/close-issues-using-keywords.md index 0703c2a32593..5cdad811d4dd 100644 --- a/data/reusables/pull_requests/close-issues-using-keywords.md +++ b/data/reusables/pull_requests/close-issues-using-keywords.md @@ -1 +1 @@ -You can link a pull request to an issue to show that a fix is in progress and to automatically close the issue when someone merges the pull request. For more information, see [AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue). +You can link a pull request to an issue to show that a fix is in progress and automatically close the issue when the pull request is merged. For more information, see [AUTOTITLE](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue). diff --git a/data/reusables/pull_requests/code-review-limits.md b/data/reusables/pull_requests/code-review-limits.md deleted file mode 100644 index 9676d53d3723..000000000000 --- a/data/reusables/pull_requests/code-review-limits.md +++ /dev/null @@ -1 +0,0 @@ -By default, in public repositories, any user can submit reviews that approve or request changes to a pull request. Organization owners and repository admins can limit who is able to give approving pull request reviews or request changes. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization) and [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository). diff --git a/data/reusables/pull_requests/re-request-review.md b/data/reusables/pull_requests/re-request-review.md deleted file mode 100644 index 5776451f772f..000000000000 --- a/data/reusables/pull_requests/re-request-review.md +++ /dev/null @@ -1,2 +0,0 @@ -You can re-request a review, for example, after you've made substantial changes to your pull request. -To request a fresh review from a reviewer, in the sidebar of the **Conversation** tab, click the {% octicon "sync" aria-label="The sync icon" %} icon. diff --git a/data/reusables/pull_requests/required-checks-must-pass-to-merge.md b/data/reusables/pull_requests/required-checks-must-pass-to-merge.md deleted file mode 100644 index 894e9a46026f..000000000000 --- a/data/reusables/pull_requests/required-checks-must-pass-to-merge.md +++ /dev/null @@ -1 +0,0 @@ -If status checks are required for a repository, the required status checks must pass before you can merge your branch into the protected branch. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging). diff --git a/data/reusables/pull_requests/resolving-conversations.md b/data/reusables/pull_requests/resolving-conversations.md deleted file mode 100644 index 83d1c02c6669..000000000000 --- a/data/reusables/pull_requests/resolving-conversations.md +++ /dev/null @@ -1,17 +0,0 @@ -### Resolving conversations - -You can resolve a conversation in a pull request if you opened the pull request or if you have write access to the repository where the pull request was opened. - -To indicate that a conversation on the **Files changed** tab is complete, click **Resolve conversation**. - -The entire conversation will be collapsed and marked as resolved, making it easier to find conversations that still need to be addressed. - -If the suggestion in a comment is out of your pull request's scope, you can open a new issue that tracks the feedback and links back to the original comment. For more information, see [AUTOTITLE](/issues/tracking-your-work-with-issues/creating-an-issue). - -#### Discovering and navigating conversations - -You can discover and navigate to all the conversations in your pull request using the **Conversations** menu that's shown at the top of the **Files Changed** tab. - -From this view, you can see which conversations are unresolved, resolved, and outdated. This makes it easy to discover and resolve conversations. - -![Screenshot of the "Conversations" menu on the "Files Changed" tab of a pull request.](/assets/images/help/pull_requests/conversations-menu.png) diff --git a/data/reusables/rai/copilot/byok-transparency-note.md b/data/reusables/rai/copilot/byok-transparency-note.md index 63efeae5d983..bb742ed337bf 100644 --- a/data/reusables/rai/copilot/byok-transparency-note.md +++ b/data/reusables/rai/copilot/byok-transparency-note.md @@ -1,6 +1,6 @@ # Using Bring Your Own Key (BYOK) with {% data variables.product.prodname_copilot %} -When you use Bring Your Own Key with {% data variables.copilot.copilot_chat %}, you can connect the chat experience to large language models from supported providers beyond the default {% data variables.product.prodname_copilot_short %} model. Examples of supported providers include Anthropic, Azure AI, OpenAI, and xAI. You add your API key for the chosen provider directly in your {% data variables.product.prodname_copilot_short %} settings. +When you use Bring Your Own Key with {% data variables.copilot.copilot_chat %}, you can connect the chat experience to large language models from supported providers beyond the default {% data variables.product.prodname_copilot_short %} model. Examples of supported providers include Anthropic, AWS Bedrock, Google AI Studio, Microsoft Foundry, OpenAI, OpenAI-compatible providers, and xAI. You add your API key for the chosen provider directly in your {% data variables.product.prodname_copilot_short %} settings. When BYOK is active: diff --git a/data/reusables/repositories/dependency-review.md b/data/reusables/repositories/dependency-review.md deleted file mode 100644 index 4a63b03bb65e..000000000000 --- a/data/reusables/repositories/dependency-review.md +++ /dev/null @@ -1 +0,0 @@ -Additionally, {% data variables.product.prodname_dotcom %} can review any dependencies added, updated, or removed in a pull request made against the default branch of a repository, and flag any changes that would reduce the security of your project. This allows you to spot and deal with vulnerable dependencies before, rather than after, they reach your codebase. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request). diff --git a/data/reusables/repositories/legacy-issue-template-tip.md b/data/reusables/repositories/legacy-issue-template-tip.md deleted file mode 100644 index b4f3a6f294ec..000000000000 --- a/data/reusables/repositories/legacy-issue-template-tip.md +++ /dev/null @@ -1,2 +0,0 @@ -> [!WARNING] -> This is the legacy workflow to create an issue template. We recommend using the upgraded multiple issue template builder or issue forms to create issue templates. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates). diff --git a/data/reusables/repositories/rulesets-metadata-restrictions-notes.md b/data/reusables/repositories/rulesets-metadata-restrictions-notes.md index 75aa039400be..1bd56d4f7908 100644 --- a/data/reusables/repositories/rulesets-metadata-restrictions-notes.md +++ b/data/reusables/repositories/rulesets-metadata-restrictions-notes.md @@ -1 +1,4 @@ -> [!NOTE] If you squash merge a branch, all commits on that branch must meet any metadata requirements for the base branch. +> [!NOTE] +> If you squash merge a branch, all commits on that branch must meet any metadata requirements for the base branch. +> +> When using end-of-line anchors in regular expressions, use `\n?$` rather than `$` alone. The optional `\n?` matches a trailing newline that may be present in Git push/CLI flows, while still working for commits created via the web UI and API. diff --git a/data/reusables/rest-api/about-api-versions.md b/data/reusables/rest-api/about-api-versions.md index 0875319e0bd9..f6aece67bb61 100644 --- a/data/reusables/rest-api/about-api-versions.md +++ b/data/reusables/rest-api/about-api-versions.md @@ -1,6 +1,6 @@ The {% data variables.product.github %} REST API is versioned. The API version name is based on the date when the API version was released. For example, the API version `{{ initialRestVersioningReleaseDate }}` was released on {{ initialRestVersioningReleaseDateLong }}. -Any breaking changes will be released in a new API version. Breaking changes are changes that can potentially break an integration. Breaking changes include: +Breaking changes are changes that can potentially break an integration. We will provide advance notice before releasing breaking changes. Breaking changes include: * Removing an entire operation * Removing or renaming a parameter diff --git a/data/reusables/rest-api/primary-rate-limit-authenticated-users.md b/data/reusables/rest-api/primary-rate-limit-authenticated-users.md index c80404330080..193c88729873 100644 --- a/data/reusables/rest-api/primary-rate-limit-authenticated-users.md +++ b/data/reusables/rest-api/primary-rate-limit-authenticated-users.md @@ -1,4 +1,3 @@ You can use a {% data variables.product.pat_generic %} to make API requests. Additionally, you can authorize a {% data variables.product.prodname_github_app %} or {% data variables.product.prodname_oauth_app %}, which can then make API requests on your behalf. - All of these requests count towards your personal rate limit of 5,000 requests per hour. {% ifversion fpt or ghec %}Requests made on your behalf by a {% data variables.product.prodname_github_app %} that is owned by a {% data variables.product.prodname_ghe_cloud %} organization have a higher rate limit of 15,000 requests per hour. Similarly, requests made on your behalf by a {% data variables.product.prodname_oauth_app %} that is owned or approved by a {% data variables.product.prodname_ghe_cloud %} organization have a higher rate limit of 15,000 requests per hour if you are a member of the {% data variables.product.prodname_ghe_cloud %} organization.{% endif %} - \ No newline at end of file + All of these requests count towards your personal rate limit of 5,000 requests per hour. {% ifversion fpt or ghec %}Requests made on your behalf by a {% data variables.product.prodname_github_app %} that is owned by a {% data variables.product.prodname_ghe_cloud %} organization have a higher rate limit of 15,000 requests per hour. Similarly, requests made on your behalf by a {% data variables.product.prodname_oauth_app %} that is owned or approved by a {% data variables.product.prodname_ghe_cloud %} organization have a higher rate limit of 15,000 requests per hour if you are a member of the {% data variables.product.prodname_ghe_cloud %} organization. However, requests made by a higher-limit app reduce the remaining budget available for lower-limit authentication methods. For example, if an app with a 15,000 request limit makes 10,000 requests on your behalf, you will have exhausted the 5,000 request budget for your {% data variables.product.pat_generic_plural %}, even though the app has 5,000 requests remaining.{% endif %} diff --git a/data/reusables/rest-api/secondary-rate-limit-rest-graphql.md b/data/reusables/rest-api/secondary-rate-limit-rest-graphql.md index 5ce6995cb118..81bf3e084e75 100644 --- a/data/reusables/rest-api/secondary-rate-limit-rest-graphql.md +++ b/data/reusables/rest-api/secondary-rate-limit-rest-graphql.md @@ -7,6 +7,7 @@ You may encounter a secondary rate limit if you: * _Make too many requests per minute._ No more than 90 seconds of CPU time per 60 seconds of real time is allowed. No more than 60 seconds of this CPU time may be for the GraphQL API. You can roughly estimate the CPU time by measuring the total response time for your API requests. * _Make too many requests that consume excessive compute resources in a short period of time._ * _Create too much content on {% data variables.product.company_short %} in a short amount of time._ In general, no more than 80 content-generating requests per minute and no more than 500 content-generating requests per hour are allowed. Some endpoints have lower content creation limits. Content creation limits include actions taken on the {% data variables.product.company_short %} web interface as well as via the REST API and GraphQL API. +* _Make too many OAuth access token requests in a short period of time._ No more than 2,000 OAuth access token requests per hour are allowed for {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}. These secondary rate limits are subject to change without notice. You may also encounter a secondary rate limit for undisclosed reasons. diff --git a/data/reusables/saml/about-authorized-credentials.md b/data/reusables/saml/about-authorized-credentials.md index 87664ef3bc6d..03712dfc80ce 100644 --- a/data/reusables/saml/about-authorized-credentials.md +++ b/data/reusables/saml/about-authorized-credentials.md @@ -1 +1 @@ -You can see each {% data variables.product.pat_generic %} and SSH key that a member has authorized for API and Git access. Only the last several characters of each token or key are visible. If necessary, work with the member to determine which credentials you should revoke. +You can see each {% data variables.product.pat_generic %} and SSH key that a member has authorized for API and Git access. Only the last several characters of each token or key are visible. If necessary, work with the member to determine which credentials you should revoke. Be aware that revoking a credential only removes the SAML authorization. It does not delete the underlying token or SSH key. diff --git a/data/reusables/search/requested_reviews_search_tip.md b/data/reusables/search/requested_reviews_search_tip.md deleted file mode 100644 index 8a6ecf2e0f50..000000000000 --- a/data/reusables/search/requested_reviews_search_tip.md +++ /dev/null @@ -1,2 +0,0 @@ -> [!TIP] -> You can find a pull request where you or a team you're a member of is requested for review with the search qualifier `review-requested:[USERNAME]` or `team-review-requested:[TEAMNAME]`. For more information, see [AUTOTITLE](/search-github/searching-on-github/searching-issues-and-pull-requests). diff --git a/data/reusables/secret-protection/product-list.md b/data/reusables/secret-protection/product-list.md index 2f5723b42188..026ae8de0a34 100644 --- a/data/reusables/secret-protection/product-list.md +++ b/data/reusables/secret-protection/product-list.md @@ -1,15 +1,8 @@ * **{% data variables.product.prodname_secret_scanning_caps %}**: Detect secrets, for example keys and tokens, that have been checked into a repository and receive alerts. - -* **Push protection**: Prevent secret leaks before they happen by blocking commits containing secrets. {% ifversion fpt or ghec or ghes > 3.19 %} You can calculate how much you can save by using push protection in repositories in your organization with the {% data variables.secret-scanning.roi-calculator %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/calculating-the-cost-savings-of-push-protection).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %} - +* **Push protection**: Prevent secret leaks before they happen by blocking commits containing secrets.{% ifversion secret-scanning-ai-generic-secret-detection %} * **{% data variables.secret-scanning.copilot-secret-scanning %}**: Leverage AI to detect unstructured credentials, such as passwords, that have been checked into a repository.{% endif %} - * **Custom patterns**: Detect and prevent leaks for organization-specific secrets.{% ifversion security-delegated-alert-dismissal %} - * **Delegated bypass for push protection** and **Delegated alert dismissal**: Implement an approval process for better control over who in your enterprise can perform sensitive actions, supporting governance at scale.{% elsif ghes = 3.15 or ghes = 3.16 %} - * **Delegated bypass for push protection**: Implement controls over who can bypass push protection.{% endif %}{% ifversion security-campaigns-secrets %} - -* **Security campaigns**: remediate exposed secrets at scale by creating a campaign and collaborating to fix them.{% endif %} - +* **Security campaigns**: Remediate exposed secrets at scale by creating a campaign and collaborating to fix them.{% endif %} * **Security overview**: Understand the distribution of risk across your organization. diff --git a/data/reusables/secret-risk-assessment/report-intro.md b/data/reusables/secret-risk-assessment/report-intro.md deleted file mode 100644 index b9aef4d584e6..000000000000 --- a/data/reusables/secret-risk-assessment/report-intro.md +++ /dev/null @@ -1,4 +0,0 @@ -{% data variables.product.company_short %} provides a **secret risk assessment** report that organization owners and security managers can generate to evaluate the exposure of an organization to leaked secrets. The {% data variables.product.prodname_secret_risk_assessment %} is an **on-demand, point-in-time scan** of the code within an organization that: -* Shows any leaked secrets within the organization -* Shows the kinds of secrets that are leaked outside the organization -* Provides actionable insights for remediation diff --git a/data/reusables/secret-risk-assessment/what-is-scanned.md b/data/reusables/secret-risk-assessment/what-is-scanned.md deleted file mode 100644 index 7e9e709e95d0..000000000000 --- a/data/reusables/secret-risk-assessment/what-is-scanned.md +++ /dev/null @@ -1 +0,0 @@ -The free {% data variables.product.prodname_secret_risk_assessment %} scans _only the code_ in your organization, including the code in archived repositories. You can extend the surface being scanned to cover content in pull requests, issues, wikis, and {% data variables.product.prodname_discussions %} with **{% data variables.product.prodname_GH_secret_protection %}**. diff --git a/data/reusables/secret-scanning/alert-type-links.md b/data/reusables/secret-scanning/alert-type-links.md deleted file mode 100644 index 2726f22f8340..000000000000 --- a/data/reusables/secret-scanning/alert-type-links.md +++ /dev/null @@ -1 +0,0 @@ -For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts){% elsif ghes %}[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-secret-scanning-alerts){% endif %}. diff --git a/data/reusables/secret-scanning/pattern-enablement-org-enterprise-chart.md b/data/reusables/secret-scanning/pattern-enablement-org-enterprise-chart.md new file mode 100644 index 000000000000..cf167044e4d7 --- /dev/null +++ b/data/reusables/secret-scanning/pattern-enablement-org-enterprise-chart.md @@ -0,0 +1,9 @@ + | Column | Description | + |---------------------------------------------|----------------------------------------------| + | Name | Name of the pattern or secret | + | Alert total | Total number of alerts for the pattern (percentage and absolute numbers) | + | False positives | Percentage of false positives for the pattern | + | Bypass rate | Percentage of bypasses for the pattern | + | {% data variables.product.github %} default | Default behavior for push protection, as recommended by {% data variables.product.github %} | + | Enterprise setting | **Uneditable at organization level**
    Current enablement status for push protection
    Can be `Enabled`, `Disabled`, and `Default`.
    At enterprise level, `Default` is the default value. | + | Organization setting | **Only valid at organization level**
    Current enablement status for push protection
    Can be `Enabled`, `Disabled`, and `Enterprise` (inherited from the enterprise).
    `Enterprise` is the default value. | diff --git a/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md b/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md index abd26ff7c8d8..8fec37fa124d 100644 --- a/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md +++ b/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md @@ -6,12 +6,3 @@ > [!NOTE] Organization administrators and security teams can override settings configured at the enterprise level. - | Column | Description | - |---------------------------------------------|----------------------------------------------| - | Name | Name of the pattern or secret | - | Alert total | Total number of alerts for the pattern (percentage and absolute numbers) | - | False positives | Percentage of false positives for the pattern | - | Bypass rate | Percentage of bypasses for the pattern | - | {% data variables.product.github %} default | Default behavior for push protection, as recommended by {% data variables.product.github %} | - | Enterprise setting | **Uneditable at organization level**
    Current enablement status for push protection
    Can be `Enabled`, `Disabled`, and `Default`.
    At enterprise level, `Default` is the default value. | - | Organization setting | **Only valid at organization level**
    Current enablement status for push protection
    Can be `Enabled`, `Disabled`, and `Enterprise` (inherited from the enterprise).
    `Enterprise` is the default value. | diff --git a/data/reusables/security-advisory/private-vulnerability-reporting-benefits.md b/data/reusables/security-advisory/private-vulnerability-reporting-benefits.md index d446e9964797..96c014cb220d 100644 --- a/data/reusables/security-advisory/private-vulnerability-reporting-benefits.md +++ b/data/reusables/security-advisory/private-vulnerability-reporting-benefits.md @@ -1,6 +1,4 @@ -* Less risk of being contacted publicly, or via undesired means. -* Receive reports in the same platform you resolve them in for simplicity -* The security researcher creates or at least initiates the advisory report on the behalf of maintainers. -* Maintainers receive reports in the same platform as the one used to discuss and resolve the advisories. -* Vulnerability less likely to be in the public eye. -* The opportunity to discuss vulnerability details privately with security researchers and collaborate on the patch. +* Receiving reports in the same platform where they are resolved +* Security researchers creating or initiating the advisory report on behalf of maintainers +* Reduced risk of vulnerabilities being in the public eye before a fix is available +* The opportunity to discuss vulnerability details privately with security researchers and collaborate on the patch diff --git a/data/reusables/security-configurations/custom-configuration-intro-ghes.md b/data/reusables/security-configurations/custom-configuration-intro-ghes.md new file mode 100644 index 000000000000..c5a843dc088b --- /dev/null +++ b/data/reusables/security-configurations/custom-configuration-intro-ghes.md @@ -0,0 +1 @@ +When you create a {% data variables.product.prodname_security_configuration %}, you can choose different enablement settings to meet the specific security needs of a group of repositories. diff --git a/data/reusables/security-configurations/custom-security-configurations-enterprise.md b/data/reusables/security-configurations/custom-security-configurations-enterprise.md new file mode 100644 index 000000000000..24a5f1f5ba9d --- /dev/null +++ b/data/reusables/security-configurations/custom-security-configurations-enterprise.md @@ -0,0 +1 @@ +1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). diff --git a/data/reusables/security-configurations/custom-security-configurations-org.md b/data/reusables/security-configurations/custom-security-configurations-org.md new file mode 100644 index 000000000000..6892a9c5c0d7 --- /dev/null +++ b/data/reusables/security-configurations/custom-security-configurations-org.md @@ -0,0 +1,2 @@ +1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). + diff --git a/data/reusables/security-configurations/define-security-configurations.md b/data/reusables/security-configurations/define-security-configurations.md index baffb6a25f6b..48fdf85c5c33 100644 --- a/data/reusables/security-configurations/define-security-configurations.md +++ b/data/reusables/security-configurations/define-security-configurations.md @@ -1 +1 @@ -{% data variables.product.prodname_security_configurations_caps %} are collections of enablement settings for {% data variables.product.company_short %}'s security features that you can apply to any repository within your organization. +{% data variables.product.prodname_security_configurations_caps %} are collections of enablement settings for {% data variables.product.company_short %}'s security features that you can apply to any repository within an organization{% ifversion ghec or security-configuration-enterprise-level %} or enterprise{% endif %}. diff --git a/data/reusables/security-configurations/emu-note.md b/data/reusables/security-configurations/emu-note.md deleted file mode 100644 index a80aea4ab6ec..000000000000 --- a/data/reusables/security-configurations/emu-note.md +++ /dev/null @@ -1,5 +0,0 @@ -{% ifversion ghec %} - -If your enterprise uses {% data variables.product.prodname_emus %}, please note that enterprise-level {% data variables.product.prodname_security_configurations %} are not automatically rolled out to user namespace repositories. There are some additional {% data variables.product.prodname_secret_scanning %} settings that can be applied to user namespace repositories within the enteprise, but you cannot apply enterprise-level {% data variables.product.prodname_security_configurations %} to this type of user-owner repository. - -{% endif %} diff --git a/data/reusables/security-configurations/overview.md b/data/reusables/security-configurations/overview.md deleted file mode 100644 index 6af55e86f2e7..000000000000 --- a/data/reusables/security-configurations/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion security-configurations-cloud %} - -We recommend securing your enterprise with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise). - -{% endif %} - -With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your enterprise. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each organization or group of similar organizations to reflect their different levels of security requirements and compliance obligations. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). diff --git a/data/reusables/security-overview/choose-alert-dismissal-request-view.md b/data/reusables/security-overview/choose-alert-dismissal-request-view.md new file mode 100644 index 000000000000..0c727ccf569c --- /dev/null +++ b/data/reusables/security-overview/choose-alert-dismissal-request-view.md @@ -0,0 +1,4 @@ +1. In the "Requests" section of the sidebar, click any of the following options to review alert dismissal requests for the relevant feature: + * {% octicon "key" aria-hidden="true" aria-label="key" %} **{% data variables.product.prodname_secret_scanning_caps %} alert dismissal** + * {% octicon "codescan" aria-hidden="true" aria-label="codescan" %} **{% data variables.product.prodname_code_scanning_caps %} alert dismissal**{% ifversion dependabot-delegated-alert-dismissal %} + * {% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} **{% data variables.product.prodname_dependabot %} alert dismissal**{% endif %} diff --git a/data/reusables/security-overview/review-an-alert-dismissal-request.md b/data/reusables/security-overview/review-an-alert-dismissal-request.md new file mode 100644 index 000000000000..d10acf39277c --- /dev/null +++ b/data/reusables/security-overview/review-an-alert-dismissal-request.md @@ -0,0 +1,5 @@ +1. Click the request you want to review. +1. Read the contents of the alert, as well as the requester's reasoning for the dismissal request. +1. Next to the dismissal request in the alert timeline, click **Review request**. +1. Provide any comments for the requester in the text box, then select either **Deny request** or **Approve request**. +1. Click **Submit review**. diff --git a/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md b/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md deleted file mode 100644 index a236c8b60c8d..000000000000 --- a/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md +++ /dev/null @@ -1 +0,0 @@ -> [!TIP] You can only generate the report once every 90 days. We recommend that you implement {% data variables.product.prodname_GH_secret_protection %} for continuous secret monitoring and prevention. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection). diff --git a/data/reusables/security/alert-assignee-mention.md b/data/reusables/security/alert-assignee-mention.md index 484ed7c454d2..487d7690b16d 100644 --- a/data/reusables/security/alert-assignee-mention.md +++ b/data/reusables/security/alert-assignee-mention.md @@ -1,5 +1,5 @@ {% ifversion code-secret-alert-assignees %} -In addition, you will receive a notification if someone assigns a {% data variables.product.prodname_secret_scanning %} alert to you, see [Assigning alerts](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns#assigning-alerts). +In addition, you will receive a notification if someone assigns a {% data variables.product.prodname_code_scanning %} or a {% data variables.product.prodname_secret_scanning %} alert to you, see [Assigning alerts](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns#assigning-alerts). {% endif %} diff --git a/data/reusables/security/compliance-report-list.md b/data/reusables/security/compliance-report-list.md index cee554785e01..ca4593832f53 100644 --- a/data/reusables/security/compliance-report-list.md +++ b/data/reusables/security/compliance-report-list.md @@ -1,14 +1,14 @@ {%- ifversion ghec %} * SOC 1, Type 2 -* SOC 2, Type 1 ({% data variables.copilot.copilot_for_business %} only) * SOC 2, Type 2 {%- elsif fpt %} * SOC 3 {%- endif %} * Cloud Security Alliance CAIQ self-assessment (CSA CAIQ - Level 1) -* ISO/IEC 27001:2013 certification +* ISO/IEC 27001:2022 certification {%- ifversion ghec %} * Cloud Security Alliance STAR certification (CSA STAR - Level 2) * {% data variables.product.github %} Bug Bounty Quarterly reports * {% data variables.product.prodname_dotcom_the_website %} Services Continuity and Incident Management Plan +* {% data variables.product.github %} PCI DSS Attestation of Compliance {%- endif %} diff --git a/data/reusables/security/delegated-alert-dismissal-intro.md b/data/reusables/security/delegated-alert-dismissal-intro.md index 79b0dcb4711b..257d6b93e895 100644 --- a/data/reusables/security/delegated-alert-dismissal-intro.md +++ b/data/reusables/security/delegated-alert-dismissal-intro.md @@ -1,23 +1,13 @@ -Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled, users attempting to dismiss an alert will instead create a request for dismissal. +Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled: +* Users with write access to a repository must request to dismiss alerts in that repository. +* Organization owners and security managers can approve or deny dismissal requests, as well as dismiss alerts directly themselves. -Enabling the feature automatically assigns organization owners and security managers with the permission to approve or deny dismissal requests for alerts. This permission is: +You can also use custom roles with the following permissions to let other team members manage requests and dismiss alerts directly: -* "Review and manage {% data variables.product.prodname_code_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_code_scanning %}. +* For {% data variables.product.prodname_code_scanning %}: "Review {% data variables.product.prodname_code_scanning %} alert dismissal requests" and "Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests" +* For {% data variables.product.prodname_secret_scanning %}: "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests" +* For {% data variables.product.prodname_dependabot %}: "Review {% data variables.product.prodname_dependabot %} alert dismissal requests" and "Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests" -* "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_secret_scanning %}. This permission can also be applied to custom roles. Individuals in these custom roles must also have the following permissions, which grant access to alerts in all repositories: +Reviewers are notified of dismissal requests via email, and can either approve the request to dismiss the alert, or deny the request to leave the alert open. After a request is reviewed, the requester is notified of the outcome via email. - * "View {% data variables.product.prodname_secret_scanning %} alerts" - * "Dismiss or reopen {% data variables.product.prodname_secret_scanning %} alerts" - -For more information about these permissions, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-roles). - -To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). - ->[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage before proceeding. - -Reviewers (security managers and organization owners): - -* Get an email notification for requests. These users need to ensure that they can review these lists periodically, so that there is no backlog and that the process is smooth. -* Can process requests in a dedicated view in the "Security" tab of the organization. An alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open. - -Requesters will get an email notification with the decision as to whether the alert can be dismissed or not. +>[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage to review dismissal requests regularly before proceeding. diff --git a/data/reusables/security/production-context-mdc-preview.md b/data/reusables/security/production-context-mdc-preview.md index 83b2160f776d..f75d4892f11f 100644 --- a/data/reusables/security/production-context-mdc-preview.md +++ b/data/reusables/security/production-context-mdc-preview.md @@ -1,2 +1,2 @@ > [!NOTE] -> Production context and the integration with {% data variables.product.prodname_microsoft_defender %} is in {% data variables.release-phases.public_preview %} and subject to change. +> The integration with {% data variables.product.prodname_microsoft_defender %} is in {% data variables.release-phases.public_preview %} and subject to change. diff --git a/data/reusables/support/scope-of-support.md b/data/reusables/support/scope-of-support.md index 4575b418f42c..b189d8bb9009 100644 --- a/data/reusables/support/scope-of-support.md +++ b/data/reusables/support/scope-of-support.md @@ -13,6 +13,7 @@ If your support request is outside of the scope of what our team can help you wi * Cloud provider configurations, such as virtual network setup, custom firewall, or proxy rules * Container orchestration, such as Kubernetes setup, or networking * Detailed assistance with workflows and data management +* Comprehensive support for customization and tool installation on {% data variables.product.prodname_actions %} custom images * Preview features. {% data variables.release-phases.public_preview_caps %}, {% data variables.release-phases.private_preview %}, and {% data variables.release-phases.technical_preview %} features are out of {% data variables.contact.github_support %}'s scope. * {% data variables.product.prodname_copilot %} suggestions diff --git a/data/reusables/webhooks/pull_request_event_api_properties.md b/data/reusables/webhooks/pull_request_event_api_properties.md index afed567c4c5b..807cbad1acaf 100644 --- a/data/reusables/webhooks/pull_request_event_api_properties.md +++ b/data/reusables/webhooks/pull_request_event_api_properties.md @@ -1,7 +1,7 @@ Key | Type | Description ----|------|------------- | {% ifversion fpt or ghec %} | -`action`|`string` | The action that was performed. Can be one of `opened`, `closed`, `reopened`, `assigned`, `unassigned`, `labeled`, and `unlabeled`. +`action`|`string` | The action that was performed. Can be one of `opened`, `closed`, `merged`, `reopened`, `assigned`, `unassigned`, `labeled`, or `unlabeled`. | {% else %} | `action`|`string` | The action that was performed. Can be one of `opened`, `closed`, `reopened`. | {% endif %} | diff --git a/data/tables/copilot/copilot-matrix.yml b/data/tables/copilot/copilot-matrix.yml new file mode 100644 index 000000000000..076b6f5db89e --- /dev/null +++ b/data/tables/copilot/copilot-matrix.yml @@ -0,0 +1,2219 @@ +# NOTE: Within each IDE, versionGroups must be sorted in descending order +# (newest releases first within each group). + +metadata: + title: GitHub Copilot IDE Feature Matrix + supportLevels: + - not-supported + - preview + - supported +ides: + VS Code: + versions: + - 1.108.0 + - 1.107.0 + - 1.106.0 + - 1.105.0 + - 1.104.0 + - 1.103.0 + - 1.102.0 + - 1.101.0 + - 1.100.0 + - 1.99.0 + - 1.98.0 + - 1.97.0 + - 1.96.0 + - 1.95.0 + - 1.94.0 + - 1.80.0 + - 1.70.0 + - 1.60.0 + - 1.57.0 + - 0.0.0 + versionGroups: + latest releases: + - 1.108.0 + - 1.107.0 + - 1.106.0 + - 1.105.0 + - 1.104.0 + 2025 releases: + - 1.108.0 + - 1.107.0 + - 1.106.0 + - 1.105.0 + - 1.104.0 + - 1.103.0 + - 1.102.0 + - 1.101.0 + - 1.100.0 + - 1.99.0 + - 1.98.0 + - 1.97.0 + 2024 releases: + - 1.96.0 + - 1.95.0 + - 1.94.0 + 2023 releases: + - 1.80.0 + 2022 releases: + - 1.70.0 + 2021 releases: + - 1.60.0 + - 1.57.0 + features: + .NET Upgrade Agent: + 1.108.0: not-supported + 1.107.0: not-supported + 1.106.0: not-supported + 1.105.0: not-supported + 1.104.0: not-supported + 1.103.0: not-supported + 1.102.0: not-supported + 1.101.0: not-supported + 1.100.0: not-supported + 1.99.0: not-supported + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Agent skills: + 1.108.0: supported + 1.107.0: not-supported + 1.106.0: not-supported + 1.105.0: not-supported + 1.104.0: not-supported + 1.103.0: not-supported + 1.102.0: not-supported + 1.101.0: not-supported + 1.100.0: not-supported + 1.99.0: not-supported + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Agent mode: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: preview + 1.97.0: preview + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + BYOK: + 1.108.0: preview + 1.107.0: preview + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: preview + 1.99.0: preview + 1.98.0: preview + 1.97.0: preview + 1.96.0: preview + 1.95.0: preview + 1.94.0: preview + 1.80.0: preview + 1.70.0: preview + 1.60.0: preview + 1.57.0: preview + 0.0.0: preview + Chat: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: supported + 1.95.0: supported + 1.94.0: supported + 1.80.0: supported + 1.70.0: supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Checkpoints: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: not-supported + 1.101.0: not-supported + 1.100.0: not-supported + 1.99.0: not-supported + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Code completion: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: supported + 1.95.0: supported + 1.94.0: supported + 1.80.0: supported + 1.70.0: supported + 1.60.0: supported + 1.57.0: preview + 0.0.0: not-supported + Code referencing: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: supported + 1.95.0: supported + 1.94.0: supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Copilot code review: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: preview + 1.97.0: preview + 1.96.0: preview + 1.95.0: preview + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Custom agents: + 1.108.0: supported + 1.107.0: supported + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: not-supported + 1.99.0: not-supported + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Custom chat modes: + 1.108.0: preview + 1.107.0: preview + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: not-supported + 1.99.0: not-supported + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Custom instructions: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: preview + 1.96.0: preview + 1.95.0: preview + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Edit mode: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: preview + 1.95.0: preview + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Extensions: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: supported + 1.95.0: supported + 1.94.0: supported + 1.80.0: supported + 1.70.0: supported + 1.60.0: supported + 1.57.0: supported + 0.0.0: supported + Java Upgrade Agent: + 1.108.0: preview + 1.107.0: preview + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: preview + 1.99.0: preview + 1.98.0: preview + 1.97.0: preview + 1.96.0: preview + 1.95.0: preview + 1.94.0: preview + 1.80.0: preview + 1.70.0: preview + 1.60.0: preview + 1.57.0: preview + 0.0.0: preview + MCP: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: preview + 1.100.0: preview + 1.99.0: preview + 1.98.0: not-supported + 1.97.0: not-supported + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Next edit suggestions: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: preview + 1.97.0: preview + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Prompt files: + 1.108.0: supported + 1.107.0: supported + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: preview + 1.99.0: preview + 1.98.0: preview + 1.97.0: preview + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Vision: + 1.108.0: preview + 1.107.0: preview + 1.106.0: preview + 1.105.0: preview + 1.104.0: preview + 1.103.0: preview + 1.102.0: preview + 1.101.0: preview + 1.100.0: preview + 1.99.0: preview + 1.98.0: preview + 1.97.0: preview + 1.96.0: not-supported + 1.95.0: not-supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Workspace indexing: + 1.108.0: supported + 1.107.0: supported + 1.106.0: supported + 1.105.0: supported + 1.104.0: supported + 1.103.0: supported + 1.102.0: supported + 1.101.0: supported + 1.100.0: supported + 1.99.0: supported + 1.98.0: supported + 1.97.0: supported + 1.96.0: supported + 1.95.0: supported + 1.94.0: not-supported + 1.80.0: not-supported + 1.70.0: not-supported + 1.60.0: not-supported + 1.57.0: not-supported + 0.0.0: not-supported + Visual Studio: + versions: + - 18.0.0 + - 17.14.13 + - 17.14.6 + - 17.14.0 + - 17.13.0 + - 0.0.0 + versionGroups: + latest releases: + - 18.0.0 + - 17.14.13 + - 17.14.6 + - 17.14.0 + - 17.13.0 + 2025 releases: + - 18.0.0 + - 17.14.13 + - 17.14.6 + - 17.14.0 + - 17.13.0 + features: + .NET Upgrade Agent: + 18.0.0: supported + 17.14.13: preview + 17.14.6: preview + 17.14.0: preview + 17.13.0: preview + 0.0.0: preview + Agent skills: + 18.0.0: not-supported + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported + Agent mode: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: preview + 17.13.0: not-supported + 0.0.0: not-supported + BYOK: + 18.0.0: supported + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported + Chat: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: supported + Code completion: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: supported + Code referencing: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: not-supported + Copilot code review: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: supported + Custom instructions: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: supported + Edit mode: + 18.0.0: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: not-supported + Extensions: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: supported + 0.0.0: supported + Java Upgrade Agent: + 18.0.0: not-supported + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported + MCP: + 18.0.0: supported + 17.14.13: supported + 17.14.6: preview + 17.14.0: preview + 17.13.0: not-supported + 0.0.0: not-supported + Next edit suggestions: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: not-supported + 0.0.0: not-supported + Prompt files: + 18.0.0: supported + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported + Vision: + 18.0.0: preview + 17.14.13: preview + 17.14.6: preview + 17.14.0: preview + 17.13.0: preview + 0.0.0: preview + Workspace indexing: + 18.0.0: not-supported + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported + JetBrains: + versions: + - 1.5.54 + - 1.5.53 + - 1.5.49 + - 1.5.45 + - 1.5.43 + - 1.5.41 + - 1.5.39 + - 1.5.0 + - 1.4.0 + - 1.0.1 + - 0.0.0 + versionGroups: + latest releases: + - 1.5.54 + - 1.5.53 + - 1.5.49 + - 1.5.45 + - 1.5.43 + 2025 releases: + - 1.5.54 + - 1.5.53 + - 1.5.49 + - 1.5.45 + - 1.5.43 + - 1.5.41 + - 1.5.0 + - 1.0.1 + 2024 releases: + - 1.5.39 + - 1.4.0 + features: + .NET Upgrade Agent: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Agent skills: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Agent mode: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: preview + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + BYOK: + 1.5.54: preview + 1.5.53: preview + 1.5.49: preview + 1.5.45: preview + 1.5.43: preview + 1.5.41: preview + 1.5.39: preview + 1.5.0: preview + 1.4.0: preview + 1.0.1: preview + 0.0.0: preview + Chat: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: supported + 1.5.39: supported + 1.5.0: supported + 1.4.0: preview + 1.0.1: not-supported + 0.0.0: not-supported + Checkpoints: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Code completion: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: supported + 1.5.39: supported + 1.5.0: supported + 1.4.0: supported + 1.0.1: supported + 0.0.0: preview + Code referencing: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: supported + 1.5.39: supported + 1.5.0: supported + 1.4.0: supported + 1.0.1: supported + 0.0.0: supported + Copilot code review: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: supported + 1.5.39: supported + 1.5.0: supported + 1.4.0: supported + 1.0.1: supported + 0.0.0: supported + Custom chat modes: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Custom instructions: + 1.5.54: preview + 1.5.53: preview + 1.5.49: preview + 1.5.45: preview + 1.5.43: preview + 1.5.41: preview + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Edit mode: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: preview + 1.5.39: preview + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + + Extensions: + 1.5.54: supported + 1.5.53: supported + 1.5.49: supported + 1.5.45: supported + 1.5.43: supported + 1.5.41: supported + 1.5.39: supported + 1.5.0: supported + 1.4.0: supported + 1.0.1: supported + 0.0.0: supported + Java Upgrade Agent: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + MCP: + 0.0.0: not-supported + 1.0.1: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.5.39: not-supported + 1.5.41: not-supported + 1.5.43: not-supported + 1.5.45: preview + 1.5.49: preview + 1.5.53: supported + 1.5.54: supported + Next edit suggestions: + 1.5.54: preview + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Prompt files: + 1.5.54: preview + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Vision: + 1.5.54: preview + 1.5.53: preview + 1.5.49: preview + 1.5.45: preview + 1.5.43: preview + 1.5.41: preview + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Workspace indexing: + 1.5.54: not-supported + 1.5.53: not-supported + 1.5.49: not-supported + 1.5.45: not-supported + 1.5.43: not-supported + 1.5.41: not-supported + 1.5.39: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.0.1: not-supported + 0.0.0: not-supported + Eclipse: + versions: + - 0.14.0 + - 0.13.0 + - 0.12.0 + - 0.11.0 + - 0.10.0 + - 0.9.0 + - 0.8.0 + - 0.7.0 + - 0.6.0 + - 0.5.0 + - 0.4.0 + - 0.3.0 + - 0.2.0 + - 0.1.0 + versionGroups: + latest releases: + - 0.14.0 + - 0.13.0 + - 0.12.0 + - 0.11.0 + - 0.10.0 + 2025 releases: + - 0.14.0 + - 0.13.0 + - 0.12.0 + - 0.11.0 + - 0.10.0 + - 0.9.0 + - 0.8.0 + - 0.7.0 + - 0.6.0 + - 0.5.0 + - 0.4.0 + - 0.3.0 + - 0.2.0 + - 0.1.0 + features: + .NET Upgrade Agent: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Agent skills: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Agent mode: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: preview + 0.7.0: preview + 0.6.0: preview + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + BYOK: + 0.14.0: preview + 0.13.0: preview + 0.12.0: preview + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Chat: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: supported + 0.7.0: supported + 0.6.0: supported + 0.5.0: supported + 0.4.0: preview + 0.3.0: preview + 0.2.0: not-supported + 0.1.0: not-supported + Checkpoints: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Code completion: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: supported + 0.7.0: supported + 0.6.0: supported + 0.5.0: supported + 0.4.0: supported + 0.3.0: supported + 0.2.0: preview + 0.1.0: preview + Code referencing: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: supported + 0.7.0: supported + 0.6.0: supported + 0.5.0: supported + 0.4.0: supported + 0.3.0: supported + 0.2.0: supported + 0.1.0: supported + Copilot code review: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Custom chat modes: + 0.14.0: supported + 0.13.0: supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Custom instructions: + 0.14.0: preview + 0.13.0: preview + 0.12.0: preview + 0.11.0: preview + 0.10.0: preview + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Edit mode: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Extensions: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Java Upgrade Agent: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + MCP: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: preview + 0.8.0: preview + 0.7.0: preview + 0.6.0: preview + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Next edit suggestions: + 0.14.0: preview + 0.13.0: preview + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Prompt files: + 0.14.0: not-supported + 0.13.0: not-supported + 0.12.0: not-supported + 0.11.0: not-supported + 0.10.0: not-supported + 0.9.0: not-supported + 0.8.0: not-supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Vision: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: supported + 0.7.0: not-supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Workspace indexing: + 0.14.0: supported + 0.13.0: supported + 0.12.0: supported + 0.11.0: supported + 0.10.0: supported + 0.9.0: supported + 0.8.0: supported + 0.7.0: supported + 0.6.0: not-supported + 0.5.0: not-supported + 0.4.0: not-supported + 0.3.0: not-supported + 0.2.0: not-supported + 0.1.0: not-supported + Xcode: + versions: + - 0.46.0 + - 0.45.0 + - 0.44.0 + - 0.43.0 + - 0.42.0 + - 0.41.0 + - 0.40.0 + - 0.39.0 + - 0.38.0 + - 0.37.0 + - 0.36.0 + - 0.35.0 + - 0.34.0 + - 0.33.0 + - 0.32.0 + - 0.31.0 + - 0.30.0 + - 0.29.0 + - 0.28.0 + - 0.27.0 + - 0.26.0 + - 0.25.0 + - 0.24.0 + - 0.23.0 + - 0.0.0 + versionGroups: + latest releases: + - 0.46.0 + - 0.45.0 + - 0.44.0 + - 0.43.0 + - 0.42.0 + 2025 releases: + - 0.46.0 + - 0.45.0 + - 0.44.0 + - 0.43.0 + - 0.42.0 + - 0.41.0 + - 0.40.0 + - 0.39.0 + - 0.38.0 + - 0.37.0 + - 0.36.0 + - 0.35.0 + - 0.34.0 + - 0.33.0 + - 0.32.0 + - 0.31.0 + - 0.30.0 + 2024 releases: + - 0.29.0 + - 0.28.0 + - 0.27.0 + - 0.26.0 + - 0.25.0 + - 0.24.0 + - 0.23.0 + - 0.0.0 + features: + .NET Upgrade Agent: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Agent skills: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Agent mode: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: supported + 0.42.0: supported + 0.41.0: supported + 0.40.0: supported + 0.39.0: supported + 0.38.0: supported + 0.37.0: preview + 0.36.0: preview + 0.35.0: preview + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + BYOK: + 0.46.0: preview + 0.45.0: preview + 0.44.0: preview + 0.43.0: preview + 0.42.0: preview + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Chat: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: supported + 0.42.0: supported + 0.41.0: supported + 0.40.0: supported + 0.39.0: supported + 0.38.0: supported + 0.37.0: supported + 0.36.0: supported + 0.35.0: supported + 0.34.0: supported + 0.33.0: supported + 0.32.0: supported + 0.31.0: preview + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Checkpoints: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Code completion: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: supported + 0.42.0: supported + 0.41.0: supported + 0.40.0: supported + 0.39.0: supported + 0.38.0: supported + 0.37.0: supported + 0.36.0: supported + 0.35.0: supported + 0.34.0: supported + 0.33.0: supported + 0.32.0: supported + 0.31.0: supported + 0.30.0: preview + 0.29.0: preview + 0.28.0: preview + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Code referencing: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Copilot code review: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: supported + 0.42.0: supported + 0.41.0: supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Custom chat modes: + 0.46.0: preview + 0.45.0: preview + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Custom instructions: + 0.46.0: preview + 0.45.0: preview + 0.44.0: preview + 0.43.0: preview + 0.42.0: preview + 0.41.0: preview + 0.40.0: preview + 0.39.0: preview + 0.38.0: preview + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Edit mode: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Extensions: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Java Upgrade Agent: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + MCP: + 0.46.0: supported + 0.45.0: supported + 0.44.0: supported + 0.43.0: supported + 0.42.0: supported + 0.41.0: supported + 0.40.0: preview + 0.39.0: preview + 0.38.0: preview + 0.37.0: preview + 0.36.0: preview + 0.35.0: preview + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Next edit suggestions: + 0.46.0: preview + 0.45.0: preview + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Prompt files: + 0.46.0: preview + 0.45.0: preview + 0.44.0: preview + 0.43.0: preview + 0.42.0: preview + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Vision: + 0.46.0: preview + 0.45.0: preview + 0.44.0: preview + 0.43.0: preview + 0.42.0: preview + 0.41.0: preview + 0.40.0: preview + 0.39.0: preview + 0.38.0: preview + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + Workspace indexing: + 0.46.0: not-supported + 0.45.0: not-supported + 0.44.0: not-supported + 0.43.0: not-supported + 0.42.0: not-supported + 0.41.0: not-supported + 0.40.0: not-supported + 0.39.0: not-supported + 0.38.0: not-supported + 0.37.0: not-supported + 0.36.0: not-supported + 0.35.0: not-supported + 0.34.0: not-supported + 0.33.0: not-supported + 0.32.0: not-supported + 0.31.0: not-supported + 0.30.0: not-supported + 0.29.0: not-supported + 0.28.0: not-supported + 0.27.0: not-supported + 0.26.0: not-supported + 0.25.0: not-supported + 0.24.0: not-supported + 0.23.0: not-supported + 0.0.0: not-supported + NeoVim: + versions: + - 1.18.0 + - 1.17.0 + - 1.16.0 + - 1.15.0 + - 1.14.0 + - 1.13.0 + - 1.12.0 + - 1.11.0 + - 1.10.0 + - 1.9.0 + - 1.8.0 + - 1.7.0 + - 1.6.0 + - 1.5.0 + - 1.4.0 + - 1.3.0 + - 1.2.0 + - 1.1.0 + - 1.0.0 + - 0.0.1 + versionGroups: + latest releases: + - 1.18.0 + - 1.17.0 + - 1.16.0 + - 1.15.0 + - 1.14.0 + 2024 releases: + - 1.18.0 + - 1.17.0 + - 1.16.0 + - 1.15.0 + - 1.14.0 + 2023 releases: + - 1.13.0 + - 1.12.0 + - 1.11.0 + - 1.10.0 + - 1.9.0 + 2022 releases: + - 1.8.0 + - 1.7.0 + - 1.6.0 + - 1.5.0 + - 1.4.0 + - 1.3.0 + - 1.2.0 + - 1.1.0 + 2021 releases: + - 1.0.0 + - 0.0.1 + features: + .NET Upgrade Agent: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Agent skills: + 1.18.0: not-supported + 1.17.0: not-supported + 1.16.0: not-supported + 1.15.0: not-supported + 1.14.0: not-supported + 1.13.0: not-supported + 1.12.0: not-supported + 1.11.0: not-supported + 1.10.0: not-supported + 1.9.0: not-supported + 1.8.0: not-supported + 1.7.0: not-supported + 1.6.0: not-supported + 1.5.0: not-supported + 1.4.0: not-supported + 1.3.0: not-supported + 1.2.0: not-supported + 1.1.0: not-supported + 1.0.0: not-supported + 0.0.1: not-supported + Agent mode: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + BYOK: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Chat: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Checkpoints: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Code completion: + 0.0.1: preview + 1.0.0: supported + 1.1.0: supported + 1.2.0: supported + 1.3.0: supported + 1.4.0: supported + 1.5.0: supported + 1.6.0: supported + 1.7.0: supported + 1.8.0: supported + 1.9.0: supported + 1.10.0: supported + 1.11.0: supported + 1.12.0: supported + 1.13.0: supported + 1.14.0: supported + 1.15.0: supported + 1.16.0: supported + 1.17.0: supported + 1.18.0: supported + Code referencing: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Copilot code review: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Custom chat modes: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Custom instructions: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Edit mode: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Extensions: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Java Upgrade Agent: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + MCP: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Next edit suggestions: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Prompt files: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Vision: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported + Workspace indexing: + 0.0.1: not-supported + 1.0.0: not-supported + 1.1.0: not-supported + 1.2.0: not-supported + 1.3.0: not-supported + 1.4.0: not-supported + 1.5.0: not-supported + 1.6.0: not-supported + 1.7.0: not-supported + 1.8.0: not-supported + 1.9.0: not-supported + 1.10.0: not-supported + 1.11.0: not-supported + 1.12.0: not-supported + 1.13.0: not-supported + 1.14.0: not-supported + 1.15.0: not-supported + 1.16.0: not-supported + 1.17.0: not-supported + 1.18.0: not-supported diff --git a/data/tables/copilot/model-comparison.yml b/data/tables/copilot/model-comparison.yml new file mode 100644 index 000000000000..8fe60bb91415 --- /dev/null +++ b/data/tables/copilot/model-comparison.yml @@ -0,0 +1,127 @@ +# Please keep this list sorted in the following order: +# 1. By provider, in this order: +# - OpenAI +# - Anthropic +# - Google +# - xAI +# 2. Within each provider group, alphabetically by model name. + +# OpenAI +- name: GPT-4.1 + task_area: General-purpose coding and writing + excels_at: Fast, accurate code completions and explanations + further_reading: '[GPT-4.1 model card](https://openai.com/index/gpt-4-1/)' + +- name: GPT-5 + task_area: Deep reasoning and debugging + excels_at: Multi-step problem solving and architecture-level code analysis + further_reading: '[GPT-5 model card](https://cdn.openai.com/gpt-5-system-card.pdf)' + +- name: GPT-5-Codex + task_area: General-purpose coding and writing + excels_at: Fast, accurate code completions and explanations + further_reading: '[GPT-5-Codex model card](https://cdn.openai.com/pdf/97cc5669-7a25-4e63-b15f-5fd5bdc4d149/gpt-5-codex-system-card.pdf)' + +- name: GPT-5 mini + task_area: General-purpose coding and writing + excels_at: Fast, accurate code completions and explanations + further_reading: '[GPT-5 mini model card](https://cdn.openai.com/gpt-5-system-card.pdf)' + +- name: GPT-5.1 + task_area: Deep reasoning and debugging + excels_at: Multi-step problem solving and architecture-level code analysis + further_reading: '[GPT-5.1 model card](https://cdn.openai.com/pdf/4173ec8d-1229-47db-96de-06d87147e07e/5_1_system_card.pdf)' + +- name: GPT-5.1-Codex + task_area: Deep reasoning and debugging + excels_at: Multi-step problem solving and architecture-level code analysis + further_reading: 'Not available' + +- name: GPT-5.1 Codex Max + task_area: Agentic software development + excels_at: Agentic tasks + further_reading: '[GPT-5.1-Codex-Max model card](https://cdn.openai.com/pdf/2a7d98b1-57e5-4147-8d0e-683894d782ae/5p1_codex_max_card_03.pdf)' + +- name: GPT-5.1-Codex-Mini + task_area: Deep reasoning and debugging + excels_at: Multi-step problem solving and architecture-level code analysis + further_reading: 'Not available' + +- name: GPT-5.2 + task_area: Deep reasoning and debugging + excels_at: Multi-step problem solving and architecture-level code analysis + further_reading: '[GPT-5.2 model card](https://cdn.openai.com/pdf/3a4153c8-c748-4b71-8e31-aecbde944f8d/oai_5_2_system-card.pdf)' + +- name: GPT-5.2-Codex + task_area: Agentic software development + excels_at: Agentic tasks + further_reading: '[GPT-5.2-Codex model card](https://cdn.openai.com/pdf/ac7c37ae-7f4c-4442-b741-2eabdeaf77e0/oai_5_2_Codex.pdf)' + +# Anthropic +- name: Claude Haiku 4.5 + task_area: Fast help with simple or repetitive tasks + excels_at: Fast, reliable answers to lightweight coding questions + further_reading: '[Claude Haiku 4.5 model card](https://assets.anthropic.com/m/99128ddd009bdcb/Claude-Haiku-4-5-System-Card.pdf)' + +- name: Claude Opus 4.1 + task_area: Deep reasoning and debugging + excels_at: Complex problem-solving challenges, sophisticated reasoning + further_reading: '[Claude Opus 4.1 model card](https://assets.anthropic.com/m/4c024b86c698d3d4/original/Claude-4-1-System-Card.pdf)' + +- name: Claude Opus 4.5 + task_area: Deep reasoning and debugging + excels_at: Complex problem-solving challenges, sophisticated reasoning + further_reading: '[Claude Opus 4.5 model card](https://assets.anthropic.com/m/64823ba7485345a7/Claude-Opus-4-5-System-Card.pdf)' + +- name: Claude Opus 4.6 + task_area: Deep reasoning and debugging + excels_at: Complex problem-solving challenges, sophisticated reasoning + further_reading: '[Claude Opus 4.6 model card](https://www-cdn.anthropic.com/14e4fb01875d2a69f646fa5e574dea2b1c0ff7b5.pdf)' + +- name: Claude Opus 4.6 (fast mode) (preview) + task_area: Deep reasoning and debugging + excels_at: Complex problem-solving challenges, sophisticated reasoning + further_reading: 'Not available' + +- name: Claude Sonnet 4.0 + task_area: Deep reasoning and debugging + excels_at: Performance and practicality, perfectly balanced for coding workflows + further_reading: '[Claude Sonnet 4.0 model card](https://www-cdn.anthropic.com/6be99a52cb68eb70eb9572b4cafad13df32ed995.pdf)' + +- name: Claude Sonnet 4.5 + task_area: General-purpose coding and agent tasks + excels_at: Complex problem-solving challenges, sophisticated reasoning + further_reading: '[Claude Sonnet 4.5 model card](https://assets.anthropic.com/m/12f214efcc2f457a/original/Claude-Sonnet-4-5-System-Card.pdf)' + +# Google +- name: Gemini 2.5 Pro + task_area: Deep reasoning and debugging + excels_at: Complex code generation, debugging, and research workflows + further_reading: '[Gemini 2.5 Pro model card](https://storage.googleapis.com/model-cards/documents/gemini-2.5-pro.pdf)' + +- name: Gemini 3 Flash + task_area: Fast help with simple or repetitive tasks + excels_at: Fast, reliable answers to lightweight coding questions + further_reading: '[Gemini 3 Flash model card](https://storage.googleapis.com/deepmind-media/Model-Cards/Gemini-3-Flash-Model-Card.pdf)' + +- name: Gemini 3 Pro + task_area: Deep reasoning and debugging + excels_at: Complex code generation, debugging, and research workflows + further_reading: '[Gemini 3 Pro model card](https://storage.googleapis.com/deepmind-media/Model-Cards/Gemini-3-Pro-Model-Card.pdf)' + +# xAI +- name: Grok Code Fast 1 + task_area: General-purpose coding and writing + excels_at: Fast, accurate code completions and explanations + further_reading: '[Grok Code Fast 1 model card](https://data.x.ai/2025-08-20-grok-4-model-card.pdf)' + +# Other providers (alphabetized by model name) +- name: Qwen2.5 + task_area: General-purpose coding and writing + excels_at: Code generation, reasoning, and code repair / debugging + further_reading: '[Qwen2.5 model card](https://arxiv.org/pdf/2409.12186)' + +- name: Raptor mini + task_area: General-purpose coding and writing + excels_at: Fast, accurate code completions and explanations + further_reading: 'Coming soon' diff --git a/data/tables/copilot/model-deprecation-history.yml b/data/tables/copilot/model-deprecation-history.yml index b97d7b5d9887..951da69e1afd 100644 --- a/data/tables/copilot/model-deprecation-history.yml +++ b/data/tables/copilot/model-deprecation-history.yml @@ -11,6 +11,18 @@ # - retirement_date: The official retirement date for the model (YYYY-MM-DD). # - suggested_alternative: The model recommended for migration. +- name: 'Claude Opus 4.1' + retirement_date: '2026-02-17' + suggested_alternative: 'Claude Opus 4.5' + +- name: 'GPT-5' + retirement_date: '2026-02-17' + suggested_alternative: 'GPT-5.2' + +- name: 'GPT-5-Codex' + retirement_date: '2026-02-17' + suggested_alternative: 'GPT-5.1-Codex' + - name: 'Claude Sonnet 3.5' retirement_date: '2025-11-06' suggested_alternative: 'Claude Haiku 4.5' diff --git a/data/tables/copilot/model-multipliers.yml b/data/tables/copilot/model-multipliers.yml index be527e0b1deb..4283c91a8f53 100644 --- a/data/tables/copilot/model-multipliers.yml +++ b/data/tables/copilot/model-multipliers.yml @@ -18,7 +18,15 @@ multiplier_free: Not applicable - name: Claude Opus 4.5 - multiplier_paid: 1 (**3** after Dec 5, 2025) + multiplier_paid: 3 + multiplier_free: Not applicable + +- name: Claude Opus 4.6 + multiplier_paid: 3 + multiplier_free: Not applicable + +- name: Claude Opus 4.6 (fast mode) (preview) + multiplier_paid: 9 during promotional period multiplier_free: Not applicable - name: Claude Sonnet 4 @@ -33,6 +41,10 @@ multiplier_paid: 1 multiplier_free: Not applicable +- name: Gemini 3 Flash + multiplier_paid: 0.33 + multiplier_free: Not applicable + - name: Gemini 3 Pro multiplier_paid: 1 multiplier_free: Not applicable @@ -73,6 +85,18 @@ multiplier_paid: 1.0 multiplier_free: Not applicable +- name: GPT-5.2 + multiplier_paid: 1.0 + multiplier_free: Not applicable + +- name: GPT-5.2-Codex + multiplier_paid: 1.0 + multiplier_free: Not applicable + +- name: GPT-5.3-Codex + multiplier_paid: 1.0 + multiplier_free: Not applicable + - name: Grok Code Fast 1 multiplier_paid: 0.25 multiplier_free: Not applicable diff --git a/data/tables/copilot/model-release-status.yml b/data/tables/copilot/model-release-status.yml index ccec7b367bd9..d80e799a53ee 100644 --- a/data/tables/copilot/model-release-status.yml +++ b/data/tables/copilot/model-release-status.yml @@ -27,7 +27,7 @@ - name: 'GPT-5' provider: 'OpenAI' - release_status: 'GA' + release_status: 'Closing down: 2026-02-17' agent_mode: true ask_mode: true edit_mode: true @@ -41,21 +41,21 @@ - name: 'GPT-5-Codex' provider: 'OpenAI' - release_status: 'Public preview' + release_status: 'Closing down: 2026-02-17' agent_mode: true ask_mode: true edit_mode: true - name: 'GPT-5.1' provider: 'OpenAI' - release_status: 'Public preview' + release_status: 'GA' agent_mode: true ask_mode: true edit_mode: true - name: 'GPT-5.1-Codex' provider: 'OpenAI' - release_status: 'Public preview' + release_status: 'GA' agent_mode: true ask_mode: true edit_mode: true @@ -69,7 +69,28 @@ - name: 'GPT-5.1-Codex-Max' provider: 'OpenAI' - release_status: 'Public preview' + release_status: 'GA' + agent_mode: true + ask_mode: true + edit_mode: true + +- name: 'GPT-5.2' + provider: 'OpenAI' + release_status: 'GA' + agent_mode: true + ask_mode: true + edit_mode: true + +- name: 'GPT-5.2-Codex' + provider: 'OpenAI' + release_status: 'GA' + agent_mode: true + ask_mode: true + edit_mode: true + +- name: 'GPT-5.3-Codex' + provider: 'OpenAI' + release_status: 'GA' agent_mode: true ask_mode: true edit_mode: true @@ -84,12 +105,26 @@ - name: 'Claude Opus 4.1' provider: 'Anthropic' - release_status: 'GA' + release_status: 'Closing down: 2026-02-17' agent_mode: false ask_mode: true edit_mode: true - name: 'Claude Opus 4.5' + provider: 'Anthropic' + release_status: 'GA' + agent_mode: true + ask_mode: true + edit_mode: true + +- name: 'Claude Opus 4.6' + provider: 'Anthropic' + release_status: 'GA' + agent_mode: true + ask_mode: true + edit_mode: true + +- name: 'Claude Opus 4.6 (fast mode) (preview)' provider: 'Anthropic' release_status: 'Public preview' agent_mode: true @@ -119,6 +154,13 @@ ask_mode: true edit_mode: true +- name: 'Gemini 3 Flash' + provider: 'Google' + release_status: 'Public preview' + agent_mode: true + ask_mode: true + edit_mode: true + - name: 'Gemini 3 Pro' provider: 'Google' release_status: 'Public preview' diff --git a/data/tables/copilot/model-supported-clients.yml b/data/tables/copilot/model-supported-clients.yml index db706336e61d..39425fc65a6e 100644 --- a/data/tables/copilot/model-supported-clients.yml +++ b/data/tables/copilot/model-supported-clients.yml @@ -37,6 +37,22 @@ xcode: true jetbrains: true +- name: Claude Opus 4.6 + dotcom: true + vscode: true + vs: true + eclipse: false + xcode: false + jetbrains: false + +- name: Claude Opus 4.6 (fast mode) (preview) + dotcom: false + vscode: true + vs: false + eclipse: false + xcode: false + jetbrains: false + - name: Claude Sonnet 4 dotcom: true vscode: true @@ -61,13 +77,21 @@ xcode: true jetbrains: true +- name: Gemini 3 Flash + dotcom: true + vscode: true + vs: true + eclipse: true + xcode: true + jetbrains: true + - name: Gemini 3 Pro dotcom: true vscode: true - vs: false - eclipse: false - xcode: false - jetbrains: false + vs: true + eclipse: true + xcode: true + jetbrains: true - name: GPT-4.1 dotcom: true @@ -104,7 +128,7 @@ - name: GPT-5.1 dotcom: true vscode: true - vs: false + vs: true eclipse: true xcode: true jetbrains: true @@ -126,6 +150,30 @@ jetbrains: true - name: GPT-5.1-Codex-Max + dotcom: true + vscode: true + vs: true + eclipse: true + xcode: true + jetbrains: true + +- name: GPT-5.2 + dotcom: true + vscode: true + vs: true + eclipse: true + xcode: true + jetbrains: true + +- name: GPT-5.2-Codex + dotcom: true + vscode: true + vs: true + eclipse: true + xcode: true + jetbrains: true + +- name: GPT-5.3-Codex dotcom: true vscode: true vs: false diff --git a/data/tables/copilot/model-supported-plans.yml b/data/tables/copilot/model-supported-plans.yml index 2a4fdd5f5f1f..508b90d14d35 100644 --- a/data/tables/copilot/model-supported-plans.yml +++ b/data/tables/copilot/model-supported-plans.yml @@ -33,6 +33,20 @@ business: true enterprise: true +- name: Claude Opus 4.6 + free: false + pro: true + pro_plus: true + business: true + enterprise: true + +- name: Claude Opus 4.6 (fast mode) (preview) + free: false + pro: false + pro_plus: true + business: false + enterprise: true + - name: Claude Sonnet 4 free: false pro: true @@ -54,6 +68,13 @@ business: true enterprise: true +- name: Gemini 3 Flash + free: false + pro: true + pro_plus: true + business: true + enterprise: true + - name: Gemini 3 Pro free: false pro: true @@ -117,6 +138,27 @@ business: true enterprise: true +- name: GPT-5.2 + free: false + pro: true + pro_plus: true + business: true + enterprise: true + +- name: GPT-5.2-Codex + free: false + pro: true + pro_plus: true + business: true + enterprise: true + +- name: GPT-5.3-Codex + free: false + pro: true + pro_plus: true + business: true + enterprise: true + - name: Grok Code Fast 1 free: false pro: true diff --git a/data/ui.yml b/data/ui.yml index 1e3986a0f4ec..1f6257f545fe 100644 --- a/data/ui.yml +++ b/data/ui.yml @@ -98,6 +98,7 @@ pages: about_versions: About versions permissions_callout_title: Who can use this feature? video_from_transcript: See video for this transcript + view_page_as_markdown: View page as Markdown support: still_need_help: Still need help? contact_support: Contact support @@ -258,6 +259,7 @@ footer: machine: Some of this content may be machine- or AI-translated. journey_landing: articles: '{{ number }} Articles' + articles_heading: Articles product_landing: article_grid: heading: Articles @@ -344,6 +346,9 @@ cookbook_landing: category: Category complexity: Complexity +carousels: + recommended: Recommended + not_found: title: Ooops! message: It looks like this page doesn't exist. diff --git a/data/variables/copilot.yml b/data/variables/copilot.yml index 8d0846baa8cf..f3b85b721d02 100644 --- a/data/variables/copilot.yml +++ b/data/variables/copilot.yml @@ -72,6 +72,7 @@ copilot_cli_short: 'Copilot CLI' copilot_cli: 'GitHub Copilot CLI' copilot_old-cli_short: 'Copilot in the CLI' copilot_old-cli: 'GitHub Copilot in the CLI' +copilot_cli_npm_version: 'Node.js 22 or later' ## Copilot custom agents copilot_custom_agent: 'Copilot custom agent' @@ -119,6 +120,7 @@ copilot_extensibility_platform_short: 'Copilot Extensibility Platform' copilot_extensibility_platform: 'GitHub Copilot Extensibility Platform' copilot_for_prs: 'Copilot pull request summaries' copilot_prs_short: 'pull request summaries' +copilot_memory: 'Copilot Memory' copilot_in_support: 'Copilot in GitHub Support' copilot_preview_features: 'Copilot preview features' copilot_sku_isolation: 'Copilot subscription-based network routing' @@ -139,6 +141,8 @@ copilot_claude_haiku_45: 'Claude Haiku 4.5' copilot_claude_opus: 'Claude Opus 4' copilot_claude_opus_41: 'Claude Opus 4.1' copilot_claude_opus_45: 'Claude Opus 4.5' +copilot_claude_opus_46: 'Claude Opus 4.6' +copilot_claude_opus_46_fast: 'Claude Opus 4.6 (fast mode) (preview)' copilot_claude_sonnet: 'Claude Sonnet' copilot_claude_sonnet_35: 'Claude Sonnet 3.5' copilot_claude_sonnet_37: 'Claude Sonnet 3.7' @@ -147,6 +151,7 @@ copilot_claude_sonnet_45: 'Claude Sonnet 4.5' # Gemini: copilot_gemini: 'Gemini' copilot_gemini_flash: 'Gemini 2.0 Flash' +copilot_gemini_3_flash: 'Gemini 3 Flash' copilot_gemini_25_pro: 'Gemini 2.5 Pro' copilot_gemini_3_pro: 'Gemini 3 Pro' # OpenAI GPT series: @@ -159,6 +164,9 @@ copilot_gpt_51: 'GPT-5.1' copilot_gpt_51_codex: 'GPT-5.1-Codex' copilot_gpt_51_codex_mini: 'GPT-5.1-Codex-Mini' copilot_gpt_51_codex_max: 'GPT-5.1-Codex-Max' +copilot_gpt_52: 'GPT-5.2' +copilot_gpt_52_codex: 'GPT-5.2-Codex' +copilot_gpt_53_codex: 'GPT-5.3-Codex' # OpenAI 'o' series: copilot_o3: 'o3' copilot_o4_mini: 'o4-mini' diff --git a/data/variables/migrations.yml b/data/variables/migrations.yml index a7c3c30c719b..c3b59e809e36 100644 --- a/data/variables/migrations.yml +++ b/data/variables/migrations.yml @@ -6,3 +6,6 @@ source_imports_intro: >- You can use these endpoints to start an import from a Git repository hosted with another service. This is the same functionality as the {% data variables.product.prodname_dotcom %} Importer. For more information, see [AUTOTITLE](/migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer). +enterprise_cloud_with_data_residency: >- + > [!NOTE] + These endpoints are currently unavailable on [AUTOTITLE](/admin/data-residency). diff --git a/data/variables/product.yml b/data/variables/product.yml index e312ead6376f..56ad1cf02657 100644 --- a/data/variables/product.yml +++ b/data/variables/product.yml @@ -173,6 +173,7 @@ prodname_container_registries: 'Container registries' prodname_docker_registry_namespace: '{% ifversion fpt or ghec %}`docker.pkg.github.com`{% elsif ghes %}docker.HOSTNAME{% endif %}' prodname_container_registry_namespace: '{% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes %}containers.HOSTNAME{% endif %}' prodname_npm_registry: 'npm registry' +virtual_registry: 'linked artifacts page' # GitHub Insights prodname_insights: 'GitHub Insights' @@ -378,3 +379,6 @@ graphql_url: >- # OpenAI Codex prodname_openai_codex: 'OpenAI Codex' + +# Anthropic Claude +prodname_anthropic_claude: 'Anthropic Claude' diff --git a/data/variables/secret-scanning.yml b/data/variables/secret-scanning.yml index 294a25693c23..4c558333c338 100644 --- a/data/variables/secret-scanning.yml +++ b/data/variables/secret-scanning.yml @@ -17,9 +17,9 @@ roi-calculator: 'ROI calculator' pricing-calculator: 'pricing calculator' # Secret risk assessment call to action links. If changing the links below, also update the hard-coded link in /code-security/index.md -secret-risk-assessment-cta-link: '/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment' +secret-risk-assessment-cta-link: '/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk' secret-risk-assessment-cta-text: 'Find out how to run a free secret risk assessment' -secret-risk-assessment-cta-product: '[{% data variables.secret-scanning.secret-risk-assessment-cta-text %}](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment)' +secret-risk-assessment-cta-product: '[{% data variables.secret-scanning.secret-risk-assessment-cta-text %}](/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk#generating-an-initial-secret-risk-assessment)' # Combined to provide a secret to demonstrate push protection. Dummy secret, no access. learner-example-secret-a: 'secret_scanning_ab85fc6f8d76' diff --git a/empty.ts b/empty.ts index 4e0a2c5f275b..57ea2e90587f 100644 --- a/empty.ts +++ b/empty.ts @@ -1,3 +1,12 @@ // Empty module to satisfy Turbopack resolveAlias fallback for Node.js modules // See turbopack config in next.config.ts + +// No-op function that returns itself for chaining +export const createLogger = () => ({ + info: () => {}, + warn: () => {}, + error: () => {}, + debug: () => {}, +}) + export default {} diff --git a/eslint.config.ts b/eslint.config.ts index c0937d6df79c..b1e162654557 100644 --- a/eslint.config.ts +++ b/eslint.config.ts @@ -12,6 +12,7 @@ import noOnlyTests from 'eslint-plugin-no-only-tests' import prettierPlugin from 'eslint-plugin-prettier' import prettier from 'eslint-config-prettier' import globals from 'globals' +import customRules from 'eslint-plugin-custom-rules' export default [ { @@ -57,6 +58,7 @@ export default [ '@typescript-eslint': tseslint, 'primer-react': primerReact, 'jsx-a11y': jsxA11y, + 'custom-rules': customRules, }, rules: { // ESLint recommended rules @@ -97,18 +99,297 @@ export default [ // Disabled rules to review 'no-console': 'off', // 800+ - '@typescript-eslint/no-explicit-any': 'off', // 1000+ + + // Custom rules (disabled by default for now) + 'custom-rules/use-custom-logger': 'off', + }, + }, + + // Configuration for eslint-rules directory (CommonJS JavaScript files) + { + files: ['src/eslint-rules/**/*.js'], + languageOptions: { + ecmaVersion: 2022, + sourceType: 'script', + globals: { + ...globals.node, + ...globals.commonjs, + ...globals.es2020, + }, + }, + plugins: { + github, + import: importPlugin, + 'eslint-comments': eslintComments, + filenames, + 'no-only-tests': noOnlyTests, + prettier: prettierPlugin, + }, + rules: { + // ESLint recommended rules + ...js.configs.recommended.rules, + + // GitHub plugin recommended rules + ...github.configs.recommended.rules, + + // Import plugin error rules + ...importPlugin.configs.errors.rules, + + // Allow CommonJS in eslint rules + 'import/no-commonjs': 'off', + + // Overrides + 'import/extensions': ['error', { json: 'always' }], + 'no-empty': ['error', { allowEmptyCatch: true }], + 'prefer-const': ['error', { destructuring: 'all' }], + + // Disabled rules + 'i18n-text/no-en': 'off', + 'filenames/match-regex': 'off', + camelcase: 'off', + 'no-console': 'off', + }, + }, + + // Disable custom logger rule for logger implementation itself + { + files: ['src/observability/logger/**/*.{ts,js}'], + rules: { + 'custom-rules/use-custom-logger': 'off', + }, + }, + + // Override for scripts, tests, workflows, content-linter, and React files (disable custom logger rule) + { + files: [ + '**/scripts/**/*.{ts,js}', + '**/tests/**/*.{ts,js}', + 'src/workflows/**/*.{ts,js}', + 'src/content-linter/**/*.{ts,js}', + '**/*.{tsx,jsx}', + ], + rules: { + 'custom-rules/use-custom-logger': 'off', + }, + }, + + // Allow namespace imports for @actions/core (ESM-only in v3.0.0) + { + files: [ + '.github/actions/**/*.ts', + 'src/workflows/**/*.ts', + 'src/links/scripts/**/*.ts', + 'src/content-linter/scripts/**/*.ts', + ], + rules: { + 'import/no-namespace': 'off', + }, + }, + + // Legacy files with @typescript-eslint/no-explicit-any violations (see github/docs-engineering#5797) + { + files: [ + 'src/article-api/liquid-renderers/rest-tags.ts', + 'src/article-api/scripts/generate-api-docs.ts', + 'src/article-api/transformers/audit-logs-transformer.ts', + 'src/article-api/transformers/rest-transformer.ts', + 'src/assets/scripts/validate-asset-images.ts', + 'src/automated-pipelines/tests/rendering.ts', + 'src/codeql-cli/scripts/convert-markdown-for-docs.ts', + 'src/content-linter/lib/helpers/get-lintable-yml.ts', + 'src/content-linter/lib/helpers/print-annotations.ts', + 'src/content-linter/lib/helpers/utils.ts', + 'src/content-linter/lib/init-test.ts', + 'src/content-linter/lib/linting-rules/code-annotations.ts', + 'src/content-linter/lib/linting-rules/index.ts', + 'src/content-linter/lib/linting-rules/internal-links-no-lang.ts', + 'src/content-linter/lib/linting-rules/journey-tracks-liquid.ts', + 'src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts', + 'src/content-linter/lib/linting-rules/liquid-versioning.ts', + 'src/content-linter/lib/linting-rules/third-party-action-pinning.ts', + 'src/content-linter/scripts/lint-content.ts', + 'src/content-linter/scripts/pretty-print-results.ts', + 'src/content-linter/style/base.ts', + 'src/content-linter/tests/integration/lint-cli.ts', + 'src/content-linter/tests/learning-track-liquid.ts', + 'src/content-linter/tests/lint-files.ts', + 'src/content-linter/tests/lint-frontmatter-links.ts', + 'src/content-linter/tests/unit/table-column-integrity-simple.ts', + 'src/content-render/liquid/engine.ts', + 'src/content-render/liquid/ifversion.ts', + 'src/content-render/liquid/indented-data-reference.ts', + 'src/content-render/liquid/index.ts', + 'src/content-render/liquid/octicon.ts', + 'src/content-render/scripts/add-content-type.ts', + 'src/content-render/scripts/liquid-tags.ts', + 'src/content-render/scripts/move-by-content-type.ts', + 'src/content-render/scripts/move-content.ts', + 'src/content-render/tests/data.ts', + 'src/content-render/tests/link-error-line-numbers.ts', + 'src/content-render/unified/alerts.ts', + 'src/content-render/unified/annotate.ts', + 'src/content-render/unified/code-header.ts', + 'src/content-render/unified/copilot-prompt.ts', + 'src/content-render/unified/heading-links.ts', + 'src/content-render/unified/index.ts', + 'src/content-render/unified/module-types.d.ts', + 'src/content-render/unified/parse-info-string.ts', + 'src/content-render/unified/rewrite-empty-table-rows.ts', + 'src/content-render/unified/rewrite-for-rowheaders.ts', + 'src/content-render/unified/rewrite-local-links.ts', + 'src/content-render/unified/rewrite-table-captions.ts', + 'src/content-render/unified/rewrite-thead-th-scope.ts', + 'src/data-directory/lib/data-directory.ts', + 'src/data-directory/lib/data-schemas/features.ts', + 'src/data-directory/lib/data-schemas/learning-tracks.ts', + 'src/data-directory/lib/get-data.ts', + 'src/data-directory/scripts/find-orphaned-features/find.ts', + 'src/dev-toc/generate.ts', + 'src/early-access/scripts/migrate-early-access-product.ts', + 'src/early-access/scripts/what-docs-early-access-branch.ts', + 'src/events/components/events.ts', + 'src/events/components/experiments/experiment.ts', + 'src/events/lib/analyze-comment.ts', + 'src/events/lib/hydro.ts', + 'src/events/lib/middleware-errors.ts', + 'src/events/middleware.ts', + 'src/fixtures/tests/categories-and-subcategory.ts', + 'src/fixtures/tests/glossary.ts', + 'src/fixtures/tests/guides.ts', + 'src/fixtures/tests/homepage.ts', + 'src/fixtures/tests/liquid.ts', + 'src/fixtures/tests/markdown.ts', + 'src/fixtures/tests/translations.ts', + 'src/frame/components/context/ArticleContext.tsx', + 'src/frame/components/context/CategoryLandingContext.tsx', + 'src/frame/components/context/MainContext.tsx', + 'src/frame/components/context/TocLandingContext.tsx', + 'src/frame/components/hooks/useQueryParam.ts', + 'src/frame/components/ui/BumpLink/BumpLink.tsx', + 'src/frame/lib/create-tree.ts', + 'src/frame/lib/frontmatter.ts', + 'src/frame/lib/get-remote-json.ts', + 'src/frame/lib/page-data.ts', + 'src/frame/lib/page.ts', + 'src/frame/lib/read-file-contents.ts', + 'src/frame/lib/read-frontmatter.ts', + 'src/frame/lib/read-json-file.ts', + 'src/frame/middleware/find-page.ts', + 'src/frame/middleware/resolve-carousels.ts', + 'src/frame/middleware/set-fastly-surrogate-key.ts', + 'src/frame/tests/page.ts', + 'src/frame/tests/read-frontmatter.ts', + 'src/frame/tests/server.ts', + 'src/ghes-releases/scripts/deprecate/update-content.ts', + 'src/github-apps/lib/index.ts', + 'src/graphql/lib/index.ts', + 'src/graphql/pages/breaking-changes.tsx', + 'src/graphql/pages/changelog.tsx', + 'src/graphql/pages/reference.tsx', + 'src/graphql/pages/schema-previews.tsx', + 'src/graphql/scripts/build-changelog.ts', + 'src/graphql/scripts/utils/process-previews.ts', + 'src/graphql/scripts/utils/process-schemas.ts', + 'src/graphql/scripts/utils/schema-helpers.ts', + 'src/graphql/tests/validate-schema.ts', + 'src/journeys/lib/journey-path-resolver.ts', + 'src/journeys/middleware/journey-track.ts', + 'src/landings/components/CookBookFilter.tsx', + 'src/landings/components/ProductGuidesContext.tsx', + 'src/landings/components/ProductLandingContext.tsx', + 'src/landings/components/SidebarProduct.tsx', + 'src/landings/pages/home.tsx', + 'src/landings/pages/product.tsx', + 'src/landings/tests/octicons.test.ts', + 'src/languages/lib/correct-translation-content.ts', + 'src/languages/lib/get-alert-titles.ts', + 'src/languages/lib/render-with-fallback.ts', + 'src/languages/lib/translation-utils.ts', + 'src/learning-track/lib/process-learning-tracks.ts', + 'src/links/lib/update-internal-links.ts', + 'src/links/scripts/check-github-github-links.ts', + 'src/links/scripts/update-internal-links.ts', + 'src/links/tests/extract-links.ts', + 'src/observability/logger/index.ts', + 'src/observability/logger/lib/logger-context.ts', + 'src/observability/logger/lib/to-logfmt.ts', + 'src/observability/middleware/catch-middleware-error.ts', + 'src/observability/tests/logger.ts', + 'src/observability/tests/to-logfmt.test.ts', + 'src/pages/_error.tsx', + 'src/products/tests/get-product-groups.ts', + 'src/redirects/middleware/handle-redirects.ts', + 'src/rest/components/get-rest-code-samples.ts', + 'src/rest/lib/index.ts', + 'src/rest/pages/category.tsx', + 'src/rest/pages/subcategory.tsx', + 'src/rest/scripts/utils/create-rest-examples.ts', + 'src/rest/scripts/utils/get-operations.ts', + 'src/rest/scripts/utils/inject-models-schema.ts', + 'src/rest/scripts/utils/operation.ts', + 'src/rest/scripts/utils/sync.ts', + 'src/rest/scripts/utils/update-markdown.ts', + 'src/rest/tests/get-rest-code-samples-2.ts', + 'src/rest/tests/get-rest-code-samples.ts', + 'src/rest/tests/openapi-schema.ts', + 'src/rest/tests/rendering.ts', + 'src/search/components/hooks/useAISearchAutocomplete.ts', + 'src/search/components/hooks/useAISearchLocalStorageCache.ts', + 'src/search/components/input/AskAIResults.tsx', + 'src/search/components/input/SearchOverlay.tsx', + 'src/search/lib/get-elasticsearch-results/ai-search-autocomplete.ts', + 'src/search/lib/get-elasticsearch-results/general-search.ts', + 'src/search/lib/routes/combined-search-route.ts', + 'src/search/lib/search-request-params/get-search-from-request-params.ts', + 'src/search/lib/search-request-params/search-params-objects.ts', + 'src/search/lib/search-request-params/types.ts', + 'src/search/middleware/search-routes.ts', + 'src/search/scripts/index/index-cli.ts', + 'src/search/scripts/index/utils/indexing-elasticsearch-utils.ts', + 'src/search/scripts/scrape/lib/parse-page-sections-into-records.ts', + 'src/search/tests/topics.ts', + 'src/shielding/middleware/handle-invalid-query-string-values.ts', + 'src/shielding/middleware/handle-invalid-query-strings.ts', + 'src/tests/helpers/check-url.ts', + 'src/tests/helpers/e2etest.ts', + 'src/tests/scripts/copy-fixture-data.ts', + 'src/tests/vitest.setup.ts', + 'src/tools/components/Picker.tsx', + 'src/types/github__markdownlint-github.d.ts', + 'src/types/markdownlint-lib-rules.d.ts', + 'src/types/markdownlint-rule-helpers.d.ts', + 'src/types/markdownlint-rule-search-replace.d.ts', + 'src/types/primer__octicons.d.ts', + 'src/versions/scripts/update-versioning-in-files.ts', + 'src/versions/scripts/use-short-versions.ts', + 'src/versions/tests/get-applicable-versions.ts', + 'src/webhooks/lib/index.ts', + 'src/webhooks/scripts/webhook.ts', + 'src/workflows/content-changes-table-comment.ts', + 'src/workflows/enable-automerge.ts', + 'src/workflows/fr-add-docs-reviewers-requests.ts', + 'src/workflows/git-utils.ts', + 'src/workflows/issue-report.ts', + 'src/workflows/projects.ts', + 'src/workflows/tests/actions-workflows.ts', + 'src/workflows/unallowed-contributions.ts', + 'src/workflows/walk-files.ts', + ], + rules: { + '@typescript-eslint/no-explicit-any': 'off', }, }, // Ignored patterns + // CodeQL scripts included because cocofix is install manually by the workflow { ignores: [ 'tmp/*', '.next/', 'rest-api-description/', 'docs-internal-data/', - 'src/code-scanning/scripts/generate-code-scanning-query-list.ts', + 'src/codeql-queries/scripts/generate-code-scanning-query-list.ts', + 'src/codeql-queries/scripts/generate-code-quality-query-list.ts', 'next-env.d.ts', ], }, diff --git a/next.config.ts b/next.config.ts index 3bc08e9c78d6..9cb550450c21 100644 --- a/next.config.ts +++ b/next.config.ts @@ -65,6 +65,12 @@ const config: NextConfig = { async_hooks: { browser: './empty.ts', // Point to empty module when async_hooks is requested for browser }, + '@/observability/logger': { + browser: './empty.ts', + }, + '@/observability/logger/lib/logger-context': { + browser: './empty.ts', + }, }, }, diff --git a/package-lock.json b/package-lock.json index a5c6dc6997c7..d96ba32a256a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,13 +5,14 @@ "packages": { "": { "name": "docs.github.com", - "hasInstallScript": true, "license": "(MIT AND CC-BY-4.0)", "dependencies": { - "@elastic/elasticsearch": "8.13.1", + "@elastic/elasticsearch": "8.19.1", "@github/failbot": "0.8.3", + "@github/hydro-analytics-client": "^2.3.3", "@gr2m/gray-matter": "4.0.3-with-pr-137", "@horizon-rs/language-guesser": "0.1.1", + "@octokit/graphql": "9.0.1", "@octokit/plugin-retry": "8.0.1", "@octokit/request-error": "7.0.0", "@primer/behaviors": "^1.7.2", @@ -19,6 +20,7 @@ "@primer/live-region-element": "^0.7.2", "@primer/octicons": "^19.19.0", "@primer/octicons-react": "^19.14.0", + "@primer/primitives": "^11.3.1", "@primer/react": "^38.0.0", "accept-language-parser": "^1.5.0", "ajv": "^8.17.1", @@ -43,14 +45,14 @@ "file-type": "21.0.0", "flat": "^6.0.1", "github-slugger": "^2.0.0", - "glob": "11.1.0", + "glob": "13.0.2", "hast-util-from-parse5": "^8.0.3", "hast-util-to-string": "^3.0.1", "hastscript": "^9.0.1", "helmet": "^8.0.0", "highlight.js": "^11.11.1", "highlightjs-curl": "^1.3.0", - "hot-shots": "^11.1.0", + "hot-shots": "^13.1.0", "html-entities": "^2.5.6", "http-proxy-middleware": "^3.0.5", "imurmurhash": "^0.1.4", @@ -59,16 +61,18 @@ "js-cookie": "^3.0.5", "js-yaml": "^4.1.1", "liquidjs": "^10.16.7", - "lodash": "^4.17.21", - "lodash-es": "^4.17.21", + "lodash": "^4.17.23", + "lodash-es": "^4.17.23", "lowdb": "7.0.1", "lowlight": "^3.3.0", "markdownlint-rule-helpers": "^0.25.0", "mdast-util-from-markdown": "^2.0.2", + "mdast-util-gfm": "^3.1.0", "mdast-util-to-hast": "^13.2.1", "mdast-util-to-markdown": "2.1.2", "mdast-util-to-string": "^4.0.0", - "next": "^16.0.7", + "micromark-extension-gfm": "^3.0.0", + "next": "^16.1.5", "ora": "^9.0.0", "parse5": "7.1.2", "quick-lru": "7.0.1", @@ -95,6 +99,7 @@ "swr": "^2.2.5", "tcp-port-used": "1.0.2", "tsx": "^4.19.4", + "typescript": "^5.8.3", "unified": "^11.0.5", "unist-util-find": "^3.0.0", "unist-util-visit": "^5.0.0", @@ -102,8 +107,8 @@ "walk-sync": "^4.0.1" }, "devDependencies": { - "@actions/core": "^1.10.1", - "@actions/github": "^6.0.0", + "@actions/core": "^3.0.0", + "@actions/github": "^8.0.1", "@axe-core/playwright": "^4.10.1", "@eslint/js": "^9.33.0", "@github/markdownlint-github": "^0.6.3", @@ -142,6 +147,7 @@ "eslint": "^9.33.0", "eslint-config-prettier": "^10.1.8", "eslint-import-resolver-typescript": "^4.4.2", + "eslint-plugin-custom-rules": "file:src/eslint-rules", "eslint-plugin-escompat": "^3.11.4", "eslint-plugin-eslint-comments": "^3.2.0", "eslint-plugin-filenames": "^1.3.2", @@ -153,7 +159,7 @@ "eslint-plugin-prettier": "^5.5.4", "eslint-plugin-primer-react": "^8.0.0", "event-to-promise": "^0.8.0", - "globals": "^16.3.0", + "globals": "^17.0.0", "graphql": "^16.9.0", "http-status-code": "^2.1.0", "husky": "^9.1.7", @@ -172,14 +178,13 @@ "robots-parser": "^3.0.1", "sass": "^1.77.8", "start-server-and-test": "^2.0.11", - "typescript": "^5.8.3", "unist-util-remove": "^4.0.0", "unist-util-visit-parents": "6.0.1", "vitest": "^4.0.4", "website-scraper": "^5.3.1" }, "engines": { - "node": "^22 || ^24" + "node": "^24" }, "optionalDependencies": { "esm": "^3.2.25" @@ -195,206 +200,113 @@ } }, "node_modules/@actions/core": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz", - "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz", + "integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==", "dev": true, "license": "MIT", "dependencies": { - "@actions/exec": "^1.1.1", - "@actions/http-client": "^2.0.1" + "@actions/exec": "^3.0.0", + "@actions/http-client": "^4.0.0" } }, - "node_modules/@actions/exec": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz", - "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==", + "node_modules/@actions/core/node_modules/@actions/http-client": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz", + "integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==", "dev": true, "license": "MIT", "dependencies": { - "@actions/io": "^1.0.1" - } - }, - "node_modules/@actions/github": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/@actions/github/-/github-6.0.0.tgz", - "integrity": "sha512-alScpSVnYmjNEXboZjarjukQEzgCRmjMv6Xj47fsdnqGS73bjJNDpiiXmp8jr0UZLdUB6d9jW63IcmddUP+l0g==", - "dev": true, - "dependencies": { - "@actions/http-client": "^2.2.0", - "@octokit/core": "^5.0.1", - "@octokit/plugin-paginate-rest": "^9.0.0", - "@octokit/plugin-rest-endpoint-methods": "^10.0.0" - } - }, - "node_modules/@actions/github/node_modules/@octokit/auth-token": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", - "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", - "dev": true, - "engines": { - "node": ">= 18" + "tunnel": "^0.0.6", + "undici": "^6.23.0" } }, - "node_modules/@actions/github/node_modules/@octokit/core": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.0.tgz", - "integrity": "sha512-1LFfa/qnMQvEOAdzlQymH0ulepxbxnCYAKJZfMci/5XJyIHWgEYnDmgnKakbTh7CH2tFQ5O60oYDvns4i9RAIg==", + "node_modules/@actions/exec": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz", + "integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==", "dev": true, - "peer": true, + "license": "MIT", "dependencies": { - "@octokit/auth-token": "^4.0.0", - "@octokit/graphql": "^7.1.0", - "@octokit/request": "^8.3.1", - "@octokit/request-error": "^5.1.0", - "@octokit/types": "^13.0.0", - "before-after-hook": "^2.2.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" + "@actions/io": "^3.0.2" } }, - "node_modules/@actions/github/node_modules/@octokit/endpoint": { - "version": "9.0.6", - "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz", - "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==", + "node_modules/@actions/github": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/@actions/github/-/github-8.0.1.tgz", + "integrity": "sha512-cue7mS+kx1/2Dnc/094pitRUm+0uPXVXYVaqOdZwD15BsXATWYHW3idJDYOlyBc5gJlzAQ/w5YLU4LR8D7hjVg==", "dev": true, "license": "MIT", "dependencies": { - "@octokit/types": "^13.1.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" + "@actions/http-client": "^3.0.2", + "@octokit/core": "^7.0.6", + "@octokit/plugin-paginate-rest": "^14.0.0", + "@octokit/plugin-rest-endpoint-methods": "^17.0.0", + "@octokit/request": "^10.0.7", + "@octokit/request-error": "^7.1.0", + "undici": "^6.23.0" } }, - "node_modules/@actions/github/node_modules/@octokit/graphql": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.0.tgz", - "integrity": "sha512-r+oZUH7aMFui1ypZnAvZmn0KSqAUgE1/tUXIWaqUCa1758ts/Jio84GZuzsvUkme98kv0WFY8//n0J1Z+vsIsQ==", - "dev": true, - "dependencies": { - "@octokit/request": "^8.3.0", - "@octokit/types": "^13.0.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@actions/github/node_modules/@octokit/openapi-types": { - "version": "20.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz", - "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==", - "dev": true - }, "node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz", - "integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz", + "integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==", "dev": true, "license": "MIT", "dependencies": { - "@octokit/types": "^12.6.0" + "@octokit/types": "^16.0.0" }, "engines": { - "node": ">= 18" + "node": ">= 20" }, "peerDependencies": { - "@octokit/core": "5" - } - }, - "node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/types": { - "version": "12.6.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", - "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", - "dev": true, - "dependencies": { - "@octokit/openapi-types": "^20.0.0" + "@octokit/core": ">=6" } }, "node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.1.tgz", - "integrity": "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg==", + "version": "17.0.0", + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz", + "integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==", "dev": true, + "license": "MIT", "dependencies": { - "@octokit/types": "^12.6.0" + "@octokit/types": "^16.0.0" }, "engines": { - "node": ">= 18" + "node": ">= 20" }, "peerDependencies": { - "@octokit/core": "5" - } - }, - "node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/types": { - "version": "12.6.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", - "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", - "dev": true, - "dependencies": { - "@octokit/openapi-types": "^20.0.0" - } - }, - "node_modules/@actions/github/node_modules/@octokit/request": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz", - "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@octokit/endpoint": "^9.0.6", - "@octokit/request-error": "^5.1.1", - "@octokit/types": "^13.1.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" + "@octokit/core": ">=6" } }, "node_modules/@actions/github/node_modules/@octokit/request-error": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz", - "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz", + "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==", "dev": true, "license": "MIT", "dependencies": { - "@octokit/types": "^13.1.0", - "deprecation": "^2.0.0", - "once": "^1.4.0" + "@octokit/types": "^16.0.0" }, "engines": { - "node": ">= 18" + "node": ">= 20" } }, - "node_modules/@actions/github/node_modules/before-after-hook": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", - "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==", - "dev": true - }, - "node_modules/@actions/github/node_modules/universal-user-agent": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz", - "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==", - "dev": true - }, "node_modules/@actions/http-client": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.0.tgz", - "integrity": "sha512-q+epW0trjVUUHboliPb4UF9g2msf+w61b32tAkFEwL/IwP0DQWgbCMM0Hbe3e3WXSKz5VcUXbzJQgy8Hkra/Lg==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.2.tgz", + "integrity": "sha512-JP38FYYpyqvUsz+Igqlc/JG6YO9PaKuvqjM3iGvaLqFnJ7TFmcLyy2IDrY0bI0qCQug8E9K+elv5ZNfw62ZJzA==", "dev": true, + "license": "MIT", "dependencies": { "tunnel": "^0.0.6", - "undici": "^5.25.4" + "undici": "^6.23.0" } }, "node_modules/@actions/io": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz", - "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz", + "integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==", "dev": true, "license": "MIT" }, @@ -402,6 +314,7 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==", + "peer": true, "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" @@ -587,6 +500,7 @@ "version": "7.23.3", "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.3.tgz", "integrity": "sha512-BmR4bWbDIoFJmJ9z2cZ8Gmm2MXgEDgjdWgpKmKWUt54UGFJdlj31ECtbaDvCG/qVdG3AQ1SfpZEs01lUFbzLOQ==", + "peer": true, "engines": { "node": ">=6.9.0" } @@ -624,12 +538,14 @@ "node_modules/@babel/core/node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", - "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==" + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "peer": true }, "node_modules/@babel/core/node_modules/semver": { "version": "6.3.1", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "peer": true, "bin": { "semver": "bin/semver.js" } @@ -663,6 +579,7 @@ "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.15.tgz", "integrity": "sha512-y6EEzULok0Qvz8yyLkCvVX+02ic+By2UdOhylwUOvOn9dvYc9mKICJuuU1n1XBI02YWsNsnrY1kc6DVbjcXbtw==", + "peer": true, "dependencies": { "@babel/compat-data": "^7.22.9", "@babel/helper-validator-option": "^7.22.15", @@ -678,6 +595,7 @@ "version": "5.1.1", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "peer": true, "dependencies": { "yallist": "^3.0.2" } @@ -686,6 +604,7 @@ "version": "6.3.1", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "peer": true, "bin": { "semver": "bin/semver.js" } @@ -693,7 +612,8 @@ "node_modules/@babel/helper-compilation-targets/node_modules/yallist": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "peer": true }, "node_modules/@babel/helper-environment-visitor": { "version": "7.22.20", @@ -741,6 +661,7 @@ "version": "7.23.3", "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", "integrity": "sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ==", + "peer": true, "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-module-imports": "^7.22.15", @@ -767,6 +688,7 @@ "version": "7.22.5", "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", "integrity": "sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==", + "peer": true, "dependencies": { "@babel/types": "^7.22.5" }, @@ -805,6 +727,7 @@ "version": "7.22.15", "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.22.15.tgz", "integrity": "sha512-bMn7RmyFjY/mdECUbgn9eoSY4vqvacUnS9i9vGAGttgFWesO6B4CYWA7XlpbWgBt71iv/hfbPlynohStqnu5hA==", + "peer": true, "engines": { "node": ">=6.9.0" } @@ -813,6 +736,7 @@ "version": "7.26.10", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", + "peer": true, "dependencies": { "@babel/template": "^7.26.9", "@babel/types": "^7.26.10" @@ -915,11 +839,13 @@ } }, "node_modules/@elastic/elasticsearch": { - "version": "8.13.1", - "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.13.1.tgz", - "integrity": "sha512-2G4Vu6OHw4+XTrp7AGIcOEezpPEoVrWg2JTK1v/exEKSLYquZkUdd+m4yOL3/UZ6bTj7hmXwrmYzW76BnLCkJQ==", + "version": "8.19.1", + "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.19.1.tgz", + "integrity": "sha512-+1j9NnQVOX+lbWB8LhCM7IkUmjU05Y4+BmSLfusq0msCsQb1Va+OUKFCoOXjCJqQrcgdRdQCjYYyolQ/npQALQ==", + "license": "Apache-2.0", "dependencies": { - "@elastic/transport": "~8.4.1", + "@elastic/transport": "^8.9.6", + "apache-arrow": "18.x - 21.x", "tslib": "^2.4.0" }, "engines": { @@ -927,25 +853,52 @@ } }, "node_modules/@elastic/transport": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@elastic/transport/-/transport-8.4.1.tgz", - "integrity": "sha512-/SXVuVnuU5b4dq8OFY4izG+dmGla185PcoqgK6+AJMpmOeY1QYVNbWtCwvSvoAANN5D/wV+EBU8+x7Vf9EphbA==", + "version": "8.10.1", + "resolved": "https://registry.npmjs.org/@elastic/transport/-/transport-8.10.1.tgz", + "integrity": "sha512-xo2lPBAJEt81fQRAKa9T/gUq1SPGBHpSnVUXhoSpL996fPZRAfQwFA4BZtEUQL1p8Dezodd3ZN8Wwno+mYyKuw==", + "license": "Apache-2.0", "dependencies": { - "debug": "^4.3.4", - "hpagent": "^1.0.0", + "@opentelemetry/api": "1.x", + "@opentelemetry/core": "2.x", + "debug": "^4.4.1", + "hpagent": "^1.2.0", "ms": "^2.1.3", - "secure-json-parse": "^2.4.0", - "tslib": "^2.4.0", - "undici": "^5.22.1" + "secure-json-parse": "^3.0.1", + "tslib": "^2.8.1", + "undici": "^6.21.1" }, "engines": { - "node": ">=16" + "node": ">=18" + } + }, + "node_modules/@elastic/transport/node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } } }, "node_modules/@elastic/transport/node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/@elastic/transport/node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" }, "node_modules/@emnapi/core": { "version": "1.4.3", @@ -1605,14 +1558,6 @@ "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, - "node_modules/@fastify/busboy": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz", - "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==", - "engines": { - "node": ">=14" - } - }, "node_modules/@file-type/xml": { "version": "0.4.3", "resolved": "https://registry.npmjs.org/@file-type/xml/-/xml-0.4.3.tgz", @@ -1677,6 +1622,12 @@ "npm": ">= 7.x" } }, + "node_modules/@github/hydro-analytics-client": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/@github/hydro-analytics-client/-/hydro-analytics-client-2.3.3.tgz", + "integrity": "sha512-zjelWB1hWOZ+CKHi5alBB5cclWmBedM0zABXoeJwVHCebwYg0XSBmKgYtlakYyuNaNRa3v4sGbbU1ts56Pl29Q==", + "license": "MIT" + }, "node_modules/@github/image-crop-element": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/@github/image-crop-element/-/image-crop-element-5.0.0.tgz", @@ -2358,9 +2309,9 @@ } }, "node_modules/@isaacs/brace-expansion": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz", - "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.1.tgz", + "integrity": "sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==", "license": "MIT", "dependencies": { "@isaacs/balanced-match": "^4.0.1" @@ -2370,66 +2321,13 @@ } }, "node_modules/@isaacs/cliui": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", - "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", - "license": "ISC", - "dependencies": { - "string-width": "^5.1.2", - "string-width-cjs": "npm:string-width@^4.2.0", - "strip-ansi": "^7.0.1", - "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", - "wrap-ansi": "^8.1.0", - "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/@isaacs/cliui/node_modules/ansi-styles": { - "version": "6.2.3", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", - "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@isaacs/cliui/node_modules/string-width": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", - "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", - "license": "MIT", - "dependencies": { - "eastasianwidth": "^0.2.0", - "emoji-regex": "^9.2.2", - "strip-ansi": "^7.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@isaacs/cliui/node_modules/wrap-ansi": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", - "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", - "license": "MIT", - "dependencies": { - "ansi-styles": "^6.1.0", - "string-width": "^5.0.1", - "strip-ansi": "^7.0.1" - }, + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-9.0.0.tgz", + "integrity": "sha512-AokJm4tuBHillT+FpMtxQ60n8ObyXBatq7jD2/JA9dxbDDokKQm8KMht5ibGzLVU9IJDIKK4TPKgMHEYMn3lMg==", + "dev": true, + "license": "BlueOak-1.0.0", "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + "node": ">=18" } }, "node_modules/@jridgewell/gen-mapping": { @@ -2518,15 +2416,15 @@ } }, "node_modules/@next/env": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/env/-/env-16.0.7.tgz", - "integrity": "sha512-gpaNgUh5nftFKRkRQGnVi5dpcYSKGcZZkQffZ172OrG/XkrnS7UBTQ648YY+8ME92cC4IojpI2LqTC8sTDhAaw==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/env/-/env-16.1.5.tgz", + "integrity": "sha512-CRSCPJiSZoi4Pn69RYBDI9R7YK2g59vLexPQFXY0eyw+ILevIenCywzg+DqmlBik9zszEnw2HLFOUlLAcJbL7g==", "license": "MIT" }, "node_modules/@next/swc-darwin-arm64": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-16.0.7.tgz", - "integrity": "sha512-LlDtCYOEj/rfSnEn/Idi+j1QKHxY9BJFmxx7108A6D8K0SB+bNgfYQATPk/4LqOl4C0Wo3LACg2ie6s7xqMpJg==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-16.1.5.tgz", + "integrity": "sha512-eK7Wdm3Hjy/SCL7TevlH0C9chrpeOYWx2iR7guJDaz4zEQKWcS1IMVfMb9UKBFMg1XgzcPTYPIp1Vcpukkjg6Q==", "cpu": [ "arm64" ], @@ -2540,9 +2438,9 @@ } }, "node_modules/@next/swc-darwin-x64": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-16.0.7.tgz", - "integrity": "sha512-rtZ7BhnVvO1ICf3QzfW9H3aPz7GhBrnSIMZyr4Qy6boXF0b5E3QLs+cvJmg3PsTCG2M1PBoC+DANUi4wCOKXpA==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-16.1.5.tgz", + "integrity": "sha512-foQscSHD1dCuxBmGkbIr6ScAUF6pRoDZP6czajyvmXPAOFNnQUJu2Os1SGELODjKp/ULa4fulnBWoHV3XdPLfA==", "cpu": [ "x64" ], @@ -2556,9 +2454,9 @@ } }, "node_modules/@next/swc-linux-arm64-gnu": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-16.0.7.tgz", - "integrity": "sha512-mloD5WcPIeIeeZqAIP5c2kdaTa6StwP4/2EGy1mUw8HiexSHGK/jcM7lFuS3u3i2zn+xH9+wXJs6njO7VrAqww==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-16.1.5.tgz", + "integrity": "sha512-qNIb42o3C02ccIeSeKjacF3HXotGsxh/FMk/rSRmCzOVMtoWH88odn2uZqF8RLsSUWHcAqTgYmPD3pZ03L9ZAA==", "cpu": [ "arm64" ], @@ -2572,9 +2470,9 @@ } }, "node_modules/@next/swc-linux-arm64-musl": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-16.0.7.tgz", - "integrity": "sha512-+ksWNrZrthisXuo9gd1XnjHRowCbMtl/YgMpbRvFeDEqEBd523YHPWpBuDjomod88U8Xliw5DHhekBC3EOOd9g==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-16.1.5.tgz", + "integrity": "sha512-U+kBxGUY1xMAzDTXmuVMfhaWUZQAwzRaHJ/I6ihtR5SbTVUEaDRiEU9YMjy1obBWpdOBuk1bcm+tsmifYSygfw==", "cpu": [ "arm64" ], @@ -2588,9 +2486,9 @@ } }, "node_modules/@next/swc-linux-x64-gnu": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-16.0.7.tgz", - "integrity": "sha512-4WtJU5cRDxpEE44Ana2Xro1284hnyVpBb62lIpU5k85D8xXxatT+rXxBgPkc7C1XwkZMWpK5rXLXTh9PFipWsA==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-16.1.5.tgz", + "integrity": "sha512-gq2UtoCpN7Ke/7tKaU7i/1L7eFLfhMbXjNghSv0MVGF1dmuoaPeEVDvkDuO/9LVa44h5gqpWeJ4mRRznjDv7LA==", "cpu": [ "x64" ], @@ -2604,9 +2502,9 @@ } }, "node_modules/@next/swc-linux-x64-musl": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-16.0.7.tgz", - "integrity": "sha512-HYlhqIP6kBPXalW2dbMTSuB4+8fe+j9juyxwfMwCe9kQPPeiyFn7NMjNfoFOfJ2eXkeQsoUGXg+O2SE3m4Qg2w==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-16.1.5.tgz", + "integrity": "sha512-bQWSE729PbXT6mMklWLf8dotislPle2L70E9q6iwETYEOt092GDn0c+TTNj26AjmeceSsC4ndyGsK5nKqHYXjQ==", "cpu": [ "x64" ], @@ -2620,9 +2518,9 @@ } }, "node_modules/@next/swc-win32-arm64-msvc": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-16.0.7.tgz", - "integrity": "sha512-EviG+43iOoBRZg9deGauXExjRphhuYmIOJ12b9sAPy0eQ6iwcPxfED2asb/s2/yiLYOdm37kPaiZu8uXSYPs0Q==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-16.1.5.tgz", + "integrity": "sha512-LZli0anutkIllMtTAWZlDqdfvjWX/ch8AFK5WgkNTvaqwlouiD1oHM+WW8RXMiL0+vAkAJyAGEzPPjO+hnrSNQ==", "cpu": [ "arm64" ], @@ -2636,9 +2534,9 @@ } }, "node_modules/@next/swc-win32-x64-msvc": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-16.0.7.tgz", - "integrity": "sha512-gniPjy55zp5Eg0896qSrf3yB1dw4F/3s8VK1ephdsZZ129j2n6e1WqCbE2YgcKhW9hPB9TVZENugquWJD5x0ug==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-16.1.5.tgz", + "integrity": "sha512-7is37HJTNQGhjPpQbkKjKEboHYQnCgpVt/4rBrrln0D9nderNxZ8ZWs8w1fAtzUx7wEyYjQ+/13myFgFj6K2Ng==", "cpu": [ "x64" ], @@ -2698,16 +2596,16 @@ } }, "node_modules/@octokit/core": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.2.tgz", - "integrity": "sha512-ODsoD39Lq6vR6aBgvjTnA3nZGliknKboc9Gtxr7E4WDNqY24MxANKcuDQSF0jzapvGb3KWOEDrKfve4HoWGK+g==", - "peer": true, + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.6.tgz", + "integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==", + "license": "MIT", "dependencies": { "@octokit/auth-token": "^6.0.0", - "@octokit/graphql": "^9.0.1", - "@octokit/request": "^10.0.2", - "@octokit/request-error": "^7.0.0", - "@octokit/types": "^14.0.0", + "@octokit/graphql": "^9.0.3", + "@octokit/request": "^10.0.6", + "@octokit/request-error": "^7.0.2", + "@octokit/types": "^16.0.0", "before-after-hook": "^4.0.0", "universal-user-agent": "^7.0.0" }, @@ -2715,48 +2613,50 @@ "node": ">= 20" } }, - "node_modules/@octokit/core/node_modules/@octokit/openapi-types": { - "version": "25.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.0.0.tgz", - "integrity": "sha512-FZvktFu7HfOIJf2BScLKIEYjDsw6RKc7rBJCdvCTfKsVnx2GEB/Nbzjr29DUdb7vQhlzS/j8qDzdditP0OC6aw==" - }, - "node_modules/@octokit/core/node_modules/@octokit/types": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.0.0.tgz", - "integrity": "sha512-VVmZP0lEhbo2O1pdq63gZFiGCKkm8PPp8AUOijlwPO6hojEVjspA0MWKP7E4hbvGxzFKNqKr6p0IYtOH/Wf/zA==", + "node_modules/@octokit/core/node_modules/@octokit/graphql": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.3.tgz", + "integrity": "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA==", + "license": "MIT", "dependencies": { - "@octokit/openapi-types": "^25.0.0" + "@octokit/request": "^10.0.6", + "@octokit/types": "^16.0.0", + "universal-user-agent": "^7.0.0" + }, + "engines": { + "node": ">= 20" } }, - "node_modules/@octokit/endpoint": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.0.tgz", - "integrity": "sha512-hoYicJZaqISMAI3JfaDr1qMNi48OctWuOih1m80bkYow/ayPw6Jj52tqWJ6GEoFTk1gBqfanSoI1iY99Z5+ekQ==", + "node_modules/@octokit/core/node_modules/@octokit/request-error": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz", + "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==", + "license": "MIT", "dependencies": { - "@octokit/types": "^14.0.0", - "universal-user-agent": "^7.0.2" + "@octokit/types": "^16.0.0" }, "engines": { "node": ">= 20" } }, - "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": { - "version": "25.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.0.0.tgz", - "integrity": "sha512-FZvktFu7HfOIJf2BScLKIEYjDsw6RKc7rBJCdvCTfKsVnx2GEB/Nbzjr29DUdb7vQhlzS/j8qDzdditP0OC6aw==" - }, - "node_modules/@octokit/endpoint/node_modules/@octokit/types": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.0.0.tgz", - "integrity": "sha512-VVmZP0lEhbo2O1pdq63gZFiGCKkm8PPp8AUOijlwPO6hojEVjspA0MWKP7E4hbvGxzFKNqKr6p0IYtOH/Wf/zA==", + "node_modules/@octokit/endpoint": { + "version": "11.0.2", + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz", + "integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==", + "license": "MIT", "dependencies": { - "@octokit/openapi-types": "^25.0.0" + "@octokit/types": "^16.0.0", + "universal-user-agent": "^7.0.2" + }, + "engines": { + "node": ">= 20" } }, "node_modules/@octokit/graphql": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.1.tgz", "integrity": "sha512-j1nQNU1ZxNFx2ZtKmL4sMrs4egy5h65OMDmSbVyuCzjOcwsHq6EaYjOTGXPQxgfiN8dJ4CriYHk6zF050WEULg==", + "license": "MIT", "dependencies": { "@octokit/request": "^10.0.2", "@octokit/types": "^14.0.0", @@ -2780,10 +2680,9 @@ } }, "node_modules/@octokit/openapi-types": { - "version": "23.0.1", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz", - "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==", - "dev": true, + "version": "27.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz", + "integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==", "license": "MIT" }, "node_modules/@octokit/plugin-paginate-rest": { @@ -2888,13 +2787,14 @@ } }, "node_modules/@octokit/request": { - "version": "10.0.2", - "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.2.tgz", - "integrity": "sha512-iYj4SJG/2bbhh+iIpFmG5u49DtJ4lipQ+aPakjL9OKpsGY93wM8w06gvFbEQxcMsZcCvk5th5KkIm2m8o14aWA==", + "version": "10.0.7", + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz", + "integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==", + "license": "MIT", "dependencies": { - "@octokit/endpoint": "^11.0.0", - "@octokit/request-error": "^7.0.0", - "@octokit/types": "^14.0.0", + "@octokit/endpoint": "^11.0.2", + "@octokit/request-error": "^7.0.2", + "@octokit/types": "^16.0.0", "fast-content-type-parse": "^3.0.0", "universal-user-agent": "^7.0.2" }, @@ -2928,17 +2828,16 @@ "@octokit/openapi-types": "^25.0.0" } }, - "node_modules/@octokit/request/node_modules/@octokit/openapi-types": { - "version": "25.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.0.0.tgz", - "integrity": "sha512-FZvktFu7HfOIJf2BScLKIEYjDsw6RKc7rBJCdvCTfKsVnx2GEB/Nbzjr29DUdb7vQhlzS/j8qDzdditP0OC6aw==" - }, - "node_modules/@octokit/request/node_modules/@octokit/types": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.0.0.tgz", - "integrity": "sha512-VVmZP0lEhbo2O1pdq63gZFiGCKkm8PPp8AUOijlwPO6hojEVjspA0MWKP7E4hbvGxzFKNqKr6p0IYtOH/Wf/zA==", + "node_modules/@octokit/request/node_modules/@octokit/request-error": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz", + "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==", + "license": "MIT", "dependencies": { - "@octokit/openapi-types": "^25.0.0" + "@octokit/types": "^16.0.0" + }, + "engines": { + "node": ">= 20" } }, "node_modules/@octokit/rest": { @@ -2957,13 +2856,12 @@ } }, "node_modules/@octokit/types": { - "version": "13.8.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz", - "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==", - "dev": true, + "version": "16.0.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz", + "integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==", "license": "MIT", "dependencies": { - "@octokit/openapi-types": "^23.0.1" + "@octokit/openapi-types": "^27.0.0" } }, "node_modules/@oddbird/popover-polyfill": { @@ -2997,11 +2895,43 @@ "dev": true, "license": "MIT" }, + "node_modules/@opentelemetry/api": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz", + "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==", + "license": "Apache-2.0", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@opentelemetry/core": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.5.0.tgz", + "integrity": "sha512-ka4H8OM6+DlUhSAZpONu0cPBtPPTQKxbxVzC4CzVx5+K4JnroJVBtDzLAMx4/3CDTJXRvVFhpFjtl4SaiTNoyQ==", + "license": "Apache-2.0", + "dependencies": { + "@opentelemetry/semantic-conventions": "^1.29.0" + }, + "engines": { + "node": "^18.19.0 || >=20.6.0" + }, + "peerDependencies": { + "@opentelemetry/api": ">=1.0.0 <1.10.0" + } + }, + "node_modules/@opentelemetry/semantic-conventions": { + "version": "1.39.0", + "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.39.0.tgz", + "integrity": "sha512-R5R9tb2AXs2IRLNKLBJDynhkfmx7mX0vi8NkhZb3gUkPWHn6HXk5J8iQ/dql0U3ApfWym4kXXmBDRGO+oeOfjg==", + "license": "Apache-2.0", + "engines": { + "node": ">=14" + } + }, "node_modules/@parcel/watcher": { "version": "2.5.1", "resolved": "https://registry.npmjs.org/@parcel/watcher/-/watcher-2.5.1.tgz", "integrity": "sha512-dfUnCxiN9H4ap84DvD2ubjw+3vUNpstxa0TneY/Paat8a3R4uQZDLSvWjmznAY/DoahqTHl9V46HF/Zs3F29pg==", - "dev": true, "hasInstallScript": true, "license": "MIT", "optional": true, @@ -3041,7 +2971,6 @@ "cpu": [ "arm64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3062,7 +2991,6 @@ "cpu": [ "arm64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3083,7 +3011,6 @@ "cpu": [ "x64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3104,7 +3031,6 @@ "cpu": [ "x64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3125,7 +3051,6 @@ "cpu": [ "arm" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3146,7 +3071,6 @@ "cpu": [ "arm" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3167,7 +3091,6 @@ "cpu": [ "arm64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3188,7 +3111,6 @@ "cpu": [ "arm64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3209,7 +3131,6 @@ "cpu": [ "x64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3230,7 +3151,6 @@ "cpu": [ "x64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3251,7 +3171,6 @@ "cpu": [ "arm64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3272,7 +3191,6 @@ "cpu": [ "ia32" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3293,7 +3211,6 @@ "cpu": [ "x64" ], - "dev": true, "license": "MIT", "optional": true, "os": [ @@ -3311,7 +3228,6 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz", "integrity": "sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==", - "dev": true, "license": "Apache-2.0", "optional": true, "bin": { @@ -3340,7 +3256,6 @@ "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==", "devOptional": true, "license": "Apache-2.0", - "peer": true, "dependencies": { "playwright": "1.56.1" }, @@ -3370,6 +3285,12 @@ "node": ">=16.0.0" } }, + "node_modules/@primer/css/node_modules/@primer/primitives": { + "version": "7.17.1", + "resolved": "https://registry.npmjs.org/@primer/primitives/-/primitives-7.17.1.tgz", + "integrity": "sha512-SiPzEb+up1nDpV2NGwNiY8m6sGnF3OUqRb0has5s6T40vq6Li/g3cYVgl+oolEa4DUoNygEPs09jwJt24f/3zg==", + "license": "MIT" + }, "node_modules/@primer/live-region-element": { "version": "0.7.2", "resolved": "https://registry.npmjs.org/@primer/live-region-element/-/live-region-element-0.7.2.tgz", @@ -3401,9 +3322,9 @@ } }, "node_modules/@primer/primitives": { - "version": "7.17.1", - "resolved": "https://registry.npmjs.org/@primer/primitives/-/primitives-7.17.1.tgz", - "integrity": "sha512-SiPzEb+up1nDpV2NGwNiY8m6sGnF3OUqRb0has5s6T40vq6Li/g3cYVgl+oolEa4DUoNygEPs09jwJt24f/3zg==", + "version": "11.3.1", + "resolved": "https://registry.npmjs.org/@primer/primitives/-/primitives-11.3.1.tgz", + "integrity": "sha512-f5FXeUHQ0iyxt1UF6MqeajQ9jRV/7uOGLECU5KuFWhMioCZOho09jS6alZA9tiwksHr2LYXfo7AdFczpEz3Npw==", "license": "MIT" }, "node_modules/@primer/react": { @@ -3468,12 +3389,6 @@ "integrity": "sha512-iFrvar5SOMtKFOSjYvs4z9UlLqDdJbMx0mgISLcPedv+g0ac5sgeETLGtipHCVIae6HJPclNEH5aCyD1RZaEHw==", "license": "BSD-3-Clause" }, - "node_modules/@primer/react/node_modules/@primer/primitives": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/@primer/primitives/-/primitives-11.1.0.tgz", - "integrity": "sha512-edsofzVG67EobXGRrqFc/kfjzKh8wbq1wEmRc1vmRNqDJNMxBRWZ9bT2AzKvcv+Hbf7olDAPkrSqVHbO4hhr/A==", - "license": "MIT" - }, "node_modules/@primer/view-components": { "version": "0.22.0", "resolved": "https://registry.npmjs.org/@primer/view-components/-/view-components-0.22.0.tgz", @@ -4062,6 +3977,18 @@ "@types/node": "*" } }, + "node_modules/@types/command-line-args": { + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/@types/command-line-args/-/command-line-args-5.2.3.tgz", + "integrity": "sha512-uv0aG6R0Y8WHZLTamZwtfsDLVRnOa+n+n5rEvFWL5Na5gZ8V2Teab/duDPFzIIIhs9qizDpcavCusCLJZu62Kw==", + "license": "MIT" + }, + "node_modules/@types/command-line-usage": { + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/@types/command-line-usage/-/command-line-usage-5.0.4.tgz", + "integrity": "sha512-BwR5KP3Es/CSht0xqBcUXS3qCAUVXwpRKsV2+arxeb65atasuXG9LykC9Ab10Cw3s2raH92ZqOeILaQbsB2ACg==", + "license": "MIT" + }, "node_modules/@types/connect": { "version": "3.4.38", "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", @@ -4152,7 +4079,6 @@ "integrity": "sha512-wGA0NX93b19/dZC1J18tKWVIYWyyF2ZjT9vin/NRu0qzzvfVzWjs04iq2rQ3H65vCTQYlRqs3YHfY7zjdV+9Kw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^5.0.0", @@ -4314,7 +4240,6 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.20.tgz", "integrity": "sha512-IPaCZN7PShZK/3t6Q87pfTkRm6oLTd4vztyoj+cbHUF1g3FfVb2tFIL79uCRKEfv16AhqDMBywP2VW3KIZUvcg==", "license": "MIT", - "peer": true, "dependencies": { "@types/prop-types": "*", "csstype": "^3.0.2" @@ -4326,7 +4251,6 @@ "integrity": "sha512-nf22//wEbKXusP6E9pfOCDwFdHAX4u172eaJI4YkDRQEZiorm6KfYnSC2SWLDMVWUOWPERmJnN0ujeAfTBLvrw==", "devOptional": true, "license": "MIT", - "peer": true, "peerDependencies": { "@types/react": "^18.0.0" } @@ -4497,7 +4421,6 @@ "integrity": "sha512-pUXGCuHnnKw6PyYq93lLRiZm3vjuslIy7tus1lIQTYVK9bL8XBgJnCWm8a0KcTtHC84Yya1Q6rtll+duSMj0dg==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.39.1", "@typescript-eslint/types": "8.39.1", @@ -5143,7 +5066,6 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -5173,7 +5095,6 @@ "version": "8.17.1", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -5262,6 +5183,26 @@ "node": ">= 8" } }, + "node_modules/apache-arrow": { + "version": "21.1.0", + "resolved": "https://registry.npmjs.org/apache-arrow/-/apache-arrow-21.1.0.tgz", + "integrity": "sha512-kQrYLxhC+NTVVZ4CCzGF6L/uPVOzJmD1T3XgbiUnP7oTeVFOFgEUu6IKNwCDkpFoBVqDKQivlX4RUFqqnWFlEA==", + "license": "Apache-2.0", + "dependencies": { + "@swc/helpers": "^0.5.11", + "@types/command-line-args": "^5.2.3", + "@types/command-line-usage": "^5.0.4", + "@types/node": "^24.0.3", + "command-line-args": "^6.0.1", + "command-line-usage": "^7.0.1", + "flatbuffers": "^25.1.24", + "json-bignum": "^0.0.3", + "tslib": "^2.6.2" + }, + "bin": { + "arrow2csv": "bin/arrow2csv.js" + } + }, "node_modules/arg": { "version": "5.0.2", "dev": true, @@ -5281,6 +5222,15 @@ "node": ">= 0.4" } }, + "node_modules/array-back": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/array-back/-/array-back-6.2.2.tgz", + "integrity": "sha512-gUAZ7HPyb4SJczXAMUXMGAvI976JoK3qEx9v1FTmeYuJj0IBiaKttG1ydtGKdkfqWkIkouke7nG8ufGy77+Cvw==", + "license": "MIT", + "engines": { + "node": ">=12.17" + } + }, "node_modules/array-buffer-byte-length": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.2.tgz", @@ -5461,13 +5411,13 @@ } }, "node_modules/axios": { - "version": "1.12.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.1.tgz", - "integrity": "sha512-Kn4kbSXpkFHCGE6rBFNwIv0GQs4AvDT80jlveJDKFxjbTYMUeB4QtsdPCv6H8Cm19Je7IU6VFtRl2zWZI0rudQ==", + "version": "1.13.5", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", + "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.6", - "form-data": "^4.0.4", + "follow-redirects": "^1.15.11", + "form-data": "^4.0.5", "proxy-from-env": "^1.1.0" } }, @@ -5526,6 +5476,15 @@ "version": "1.0.2", "license": "MIT" }, + "node_modules/baseline-browser-mapping": { + "version": "2.9.18", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.18.tgz", + "integrity": "sha512-e23vBV1ZLfjb9apvfPk4rHVu2ry6RIr2Wfs+O324okSidrX7pTAnEJPCh/O5BtRlr7QtZI7ktOP3vsqr7Z5XoA==", + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.js" + } + }, "node_modules/before-after-hook": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-4.0.0.tgz", @@ -5701,7 +5660,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001733", "electron-to-chromium": "^1.5.199", @@ -5885,13 +5843,44 @@ "node": ">=18" } }, - "node_modules/chalk": { - "version": "5.6.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", - "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "node_modules/chalk": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", + "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk-template": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/chalk-template/-/chalk-template-0.4.0.tgz", + "integrity": "sha512-/ghrgmhfY8RaSdeo43hNXxpoHAtxdbskUHjPpfqUWGttFgycUhYPGx3YZBCnUCvOa7Doivn1IZec3DEGFoMgLg==", + "license": "MIT", + "dependencies": { + "chalk": "^4.1.2" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/chalk-template?sponsor=1" + } + }, + "node_modules/chalk-template/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, "engines": { - "node": "^12.17.0 || ^14.13 || >=16.0.0" + "node": ">=10" }, "funding": { "url": "https://github.com/chalk/chalk?sponsor=1" @@ -5952,7 +5941,6 @@ "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.12.tgz", "integrity": "sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==", "license": "MIT", - "peer": true, "dependencies": { "cheerio-select": "^2.1.0", "dom-serializer": "^2.0.0", @@ -6193,6 +6181,44 @@ "url": "https://github.com/sponsors/wooorm" } }, + "node_modules/command-line-args": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/command-line-args/-/command-line-args-6.0.1.tgz", + "integrity": "sha512-Jr3eByUjqyK0qd8W0SGFW1nZwqCaNCtbXjRo2cRJC1OYxWl3MZ5t1US3jq+cO4sPavqgw4l9BMGX0CBe+trepg==", + "license": "MIT", + "dependencies": { + "array-back": "^6.2.2", + "find-replace": "^5.0.2", + "lodash.camelcase": "^4.3.0", + "typical": "^7.2.0" + }, + "engines": { + "node": ">=12.20" + }, + "peerDependencies": { + "@75lb/nature": "latest" + }, + "peerDependenciesMeta": { + "@75lb/nature": { + "optional": true + } + } + }, + "node_modules/command-line-usage": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/command-line-usage/-/command-line-usage-7.0.3.tgz", + "integrity": "sha512-PqMLy5+YGwhMh1wS04mVG44oqDsgyLRSKJBdOo1bnYhMKBW65gZF1dRp2OZRhiTjgUHljy99qkO7bsctLaw35Q==", + "license": "MIT", + "dependencies": { + "array-back": "^6.2.2", + "chalk-template": "^0.4.0", + "table-layout": "^4.1.0", + "typical": "^7.1.1" + }, + "engines": { + "node": ">=12.20.0" + } + }, "node_modules/commander": { "version": "14.0.0", "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.0.tgz", @@ -6389,6 +6415,7 @@ "version": "7.0.6", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "dev": true, "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -6711,12 +6738,6 @@ "node": ">=4" } }, - "node_modules/deprecation": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", - "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==", - "dev": true - }, "node_modules/dequal": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", @@ -6864,12 +6885,6 @@ "dev": true, "license": "MIT" }, - "node_modules/eastasianwidth": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", - "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", - "license": "MIT" - }, "node_modules/ecdsa-sig-formatter": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", @@ -6890,6 +6905,7 @@ }, "node_modules/emoji-regex": { "version": "9.2.2", + "dev": true, "license": "MIT" }, "node_modules/encodeurl": { @@ -7192,7 +7208,6 @@ "integrity": "sha512-TS9bTNIryDzStCpJN93aC5VRSW3uTx9sClUn4B87pwiCaJh220otoI0X8mJKr+VcPtniMdN8GKjlwgWGUv5ZKA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", @@ -7254,7 +7269,6 @@ "integrity": "sha512-82GZUjRS0p/jganf6q1rEO25VSoHH0hKPCTrgillPjdI/3bgBhAE1QzHrHTizjpRvy6pGAvKjDJtk2pF9NDq8w==", "dev": true, "license": "MIT", - "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -7400,6 +7414,10 @@ "ms": "^2.1.1" } }, + "node_modules/eslint-plugin-custom-rules": { + "resolved": "src/eslint-rules", + "link": true + }, "node_modules/eslint-plugin-escompat": { "version": "3.11.4", "resolved": "https://registry.npmjs.org/eslint-plugin-escompat/-/eslint-plugin-escompat-3.11.4.tgz", @@ -7497,6 +7515,19 @@ "eslint": "^8 || ^9" } }, + "node_modules/eslint-plugin-github/node_modules/globals": { + "version": "16.5.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz", + "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/eslint-plugin-i18n-text": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/eslint-plugin-i18n-text/-/eslint-plugin-i18n-text-1.0.1.tgz", @@ -7513,7 +7544,6 @@ "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@rtsao/scc": "^1.1.0", "array-includes": "^3.1.9", @@ -8457,6 +8487,23 @@ "node": ">= 0.8" } }, + "node_modules/find-replace": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/find-replace/-/find-replace-5.0.2.tgz", + "integrity": "sha512-Y45BAiE3mz2QsrN2fb5QEtO4qb44NcS7en/0y9PEVsg351HsLeVclP8QPMH79Le9sH3rs5RSwJu99W0WPZO43Q==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "peerDependencies": { + "@75lb/nature": "latest" + }, + "peerDependenciesMeta": { + "@75lb/nature": { + "optional": true + } + } + }, "node_modules/find-yarn-workspace-root": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", @@ -8492,6 +8539,12 @@ "node": ">=16" } }, + "node_modules/flatbuffers": { + "version": "25.9.23", + "resolved": "https://registry.npmjs.org/flatbuffers/-/flatbuffers-25.9.23.tgz", + "integrity": "sha512-MI1qs7Lo4Syw0EOzUl0xjs2lsoeqFku44KpngfIduHBYvzm8h2+7K8YMQh1JtVVVrUvhLpNwqVi4DERegUJhPQ==", + "license": "Apache-2.0" + }, "node_modules/flatted": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz", @@ -8506,15 +8559,16 @@ "license": "W3C" }, "node_modules/follow-redirects": { - "version": "1.15.6", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", - "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", + "version": "1.15.11", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", + "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -8544,6 +8598,7 @@ "version": "3.3.1", "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", + "dev": true, "license": "ISC", "dependencies": { "cross-spawn": "^7.0.6", @@ -8560,6 +8615,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dev": true, "license": "ISC", "engines": { "node": ">=14" @@ -8569,9 +8625,9 @@ } }, "node_modules/form-data": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz", - "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==", + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", + "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", "license": "MIT", "dependencies": { "asynckit": "^0.4.0", @@ -8630,7 +8686,6 @@ "version": "2.3.2", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, "hasInstallScript": true, "optional": true, "os": [ @@ -8686,6 +8741,7 @@ "node_modules/gensync": { "version": "1.0.0-beta.2", "license": "MIT", + "peer": true, "engines": { "node": ">=6.9.0" } @@ -8785,21 +8841,15 @@ "license": "ISC" }, "node_modules/glob": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz", - "integrity": "sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==", + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.2.tgz", + "integrity": "sha512-035InabNu/c1lW0tzPhAgapKctblppqsKKG9ZaNzbr+gXwWMjXoiyGSyB9sArzrjG7jY+zntRq5ZSUYemrnWVQ==", "license": "BlueOak-1.0.0", "dependencies": { - "foreground-child": "^3.3.1", - "jackspeak": "^4.1.1", - "minimatch": "^10.1.1", + "minimatch": "^10.1.2", "minipass": "^7.1.2", - "package-json-from-dist": "^1.0.0", "path-scurry": "^2.0.0" }, - "bin": { - "glob": "dist/esm/bin.mjs" - }, "engines": { "node": "20 || >=22" }, @@ -8819,12 +8869,12 @@ } }, "node_modules/glob/node_modules/minimatch": { - "version": "10.1.1", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz", - "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==", + "version": "10.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.2.tgz", + "integrity": "sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==", "license": "BlueOak-1.0.0", "dependencies": { - "@isaacs/brace-expansion": "^5.0.0" + "@isaacs/brace-expansion": "^5.0.1" }, "engines": { "node": "20 || >=22" @@ -8834,9 +8884,9 @@ } }, "node_modules/globals": { - "version": "16.3.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-16.3.0.tgz", - "integrity": "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ==", + "version": "17.0.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-17.0.0.tgz", + "integrity": "sha512-gv5BeD2EssA793rlFWVPMMCqefTlpusw6/2TbAVMy0FzcG8wKJn4O+NqJ4+XWmmwrayJgw5TzrmWjFgmz1XPqw==", "dev": true, "license": "MIT", "engines": { @@ -8892,7 +8942,6 @@ "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.9.0.tgz", "integrity": "sha512-GGTKBX4SD7Wdb8mqeDLni2oaRGYQWjWHGKPQ24ZMnUtKfcsVoiv4uX8+LJr1K6U5VW2Lu1BwJnj7uiori0YtRw==", "dev": true, - "peer": true, "engines": { "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0" } @@ -8912,7 +8961,6 @@ }, "node_modules/has-flag": { "version": "4.0.0", - "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -9274,11 +9322,12 @@ "license": "MIT" }, "node_modules/hot-shots": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/hot-shots/-/hot-shots-11.1.0.tgz", - "integrity": "sha512-D4iAs/145g7EJ/wIzBLVANEpysTPthUy/K+4EUIw02YJQTqvzD1vUpYiM3vwR0qPAQj4FhQpQz8wBpY8KDcM0g==", + "version": "13.1.0", + "resolved": "https://registry.npmjs.org/hot-shots/-/hot-shots-13.1.0.tgz", + "integrity": "sha512-dvLYrOSh4dZknxpsVM3nSiXZfipGDLIPtS7Ad2KSaM/oUFOIOeKg0T1Rp0KwVGP9u2e3eW4wvjbta2bNwkHU/g==", + "license": "MIT", "engines": { - "node": ">=10.0.0" + "node": ">=16.0.0" }, "optionalDependencies": { "unix-dgram": "2.x" @@ -9288,6 +9337,7 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.2.0.tgz", "integrity": "sha512-A91dYTeIB6NoXG+PxTQpCCDDnfHsW9kc06Lvpu1TEe9gnd6ZFeiBoRO9JvzEv6xK7EX97/dUE8g/vBMTqTS3CA==", + "license": "MIT", "engines": { "node": ">=14" } @@ -10238,15 +10288,17 @@ }, "node_modules/isexe": { "version": "2.0.0", + "dev": true, "license": "ISC" }, "node_modules/jackspeak": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.1.1.tgz", - "integrity": "sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.2.3.tgz", + "integrity": "sha512-ykkVRwrYvFm1nb2AJfKKYPr0emF6IiXDYUaFx4Zn9ZuIH7MrzEZ3sD5RlqGXNRpHtvUHJyOnCEFxOlNDtGo7wg==", + "dev": true, "license": "BlueOak-1.0.0", "dependencies": { - "@isaacs/cliui": "^8.0.2" + "@isaacs/cliui": "^9.0.0" }, "engines": { "node": "20 || >=22" @@ -10264,7 +10316,6 @@ "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz", "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==", "dev": true, - "peer": true, "bin": { "jiti": "lib/jiti-cli.mjs" } @@ -10318,6 +10369,14 @@ "node": ">=4" } }, + "node_modules/json-bignum": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/json-bignum/-/json-bignum-0.0.3.tgz", + "integrity": "sha512-2WHyXj3OfHSgNyuzDbSxI1w2jgw5gkWSWhS7Qg4bWXx1nLk3jnbwfUeS0PSba3IzpTUWdHxBieELUzXRjQB2zg==", + "engines": { + "node": ">=0.8" + } + }, "node_modules/json-buffer": { "version": "3.0.1", "dev": true, @@ -10383,6 +10442,7 @@ "node_modules/json5": { "version": "2.2.3", "license": "MIT", + "peer": true, "bin": { "json5": "lib/cli.js" }, @@ -10642,18 +10702,21 @@ "dev": true }, "node_modules/lodash": { - "version": "4.17.21", + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", "license": "MIT" }, "node_modules/lodash-es": { - "version": "4.17.21", + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz", + "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==", "license": "MIT" }, "node_modules/lodash.camelcase": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz", "integrity": "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==", - "dev": true, "license": "MIT" }, "node_modules/lodash.includes": { @@ -11102,9 +11165,10 @@ "integrity": "sha512-MFETx3tbTjE7Uk6vvnWINA/1iJ7LuMdO4fcq8UfF0pRbj01aGLduVvQcRyswuACJdpnHgg8E3rQLhaRdNEJS0w==" }, "node_modules/mdast-util-gfm": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.0.0.tgz", - "integrity": "sha512-dgQEX5Amaq+DuUqf26jJqSK9qgixgd6rYDHAv4aTBuA92cTknZlKpPfa86Z/s8Dj8xsAQpFfBmPUHWJBWqS4Bw==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.1.0.tgz", + "integrity": "sha512-0ulfdQOM3ysHhCJ1p06l0b0VKlhU0wuQs3thxZQagjcjPrlFRqY215uZGHHJan9GEAXd9MbfPjFJz+qMkVR6zQ==", + "license": "MIT", "dependencies": { "mdast-util-from-markdown": "^2.0.0", "mdast-util-gfm-autolink-literal": "^2.0.0", @@ -11464,6 +11528,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz", "integrity": "sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w==", + "license": "MIT", "dependencies": { "micromark-extension-gfm-autolink-literal": "^2.0.0", "micromark-extension-gfm-footnote": "^2.0.0", @@ -12112,13 +12177,14 @@ } }, "node_modules/next": { - "version": "16.0.7", - "resolved": "https://registry.npmjs.org/next/-/next-16.0.7.tgz", - "integrity": "sha512-3mBRJyPxT4LOxAJI6IsXeFtKfiJUbjCLgvXO02fV8Wy/lIhPvP94Fe7dGhUgHXcQy4sSuYwQNcOLhIfOm0rL0A==", + "version": "16.1.5", + "resolved": "https://registry.npmjs.org/next/-/next-16.1.5.tgz", + "integrity": "sha512-f+wE+NSbiQgh3DSAlTaw2FwY5yGdVViAtp8TotNQj4kk4Q8Bh1sC/aL9aH+Rg1YAVn18OYXsRDT7U/079jgP7w==", "license": "MIT", "dependencies": { - "@next/env": "16.0.7", + "@next/env": "16.1.5", "@swc/helpers": "0.5.15", + "baseline-browser-mapping": "^2.8.3", "caniuse-lite": "^1.0.30001579", "postcss": "8.4.31", "styled-jsx": "5.1.6" @@ -12130,14 +12196,14 @@ "node": ">=20.9.0" }, "optionalDependencies": { - "@next/swc-darwin-arm64": "16.0.7", - "@next/swc-darwin-x64": "16.0.7", - "@next/swc-linux-arm64-gnu": "16.0.7", - "@next/swc-linux-arm64-musl": "16.0.7", - "@next/swc-linux-x64-gnu": "16.0.7", - "@next/swc-linux-x64-musl": "16.0.7", - "@next/swc-win32-arm64-msvc": "16.0.7", - "@next/swc-win32-x64-msvc": "16.0.7", + "@next/swc-darwin-arm64": "16.1.5", + "@next/swc-darwin-x64": "16.1.5", + "@next/swc-linux-arm64-gnu": "16.1.5", + "@next/swc-linux-arm64-musl": "16.1.5", + "@next/swc-linux-x64-gnu": "16.1.5", + "@next/swc-linux-x64-musl": "16.1.5", + "@next/swc-win32-arm64-msvc": "16.1.5", + "@next/swc-win32-x64-msvc": "16.1.5", "sharp": "^0.34.4" }, "peerDependencies": { @@ -12586,7 +12652,6 @@ "version": "7.1.1", "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz", "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==", - "dev": true, "license": "MIT", "optional": true }, @@ -13034,7 +13099,8 @@ "node_modules/package-json-from-dist": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz", - "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==" + "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==", + "dev": true }, "node_modules/parent-module": { "version": "1.0.1", @@ -13222,6 +13288,7 @@ }, "node_modules/path-key": { "version": "3.1.1", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -13341,7 +13408,6 @@ "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==", "devOptional": true, "license": "Apache-2.0", - "peer": true, "bin": { "playwright-core": "cli.js" }, @@ -13405,7 +13471,6 @@ "integrity": "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==", "dev": true, "license": "MIT", - "peer": true, "bin": { "prettier": "bin/prettier.cjs" }, @@ -13500,9 +13565,9 @@ } }, "node_modules/qs": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", - "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", + "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" @@ -13575,7 +13640,6 @@ "version": "18.3.1", "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", - "peer": true, "dependencies": { "loose-envify": "^1.1.0" }, @@ -13596,7 +13660,6 @@ "version": "18.3.1", "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", - "peer": true, "dependencies": { "loose-envify": "^1.1.0", "scheduler": "^0.23.2" @@ -14064,6 +14127,47 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/rimraf/node_modules/glob": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz", + "integrity": "sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==", + "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "foreground-child": "^3.3.1", + "jackspeak": "^4.1.1", + "minimatch": "^10.1.1", + "minipass": "^7.1.2", + "package-json-from-dist": "^1.0.0", + "path-scurry": "^2.0.0" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rimraf/node_modules/minimatch": { + "version": "10.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.2.tgz", + "integrity": "sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "@isaacs/brace-expansion": "^5.0.1" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/robots-parser": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/robots-parser/-/robots-parser-3.0.1.tgz", @@ -14264,7 +14368,6 @@ "integrity": "sha512-d0NoFH4v6SjEK7BoX810Jsrhj7IQSYHAHLi/iSpgqKc7LaIDshFRlSg5LOymf9FqQhxEHs2W5ZQXlvy0KD45Uw==", "devOptional": true, "license": "MIT", - "peer": true, "dependencies": { "chokidar": "^4.0.0", "immutable": "^5.0.2", @@ -14339,9 +14442,20 @@ } }, "node_modules/secure-json-parse": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz", - "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-3.0.2.tgz", + "integrity": "sha512-H6nS2o8bWfpFEV6U38sOSjS7bTbdgbCGU9wEM6W14P5H0QOsz94KCusifV44GpHDTu2nqZbuDNhTzu+mjDSw1w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" }, "node_modules/semver": { "version": "7.7.2", @@ -14530,6 +14644,7 @@ }, "node_modules/shebang-command": { "version": "2.0.0", + "dev": true, "license": "MIT", "dependencies": { "shebang-regex": "^3.0.0" @@ -14540,6 +14655,7 @@ }, "node_modules/shebang-regex": { "version": "3.0.0", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -14952,39 +15068,6 @@ "node": ">=8" } }, - "node_modules/string-width-cjs": { - "name": "string-width", - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/string-width-cjs/node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "license": "MIT" - }, - "node_modules/string-width-cjs/node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/string-width/node_modules/emoji-regex": { "version": "8.0.0", "license": "MIT" @@ -15099,19 +15182,6 @@ "url": "https://github.com/chalk/strip-ansi?sponsor=1" } }, - "node_modules/strip-ansi-cjs": { - "name": "strip-ansi", - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/strip-ansi/node_modules/ansi-regex": { "version": "6.0.1", "license": "MIT", @@ -15191,7 +15261,6 @@ "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-5.3.11.tgz", "integrity": "sha512-uuzIIfnVkagcVHv9nE0VPlHPSCmXIUGKfJ42LNjxCCTDTL5sgnJ8Z7GZBq0EnLYGln77tPpEpExt2+qa+cZqSw==", "license": "MIT", - "peer": true, "dependencies": { "@babel/helper-module-imports": "^7.0.0", "@babel/traverse": "^7.4.5", @@ -15279,7 +15348,6 @@ }, "node_modules/supports-color": { "version": "7.2.0", - "dev": true, "license": "MIT", "dependencies": { "has-flag": "^4.0.0" @@ -15341,6 +15409,19 @@ "url": "https://opencollective.com/synckit" } }, + "node_modules/table-layout": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/table-layout/-/table-layout-4.1.1.tgz", + "integrity": "sha512-iK5/YhZxq5GO5z8wb0bY1317uDF3Zjpha0QFFLA8/trAoiLbQD0HUbMesEaxyzUgDxi2QlcbM8IvqOlEjgoXBA==", + "license": "MIT", + "dependencies": { + "array-back": "^6.2.2", + "wordwrapjs": "^5.1.0" + }, + "engines": { + "node": ">=12.17" + } + }, "node_modules/tcp-port-used": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/tcp-port-used/-/tcp-port-used-1.0.2.tgz", @@ -15438,7 +15519,6 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", - "peer": true, "engines": { "node": ">=12" }, @@ -15762,9 +15842,7 @@ "version": "5.8.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz", "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==", - "dev": true, "license": "Apache-2.0", - "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -15797,6 +15875,15 @@ "typescript": ">=4.8.4 <6.0.0" } }, + "node_modules/typical": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/typical/-/typical-7.3.0.tgz", + "integrity": "sha512-ya4mg/30vm+DOWfBg4YK3j2WD6TWtRkCbasOJr40CseYENzCUby/7rIvXA99JGsQHeNxLbnXdyLLxKSv3tauFw==", + "license": "MIT", + "engines": { + "node": ">=12.17" + } + }, "node_modules/uc.micro": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", @@ -15840,14 +15927,12 @@ "license": "MIT" }, "node_modules/undici": { - "version": "5.29.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz", - "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==", - "dependencies": { - "@fastify/busboy": "^2.0.0" - }, + "version": "6.23.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", + "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==", + "license": "MIT", "engines": { - "node": ">=14.0" + "node": ">=18.17" } }, "node_modules/undici-types": { @@ -16112,7 +16197,6 @@ "dev": true, "hasInstallScript": true, "license": "MIT", - "peer": true, "dependencies": { "napi-postinstall": "^0.2.2" }, @@ -16315,7 +16399,6 @@ "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", @@ -16424,7 +16507,6 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", - "peer": true, "engines": { "node": ">=12" }, @@ -16698,6 +16780,7 @@ }, "node_modules/which": { "version": "2.0.2", + "dev": true, "license": "ISC", "dependencies": { "isexe": "^2.0.0" @@ -16849,6 +16932,15 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/wordwrapjs": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/wordwrapjs/-/wordwrapjs-5.1.1.tgz", + "integrity": "sha512-0yweIbkINJodk27gX9LBGMzyQdBDan3s/dEAiwBOj+Mf0PPyWL6/rikalkv8EeD0E8jm4o5RXEOrFTP3NXbhJg==", + "license": "MIT", + "engines": { + "node": ">=12.17" + } + }, "node_modules/wrap-ansi": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.0.tgz", @@ -16865,36 +16957,6 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, - "node_modules/wrap-ansi-cjs": { - "name": "wrap-ansi", - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "license": "MIT", - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/wrap-ansi/node_modules/ansi-styles": { "version": "6.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", @@ -17001,6 +17063,15 @@ "type": "github", "url": "https://github.com/sponsors/wooorm" } + }, + "src/eslint-rules": { + "name": "eslint-plugin-custom-rules", + "version": "1.0.0", + "dev": true, + "license": "MIT", + "peerDependencies": { + "eslint": "^8.0.0 || ^9.0.0" + } } } } diff --git a/package.json b/package.json index 2aaffe7435e8..beae8b9e4489 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,6 @@ "check-github-github-links": "tsx src/links/scripts/check-github-github-links.ts", "clone-early-access": "./src/early-access/scripts/clone-locally", "clone-translations": "./src/languages/scripts/clone-translations.sh", - "cmp-files": "tsx src/workflows/cmp-files.ts", "content-changes-table-comment": "tsx src/workflows/content-changes-table-comment.ts", "copy-fixture-data": "tsx src/tests/scripts/copy-fixture-data.ts", "count-translation-corruptions": "cross-env NODE_OPTIONS=--max-old-space-size=8192 tsx src/languages/scripts/count-translation-corruptions.ts", @@ -31,7 +30,7 @@ "debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon --inspect src/frame/server.ts", "delete-orphan-translation-files": "tsx src/workflows/delete-orphan-translation-files.ts", "docsaudit": "tsx src/metrics/scripts/docsaudit.ts", - "docstat": "tsx src/metrics/scripts/docstat.ts", + "docstat": "tsx --disable-warning=DEP0190 src/metrics/scripts/docstat.ts", "deleted-assets-pr-comment": "tsx src/assets/scripts/deleted-assets-pr-comment.ts", "deleted-features-pr-comment": "tsx src/data-directory/scripts/deleted-features-pr-comment.ts", "deprecate-ghes": "tsx src/ghes-releases/scripts/deprecate/index.ts", @@ -47,6 +46,7 @@ "fixture-dev-debug": "cross-env NODE_ENV=development ROOT=src/fixtures/fixtures nodemon --inspect src/frame/server.ts", "fixture-test": "cross-env ROOT=src/fixtures/fixtures sh -c 'npm test -- ${1:-src/fixtures/tests}' --", "fr-add-docs-reviewers-requests": "tsx src/workflows/fr-add-docs-reviewers-requests.ts", + "aggregate-search-index-failures": "tsx src/search/scripts/aggregate-search-index-failures.ts", "general-search-scrape": "tsx src/search/scripts/scrape/scrape-cli.ts", "general-search-scrape-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true tsx src/frame/server.ts", "ghes-release-scrape-with-server": "cross-env GHES_RELEASE=1 start-server-and-test general-search-scrape-server 4002 general-search-scrape", @@ -60,13 +60,14 @@ "lint-translation": "vitest src/content-linter/tests/lint-files.ts", "liquid-markdown-tables": "tsx src/tools/scripts/liquid-markdown-tables/index.ts", "generate-article-api-docs": "tsx src/article-api/scripts/generate-api-docs.ts", - "generate-code-scanning-query-list": "tsx src/code-scanning/scripts/generate-code-scanning-query-list.ts", + "generate-code-scanning-query-list": "tsx src/codeql-queries/scripts/generate-code-scanning-query-list.ts", + "generate-code-quality-query-list": "tsx src/codeql-queries/scripts/generate-code-quality-query-list.ts", "generate-content-linter-docs": "tsx src/content-linter/scripts/generate-docs.ts", "move-content": "tsx src/content-render/scripts/move-content.ts", + "move-by-content-type": "tsx src/content-render/scripts/move-by-content-type.ts", "openapi-docs": "tsx src/rest/docs.ts", "playwright-test": "playwright test --config src/fixtures/playwright.config.ts --project=\"Google Chrome\"", "lint-report": "tsx src/content-linter/scripts/lint-report.ts", - "postinstall": "cp package-lock.json .installed.package-lock.json && echo \"Updated .installed.package-lock.json\" # see husky/post-checkout and husky/post-merge", "precompute-pageinfo": "tsx src/article-api/scripts/precompute-pageinfo.ts", "prepare": "husky src/workflows/husky", "prettier": "prettier -w \"**/*.{ts,tsx,scss,yml,yaml}\"", @@ -79,12 +80,15 @@ "release-banner": "tsx src/ghes-releases/scripts/release-banner.ts", "repo-sync": "./src/workflows/local-repo-sync.sh", "reusables": "tsx src/content-render/scripts/reusables-cli.ts", - "rendered-content-link-checker": "tsx src/links/scripts/rendered-content-link-checker.ts", - "rendered-content-link-checker-cli": "tsx src/links/scripts/rendered-content-link-checker-cli.ts", + "liquid-tags": "tsx src/content-render/scripts/liquid-tags.ts", + "check-links-pr": "tsx src/links/scripts/check-links-pr.ts", + "check-links-internal": "tsx src/links/scripts/check-links-internal.ts", + "check-links-external": "tsx src/links/scripts/check-links-external.ts", "rest-dev": "tsx src/rest/scripts/update-files.ts", "show-action-deps": "echo 'Action Dependencies:' && rg '^[\\s|-]*(uses:.*)$' .github -I -N --no-heading -r '$1$2' | sort | uniq | cut -c 7-", "start": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon src/frame/server.ts", "start-all-languages": "cross-env NODE_ENV=development tsx src/frame/server.ts", + "start-for-ci": "cross-env NODE_ENV=production ENABLED_LANGUAGES=en tsx src/frame/server.ts", "start-for-playwright": "cross-env ROOT=src/fixtures/fixtures TRANSLATIONS_FIXTURE_ROOT=src/fixtures/fixtures/translations ENABLED_LANGUAGES=en,ja NODE_ENV=test tsx src/frame/server.ts", "symlink-from-local-repo": "tsx src/early-access/scripts/symlink-from-local-repo.ts", "sync-audit-log": "tsx src/audit-logs/scripts/sync.ts", @@ -114,7 +118,7 @@ }, "nodemonConfig": { "ext": "ts,json,yml,md,html,scss", - "exec": "tsx", + "exec": "tsx --import ./src/observability/lib/handle-package-not-found.ts", "ignore": [ "assets", "script", @@ -153,10 +157,12 @@ ] }, "dependencies": { - "@elastic/elasticsearch": "8.13.1", + "@elastic/elasticsearch": "8.19.1", "@github/failbot": "0.8.3", + "@github/hydro-analytics-client": "^2.3.3", "@gr2m/gray-matter": "4.0.3-with-pr-137", "@horizon-rs/language-guesser": "0.1.1", + "@octokit/graphql": "9.0.1", "@octokit/plugin-retry": "8.0.1", "@octokit/request-error": "7.0.0", "@primer/behaviors": "^1.7.2", @@ -164,6 +170,7 @@ "@primer/live-region-element": "^0.7.2", "@primer/octicons": "^19.19.0", "@primer/octicons-react": "^19.14.0", + "@primer/primitives": "^11.3.1", "@primer/react": "^38.0.0", "accept-language-parser": "^1.5.0", "ajv": "^8.17.1", @@ -188,14 +195,14 @@ "file-type": "21.0.0", "flat": "^6.0.1", "github-slugger": "^2.0.0", - "glob": "11.1.0", + "glob": "13.0.2", "hast-util-from-parse5": "^8.0.3", "hast-util-to-string": "^3.0.1", "hastscript": "^9.0.1", "helmet": "^8.0.0", "highlight.js": "^11.11.1", "highlightjs-curl": "^1.3.0", - "hot-shots": "^11.1.0", + "hot-shots": "^13.1.0", "html-entities": "^2.5.6", "http-proxy-middleware": "^3.0.5", "imurmurhash": "^0.1.4", @@ -204,16 +211,18 @@ "js-cookie": "^3.0.5", "js-yaml": "^4.1.1", "liquidjs": "^10.16.7", - "lodash": "^4.17.21", - "lodash-es": "^4.17.21", + "lodash": "^4.17.23", + "lodash-es": "^4.17.23", "lowdb": "7.0.1", "lowlight": "^3.3.0", "markdownlint-rule-helpers": "^0.25.0", "mdast-util-from-markdown": "^2.0.2", + "mdast-util-gfm": "^3.1.0", "mdast-util-to-hast": "^13.2.1", "mdast-util-to-markdown": "2.1.2", "mdast-util-to-string": "^4.0.0", - "next": "^16.0.7", + "micromark-extension-gfm": "^3.0.0", + "next": "^16.1.5", "ora": "^9.0.0", "parse5": "7.1.2", "quick-lru": "7.0.1", @@ -240,6 +249,7 @@ "swr": "^2.2.5", "tcp-port-used": "1.0.2", "tsx": "^4.19.4", + "typescript": "^5.8.3", "unified": "^11.0.5", "unist-util-find": "^3.0.0", "unist-util-visit": "^5.0.0", @@ -247,8 +257,8 @@ "walk-sync": "^4.0.1" }, "devDependencies": { - "@actions/core": "^1.10.1", - "@actions/github": "^6.0.0", + "@actions/core": "^3.0.0", + "@actions/github": "^8.0.1", "@axe-core/playwright": "^4.10.1", "@eslint/js": "^9.33.0", "@github/markdownlint-github": "^0.6.3", @@ -287,6 +297,7 @@ "eslint": "^9.33.0", "eslint-config-prettier": "^10.1.8", "eslint-import-resolver-typescript": "^4.4.2", + "eslint-plugin-custom-rules": "file:src/eslint-rules", "eslint-plugin-escompat": "^3.11.4", "eslint-plugin-eslint-comments": "^3.2.0", "eslint-plugin-filenames": "^1.3.2", @@ -298,7 +309,7 @@ "eslint-plugin-prettier": "^5.5.4", "eslint-plugin-primer-react": "^8.0.0", "event-to-promise": "^0.8.0", - "globals": "^16.3.0", + "globals": "^17.0.0", "graphql": "^16.9.0", "http-status-code": "^2.1.0", "husky": "^9.1.7", @@ -317,7 +328,6 @@ "robots-parser": "^3.0.1", "sass": "^1.77.8", "start-server-and-test": "^2.0.11", - "typescript": "^5.8.3", "unist-util-remove": "^4.0.0", "unist-util-visit-parents": "6.0.1", "vitest": "^4.0.4", @@ -330,7 +340,7 @@ "esm": "^3.2.25" }, "engines": { - "node": "^22 || ^24" + "node": "^24" }, "cacheDirectories": [ "node_modules", diff --git a/src/ai-tools/README.md b/src/ai-tools/README.md index b527174726c5..4c9d7ef7225f 100644 --- a/src/ai-tools/README.md +++ b/src/ai-tools/README.md @@ -1,56 +1,183 @@ # AI-powered tools -A CLI tool for using AI to edit documentation according to defined prompts. +The ai-tools subject provides CLI tools for using AI to edit and refine documentation based on prompt-driven guidelines. It integrates with GitHub Models API to apply automated improvements to content files. -This tool refines content files using AI based on an (extensible) set of prompt-driven guidelines. The default is versioning refinement. In the future we might add: scannability, readability, style, technical accuracy. +## Purpose & Scope -This script calls the [Models API](https://docs.github.com/en/rest/models/inference?apiVersion=2022-11-28#run-an-inference-request). It requires a personal access token with Models scopes in your `.env` file. +This subject is responsible for: +- AI-powered content refinement (versioning, intro, etc.) +- Prompt-driven content editing with LLMs +- Integration with GitHub Models API +- Copilot Spaces export and conversion to prompts +- Automated content quality improvements +- Extensible prompt system for different refinement types -## Usage +Current refinements: versioning, intro. Future: scannability, readability, style, technical accuracy. -```sh -<<<<<<< HEAD:src/ai-editors/README.md -tsx src/ai-editors/scripts/ai-edit.ts --editor --response --files -||||||| 5ae4ec0f5cb:src/ai-editors/README.md -tsx src/ai-editors/scripts/ai-edit.js --editor --response --files -======= +## Architecture & Key Assets + +### Key capabilities and their locations + +- `scripts/ai-tools.ts` - Main CLI tool for running AI refinements +- `lib/call-models-api.ts` - Client for GitHub Models API inference +- `lib/prompt-utils.ts` - Loads prompts and executes refinements +- `prompts/*.md` - Prompt templates for different refinement types + +## Setup & Usage + +### Requirements + +Add GitHub token with Models scopes to `.env`: + +```bash +GITHUB_TOKEN=ghp_your_token_here +``` + +### Running refinements + +```bash # Direct command -tsx src/ai-tools/scripts/ai-tools.ts --refine --files +tsx src/ai-tools/scripts/ai-tools.ts --refine versioning --files content/path/to/file.md -# Or via npm script -npm run ai-tools -- --refine --files ->>>>>>> origin/main:src/ai-tools/README.md +# Via npm script +npm run ai-tools -- --refine versioning --files content/path/to/file.md ``` -* `--files, -f`: One or more content file paths to process (required). -* `--refine, -r`: Specify one or more refinement types (default: `versioning`). +### Options -**Examples:** +- `--files, -f`: One or more content file paths (required) +- `--refine, -r`: Refinement type(s) - `versioning`, `intro` (default: `versioning`) +- `--write, -w`: Write changes to files (default: false, shows diff only) +- `--verbose, -v`: Verbose output for debugging +- `--space, -s`: Use Copilot Space as prompt +- `--exportSpace`: Export Copilot Space to prompt file -```sh -<<<<<<< HEAD:src/ai-editors/README.md -tsx src/ai-editors/scripts/ai-edit.ts --files content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md --editor versioning --response list -||||||| 5ae4ec0f5cb:src/ai-editors/README.md -tsx src/ai-editors/scripts/ai-edit.js --files content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md --editor versioning --response list -======= -# Direct command -tsx src/ai-tools/scripts/ai-tools.ts --files content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md --refine versioning +### Examples -# Via npm script -npm run ai-tools -- --files content/copilot/tutorials/coding-agent/get-the-best-results.md --refine intro ->>>>>>> origin/main:src/ai-tools/README.md +Refine versioning in a file: +```bash +npm run ai-tools -- --files content/copilot/tutorials/coding-agent/get-the-best-results.md --refine versioning ``` -## Requirements +Refine intro: +```bash +npm run ai-tools -- --files content/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo.md --refine intro +``` + +Multiple files: +```bash +npm run ai-tools -- --files file1.md file2.md file3.md --refine versioning +``` + +Write changes (not just preview): +```bash +npm run ai-tools -- --files content/path/to/file.md --refine versioning --write +``` + +## Data & External Dependencies + +### Data inputs +- Content markdown files with frontmatter +- Prompt templates in `prompts/` directory +- GitHub Models API for inference + +### Dependencies +- GitHub Models API - Requires `GITHUB_TOKEN` with Models scopes +- `commander` - CLI argument parsing +- `dotenv` - Environment variable loading +- Copilot Spaces (optional) - Can export/import prompts + +### Data outputs +- Refined markdown content (preview or written to files) +- Diffs showing proposed changes +- Merged frontmatter updates + +## Cross-links & Ownership + +### Related subjects +- [`src/content-render`](../content-render/README.md) - Content parsing and rendering +- Content files in `content/` - Target of refinements + +### Internal documentation +- [GitHub Models API docs](https://docs.github.com/en/rest/models/inference) +- Copilot Spaces for prompt management + +### Ownership +- Team: Docs Content (for use and development) +- Note: These tools are for the docs-content team. We welcome them to use Copilot to support and develop these tools, but docs-engineering is largely hands off. + +## Current State & Next Steps + +### Available refinement types + +Current prompts: +- `versioning` - Refines version-related content +- `intro` - Improves article introductions + +Each prompt defines: +- Instructions for the LLM +- Expected output format +- Quality criteria + +### Adding new refinements + +1. Create prompt file in `prompts/` (e.g., `readability.md`). +2. Write prompt instructions and examples. +3. Test with Models UI first. +4. Use `--refine readability` to apply. + +Prompt template in `prompts/prompt-template.yml`. + +### Copilot Spaces integration + +Export Space to prompt: +```bash +npm run ai-tools -- --exportSpace space-id --output prompts/my-prompt.md +``` + +Use Space as prompt: +```bash +npm run ai-tools -- --space space-id --files content/path/to/file.md +``` + +### Known limitations +- Requires GitHub token with Models scopes +- API rate limits apply +- Quality depends on prompt engineering +- Currently manual execution (not in CI) +- No automated testing/evals yet + +### Best practices + +**Prompt engineering:** +- Test prompts in GitHub Models UI first +- Include clear examples in prompts +- Define expected output format +- Iterate on prompts based on results + +**File selection:** +- Start with single files to test +- Use glob patterns for batch processing +- Preview changes before writing + +**Quality assurance:** +- Always review AI suggestions +- Don't blindly accept all changes +- Consider subject matter expertise needed +- Test refined content for correctness + +### Troubleshooting -* A valid `GITHUB_TOKEN` with Models scopes in your local `.env` file. +**Missing token error:** +Add `GITHUB_TOKEN` to `.env` with Models scopes. -## Future development ideas +**API errors:** +- Check token permissions +- Verify rate limits +- Check Models API status -* Add prompts to support all available editors. -* Test prompts in Models UI and add evals to prevent regressions. -* Enable running in CI. -* Explore the new `llm` plugin for GitHub Models (see https://github.com/github/copilot-productivity/discussions/5937). -* Add MCP for more comprehensive context. -* Integrate with Copilot Edit mode in VS Code. -* Add unit tests. +**Poor refinement quality:** +- Refine the prompt template +- Add more examples +- Test in Models UI first +- Consider different model/parameters diff --git a/src/ai-tools/lib/auth-utils.ts b/src/ai-tools/lib/auth-utils.ts new file mode 100644 index 000000000000..9639c6fc35b0 --- /dev/null +++ b/src/ai-tools/lib/auth-utils.ts @@ -0,0 +1,25 @@ +import { execSync } from 'child_process' + +/** + * Ensure GitHub token is available, exiting process if not found + */ +export function ensureGitHubToken(): void { + if (!process.env.GITHUB_TOKEN) { + try { + const token = execSync('gh auth token', { encoding: 'utf8' }).trim() + if (token) { + process.env.GITHUB_TOKEN = token + return + } + } catch { + // gh CLI not available or not authenticated + } + + console.warn(`🔑 A token is needed to run this script. Please do one of the following and try again: + +1. Add a GITHUB_TOKEN to a local .env file. +2. Install https://cli.github.com and authenticate via 'gh auth login'. + `) + process.exit(1) + } +} diff --git a/src/ai-tools/lib/call-models-api.ts b/src/ai-tools/lib/call-models-api.ts index e08638e3c31b..70e2a90b6f58 100644 --- a/src/ai-tools/lib/call-models-api.ts +++ b/src/ai-tools/lib/call-models-api.ts @@ -1,4 +1,6 @@ const modelsCompletionsEndpoint = 'https://models.github.ai/inference/chat/completions' +const API_TIMEOUT_MS = 180000 // 3 minutes +const DEFAULT_MODEL = 'openai/gpt-4o' interface ChatMessage { role: string @@ -42,16 +44,16 @@ export async function callModelsApi( // Set default model if none specified if (!promptWithContent.model) { - promptWithContent.model = 'openai/gpt-4o' + promptWithContent.model = DEFAULT_MODEL if (verbose) { - console.log('⚠️ No model specified, using default: openai/gpt-4o') + console.log(`⚠️ No model specified, using default: ${DEFAULT_MODEL}`) } } try { // Create an AbortController for timeout handling const controller = new AbortController() - const timeoutId = setTimeout(() => controller.abort(), 180000) // 3 minutes + const timeoutId = setTimeout(() => controller.abort(), API_TIMEOUT_MS) const startTime = Date.now() if (verbose) { @@ -123,7 +125,7 @@ export async function callModelsApi( } catch (error) { if (error instanceof Error) { if (error.name === 'AbortError') { - throw new Error('API call timed out after 3 minutes') + throw new Error(`API call timed out after ${API_TIMEOUT_MS / 1000} seconds`) } console.error('Error calling GitHub Models REST API:', error.message) } diff --git a/src/ai-tools/lib/file-utils.ts b/src/ai-tools/lib/file-utils.ts new file mode 100644 index 000000000000..af8c0ef91224 --- /dev/null +++ b/src/ai-tools/lib/file-utils.ts @@ -0,0 +1,169 @@ +import fs from 'fs' +import path from 'path' +import yaml from 'js-yaml' +import readFrontmatter from '@/frame/lib/read-frontmatter' +import { schema } from '@/frame/lib/frontmatter' + +const MAX_DIRECTORY_DEPTH = 20 + +/** + * Enhanced recursive markdown file finder with symlink, depth, and root path checks + */ +export function findMarkdownFiles( + dir: string, + rootDir: string, + depth: number = 0, + maxDepth: number = MAX_DIRECTORY_DEPTH, + visited: Set = new Set(), +): string[] { + const markdownFiles: string[] = [] + let realDir: string + try { + realDir = fs.realpathSync(dir) + } catch { + // If we can't resolve real path, skip this directory + return [] + } + // Prevent escaping root directory + if (!realDir.startsWith(rootDir)) { + return [] + } + // Prevent symlink loops + if (visited.has(realDir)) { + return [] + } + visited.add(realDir) + // Prevent excessive depth + if (depth > maxDepth) { + return [] + } + let entries: fs.Dirent[] + try { + entries = fs.readdirSync(realDir, { withFileTypes: true }) + } catch { + // If we can't read directory, skip + return [] + } + for (const entry of entries) { + const fullPath = path.join(realDir, entry.name) + let realFullPath: string + try { + realFullPath = fs.realpathSync(fullPath) + } catch { + continue + } + // Prevent escaping root directory for files + if (!realFullPath.startsWith(rootDir)) { + continue + } + if (entry.isDirectory()) { + markdownFiles.push(...findMarkdownFiles(realFullPath, rootDir, depth + 1, maxDepth, visited)) + } else if (entry.isFile() && entry.name.endsWith('.md')) { + markdownFiles.push(realFullPath) + } + } + return markdownFiles +} + +interface FrontmatterProperties { + intro?: string + [key: string]: unknown +} + +/** + * Function to merge new frontmatter properties into existing file while preserving formatting. + * Uses surgical replacement to only modify the specific field(s) being updated, + * preserving all original YAML formatting for unchanged fields. + */ +export function mergeFrontmatterProperties(filePath: string, newPropertiesYaml: string): string { + const content = fs.readFileSync(filePath, 'utf8') + const parsed = readFrontmatter(content) + + if (parsed.errors && parsed.errors.length > 0) { + throw new Error( + `Failed to parse frontmatter: ${parsed.errors.map((e) => e.message).join(', ')}`, + ) + } + + if (parsed.content === undefined || parsed.content === null) { + throw new Error('Failed to parse content from file') + } + + try { + // Clean up the AI response - remove markdown code blocks if present + let cleanedYaml = newPropertiesYaml.trim() + cleanedYaml = cleanedYaml.replace(/^```ya?ml\s*\n/i, '') + cleanedYaml = cleanedYaml.replace(/\n```\s*$/i, '') + cleanedYaml = cleanedYaml.trim() + + const newProperties = yaml.load(cleanedYaml) as FrontmatterProperties + + // Security: Validate against prototype pollution using the official frontmatter schema + const allowedKeys = Object.keys(schema.properties) + + const sanitizedProperties = Object.fromEntries( + Object.entries(newProperties).filter(([key]) => { + if (allowedKeys.includes(key)) { + return true + } + console.warn(`Filtered out potentially unsafe frontmatter key: ${key}`) + return false + }), + ) + + // Split content into lines for surgical replacement + const lines = content.split('\n') + let inFrontmatter = false + let frontmatterEndIndex = -1 + + // Find frontmatter boundaries + for (let i = 0; i < lines.length; i++) { + if (lines[i].trim() === '---') { + if (!inFrontmatter) { + inFrontmatter = true + } else { + frontmatterEndIndex = i + break + } + } + } + + // Replace each field value while preserving everything else + for (const [key, value] of Object.entries(sanitizedProperties)) { + const formattedValue = typeof value === 'string' ? `'${value.replace(/'/g, "''")}'` : value + + // Find the line with this field + let foundField = false + for (let i = 1; i < frontmatterEndIndex; i++) { + const line = lines[i] + if (line.startsWith(`${key}:`)) { + foundField = true + // Simple replacement: keep the field name and spacing, replace the value + const colonIndex = line.indexOf(':') + const leadingSpace = line.substring(colonIndex + 1, colonIndex + 2) // Usually a space + lines[i] = `${key}:${leadingSpace}${formattedValue}` + + // Remove any continuation lines (multi-line values) + const j = i + 1 + while (j < frontmatterEndIndex && lines[j].startsWith(' ')) { + lines.splice(j, 1) + frontmatterEndIndex-- + } + break + } + } + + // If field doesn't exist, add it before the closing --- + if (!foundField && frontmatterEndIndex > 0) { + lines.splice(frontmatterEndIndex, 0, `${key}: ${formattedValue}`) + frontmatterEndIndex++ + } + } + + return lines.join('\n') + } catch (error) { + console.error('Failed to parse AI response as YAML:') + console.error('Raw AI response:', JSON.stringify(newPropertiesYaml)) + throw new Error(`Failed to parse new frontmatter properties: ${error}`) + } +} diff --git a/src/ai-tools/lib/prompt-utils.ts b/src/ai-tools/lib/prompt-utils.ts new file mode 100644 index 000000000000..7e2fbd887a04 --- /dev/null +++ b/src/ai-tools/lib/prompt-utils.ts @@ -0,0 +1,174 @@ +import { fileURLToPath } from 'url' +import fs from 'fs' +import yaml from 'js-yaml' +import path from 'path' +import readFrontmatter from '@/frame/lib/read-frontmatter' +import { callModelsApi } from '@/ai-tools/lib/call-models-api' + +export interface PromptMessage { + content: string + role: string +} + +export interface PromptData { + messages: PromptMessage[] + model?: string + temperature?: number + max_tokens?: number +} + +/** + * Get the prompts directory path + */ +export function getPromptsDir(): string { + const __dirname = path.dirname(fileURLToPath(import.meta.url)) + return path.join(__dirname, '../prompts') +} + +/** + * Dynamically discover available editor types from prompt files + */ +export function getAvailableEditorTypes(promptDir: string): string[] { + const editorTypes: string[] = [] + + try { + const promptFiles = fs.readdirSync(promptDir) + for (const file of promptFiles) { + if (file.endsWith('.md')) { + const editorName = path.basename(file, '.md') + editorTypes.push(editorName) + } + } + } catch { + console.warn('Could not read prompts directory, using empty editor types') + } + + return editorTypes +} + +/** + * Get formatted description of available refinement types + */ +export function getRefinementDescriptions(editorTypes: string[]): string { + return editorTypes.join(', ') +} + +/** + * Enrich context for intro prompt on index.md files + */ +export function enrichIndexContext(filePath: string, content: string): string { + if (!filePath.endsWith('index.md')) return content + + try { + const { data } = readFrontmatter(content) + if (!data) return content + + // Extract product name from file path (e.g., content/github-models/ -> "GitHub Models") + const productMatch = filePath.replace(/\\/g, '/').match(/content\/([^/]+)/) + const productName = productMatch + ? productMatch[1] + .split('-') + .map((w) => w.charAt(0).toUpperCase() + w.slice(1)) + .join(' ') + : '' + + // Get child article titles + const titles: string[] = [] + if (data.children && Array.isArray(data.children)) { + const dir = path.dirname(filePath) + for (const childPath of data.children.slice(0, 20)) { + try { + const childFile = path.join(dir, `${childPath.replace(/^\//, '')}.md`) + const childContent = fs.readFileSync(childFile, 'utf8') + const { data: childData } = readFrontmatter(childContent) + if (childData?.title) titles.push(childData.title) + } catch (error) { + if (process.env.AI_TOOLS_VERBOSE === 'true') { + console.warn('Failed to read or parse child article for intro context:', { + filePath, + childPath, + error, + }) + } + } + } + } + + // Build context note + const parts: string[] = [] + if (productName) parts.push(`Product: ${productName}`) + if (titles.length > 0) parts.push(`Child articles: ${titles.join(', ')}`) + + if (parts.length > 0) { + return `\n\n---\nContext for intro generation:\n${parts.join('\n')}\n---\n\n${content}` + } + } catch (error) { + if (process.env.AI_TOOLS_VERBOSE === 'true') { + console.warn('Failed to enrich index context for intro generation:', { + filePath, + error, + }) + } + } + + return content +} + +/** + * Call an editor with the given content and options + */ +export async function callEditor( + editorType: string, + content: string, + promptDir: string, + writeMode: boolean, + verbose = false, + promptContent?: string, // Optional: use this instead of reading from file +): Promise { + let markdownPrompt: string + + if (promptContent) { + // Use provided prompt content (e.g., from Copilot Space) + markdownPrompt = promptContent + } else { + // Read from file + const markdownPromptPath = path.join(promptDir, `${editorType}.md`) + + if (!fs.existsSync(markdownPromptPath)) { + throw new Error(`Prompt file not found: ${markdownPromptPath}`) + } + + markdownPrompt = fs.readFileSync(markdownPromptPath, 'utf8') + } + const promptTemplatePath = path.join(promptDir, 'prompt-template.yml') + + const prompt = yaml.load(fs.readFileSync(promptTemplatePath, 'utf8')) as PromptData + + // Validate the prompt template has required properties + if (!prompt.messages || !Array.isArray(prompt.messages)) { + throw new Error('Invalid prompt template: missing or invalid messages array') + } + + for (const msg of prompt.messages) { + msg.content = msg.content.replace('{{markdownPrompt}}', markdownPrompt) + msg.content = msg.content.replace('{{input}}', content) + // Replace writeMode template variable with simple string replacement + msg.content = msg.content.replace( + //g, + writeMode ? '' : '', + ) + msg.content = msg.content.replace( + //g, + writeMode ? '' : '', + ) + msg.content = msg.content.replace( + //g, + writeMode ? '' : '', + ) + + // Remove sections marked for removal + msg.content = msg.content.replace(/[\s\S]*?/g, '') + } + + return callModelsApi(prompt, verbose) +} diff --git a/src/ai-tools/lib/spaces-utils.ts b/src/ai-tools/lib/spaces-utils.ts new file mode 100644 index 000000000000..86c28f0477d1 --- /dev/null +++ b/src/ai-tools/lib/spaces-utils.ts @@ -0,0 +1,109 @@ +/** + * Copilot Space API response types + */ +export interface SpaceResource { + id: number + resource_type: string + copilot_chat_attachment_id: string | null + metadata: { + name: string + text: string + } +} + +export interface SpaceData { + id: number + number: number + name: string + description: string + general_instructions: string + resources_attributes: SpaceResource[] + html_url: string + created_at: string + updated_at: string +} + +/** + * Parse a Copilot Space URL to extract org and space ID + */ +export function parseSpaceUrl(url: string): { org: string; id: string } { + // Expected format: https://api.github.com/orgs/{org}/copilot-spaces/{id} + const match = url.match(/\/orgs\/([^/]+)\/copilot-spaces\/(\d+)/) + + if (!match) { + throw new Error( + `Invalid Copilot Space URL format. Expected: https://api.github.com/orgs/{org}/copilot-spaces/{id}`, + ) + } + + return { + org: match[1], + id: match[2], + } +} + +/** + * Fetch a Copilot Space from the GitHub API + */ +export async function fetchCopilotSpace(spaceUrl: string): Promise { + const { org, id } = parseSpaceUrl(spaceUrl) + const apiUrl = `https://api.github.com/orgs/${org}/copilot-spaces/${id}` + + const response = await fetch(apiUrl, { + headers: { + Authorization: `Bearer ${process.env.GITHUB_TOKEN}`, + Accept: 'application/vnd.github+json', + 'X-GitHub-Api-Version': '2022-11-28', + }, + }) + + if (!response.ok) { + if (response.status === 404) { + throw new Error(`Copilot Space not found: ${apiUrl}`) + } else if (response.status === 401 || response.status === 403) { + throw new Error( + `Authentication failed. Check your GitHub token has access to Copilot Spaces.`, + ) + } else { + throw new Error(`Failed to fetch Copilot Space: ${response.status} ${response.statusText}`) + } + } + + return (await response.json()) as SpaceData +} + +/** + * Convert a Copilot Space to a markdown prompt file + */ +export function convertSpaceToPrompt(space: SpaceData): string { + const timestamp = new Date().toISOString() + const lines: string[] = [] + + // Header with metadata + lines.push(``) + lines.push(``) + lines.push(``) + lines.push('') + + // General instructions + if (space.general_instructions) { + lines.push(space.general_instructions.trim()) + lines.push('') + } + + // Add each resource as a context section + if (space.resources_attributes && space.resources_attributes.length > 0) { + for (const resource of space.resources_attributes) { + if (resource.resource_type === 'free_text' && resource.metadata) { + lines.push('---') + lines.push('') + lines.push(`# Context: ${resource.metadata.name}`) + lines.push('') + lines.push(resource.metadata.text.trim()) + lines.push('') + } + } + } + + return lines.join('\n') +} diff --git a/src/ai-tools/prompts/content-type.md b/src/ai-tools/prompts/content-type.md new file mode 100644 index 000000000000..d784cb6a5d66 --- /dev/null +++ b/src/ai-tools/prompts/content-type.md @@ -0,0 +1,38 @@ +Your job is to read through GitHub Docs articles that I provide and figure out what content type it _most_ aligns to and add the frontmatter property `contentType` with an appropriate value. + +**Available `contentType` values (MUST choose from this exact list):** + +- 'get-started' (MANDATORY for files with "quickstart" in the filename; also use for other getting started content) +- 'concepts' (use for files with "about" in the filename; also use for other conceptual content) +- 'how-tos' (use for procedural content AND for subdirectory index.md files that have a `children` array) +- 'rai' (optional - only applies to files with "responsible-use" or "rai" in the filenames) +- 'reference' +- 'tutorials' + +There is one additional type, 'landing', which can ONLY be used on top-level product index.md files: 'content//index.md' + +**CRITICAL RULE**: If a file is an index.md with MORE than three directory parts (e.g., 'content///index.md'), it is a subdirectory index and should use 'how-tos', NOT 'landing'. The fact that it has a `children` array does NOT make it a landing page. + +For prior art, see the following file sets: + +- content/copilot/ +- content/actions/ +- content/account-and-profile/ +- content/integrations/ + +## Output format + +**Important:** Output ONLY the new frontmatter property that should be added to the file. Do not output the entire file content. + +```yaml +contentType: [selected option] +``` + + +**CRITICAL**: You are in write mode. Output ONLY the YAML frontmatter properties to update. +- Return just the YAML property in the format above +- Do NOT include analysis, explanations, or formatting +- Do NOT wrap in markdown code blocks or ```yaml +- Do NOT include the analysis format +- Just return the clean YAML properties for merging + \ No newline at end of file diff --git a/src/ai-tools/prompts/intro.md b/src/ai-tools/prompts/intro.md index 5a0b6be7e972..b6aec3c14da7 100644 --- a/src/ai-tools/prompts/intro.md +++ b/src/ai-tools/prompts/intro.md @@ -1,7 +1,20 @@ -You are an expert SEO content optimizer specializing in GitHub documentation. -Your task is to analyze a GitHub Docs content file and generate or optimize +You are an expert SEO content optimizer specializing in GitHub documentation. +Your task is to analyze a GitHub Docs content file and generate or optimize the intro frontmatter property following Google's meta description best practices. +## Context for index.md files + +For index.md files, you will receive additional context about the product and child articles: +- Product name (e.g., "GitHub Models", "GitHub Copilot") +- List of child article titles + +Use this context to create specific, product-focused intros rather than generic guidance. + +**Examples of good vs generic intros:** +- ❌ "Explore tutorials to build projects and learn new skills with GitHub" +- ❌ "Learn practical guides and step-by-step instructions" +- ✅ "Build AI applications with GitHub Models through hands-on tutorials covering model evaluation and deployment" + ## Core Requirements **Primary constraints (must-haves):** @@ -11,6 +24,11 @@ the intro frontmatter property following Google's meta description best practice * Different approach than title - don't start with same words/phrases * Lists 2-3 concrete outcomes maximum +**For index.md files:** +* Use the provided product name and child article context to create specific intros +* Identify key themes from child article titles to highlight covered topics +* Make intro specific to the product and topics, not generic guidance + **Secondary optimizations (nice-to-haves):** * Include relevant keywords naturally * Version-agnostic ({% data variables.* %} OK, avoid {% ifversion %}) @@ -46,6 +64,15 @@ the intro frontmatter property following Google's meta description best practice ✅ **Uniqueness**: Different angle from article title ✅ **Simplicity**: No colons, no complex lists, flowing sentences +**Examples for index.md files:** + +❌ **Too generic** (ignores provided context): +- Bad: "Explore practical guides and step-by-step instructions to accomplish tasks and solve problems on GitHub" + +✅ **Product-specific** (uses provided context): +- Better: "Learn to use GitHub Models for prototyping, evaluate AI models, and scale deployments across your organization" +- Or: "Build AI-powered applications with GitHub Models, from initial testing to enterprise-scale deployment" + ## Output format Use plain text formatting optimized for terminal readability: @@ -63,23 +90,23 @@ SEO-friendly alternative: "[Single, concise intro that summarizes the article's ## Character limits by content type - **Articles**: Maximum 354 characters -- **Categories**: Maximum 362 characters +- **Categories**: Maximum 362 characters - **Map Topics**: Maximum 362 characters ## Liquid syntax guidelines -**Keep these in intros** (they're acceptable for dynamic content): -- {% data variables.* %} - Product names and variables -- {% data reusables.* %} - Reusable content blocks +**When creating intros from scratch** (no existing intro field): +- Use plain text only - DO NOT use {% data variables.* %} or {% data reusables.* %} syntax +- Write out product names in full (e.g., "GitHub Copilot", "GitHub Actions", "GitHub Docs") +- This prevents hallucinating incorrect variable names -**Avoid these in intros** (version-agnostic content preferred): -- {% ifversion %} blocks - Create intros that work across all supported versions +**When updating existing intros** (intro field already exists): +- Preserve any existing {% data variables.* %} and {% data reusables.* %} references +- You may use the same variable patterns that already appear in the existing intro +- Do not introduce new variable references that weren't in the original -**Common variable meanings** (for analysis purposes): -- {% data variables.product.prodname_github %} = "GitHub" -- {% data variables.product.prodname_ghe_server %} = "GitHub Enterprise Server" -- {% data variables.product.prodname_copilot %} = "GitHub Copilot" -- {% data variables.copilot.copilot_coding_agent %} = "Copilot Coding Agent" +**Always avoid**: +- {% ifversion %} blocks - Create intros that work across all supported versions Focus on creating intros that would make sense to someone discovering this content through Google search, clearly communicating the value and relevance of the article. @@ -89,6 +116,12 @@ Focus on creating intros that would make sense to someone discovering this conte **CRITICAL**: You are in write mode. Output ONLY the YAML frontmatter property to update. +**For index.md files:** +- Use the provided product name and child article context in your intro +- Do NOT write generic intros that could apply to any product +- Make the intro specific to the actual product and covered topics + +**Output format:** - Return just: `intro: "your improved intro text"` - Do NOT include analysis, scoring, explanations, or formatting - Do NOT wrap in markdown code blocks or ```yaml diff --git a/src/ai-tools/scripts/ai-tools.ts b/src/ai-tools/scripts/ai-tools.ts index fde5245421cd..62f2d3a04cfb 100644 --- a/src/ai-tools/scripts/ai-tools.ts +++ b/src/ai-tools/scripts/ai-tools.ts @@ -1,123 +1,38 @@ -import { fileURLToPath } from 'url' import { Command } from 'commander' import fs from 'fs' -import yaml from 'js-yaml' import path from 'path' import ora from 'ora' -import { execSync } from 'child_process' -import { callModelsApi } from '@/ai-tools/lib/call-models-api' +import { execFileSync } from 'child_process' import dotenv from 'dotenv' import readFrontmatter from '@/frame/lib/read-frontmatter' -import { schema } from '@/frame/lib/frontmatter' +import { findMarkdownFiles, mergeFrontmatterProperties } from '@/ai-tools/lib/file-utils' +import { + getPromptsDir, + getAvailableEditorTypes, + getRefinementDescriptions, + callEditor, + enrichIndexContext, +} from '@/ai-tools/lib/prompt-utils' +import { fetchCopilotSpace, convertSpaceToPrompt } from '@/ai-tools/lib/spaces-utils' +import { ensureGitHubToken } from '@/ai-tools/lib/auth-utils' dotenv.config({ quiet: true }) -const __dirname = path.dirname(fileURLToPath(import.meta.url)) -const promptDir = path.join(__dirname, '../prompts') -const promptTemplatePath = path.join(promptDir, 'prompt-template.yml') - -if (!process.env.GITHUB_TOKEN) { - // Try to find a token via the CLI before throwing an error - const token = execSync('gh auth token').toString() - if (token.startsWith('gh')) { - process.env.GITHUB_TOKEN = token - } else { - console.warn(`🔑 A token is needed to run this script. Please do one of the following and try again: - -1. Add a GITHUB_TOKEN to a local .env file. -2. Install https://cli.github.com and authenticate via 'gh auth login'. - `) - process.exit(1) - } -} +const promptDir = getPromptsDir() -// Dynamically discover available editor types from prompt files -const getAvailableEditorTypes = (): string[] => { - const editorTypes: string[] = [] - - try { - const promptFiles = fs.readdirSync(promptDir) - for (const file of promptFiles) { - if (file.endsWith('.md')) { - const editorName = path.basename(file, '.md') - editorTypes.push(editorName) - } - } - } catch { - console.warn('Could not read prompts directory, using empty editor types') - } +// Ensure GitHub token is available +ensureGitHubToken() - return editorTypes -} - -const editorTypes = getAvailableEditorTypes() - -// Enhanced recursive markdown file finder with symlink, depth, and root path checks -const findMarkdownFiles = ( - dir: string, - rootDir: string, - depth: number = 0, - maxDepth: number = 20, - visited: Set = new Set(), -): string[] => { - const markdownFiles: string[] = [] - let realDir: string - try { - realDir = fs.realpathSync(dir) - } catch { - // If we can't resolve real path, skip this directory - return [] - } - // Prevent escaping root directory - if (!realDir.startsWith(rootDir)) { - return [] - } - // Prevent symlink loops - if (visited.has(realDir)) { - return [] - } - visited.add(realDir) - // Prevent excessive depth - if (depth > maxDepth) { - return [] - } - let entries: fs.Dirent[] - try { - entries = fs.readdirSync(realDir, { withFileTypes: true }) - } catch { - // If we can't read directory, skip - return [] - } - for (const entry of entries) { - const fullPath = path.join(realDir, entry.name) - let realFullPath: string - try { - realFullPath = fs.realpathSync(fullPath) - } catch { - continue - } - // Prevent escaping root directory for files - if (!realFullPath.startsWith(rootDir)) { - continue - } - if (entry.isDirectory()) { - markdownFiles.push(...findMarkdownFiles(realFullPath, rootDir, depth + 1, maxDepth, visited)) - } else if (entry.isFile() && entry.name.endsWith('.md')) { - markdownFiles.push(realFullPath) - } - } - return markdownFiles -} - -const refinementDescriptions = (): string => { - return editorTypes.join(', ') -} +const editorTypes = getAvailableEditorTypes(promptDir) interface CliOptions { verbose?: boolean prompt?: string[] refine?: string[] - files: string[] + files?: string[] write?: boolean + exportSpace?: string + space?: string + output?: string } const program = new Command() @@ -130,41 +45,115 @@ program '-w, --write', 'Write changes back to the original files (default: output to console only)', ) - .option('-p, --prompt ', `Specify one or more prompt type: ${refinementDescriptions()}`) + .option( + '-p, --prompt ', + `Specify one or more prompt type: ${getRefinementDescriptions(editorTypes)}`, + ) .option( '-r, --refine ', - `(Deprecated: use --prompt) Specify one or more prompt type: ${refinementDescriptions()}`, + `(Deprecated: use --prompt) Specify one or more prompt type: ${getRefinementDescriptions(editorTypes)}`, ) - .requiredOption( - '-f, --files ', - 'One or more content file paths in the content directory', + .option( + '--export-space ', + 'Export a Copilot Space to a prompt file (format: https://api.github.com/orgs/{org}/copilot-spaces/{id})', ) + .option( + '--space ', + 'Use a Copilot Space as prompt source (format: https://api.github.com/orgs/{org}/copilot-spaces/{id})', + ) + .option( + '--output ', + 'Output filename for exported Space prompt (use with --export-space)', + ) + .option('-f, --files ', 'One or more content file paths in the content directory') .action((options: CliOptions) => { ;(async () => { - const spinner = ora('Starting AI review...').start() + // Handle export-space workflow (standalone, doesn't process files) + if (options.exportSpace) { + if (!options.output) { + console.error('Error: --export-space requires --output option') + process.exit(1) + } - const files = options.files - // Handle both --prompt and --refine options for backwards compatibility - const prompts = options.prompt || options.refine + const spinner = ora('Fetching Copilot Space...').start() + try { + const space = await fetchCopilotSpace(options.exportSpace) + spinner.text = `Converting Space "${space.name}" to prompt format...` + + const promptContent = convertSpaceToPrompt(space) + const outputPath = path.join(promptDir, options.output) + + fs.writeFileSync(outputPath, promptContent, 'utf8') + spinner.succeed(`Exported Space to: ${outputPath}`) + console.log(`\nSpace: ${space.name}`) + console.log(`Resources: ${space.resources_attributes?.length || 0} items`) + console.log(`\nYou can now use it with: --prompt ${path.basename(options.output, '.md')}`) + return + } catch (error) { + spinner.fail(`Failed to export Space: ${(error as Error).message}`) + process.exit(1) + } + } + + // Validate mutually exclusive options + if (options.space && options.prompt) { + console.error('Error: Cannot use both --space and --prompt options') + process.exit(1) + } - if (!prompts || prompts.length === 0) { - spinner.fail('No prompt type specified. Use --prompt or --refine with one or more types.') - process.exitCode = 1 - return + // Files are required for processing workflows + if (!options.files || options.files.length === 0) { + console.error('Error: --files option is required (unless using --export-space)') + process.exit(1) } - // Validate that all requested editor types exist - const availableEditors = editorTypes - for (const editor of prompts) { - if (!availableEditors.includes(editor)) { - spinner.fail( - `Unknown prompt type: ${editor}. Available types: ${availableEditors.join(', ')}`, - ) + const spinner = ora('Starting AI review...').start() + + const files = options.files + let prompts: string[] = [] + let promptContent: string | undefined + + // Handle Space workflow (in-memory) + if (options.space) { + try { + spinner.text = 'Fetching Copilot Space...' + const space = await fetchCopilotSpace(options.space) + promptContent = convertSpaceToPrompt(space) + prompts = [space.name] // Use space name for display + + if (options.verbose) { + console.log(`Using Space: ${space.name} (ID: ${space.number})`) + console.log(`Resources: ${space.resources_attributes?.length || 0} items`) + } + } catch (error) { + spinner.fail(`Failed to fetch Space: ${(error as Error).message}`) + process.exit(1) + } + } else { + // Handle local prompt workflow + prompts = options.prompt || options.refine || [] + + if (prompts.length === 0) { + spinner.fail('No prompt type specified. Use --prompt, --refine, or --space.') process.exitCode = 1 return } } + // Validate local prompt types exist (skip for Space workflow) + if (!options.space) { + const availableEditors = editorTypes + for (const editor of prompts) { + if (!availableEditors.includes(editor)) { + spinner.fail( + `Unknown prompt type: ${editor}. Available types: ${availableEditors.join(', ')}`, + ) + process.exitCode = 1 + return + } + } + } + if (options.verbose) { console.log(`Processing ${files.length} files with prompts: ${prompts.join(', ')}`) } @@ -208,17 +197,49 @@ program const relativePath = path.relative(process.cwd(), fileToProcess) spinner.text = `Processing: ${relativePath}` try { - const content = fs.readFileSync(fileToProcess, 'utf8') + // Expand Liquid references before processing + let originalIntro = '' + if (editorType === 'intro') { + const originalContent = fs.readFileSync(fileToProcess, 'utf8') + const { data: originalData } = readFrontmatter(originalContent) + originalIntro = originalData?.intro || '' + } + + if (options.verbose) { + console.log(`Expanding Liquid references in: ${relativePath}`) + } + runLiquidTagsScript('expand', [fileToProcess], options.verbose || false) + + let content = fs.readFileSync(fileToProcess, 'utf8') + + // For intro prompt, add original intro and enrich context + if (editorType === 'intro') { + if (originalIntro) { + content = `\n\n---\nOriginal intro (unresolved): ${originalIntro}\n---\n\n${content}` + } + content = enrichIndexContext(fileToProcess, content) + } + + // For content-type prompt, skip files that already have contentType + if (editorType === 'content-type' && content.includes('contentType:')) { + spinner.stop() + console.log(`⏭️ Skipping ${relativePath} (already has contentType)`) + runLiquidTagsScript('restore', [fileToProcess], false) + continue + } + const answer = await callEditor( editorType, content, + promptDir, options.write || false, options.verbose || false, + promptContent, // Pass Space prompt content if using --space ) spinner.stop() if (options.write) { - if (editorType === 'intro') { + if (editorType === 'intro' || editorType === 'content-type') { // For frontmatter addition/modification, merge properties instead of overwriting entire file const updatedContent = mergeFrontmatterProperties(fileToProcess, answer) fs.writeFileSync(fileToProcess, updatedContent, 'utf8') @@ -235,10 +256,26 @@ program } console.log(answer) } + + // Always restore Liquid references after processing (even in non-write mode) + if (options.verbose) { + console.log(`Restoring Liquid references in: ${relativePath}`) + } + runLiquidTagsScript('restore', [fileToProcess], options.verbose || false) } catch (err) { const error = err as Error spinner.fail(`Error processing ${relativePath}: ${error.message}`) process.exitCode = 1 + + // Still try to restore Liquid references on error + try { + runLiquidTagsScript('restore', [fileToProcess], false) + } catch (restoreError) { + // Log restore failures in verbose mode for debugging + if (options.verbose) { + console.error(`Warning: Failed to restore Liquid references: ${restoreError}`) + } + } } finally { spinner.stop() } @@ -263,6 +300,36 @@ program program.parse(process.argv) +/** + * Run liquid-tags command on specified file paths + */ +function runLiquidTagsScript( + command: 'expand' | 'restore', + filePaths: string[], + verbose: boolean = false, +): void { + const args = [command, '--paths', ...filePaths] + if (verbose) { + args.push('--verbose') + } + + try { + // Run liquid-tags script via tsx + const liquidTagsScriptPath = path.join( + process.cwd(), + 'src/content-render/scripts/liquid-tags.ts', + ) + execFileSync('npx', ['tsx', liquidTagsScriptPath, ...args], { + stdio: verbose ? 'inherit' : 'pipe', + }) + } catch (error) { + if (verbose) { + console.error(`Error running liquid-tags ${command}:`, error) + } + // Don't fail the entire process if liquid-tags fails + } +} + // Handle graceful shutdown process.on('SIGINT', () => { console.log('\n\n🛑 Process interrupted by user') @@ -273,124 +340,3 @@ process.on('SIGTERM', () => { console.log('\n\n🛑 Process terminated') process.exit(0) }) - -interface PromptMessage { - content: string - role: string -} - -interface PromptData { - messages: PromptMessage[] - model?: string - temperature?: number - max_tokens?: number -} - -// Function to merge new frontmatter properties into existing file while preserving formatting -function mergeFrontmatterProperties(filePath: string, newPropertiesYaml: string): string { - const content = fs.readFileSync(filePath, 'utf8') - const parsed = readFrontmatter(content) - - if (parsed.errors && parsed.errors.length > 0) { - throw new Error( - `Failed to parse frontmatter: ${parsed.errors.map((e) => e.message).join(', ')}`, - ) - } - - if (!parsed.content) { - throw new Error('Failed to parse content from file') - } - - try { - // Clean up the AI response - remove markdown code blocks if present - let cleanedYaml = newPropertiesYaml.trim() - cleanedYaml = cleanedYaml.replace(/^```ya?ml\s*\n/i, '') - cleanedYaml = cleanedYaml.replace(/\n```\s*$/i, '') - cleanedYaml = cleanedYaml.trim() - - interface FrontmatterProperties { - intro?: string - [key: string]: unknown - } - const newProperties = yaml.load(cleanedYaml) as FrontmatterProperties - - // Security: Validate against prototype pollution using the official frontmatter schema - const allowedKeys = Object.keys(schema.properties) - - const sanitizedProperties = Object.fromEntries( - Object.entries(newProperties).filter(([key]) => { - if (allowedKeys.includes(key)) { - return true - } - console.warn(`Filtered out potentially unsafe frontmatter key: ${key}`) - return false - }), - ) - - // Merge new properties with existing frontmatter - const mergedData: FrontmatterProperties = { ...parsed.data, ...sanitizedProperties } - - // Manually ensure intro is wrapped in single quotes in the final output - let result = readFrontmatter.stringify(parsed.content, mergedData) - - // Post-process to ensure intro field has single quotes - if (newProperties.intro) { - const introValue = newProperties.intro.toString() - // Replace any quote style on intro with single quotes - result = result.replace( - /^intro:\s*(['"`]?)([^'"`\n\r]+)\1?\s*$/m, - `intro: '${introValue.replace(/'/g, "''")}'`, // Escape single quotes by doubling them - ) - } - return result - } catch (error) { - console.error('Failed to parse AI response as YAML:') - console.error('Raw AI response:', JSON.stringify(newPropertiesYaml)) - throw new Error(`Failed to parse new frontmatter properties: ${error}`) - } -} - -async function callEditor( - editorType: string, - content: string, - writeMode: boolean, - verbose = false, -): Promise { - const markdownPromptPath = path.join(promptDir, `${String(editorType)}.md`) - - if (!fs.existsSync(markdownPromptPath)) { - throw new Error(`Prompt file not found: ${markdownPromptPath}`) - } - - const markdownPrompt = fs.readFileSync(markdownPromptPath, 'utf8') - - const prompt = yaml.load(fs.readFileSync(promptTemplatePath, 'utf8')) as PromptData - - // Validate the prompt template has required properties - if (!prompt.messages || !Array.isArray(prompt.messages)) { - throw new Error('Invalid prompt template: missing or invalid messages array') - } - - for (const msg of prompt.messages) { - msg.content = msg.content.replace('{{markdownPrompt}}', markdownPrompt) - msg.content = msg.content.replace('{{input}}', content) - // Replace writeMode template variable with simple string replacement - msg.content = msg.content.replace( - //g, - writeMode ? '' : '', - ) - msg.content = msg.content.replace( - //g, - writeMode ? '' : '', - ) - msg.content = msg.content.replace( - //g, - writeMode ? '' : '', - ) - - // Remove sections marked for removal - msg.content = msg.content.replace(/[\s\S]*?/g, '') - } - - return callModelsApi(prompt, verbose) -} diff --git a/src/app/README.md b/src/app/README.md new file mode 100644 index 000000000000..02da61ada4ef --- /dev/null +++ b/src/app/README.md @@ -0,0 +1,71 @@ +# App Router (`src/app`) + +This directory contains the [Next.js App Router](https://nextjs.org/docs/app) implementation for GitHub Docs. It currently serves as the application shell, handling the root layout, global providers, and 404 error pages, while coexisting with the Pages Router implementation. + +## Purpose & Scope + +The `src/app` directory is the entry point for the Next.js App Router. Its primary responsibilities are: +- Defining the root HTML structure and metadata. +- Initializing global client-side context providers (Theme, Locale, Languages). +- Handling global "Not Found" (404) scenarios. +- Providing a bridge between the modern App Router architecture and the `MainContext` used by existing components. + +We began this migration because we anticipate `@primer/react` will eventually drop support for the Pages Router. If that happens, we will be unable to upgrade `@primer/react`, effectively blocking us from receiving any future design system updates. Moving to the App Router prevents this and aligns us with the broader Next.js ecosystem. + +## Architecture & Key Assets + +### Directory Structure + +- `layout.tsx`: The server-side Root Layout. It sets up the `` and `` tags, loads global styles, and defines metadata/viewport settings. +- `client-layout.tsx`: A client component (`'use client'`) that wraps the application in necessary React Context providers. This allows server components to compose client-side logic for theming and state management. +- `not-found.tsx`: The UI for 404 errors within the App Router. +- `lib/`: Utilities for context adaptation and routing logic. + - `app-router-context.ts`: Generates context data based on the current request path. + - `main-context-adapter.ts`: Adapts App Router data structures to match the `MainContext` shape, ensuring backward compatibility for components. +- `components/`: Client-side components specific to the App Router shell (e.g., wrappers for 404 pages, context providers). + +### Key Concepts + +- **Context Adaptation**: Since much of the codebase relies on a monolithic `MainContext`, this directory implements adapters to construct a compatible context object from App Router primitives. This allows us to reuse existing components without rewriting them immediately. +- **Hybrid Routing**: The application currently operates in a hybrid mode. While `src/app` defines the outer shell, many specific routes and page rendering logic may still reside in the Pages Router (`src/pages`) or are being incrementally migrated. + +## Setup & Usage + +### Development + +Standard Next.js App Router conventions apply. To add a new route using the App Router, create a folder with a `page.tsx` file inside `src/app`. + +Useful documentation: +- [Next.js App Router Documentation](https://nextjs.org/docs/app) +- [Migrating from Pages to App Router](https://nextjs.org/docs/app/building-your-application/upgrading/app-router-migration) + +### Testing + +Tests for App Router logic should be placed alongside the components if applicable. + +Tests that verify Next.js behavior (like 404 handling) can be found in `src/frame/tests/next.ts`. + +## Data & External Dependencies + +- **Data Sources**: + - Consumes UI strings and language data from `src/data-directory` (via `getUIDataMerged`). + - Uses `src/languages` for locale definitions. +- **External Libraries**: + - `@primer/react`: Used for the design system and theming provider. + - `next`: The core framework. + +## Cross-links & Ownership + +- **Owner**: Docs Engineering +- **Related Directories**: + - `src/pages`: The Pages Router implementation. + - `src/frame`: Server and middleware logic that interacts with routing. + - `src/data-directory`: Source of static data used in layouts. + +## Current State & Next Steps + +- **Current State**: The App Router handles the root layout and 404s. It provides a compatibility layer for existing contexts. +- **Next Steps**: + - Migrate individual page routes from `src/pages` to `src/app`. + - Refactor components to reduce dependency on the monolithic `MainContext`. + - Improve data fetching patterns to use React Server Components (RSC) more effectively. \ No newline at end of file diff --git a/src/app/lib/main-context-adapter.ts b/src/app/lib/main-context-adapter.ts index ee79b2b62693..ccca0c98a17a 100644 --- a/src/app/lib/main-context-adapter.ts +++ b/src/app/lib/main-context-adapter.ts @@ -40,6 +40,7 @@ export function adaptAppRouterContextToMainContext( oldestSupported: '', nextDeprecationDate: '', supported: [], + releasesWithOldestDeprecationDate: [], }, enterpriseServerVersions: [], error: '', diff --git a/src/archives/README.md b/src/archives/README.md index 8aeee1670109..98f3f3148125 100644 --- a/src/archives/README.md +++ b/src/archives/README.md @@ -1,5 +1,86 @@ # Archives -Product oriented code to handle archived versions of the Docs, such as archived Enterprise Server versions. +This directory contains the infrastructure for serving archived versions of GitHub Docs, primarily for deprecated GitHub Enterprise Server (GHES) releases. -The directory `versions/` handles non-archived versions of the docs. `ghes-releases/` handles version releases and deprecations processes. +## Purpose & Scope + +To keep the main documentation site fast and the build lightweight, we do not build deprecated GHES versions from source. Instead, we serve them as static snapshots. This directory provides the middleware that: + +1. **Detects** requests for archived versions. +2. **Proxies** the HTML and assets from their static hosting location. +3. **Rewrites** content on-the-fly to ensure links and assets work correctly within the current site structure. + +## Architecture + +The system acts as a reverse proxy for specific URL paths. + +### Directory Structure + +- **`middleware/`** + - `archived-enterprise-versions.ts`: The primary handler. It: + - Checks if a URL belongs to a deprecated version. + - Fetches the content from the external host. + - Rewrites HTML (e.g., fixing image paths, injecting new headers). + - Handles redirects defined in the archived version's `redirects.json`. + - `archived-enterprise-versions-assets.ts`: Proxies static assets (CSS, JS, fonts) from the archive host. + - `archived-asset-redirects.ts`: Maps legacy asset paths to modern equivalents where possible. +- **`lib/`** + - `is-archived-version.ts`: Utilities to parse URLs and check against the list of deprecated versions defined in `src/versions`. +- **`scripts/`** + - `warmup-remotejson.ts`: Utility to prime caches for remote JSON files. + +### Request Flow + +```mermaid +graph TD + A[Incoming Request] --> B{Is Archived Version?} + B -- No --> C[Next Middleware] + B -- Yes --> D{Is Asset?} + D -- Yes --> E[archived-enterprise-versions-assets] + D -- No --> F[archived-enterprise-versions] + E --> G[Fetch from docs-ghes-X.X repo] + F --> H[Fetch HTML from docs-ghes-X.X repo] + H --> I[Rewrite Body & Headers] + I --> J[Serve Response] + G --> J +``` + +## Data & External Dependencies + +### External Hosting +Archived versions are hosted as static sites on GitHub Pages, typically in repositories named `github/docs-ghes-`. +- **Source**: `https://github.github.com/docs-ghes-` +- **Content**: These repos contain the fully built static HTML and assets for that version at the time of its deprecation. + +### Internal Dependencies +- **`src/versions`**: The `deprecated` array in `src/versions/lib/enterprise-server-releases.ts` is the source of truth for which versions are handled by this middleware. +- **`src/frame`**: Uses shared patterns and fetch utilities. + +## Setup & Usage + +This functionality is enabled by default in the application. + +### Local Development +To test archived versions locally: +1. Ensure you have internet access (the middleware fetches from public URLs). +2. Navigate to a deprecated version URL, e.g., `http://localhost:4000/enterprise-server@3.0`. + +### Adding a New Archive +When a GHES version is deprecated: +1. A static snapshot is created and pushed to a `docs-ghes-` repository. +2. The version is moved to the `deprecated` list in `src/versions/lib/enterprise-server-releases.ts`. +3. This middleware automatically starts handling requests for that version. + +## Ownership & Cross-links + +- **Owner**: Docs Engineering +- **Related Code**: + - `src/versions`: Version configuration. + - `src/ghes-releases`: Release lifecycle management. + +## Current State & Next Steps + +- **Health**: The system is stable (KTLO) but relies on the availability of the external GitHub Pages sites. A new version is deprecated and added to this system approximately once per quarter. +- **Known Issues**: + - "Flash of content" or layout shifts can occur if CSS proxies are slow. + - Search is generally disabled or limited for archived versions. diff --git a/src/archives/middleware/archived-enterprise-versions.ts b/src/archives/middleware/archived-enterprise-versions.ts index 74dbf9caf2e1..cce873631096 100644 --- a/src/archives/middleware/archived-enterprise-versions.ts +++ b/src/archives/middleware/archived-enterprise-versions.ts @@ -2,6 +2,7 @@ import type { Response, NextFunction } from 'express' import { fetchWithRetry } from '@/frame/lib/fetch-utils' import statsd from '@/observability/lib/statsd' +import { createLogger } from '@/observability/logger' import { firstVersionDeprecatedOnNewSite, lastVersionWithoutArchivedRedirectsFile, @@ -19,6 +20,8 @@ import getRedirect, { splitPathByLanguage } from '@/redirects/lib/get-redirect' import getRemoteJSON from '@/frame/lib/get-remote-json' import { ExtendedRequest } from '@/types' +const logger = createLogger(import.meta.url) + const OLD_PUBLIC_AZURE_BLOB_URL = 'https://githubdocs.azureedge.net' // Old Azure Blob Storage `enterprise` container. const OLD_AZURE_BLOB_ENTERPRISE_DIR = `${OLD_PUBLIC_AZURE_BLOB_URL}/enterprise` @@ -78,11 +81,17 @@ const cacheAggressively = (res: Response) => { const retryConfiguration = { limit: 3 } // According to our Datadog metrics, the *average* time for the // the 'archive_enterprise_proxy' metric is ~70ms (excluding spikes) -// which much less than 1500ms. +// which is much less than 3000ms. // We have observed errors of timeout, in production, when it was -// set to 500ms. Let's try to be very conservative here to avoid -// unnecessary error reporting. -const timeoutConfiguration = { response: 1500 } +// set to 500ms and then 1500ms. Let's be more conservative here to +// avoid unnecessary error reporting during occasional slow responses. +const timeoutConfiguration = { response: 3000 } + +// Monitoring thresholds for logging response times +// Log warnings when responses exceed half the timeout threshold +const WARN_RESPONSE_THRESHOLD = timeoutConfiguration.response / 2 // 1500ms +// Log info for responses that are noticeably slow but not concerning +const SLOW_RESPONSE_THRESHOLD = 500 // ms // This module handles requests for deprecated GitHub Enterprise versions // by routing them to static content in @@ -201,10 +210,44 @@ export default async function archivedEnterpriseVersions( ) const statsdTags = [`version:${requestedVersion}`] + const startTime = Date.now() const r = await statsd.asyncTimer(doGet, 'archive_enterprise_proxy', [ ...statsdTags, `path:${req.path}`, ])() + const responseTime = Date.now() - startTime + + // Log warnings for slow responses to help identify degraded performance + // A response time over half the timeout indicates potential issues + if (responseTime > WARN_RESPONSE_THRESHOLD) { + logger.warn('Slow response from archived enterprise content', { + version: requestedVersion, + path: req.path, + responseTime: `${responseTime}ms`, + status: r.status, + threshold: `${WARN_RESPONSE_THRESHOLD}ms`, + }) + } + + // Log errors for non-200 responses to help identify issues with archived content + if (r.status !== 200) { + logger.error('Failed to fetch archived enterprise content', { + version: requestedVersion, + path: req.path, + status: r.status, + responseTime: `${responseTime}ms`, + url: getProxyPath(req.path, requestedVersion), + }) + } + + // Log successful responses with timing for monitoring trends + if (r.status === 200 && responseTime > SLOW_RESPONSE_THRESHOLD) { + logger.info('Archived enterprise content response', { + version: requestedVersion, + responseTime: `${responseTime}ms`, + status: r.status, + }) + } if (r.status === 200) { const body = await r.text() @@ -317,6 +360,7 @@ export default async function archivedEnterpriseVersions( return res.send(modifiedBody) } + // In releases 2.13 - 2.17, we lost access to frontmatter redirects // during the archival process. This workaround finds potentially // relevant frontmatter redirects in currently supported pages diff --git a/src/article-api/README.md b/src/article-api/README.md index 28c749bd6b02..68ad97d2e00a 100644 --- a/src/article-api/README.md +++ b/src/article-api/README.md @@ -1,7 +1,10 @@ # Article API This subject folder contains the code for the Article API endpoints: + - `/api/pagelist` +- `/api/pagelist/versions` +- `/api/pagelist/languages` - `/api/article/body` - `/api/article/meta` @@ -17,23 +20,26 @@ The `/api/article/body` endpoint can serve markdown for both regular articles an ## How it works -The `/api/article` endpoints return information about a page by `pathname`. +The `/api/article` endpoints return information about a page by `pathname`. `api/article/meta` is highly cached, in JSON format. ### Autogenerated Content Transformers -For autogenerated pages (REST, landing pages, audit logs, webhooks, GraphQL, etc), the Article API uses specialized transformers to convert the rendered content into markdown format. These transformers are located in `src/article-api/transformers/` and use an extensible architecture: +For autogenerated pages (REST, GraphQL, webhooks, landing pages, audit logs, etc), the Article API uses specialized transformers to convert the rendered content into markdown format. These transformers are located in `src/article-api/transformers/` and use an extensible architecture. + +#### Transformers To add a new transformer for other autogenerated content types: + 1. Create a new transformer file implementing the `PageTransformer` interface 2. Register it in `transformers/index.ts` -3. Create a template in `templates/` to configure how the transformer will organize the autogenerated content +3. Create a template in `templates/` to configure how the transformer will organize the autogenerated content 4. The transformer will automatically be used by `/api/article/body` ## How to get help -For internal folks ask in the Docs Engineering slack channel. +For internal folks ask in the Docs Engineering slack channel. For open source folks, please open a discussion in the public repository. @@ -137,6 +143,42 @@ Get metadata about an article. --- +### GET /api/pagelist/versions + +Get all available product versions for the docs site. + +**Returns**: (object) - JSON object with version information + +**Example**: +``` +❯ curl -s https://docs.github.com/api/pagelist/versions | jq +{ + "versions": ["free-pro-team@latest", "enterprise-cloud@latest", "enterprise-server@3.19", ...], + "ghesVersions": ["3.19", "3.18", "3.17", ...], + "ghesLatest": "3.19", + ... +} +``` + +--- + +### GET /api/pagelist/languages + +Get all available languages for the docs site. + +**Returns**: (object) - JSON object with language information + +**Example**: +``` +❯ curl -s https://docs.github.com/api/pagelist/languages | jq +{ + "languages": ["en", "es", "ja", "pt", "zh", "ru", "fr", "ko", "de"], + "allLanguages": { ... } +} +``` + +--- + ### GET /api/pagelist/:lang/:productVersion A list of pages available for a fully qualified path containing the target language and product version. diff --git a/src/article-api/lib/get-all-toc-items.ts b/src/article-api/lib/get-all-toc-items.ts new file mode 100644 index 000000000000..51070a24ccd6 --- /dev/null +++ b/src/article-api/lib/get-all-toc-items.ts @@ -0,0 +1,127 @@ +import type { Context, Page } from '@/types' +import type { LinkData } from '@/article-api/transformers/types' +import { resolvePath } from './resolve-path' + +interface PageWithChildren extends Page { + children?: string[] + category?: string[] +} + +interface TocItem extends LinkData { + category?: string[] + childTocItems?: TocItem[] +} + +/** + * Recursively gathers all TOC items from a page and its descendants. + * This mirrors the behavior of getTocItems() in the generic-toc middleware + * but works with the page.children frontmatter property. + * + * @param page - The page to gather TOC items from + * @param context - The rendering context + * @param options - Configuration options + * @returns Array of TocItems with nested childTocItems + */ +export async function getAllTocItems( + page: Page, + context: Context, + options: { + recurse?: boolean + renderIntros?: boolean + } = {}, +): Promise { + const { recurse = true, renderIntros = true } = options + const pageWithChildren = page as PageWithChildren + const languageCode = page.languageCode || 'en' + + if (!pageWithChildren.children || pageWithChildren.children.length === 0) { + return [] + } + + // Get the page's pathname for resolving children + const pagePermalink = page.permalinks.find( + (p) => p.languageCode === languageCode && p.pageVersion === context.currentVersion, + ) + const pathname = pagePermalink ? pagePermalink.href : `/${languageCode}` + + const items: TocItem[] = [] + + for (const childHref of pageWithChildren.children) { + const childPage = resolvePath(childHref, languageCode, pathname, context) as + | PageWithChildren + | undefined + + if (!childPage) continue + + const title = await childPage.renderTitle(context, { unwrap: true }) + const intro = + renderIntros && childPage.intro + ? await childPage.renderProp('intro', context, { textOnly: true }) + : '' + + const childPermalink = childPage.permalinks.find( + (p) => p.languageCode === languageCode && p.pageVersion === context.currentVersion, + ) + const href = childPermalink ? childPermalink.href : childHref + + const category = childPage.category || [] + + const item: TocItem = { + href, + title, + intro, + category, + childTocItems: [], + } + + // Recursively get children if enabled + if (recurse && childPage.children && childPage.children.length > 0) { + item.childTocItems = await getAllTocItems(childPage, context, options) + } + + items.push(item) + } + + return items +} + +/** + * Flattens nested TOC items into a single array. + * Only includes leaf nodes (items without children) or all items based on options. + * + * @param tocItems - The nested TOC items to flatten + * @param options - Configuration options + * @returns Flat array of LinkData items + */ +export function flattenTocItems( + tocItems: TocItem[], + options: { + excludeParents?: boolean // If true, only include items without children + } = {}, +): LinkData[] { + const { excludeParents = true } = options + const result: LinkData[] = [] + + function recurse(items: TocItem[]) { + for (const item of items) { + const hasChildren = item.childTocItems && item.childTocItems.length > 0 + + // Include this item if it's a leaf or if we're including parents + if (!hasChildren || !excludeParents) { + result.push({ + href: item.href, + title: item.title, + intro: item.intro, + }) + } + + // Recurse into children + if (hasChildren) { + recurse(item.childTocItems!) + } + } + } + + recurse(tocItems) + return result +} diff --git a/src/article-api/lib/get-link-data.ts b/src/article-api/lib/get-link-data.ts new file mode 100644 index 000000000000..f9c33c74608e --- /dev/null +++ b/src/article-api/lib/get-link-data.ts @@ -0,0 +1,48 @@ +import type { Context, Page } from '@/types' +import type { LinkData } from '@/article-api/transformers/types' + +/** + * Resolves link data (title, href, intro) for a given href and page + * + * This helper is used by landing page transformers to build link lists. + * It resolves the page from an href, renders its title and intro, and + * returns the canonical permalink. + * + * @param href - The href to resolve (can be relative or absolute) + * @param languageCode - The language code for the current page + * @param pathname - The current page's pathname (for relative resolution) + * @param context - The rendering context + * @param resolvePath - Function to resolve an href to a Page object + * @returns LinkData with resolved title, href, and optional intro + */ +export async function getLinkData( + href: string, + languageCode: string, + pathname: string, + context: Context, + resolvePath: ( + href: string, + languageCode: string, + pathname: string, + context: Context, + ) => Page | undefined, +): Promise { + const linkedPage = resolvePath(href, languageCode, pathname, context) + if (!linkedPage) return { href, title: href } + + const title = await linkedPage.renderTitle(context, { unwrap: true }) + const intro = linkedPage.intro + ? await linkedPage.renderProp('intro', context, { textOnly: true }) + : '' + + const permalink = linkedPage.permalinks.find( + (p) => p.languageCode === languageCode && p.pageVersion === context.currentVersion, + ) + const resolvedHref = permalink ? permalink.href : href + + return { + href: resolvedHref, + title, + intro, + } +} diff --git a/src/article-api/lib/graphql-helpers.ts b/src/article-api/lib/graphql-helpers.ts new file mode 100644 index 000000000000..6db482d7ff06 --- /dev/null +++ b/src/article-api/lib/graphql-helpers.ts @@ -0,0 +1,32 @@ +import type { Context, Page } from '@/types' +import { renderContent } from '@/content-render/index' +import matter from '@gr2m/gray-matter' + +/** + * Extract manual content from page markdown + * Used by GraphQL transformers to get content before the auto-generated marker + */ +export async function extractManualContent(page: Page, context: Context): Promise { + if (!page.markdown) return '' + + const markerIndex = page.markdown.indexOf( + '', + ) + + if (markerIndex <= 0) return '' + + const { content } = matter(page.markdown) + const manualContentMarkerIndex = content.indexOf( + '', + ) + + if (manualContentMarkerIndex <= 0) return '' + + const rawManualContent = content.substring(0, manualContentMarkerIndex).trim() + if (!rawManualContent) return '' + + return await renderContent(rawManualContent, { + ...context, + markdownRequested: true, + }) +} diff --git a/src/article-api/lib/load-template.ts b/src/article-api/lib/load-template.ts new file mode 100644 index 000000000000..2cf169ba791b --- /dev/null +++ b/src/article-api/lib/load-template.ts @@ -0,0 +1,31 @@ +import { readFileSync } from 'fs' +import { join, dirname } from 'path' +import { fileURLToPath } from 'url' + +// Get the directory path for the transformers directory +// This will be used to resolve template paths relative to transformers +const __filename = fileURLToPath(import.meta.url) +const __dirname = dirname(__filename) + +/** + * Load a template file from the templates directory + * + * This helper loads Liquid template files used by transformers. + * Templates are located in src/article-api/templates/ + * + * @param templateName - The name of the template file (e.g., 'landing-page.template.md') + * @returns The template content as a string + * + * @example + * ```typescript + * const template = loadTemplate('landing-page.template.md') + * const rendered = await renderContent(template, context) + * ``` + */ +export function loadTemplate(templateName: string): string { + // Templates are in ../templates relative to the lib directory + // lib is at src/article-api/lib + // templates is at src/article-api/templates + const templatePath = join(__dirname, '../templates', templateName) + return readFileSync(templatePath, 'utf8') +} diff --git a/src/article-api/lib/resolve-path.ts b/src/article-api/lib/resolve-path.ts new file mode 100644 index 000000000000..88acc8f618b1 --- /dev/null +++ b/src/article-api/lib/resolve-path.ts @@ -0,0 +1,107 @@ +import type { Context, Page } from '@/types' + +/** + * Resolves an href to a Page object from the context + * + * This function handles various href formats: + * - External URLs (http/https) - returns undefined + * - Language-prefixed absolute paths (/en/copilot/...) - direct lookup + * - Absolute paths without language (/copilot/...) - adds language prefix + * - Relative paths (get-started) - resolved relative to pathname + * + * The function searches through context.pages using multiple strategies: + * 1. Direct key lookup with language prefix + * 2. Relative path joining with current pathname + * 3. endsWith matching for versioned keys (e.g., /en/enterprise-cloud@latest/...) + * + * @param href - The href to resolve + * @param languageCode - The language code (e.g., 'en') + * @param pathname - The current page's pathname (e.g., '/en/copilot') + * @param context - The rendering context containing all pages + * @returns The resolved Page object, or undefined if not found + * + * @example + * ```typescript + * // Absolute path with language + * resolvePath('/en/copilot/quickstart', 'en', '/en/copilot', context) + * + * // Absolute path without language (adds /en/) + * resolvePath('/copilot/quickstart', 'en', '/en/copilot', context) + * + * // Relative path (resolves to /en/copilot/quickstart) + * resolvePath('quickstart', 'en', '/en/copilot', context) + * + * // Relative path with leading slash (resolves relative to pathname) + * resolvePath('/quickstart', 'en', '/en/copilot', context) // -> /en/copilot/quickstart + * ``` + */ +export function resolvePath( + href: string, + languageCode: string, + pathname: string, + context: Context, +): Page | undefined { + // External URLs cannot be resolved + if (href.startsWith('http://') || href.startsWith('https://')) { + return undefined + } + + if (!context.pages) { + return undefined + } + + // Normalize href to start with / + const normalizedHref = href.startsWith('/') ? href : `/${href}` + + // Build full path with language prefix if needed + let fullPath: string + if (normalizedHref.startsWith(`/${languageCode}/`)) { + // Already has language prefix + fullPath = normalizedHref + } else if (href.startsWith('/') && !href.startsWith(`/${languageCode}/`)) { + // Path with leading slash but no language prefix - treat as relative to pathname + // e.g., pathname='/en/copilot', href='/get-started' -> '/en/copilot/get-started' + fullPath = pathname + href + } else { + // Relative path - add language prefix + // e.g., href='quickstart' -> '/en/quickstart' + fullPath = `/${languageCode}${normalizedHref}` + } + + // Clean up trailing slashes + const cleanPath = fullPath.replace(/\/$/, '') + + // Strategy 1: Direct lookup + if (context.pages[cleanPath]) { + return context.pages[cleanPath] + } + + // Strategy 2: Try relative to current pathname + const currentPath = pathname.replace(/\/$/, '') + const relativeHref = href.startsWith('/') ? href.slice(1) : href + const joinedPath = `${currentPath}/${relativeHref}` + + if (context.pages[joinedPath]) { + return context.pages[joinedPath] + } + + // Strategy 3: Search for keys that end with the path (handles versioned keys) + // e.g., key='/en/enterprise-cloud@latest/copilot' should match path='/en/copilot' + for (const [key, page] of Object.entries(context.pages)) { + if (key.endsWith(cleanPath) || key.endsWith(`${cleanPath}/`)) { + return page + } + } + + // Strategy 4: If href started with /, try endsWith matching on that too + if (href.startsWith('/')) { + const hrefClean = href.replace(/\/$/, '') + for (const [key, page] of Object.entries(context.pages)) { + if (key.endsWith(hrefClean) || key.endsWith(`${hrefClean}/`)) { + return page + } + } + } + + return undefined +} diff --git a/src/article-api/lib/strip-html-comments.ts b/src/article-api/lib/strip-html-comments.ts new file mode 100644 index 000000000000..354bef9b0b63 --- /dev/null +++ b/src/article-api/lib/strip-html-comments.ts @@ -0,0 +1,31 @@ +/** + * Strips HTML comments from markdown content. + * Removes single-line HTML comments like + * while preserving other content. + * + * @param content - The markdown content to process + * @returns The content with HTML comments removed + */ +export function stripHtmlComments(content: string): string { + // Remove single-line HTML comments () + // This matches comments that are on their own line or inline + return content.replace(//g, '').trim() +} + +/** + * Strips HTML comments and cleans up extra blank lines. + * Useful for cleaning up rendered markdown content where HTML comments + * were on separate lines and their removal creates gaps. + * + * @param content - The markdown content to process + * @returns The content with HTML comments removed and blank lines normalized + */ +export function stripHtmlCommentsAndNormalizeWhitespace(content: string): string { + // Remove HTML comments + let cleaned = stripHtmlComments(content) + + // Normalize multiple consecutive blank lines to at most 2 blank lines + cleaned = cleaned.replace(/\n{3,}/g, '\n\n') + + return cleaned.trim() +} diff --git a/src/article-api/middleware/article-body.ts b/src/article-api/middleware/article-body.ts index a47dc865d29a..c6b82b59f627 100644 --- a/src/article-api/middleware/article-body.ts +++ b/src/article-api/middleware/article-body.ts @@ -3,6 +3,7 @@ import type { Response } from 'express' import { Context } from '@/types' import { ExtendedRequestWithPageInfo } from '@/article-api/types' import contextualize from '@/frame/middleware/context/context' +import features from '@/versions/middleware/features' import { transformerRegistry } from '@/article-api/transformers' import { allVersions } from '@/versions/lib/all-versions' import type { Page } from '@/types' @@ -28,6 +29,9 @@ async function createContextualizedRenderingRequest(pathname: string, page: Page await contextualize(renderingReq as ExtendedRequestWithPageInfo, {} as Response, () => {}) renderingReq.context.page = page + // Load feature flags into context (needed for {% ifversion %} tags) + features(renderingReq as ExtendedRequestWithPageInfo, {} as Response, () => {}) + return renderingReq } @@ -70,5 +74,20 @@ export async function getArticleBody(req: ExtendedRequestWithPageInfo) { // these parts allow us to render the page const renderingReq = await createContextualizedRenderingRequest(pathname, page) renderingReq.context.markdownRequested = true - return await page.render(renderingReq.context) + const content = await page.render(renderingReq.context) + + // Get title and intro for consistency with transformer-based pages + const title = page.title + const intro = page.intro + ? await page.renderProp('intro', renderingReq.context, { textOnly: true }) + : '' + + // Prepend title and intro to the content + let result = `# ${title}\n\n` + if (intro) { + result += `${intro}\n\n` + } + result += content + + return result } diff --git a/src/article-api/middleware/article.ts b/src/article-api/middleware/article.ts index 3bbb79cc628f..713c5eb6790a 100644 --- a/src/article-api/middleware/article.ts +++ b/src/article-api/middleware/article.ts @@ -172,11 +172,19 @@ function incrementArticleLookup( // logs the source of the request, if it's for hovercards it'll have the header X-Request-Source. // see src/links/components/LinkPreviewPopover.tsx - const source = - req.get('X-Request-Source') || - (req.get('Referer') - ? `external-${new URL(req.get('Referer') || '').hostname || 'unknown'}` - : 'external') + let source = req.get('X-Request-Source') + if (!source) { + const referer = req.get('Referer') + if (referer) { + try { + source = `external-${new URL(referer).hostname || 'unknown'}` + } catch { + source = 'external' + } + } else { + source = 'external' + } + } const tags = [ // According to https://docs.datadoghq.com/getting_started/tagging/#define-tags diff --git a/src/article-api/middleware/pagelist.ts b/src/article-api/middleware/pagelist.ts index 3b69a032b5f7..095f4b9bab59 100644 --- a/src/article-api/middleware/pagelist.ts +++ b/src/article-api/middleware/pagelist.ts @@ -8,11 +8,85 @@ import { getLanguageCodeFromPath } from '@/languages/middleware/detect-language' import { pagelistValidationMiddleware } from './validation' import catchMiddlewareError from '@/observability/middleware/catch-middleware-error' import statsd from '@/observability/lib/statsd' +import { allVersions, allVersionKeys } from '@/versions/lib/all-versions' +import enterpriseServerReleases from '@/versions/lib/enterprise-server-releases' +import { languages, languageKeys } from '@/languages/lib/languages' const router = express.Router() // pagelistValidationMiddleware is used for every route to normalize the lang and version from the path +/** + * Get all available product versions for the docs site. + * @route GET /api/pagelist/versions + * @returns {object} JSON object with version information + * @example + * ❯ curl -s https://docs.github.com/api/pagelist/versions | jq + * { + * "versions": ["free-pro-team@latest", "enterprise-cloud@latest", "enterprise-server@3.19", ...], + * "ghesVersions": ["3.19", "3.18", "3.17", ...], + * "ghesLatest": "3.19", + * ... + * } + */ +router.get( + '/versions', + catchMiddlewareError(async function (req: ExtendedRequest, res: Response) { + defaultCacheControl(res) + + const response = { + // Simple list of all version strings + versions: allVersionKeys, + // GHES-specific information + ghesVersions: enterpriseServerReleases.supported, + ghesLatest: enterpriseServerReleases.latest, + ghesLatestStable: enterpriseServerReleases.latestStable, + ghesReleaseCandidate: enterpriseServerReleases.releaseCandidate, + ghesDeprecated: enterpriseServerReleases.deprecated, + // Full version details + allVersions, + } + + res.json(response) + }) as RequestHandler, +) + +/** + * Get all available languages for the docs site. + * @route GET /api/pagelist/languages + * @returns {object} JSON object with language information + * @example + * ❯ curl -s https://docs.github.com/api/pagelist/languages | jq + * { + * "languages": ["en", "es", "ja", "pt", "zh", "ru", "fr", "ko", "de"], + * "allLanguages": { ... } + * } + */ +router.get( + '/languages', + catchMiddlewareError(async function (req: ExtendedRequest, res: Response) { + defaultCacheControl(res) + + // Remove redirectPatterns from output as they are RegExp objects and not JSON serializable + const sanitizedLanguages = Object.fromEntries( + Object.entries(languages).map(([code, lang]) => { + // eslint-disable-next-line @typescript-eslint/no-unused-vars + const { redirectPatterns, ...rest } = lang + return [code, rest] + }), + ) + + const response = { + // Simple list of language codes + languages: languageKeys, + // Full language details (without redirectPatterns) + allLanguages: sanitizedLanguages, + } + + res.json(response) + }) as RequestHandler, +) + // If no version or lang is provided we'll assume english and fpt and redirect there router.get( '/', diff --git a/src/article-api/templates/audit-logs-page.template.md b/src/article-api/templates/audit-logs-page.template.md new file mode 100644 index 000000000000..c91df5343cda --- /dev/null +++ b/src/article-api/templates/audit-logs-page.template.md @@ -0,0 +1,30 @@ +# {{ page.title }} + +{{ page.intro }} + +{{ manualContent }} + +## Audit log events + +{% for categoryEntry in categorizedEvents %} +{% assign categoryName = categoryEntry[0] %} +{% assign events = categoryEntry[1] %} +### {{ categoryName }} + +{% if categoryNotes[categoryName] %} +{{ categoryNotes[categoryName] }} + +{% endif %} +{% for event in events %} +#### `{{ event.action }}` + +{{ event.description }} + +**Fields:** {% if event.fields %}{% for field in event.fields %}`{{ field }}`{% unless forloop.last %}, {% endunless %}{% endfor %}{% else %}No fields available{% endif %} + +{% if event.docs_reference_links and event.docs_reference_links != 'N/A' %} +**Reference:** {{ event.docs_reference_links }} +{% endif %} + +{% endfor %} +{% endfor %} \ No newline at end of file diff --git a/src/article-api/templates/codeql-cli-page.template.md b/src/article-api/templates/codeql-cli-page.template.md new file mode 100644 index 000000000000..a497a9dde462 --- /dev/null +++ b/src/article-api/templates/codeql-cli-page.template.md @@ -0,0 +1,7 @@ +# {{ page.title }} + +{% if page.intro %} +{{ page.intro }} +{% endif %} + +{{ content }} diff --git a/src/article-api/templates/github-apps-page.template.md b/src/article-api/templates/github-apps-page.template.md new file mode 100644 index 000000000000..f7b01c89e31b --- /dev/null +++ b/src/article-api/templates/github-apps-page.template.md @@ -0,0 +1,25 @@ +# {{ page.title }} + +{% if page.intro %} +{{ page.intro }} +{% endif %} + +{% if manualContent %} +{{ manualContent }} +{% endif %} + +{% if isListPage %} +{% comment %} +Render endpoints as categorized bullet lists +{% endcomment %} +{% for item in items %} +{% if item.operations.size > 0 %} +## {{ item.category }} + +{% for operation in item.operations %} +* [`{{ operation.verb }} {{ operation.requestPath }}`](/{{ currentLanguage }}/{% if currentVersion != 'free-pro-team@latest' %}{{ currentVersion }}/{% endif %}rest/{{ operation.category }}#{{ operation.slug }}) +{% endfor %} + +{% endif %} +{% endfor %} +{% endif %} diff --git a/src/article-api/templates/graphql-breaking-changes.template.md b/src/article-api/templates/graphql-breaking-changes.template.md new file mode 100644 index 000000000000..5bfa49a9d0f6 --- /dev/null +++ b/src/article-api/templates/graphql-breaking-changes.template.md @@ -0,0 +1,21 @@ +# {{ pageTitle }} + +{{ pageIntro }} + +{{ manualContent }} + +{% for change in breakingChangesByDate %} + +## {{ change.heading }} + +{% for item in change.items %} + +- {% if item.criticality == 'breaking' %}**Breaking**{% else %}**Dangerous**{% endif %} A change will be made to `{{ item.location }}`. + + **Description:** {{ item.description }} + + **Reason:** {{ item.reason }} + +{% endfor %} + +{% endfor %} diff --git a/src/article-api/templates/graphql-changelog.template.md b/src/article-api/templates/graphql-changelog.template.md new file mode 100644 index 000000000000..b1461930710f --- /dev/null +++ b/src/article-api/templates/graphql-changelog.template.md @@ -0,0 +1,38 @@ +# {{ pageTitle }} + +{{ pageIntro }} + +{{ manualContent }} + +{% for item in changelogItems %} + +## Schema changes for {{ item.date }} + +{% for schemaChange in item.schemaChanges %} + +### {{ schemaChange.title }} + +{% for change in schemaChange.changes %}- {{ change }} +{% endfor %} + +{% endfor %} + +{% for previewChange in item.previewChanges %} + +### {{ previewChange.title }} + +{% for change in previewChange.changes %}- {{ change }} +{% endfor %} + +{% endfor %} + +{% for upcomingChange in item.upcomingChanges %} + +### {{ upcomingChange.title }} + +{% for change in upcomingChange.changes %}- {{ change }} +{% endfor %} + +{% endfor %} + +{% endfor %} diff --git a/src/article-api/templates/graphql-index.template.md b/src/article-api/templates/graphql-index.template.md new file mode 100644 index 000000000000..dd2132c8d938 --- /dev/null +++ b/src/article-api/templates/graphql-index.template.md @@ -0,0 +1,9 @@ +# {{ pageTitle }} + +{{ pageIntro }} + +{{ manualContent }} + +## Reference pages + +{{ childrenLinks }} diff --git a/src/article-api/templates/graphql-reference.template.md b/src/article-api/templates/graphql-reference.template.md new file mode 100644 index 000000000000..955db8e5f295 --- /dev/null +++ b/src/article-api/templates/graphql-reference.template.md @@ -0,0 +1,120 @@ +# {{ pageTitle }} + +{{ pageIntro }} + +{{ manualContent }} + +{% for item in items %} + +## {{ item.name }} + +{{ item.description }} + +{% if item.isDeprecated %} + +> [!WARNING] +> **Deprecation notice:** {{ item.deprecationReason }} +{% endif %} + +{% if pageType == 'queries' %} +**Type:** [{{ item.type }}]({{ item.href }}) + +{% if item.args.size > 0 %} + +### Arguments for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for arg in item.args %}| `{{ arg.name }}` | [`{{ arg.type }}`]({{ arg.href }}) | {{ arg.description }} | +{% endfor %} +{% endif %} + +{% elsif pageType == 'mutations' %} +{% if item.inputFields.size > 0 %} + +### Input fields for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for field in item.inputFields %}| `{{ field.name }}` | [`{{ field.type }}`]({{ field.href }}) | {{ field.description }}{% if field.defaultValue %} Default: `{{ field.defaultValue }}`.{% endif %} | +{% endfor %} +{% endif %} + +{% if item.returnFields.size > 0 %} + +### Return fields for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for field in item.returnFields %}| `{{ field.name }}` | [`{{ field.type }}`]({{ field.href }}) | {{ field.description }}{% if field.defaultValue %} Default: `{{ field.defaultValue }}`.{% endif %}{% if field.isDeprecated %} **Deprecated:** {{ field.deprecationReason }}{% endif %} | +{% endfor %} +{% endif %} + +{% elsif pageType == 'objects' %} +{% if item.implements.size > 0 %} + +### Implements + +{% for impl in item.implements %}- [`{{ impl.name }}`]({{ impl.href }}) +{% endfor %} +{% endif %} + +{% if item.fields.size > 0 %} + +### Fields for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for field in item.fields %}| `{{ field.name }}` | [`{{ field.type }}`]({{ field.href }}) | {{ field.description }}{% if field.defaultValue %} Default: `{{ field.defaultValue }}`.{% endif %}{% if field.isDeprecated %} **Deprecated:** {{ field.deprecationReason }}{% endif %}{% if field.arguments.size > 0 %}

    **Arguments:**
    {% for arg in field.arguments %}- `{{ arg.name }}` ([`{{ arg.type.name }}`]({{ arg.type.href }})): {{ arg.description }}{% if arg.defaultValue %} Default: `{{ arg.defaultValue }}`.{% endif %}
    {% endfor %}{% endif %} | +{% endfor %} +{% endif %} + +{% elsif pageType == 'interfaces' %} +{% if item.fields.size > 0 %} + +### Fields for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for field in item.fields %}| `{{ field.name }}` | [`{{ field.type }}`]({{ field.href }}) | {{ field.description }}{% if field.defaultValue %} Default: `{{ field.defaultValue }}`.{% endif %}{% if field.isDeprecated %} **Deprecated:** {{ field.deprecationReason }}{% endif %}{% if field.arguments.size > 0 %}

    **Arguments:**
    {% for arg in field.arguments %}- `{{ arg.name }}` ([`{{ arg.type.name }}`]({{ arg.type.href }})): {{ arg.description }}{% if arg.defaultValue %} Default: `{{ arg.defaultValue }}`.{% endif %}
    {% endfor %}{% endif %} | +{% endfor %} +{% endif %} + +{% elsif pageType == 'enums' %} +{% if item.values.size > 0 %} + +### Values for `{{ item.name }}` + +{% for value in item.values %}**`{{ value.name }}`** + +{{ value.description }} + +{% endfor %} +{% endif %} + +{% elsif pageType == 'unions' %} +{% if item.possibleTypes.size > 0 %} + +### Possible types for `{{ item.name }}` + +{% for type in item.possibleTypes %}- [`{{ type.name }}`]({{ type.href }}) +{% endfor %} +{% endif %} + +{% elsif pageType == 'inputObjects' %} +{% if item.inputFields.size > 0 %} + +### Input fields for `{{ item.name }}` + +| Name | Type | Description | +| --- | --- | --- | +{% for field in item.inputFields %}| `{{ field.name }}` | [`{{ field.type }}`]({{ field.href }}) | {{ field.description }}{% if field.defaultValue %} Default: `{{ field.defaultValue }}`.{% endif %}{% if field.isDeprecated %} **Deprecated:** {{ field.deprecationReason }}{% endif %} | +{% endfor %} +{% endif %} + +{% elsif pageType == 'scalars' %} +{%- comment -%}Scalars typically just have name and description{%- endcomment -%} + +{% endif %} + +{% endfor %} diff --git a/src/article-api/templates/landing-page.template.md b/src/article-api/templates/landing-page.template.md new file mode 100644 index 000000000000..cf0dac2168d1 --- /dev/null +++ b/src/article-api/templates/landing-page.template.md @@ -0,0 +1,25 @@ +# {{ title }} + +{% if intro %} +{{ intro }} +{% endif %} + +{% for section in sections %} +{% if section.title %} +## {{ section.title }} +{% endif %} + +{% for group in section.groups %} +{% if group.title %} +### {{ group.title }} +{% endif %} + +{% for link in group.links %} +* [{{ link.title }}]({{ link.href }}) +{% if link.intro %} + {{ link.intro }} +{% endif %} +{% endfor %} + +{% endfor %} +{% endfor %} \ No newline at end of file diff --git a/src/article-api/templates/secret-scanning-page.template.md b/src/article-api/templates/secret-scanning-page.template.md new file mode 100644 index 000000000000..a497a9dde462 --- /dev/null +++ b/src/article-api/templates/secret-scanning-page.template.md @@ -0,0 +1,7 @@ +# {{ page.title }} + +{% if page.intro %} +{{ page.intro }} +{% endif %} + +{{ content }} diff --git a/src/article-api/templates/webhooks-page.template.md b/src/article-api/templates/webhooks-page.template.md new file mode 100644 index 000000000000..dbf51b71d30f --- /dev/null +++ b/src/article-api/templates/webhooks-page.template.md @@ -0,0 +1,52 @@ +# {{ page.title }} + +{% if page.intro %} +{{ page.intro }} +{% endif %} + +{% if manualContent %} +{{ manualContent }} +{% endif %} + +{% for webhook in webhooks %} +## {{ webhook.name }} + +{% if webhook.summary %} +{{ webhook.summary }} + +{% endif %} +{% if webhook.availability.size > 0 %} +### Availability + +{% for avail in webhook.availability %}- `{{ avail }}` +{% endfor %} + +{% endif %} +### Webhook payload object + +{% if webhook.actionTypes.size > 1 %} +**Action type:** {% for actionType in webhook.actionTypes %}`{{ actionType }}`{% unless forloop.last %}, {% endunless %}{% endfor %} + +{% endif %} +{% if webhook.description %} +{{ webhook.description }} + +{% endif %} +{% if webhook.bodyParameters.size > 0 %} +#### Webhook payload object parameters + +| Name | Type | Description | +|------|------|-------------| +{% for param in webhook.bodyParameters %}| `{{ param.name }}` | `{{ param.type }}` | {% if param.isRequired %}**Required.** {% endif %}{{ param.description }} | +{% endfor %} + +{% endif %} +{% if webhook.payloadExample %} +### Webhook payload example + +```json +{{ webhook.payloadExample }} +``` + +{% endif %} +{% endfor %} diff --git a/src/article-api/tests/article-body.ts b/src/article-api/tests/article-body.ts index dadb514f616f..26eb956da5d0 100644 --- a/src/article-api/tests/article-body.ts +++ b/src/article-api/tests/article-body.ts @@ -25,6 +25,15 @@ describe('article body api', () => { expect(res.headers['content-type']).toContain('text/markdown') }) + test('body includes title and intro', async () => { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) + expect(res.statusCode).toBe(200) + // Body should start with the page title as H1 + expect(res.body).toMatch(/^# Hello World/) + // Body should include the intro after the title + expect(res.body).toContain('Follow this Hello World exercise to get started with') + }) + test('octicons auto-generate aria-labels', async () => { const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) expect(res.statusCode).toBe(200) @@ -59,11 +68,14 @@ describe('article body api', () => { expect(error).toBe("No page found for '/en/never/heard/of'") }) - test('non-article pages return error', async () => { - // Index pages are not articles and should not be renderable - const res = await get(makeURL('/en/get-started')) - expect(res.statusCode).toBe(403) - const { error } = JSON.parse(res.body) - expect(error).toContain("isn't yet available in markdown") + // Removed: non-article pages test - landing pages are now supported via transformers + + test('invalid Referer header does not crash', async () => { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world'), { + headers: { + Referer: 'invalid-url', + }, + }) + expect(res.statusCode).toBe(200) }) }) diff --git a/src/article-api/tests/audit-logs-transformer.ts b/src/article-api/tests/audit-logs-transformer.ts new file mode 100644 index 000000000000..1bf493c5fc46 --- /dev/null +++ b/src/article-api/tests/audit-logs-transformer.ts @@ -0,0 +1,95 @@ +import { beforeAll, describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => { + const params = new URLSearchParams({ pathname }) + return `/api/article/body?${params}` +} + +describe('Audit Logs transformer', () => { + beforeAll(() => { + if (!process.env.ROOT) { + console.warn( + 'WARNING: The Audit Logs transformer tests require the ROOT environment variable to be set to the fixture root', + ) + } + }) + + test('Security log events page renders with markdown structure', async () => { + const res = await get( + makeURL('/en/authentication/keeping-your-account-and-data-secure/security-log-events'), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Security log events') + + // Check for intro + expect(res.body).toContain( + 'Learn about security log events recorded for your personal account.', + ) + + // Check for manual content section heading + expect(res.body).toContain('## About security log events') + + // Check for new main heading + expect(res.body).toContain('## Audit log events') + + // Check for category heading + // The template renders "### Category" + expect(res.body).toMatch(/### \w+/) + }) + + test('Enterprise audit log events page renders with markdown structure', async () => { + const res = await get( + makeURL( + '/en/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise', + ), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + expect(res.body).toContain('# Audit log events for your enterprise') + }) + + test('Organization audit log events page renders with markdown structure', async () => { + const res = await get( + makeURL( + '/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization', + ), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + expect(res.body).toContain('# Audit log events for your organization') + }) + + test('Events are formatted correctly', async () => { + const res = await get( + makeURL('/en/authentication/keeping-your-account-and-data-secure/security-log-events'), + ) + expect(res.statusCode).toBe(200) + + // Check for event action header + // #### `action.name` + expect(res.body).toMatch(/#### `[\w.]+`/) + + // Check for fields section + expect(res.body).toContain('**Fields:**') + + // Check for reference section + expect(res.body).toContain('**Reference:**') + }) + + test('Manual content is preserved', async () => { + const res = await get( + makeURL('/en/authentication/keeping-your-account-and-data-secure/security-log-events'), + ) + expect(res.statusCode).toBe(200) + + // The source file has manual content before the marker + expect(res.body).toContain('## About security log events') + }) +}) diff --git a/src/article-api/tests/bespoke-landing-transformer.ts b/src/article-api/tests/bespoke-landing-transformer.ts new file mode 100644 index 000000000000..0e6828ea5c0a --- /dev/null +++ b/src/article-api/tests/bespoke-landing-transformer.ts @@ -0,0 +1,33 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('bespoke landing transformer', () => { + test('renders a bespoke landing page with all sections', async () => { + // /en/get-started/article-grid-bespoke is a bespoke landing page + const res = await get(makeURL('/en/get-started/article-grid-bespoke')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title + expect(res.body).toContain('# Article Grid Bespoke Landing') + + // Should have intro + expect(res.body).toContain('A test page for testing') + }) + + test('renders all descendant articles recursively', async () => { + const res = await get(makeURL('/en/get-started/article-grid-bespoke')) + expect(res.statusCode).toBe(200) + + // Should have Articles section with all descendant articles (recursive) + expect(res.body).toContain('## Articles') + expect(res.body).toContain('[Grid Article One]') + expect(res.body).toContain('[Grid Article Two]') + expect(res.body).toContain('[Grid Article Three]') + expect(res.body).toContain('[Grid Article Four]') + }) +}) diff --git a/src/article-api/tests/category-landing-transformer.ts b/src/article-api/tests/category-landing-transformer.ts new file mode 100644 index 000000000000..f29c0c91110b --- /dev/null +++ b/src/article-api/tests/category-landing-transformer.ts @@ -0,0 +1,18 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('category landing transformer', () => { + test('handles subcategory pages without category-landing layout', async () => { + // /en/get-started/start-your-journey is a subcategory index page without category-landing layout + // It should return 403 (not transformed) or be handled by default behavior + const res = await get(makeURL('/en/get-started/start-your-journey')) + + // This page doesn't have category-landing layout, so it won't be transformed + // That's expected behavior - only pages with layout: category-landing are transformed + expect([200, 403]).toContain(res.statusCode) + }) +}) diff --git a/src/article-api/tests/codeql-cli-transformer.ts b/src/article-api/tests/codeql-cli-transformer.ts new file mode 100644 index 000000000000..2f82ae5279c1 --- /dev/null +++ b/src/article-api/tests/codeql-cli-transformer.ts @@ -0,0 +1,48 @@ +import { describe, expect, test, beforeAll } from 'vitest' +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('codeql cli article body api', () => { + beforeAll(() => { + if (!process.env.ROOT) { + console.warn( + 'WARNING: The CodeQL CLI transformer tests require the ROOT environment variable to be set to the fixture root', + ) + } + }) + + test('database-analyze page', async () => { + const res = await get( + makeURL('/en/code-security/codeql-cli/codeql-cli-manual/database-analyze'), + ) + + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title injection + expect(res.body).toContain('# database analyze') + + // Check for intro injection + expect(res.body).toContain( + 'Analyze a database, producing meaningful results in the context of the source code.', + ) + + // Check for content + expect(res.body).toContain('## Synopsis') + expect(res.body).toContain('## Description') + expect(res.body).toContain('## Options') + + // Verify HTML comments are stripped + expect(res.body).not.toContain('') + expect(res.body).not.toContain('') + expect(res.body).not.toContain('') + }) + + test('canTransform returns false for non-codeql-cli pages', async () => { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) + // This should not be transformed by CodeQL CLI transformer + expect(res.statusCode).toBe(200) + }) +}) diff --git a/src/article-api/tests/discovery-landing-transformer.ts b/src/article-api/tests/discovery-landing-transformer.ts new file mode 100644 index 000000000000..a48bd6e10667 --- /dev/null +++ b/src/article-api/tests/discovery-landing-transformer.ts @@ -0,0 +1,54 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('discovery landing transformer', () => { + test('renders a discovery landing page in markdown', async () => { + // /en/get-started/carousel is a discovery landing page with recommended carousel + const res = await get(makeURL('/en/get-started/carousel')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title and intro + expect(res.body).toContain('# Landing Page Carousel') + expect(res.body).toContain('A test category page for testing the LandingCarousel component') + + // Should have Articles section with all descendant articles + expect(res.body).toContain('## Articles') + expect(res.body).toContain('[Carousel Article One]') + expect(res.body).toContain('[Carousel Article Two]') + expect(res.body).toContain('[Carousel Article Three]') + }) + + test('renders a discovery landing page with children', async () => { + // /en/get-started/article-grid-discovery has discovery landing with children + const res = await get(makeURL('/en/get-started/article-grid-discovery')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title + expect(res.body).toContain('# Article Grid Discovery') + + // Should have Articles section with all descendant articles (recursive) + expect(res.body).toContain('## Articles') + expect(res.body).toContain('[Grid Article One]') + expect(res.body).toContain('[Grid Article Two]') + expect(res.body).toContain('[Grid Article Three]') + expect(res.body).toContain('[Grid Article Four]') + }) + + test('handles discovery landing structure consistently', async () => { + // Discovery pages should have a consistent structure + const res = await get(makeURL('/en/get-started/carousel')) + expect(res.statusCode).toBe(200) + + // Should have intro + expect(res.body).toMatch(/^# .+\n\n.+\n\n/) + + // Should have at least one section + expect(res.body).toContain('##') + }) +}) diff --git a/src/article-api/tests/get-link-data.ts b/src/article-api/tests/get-link-data.ts new file mode 100644 index 000000000000..fc11254faba3 --- /dev/null +++ b/src/article-api/tests/get-link-data.ts @@ -0,0 +1,136 @@ +import { describe, expect, test, vi } from 'vitest' +import { getLinkData } from '@/article-api/lib/get-link-data' +import type { Context, Page, Permalink } from '@/types' + +// Helper to create a minimal mock page +function createMockPage(options: { + title?: string + intro?: string + permalinks?: Partial[] +}): Page { + const page = { + title: options.title || 'Test Title', + intro: options.intro, + permalinks: (options.permalinks || []) as Permalink[], + renderTitle: vi.fn().mockResolvedValue(options.title || 'Test Title'), + renderProp: vi.fn().mockResolvedValue(options.intro || ''), + } + return page as unknown as Page +} + +// Helper to create a minimal context +function createContext(currentVersion = 'free-pro-team@latest'): Context { + return { currentVersion } as unknown as Context +} + +describe('getLinkData', () => { + describe('when page is not found', () => { + test('returns href as both href and title when page not resolved', async () => { + const resolvePath = vi.fn().mockReturnValue(undefined) + const context = createContext() + + const result = await getLinkData( + '/en/missing-page', + 'en', + '/en/current', + context, + resolvePath, + ) + + expect(result).toEqual({ + href: '/en/missing-page', + title: '/en/missing-page', + }) + }) + }) + + describe('when page is found', () => { + test('returns rendered title from page', async () => { + const page = createMockPage({ title: 'My Page Title' }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext() + + const result = await getLinkData('/en/some-page', 'en', '/en/current', context, resolvePath) + + expect(result.title).toBe('My Page Title') + expect(page.renderTitle).toHaveBeenCalledWith(context, { unwrap: true }) + }) + + test('returns rendered intro when page has intro', async () => { + const page = createMockPage({ + title: 'Page', + intro: 'This is the intro text', + }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext() + + const result = await getLinkData('/en/some-page', 'en', '/en/current', context, resolvePath) + + expect(result.intro).toBe('This is the intro text') + expect(page.renderProp).toHaveBeenCalledWith('intro', context, { textOnly: true }) + }) + + test('returns empty intro when page has no intro', async () => { + const page = createMockPage({ title: 'Page', intro: undefined }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext() + + const result = await getLinkData('/en/some-page', 'en', '/en/current', context, resolvePath) + + expect(result.intro).toBe('') + expect(page.renderProp).not.toHaveBeenCalled() + }) + + test('uses permalink href when matching permalink found', async () => { + const page = createMockPage({ + title: 'Page', + permalinks: [ + { languageCode: 'en', pageVersion: 'free-pro-team@latest', href: '/en/resolved-path' }, + ], + }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext('free-pro-team@latest') + + const result = await getLinkData( + '/en/original-href', + 'en', + '/en/current', + context, + resolvePath, + ) + + expect(result.href).toBe('/en/resolved-path') + }) + + test('falls back to original href when no matching permalink', async () => { + const page = createMockPage({ + title: 'Page', + permalinks: [{ languageCode: 'ja', pageVersion: 'free-pro-team@latest', href: '/ja/page' }], + }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext('free-pro-team@latest') + + const result = await getLinkData( + '/en/original-href', + 'en', + '/en/current', + context, + resolvePath, + ) + + expect(result.href).toBe('/en/original-href') + }) + }) + + describe('resolvePath function usage', () => { + test('passes correct arguments to resolvePath', async () => { + const page = createMockPage({ title: 'Page' }) + const resolvePath = vi.fn().mockReturnValue(page) + const context = createContext() + + await getLinkData('/en/target', 'en', '/en/current', context, resolvePath) + + expect(resolvePath).toHaveBeenCalledWith('/en/target', 'en', '/en/current', context) + }) + }) +}) diff --git a/src/article-api/tests/github-apps-transformer.ts b/src/article-api/tests/github-apps-transformer.ts new file mode 100644 index 000000000000..9a926d3d44c2 --- /dev/null +++ b/src/article-api/tests/github-apps-transformer.ts @@ -0,0 +1,260 @@ +import { beforeAll, describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string, apiVersion?: string): string => { + const params = new URLSearchParams({ pathname }) + if (apiVersion) { + params.set('apiVersion', apiVersion) + } + return `/api/article/body?${params}` +} + +describe('GitHub Apps transformer', () => { + beforeAll(() => { + if (!process.env.ROOT) { + console.warn( + 'WARNING: The GitHub Apps transformer tests require the ROOT environment variable to be set to the fixture root', + ) + } + }) + + describe('Endpoints pages (list format)', () => { + test('server-to-server-rest page renders with markdown structure', async () => { + const res = await get( + makeURL( + '/en/rest/authentication/endpoints-available-for-github-app-installation-access-tokens', + ), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Endpoints available for GitHub App installation access tokens') + + // Should have category headings as h2 + expect(res.body).toMatch(/^## /m) + + // Should not contain HTML comments + expect(res.body).not.toMatch(//) + }) + + test('user-to-server-rest page renders with markdown structure', async () => { + const res = await get( + makeURL('/en/rest/authentication/endpoints-available-for-github-app-user-access-tokens'), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Endpoints available for GitHub App user access tokens') + + // Should have category headings as h2 + expect(res.body).toMatch(/^## /m) + }) + + test('fine-grained-pat page renders with markdown structure', async () => { + const res = await get( + makeURL( + '/en/rest/authentication/endpoints-available-for-fine-grained-personal-access-tokens', + ), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Endpoints available for fine-grained personal access tokens') + + // Should have category headings as h2 + expect(res.body).toMatch(/^## /m) + }) + + test('endpoints are formatted as bullet lists', async () => { + const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1' + const url = makeURL( + '/en/rest/authentication/endpoints-available-for-github-app-installation-access-tokens', + ) + const startTime = DEBUG ? Date.now() : 0 + if (DEBUG) console.log(`[DEBUG] Test sending request to ${url}`) + const res = await get(url) + if (DEBUG) + console.log(`[DEBUG] Test response: ${res.statusCode} in ${Date.now() - startTime}ms`) + expect(res.statusCode).toBe(200) + + // Check for bullet list items with asterisks (per content guidelines) + expect(res.body).toContain('*') + expect(res.body).toMatch(/\* \[`[A-Z]+ \//) + }) + + test('endpoints have correct HTTP verbs', async () => { + const res = await get( + makeURL( + '/en/rest/authentication/endpoints-available-for-github-app-installation-access-tokens', + ), + ) + expect(res.statusCode).toBe(200) + + // Check for common HTTP verbs + expect(res.body).toMatch(/`GET \//) + // May also have POST, PUT, PATCH, DELETE depending on data + }) + + test('endpoints link to REST API documentation', async () => { + const res = await get( + makeURL( + '/en/rest/authentication/endpoints-available-for-github-app-installation-access-tokens', + ), + ) + expect(res.statusCode).toBe(200) + + // Links should point to /en/rest/ paths with anchors + expect(res.body).toMatch(/\(\/en\/rest\/[^)]+#[^)]+\)/) + }) + }) + + describe('Permissions pages (table format)', () => { + test('server-to-server-permissions page renders with markdown structure', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Permissions required for GitHub Apps') + + // Should have permission group headings as h2 + expect(res.body).toMatch(/^## /m) + }) + + test('fine-grained-pat-permissions page renders with markdown structure', async () => { + const res = await get( + makeURL( + '/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens', + ), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Permissions required for fine-grained personal access tokens') + + // Should have permission group headings as h2 + expect(res.body).toMatch(/^## /m) + }) + + test('permissions are formatted as markdown tables', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check for table structure + expect(res.body).toContain('| Endpoint | Access | Tokens | Additional Permissions |') + expect(res.body).toContain('|----------|--------|--------|------------------------|') + }) + + test('table includes access levels', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check for access levels in table cells + expect(res.body).toMatch(/\| read \|/) + expect(res.body).toMatch(/\| write \|/) + // May also have admin depending on data + }) + + test('table includes token types (IAT/UAT)', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check for IAT and UAT links in Tokens column + expect(res.body).toMatch(/\[IAT\]\(\/en\/apps\/creating-github-apps\//) + expect(res.body).toMatch(/\[UAT\]\(\/en\/apps\/creating-github-apps\//) + }) + + test('table shows additional permissions with checkmark/cross', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check for checkmark (✓) or cross (✗) symbols in Additional Permissions column + expect(res.body).toMatch(/\| [✓✗] \|/) + }) + + test('permissions are grouped by permission name', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Should have multiple permission group headings + const headings = res.body.match(/^## .* permissions for .*/gm) + expect(headings).toBeTruthy() + if (headings) { + expect(headings.length).toBeGreaterThan(1) + } + }) + }) + + describe('Common functionality', () => { + test('manual content is included', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check for manual content that should be in the markdown + expect(res.body).toContain('GitHub Apps are created with a set of permissions') + }) + + test('intro is rendered', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // The intro should be present (check frontmatter intro) + expect(res.body).toMatch(/For each permission granted/) + }) + + test('Liquid tags are rendered in content', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Liquid tags should be rendered (fixture might use simplified names) + expect(res.body).not.toContain('{% data variables.product.prodname_github_app %}') + }) + + test('AUTOTITLE links are resolved', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + + // Check that AUTOTITLE has been resolved + expect(res.body).not.toContain('[AUTOTITLE]') + // Should have actual link text + expect(res.body).toMatch(/\[.*?\]\(\/en\/apps\//) + }) + + test('API version parameter is supported', async () => { + const res = await get( + makeURL('/en/rest/authentication/permissions-required-for-github-apps', '2022-11-28'), + ) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + }) + + test('Invalid apiVersion returns 400 error', async () => { + const res = await get( + makeURL('/en/rest/authentication/permissions-required-for-github-apps', 'invalid-version'), + ) + + expect(res.statusCode).toBe(400) + const parsed = JSON.parse(res.body) + expect(parsed.error).toContain("Invalid apiVersion 'invalid-version'") + }) + + test('Missing apiVersion defaults to latest', async () => { + const res = await get(makeURL('/en/rest/authentication/permissions-required-for-github-apps')) + expect(res.statusCode).toBe(200) + // Should work without explicit apiVersion + }) + + test('Non-GitHub Apps pages are not transformed', async () => { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) + expect(res.statusCode).toBe(200) + + // Regular article pages should still work, they just won't use the GitHub Apps transformer + expect(res.body).toContain('## Introduction') + }) + }) +}) diff --git a/src/article-api/tests/graphql-transformer.ts b/src/article-api/tests/graphql-transformer.ts new file mode 100644 index 000000000000..8b2dda536253 --- /dev/null +++ b/src/article-api/tests/graphql-transformer.ts @@ -0,0 +1,370 @@ +import { beforeAll, describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => { + const params = new URLSearchParams({ pathname }) + return `/api/article/body?${params}` +} + +describe('GraphQL transformer', { timeout: 10000 }, () => { + // Cache expensive responses to avoid duplicate requests + const responseCache = new Map>>() + + const getCached = async (url: string) => { + if (!responseCache.has(url)) { + responseCache.set(url, await get(makeURL(url))) + } + return responseCache.get(url)! + } + + beforeAll(() => { + if (!process.env.ROOT) { + console.warn( + 'WARNING: The GraphQL transformer tests require the ROOT environment variable to be set to the fixture root', + ) + } + }) + + describe('Reference pages', () => { + test('queries page renders with markdown structure', async () => { + const res = await getCached('/en/graphql/reference/queries') + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for the main heading + expect(res.body).toContain('# Queries') + + // Check for intro + expect(res.body).toContain( + 'The query type defines GraphQL operations that retrieve data from the server.', + ) + + // Check for manual content section + expect(res.body).toContain('## About queries') + expect(res.body).toContain('Every GraphQL schema has a root type') + }) + + test('queries are formatted correctly', async () => { + const res = await getCached('/en/graphql/reference/queries') + expect(res.statusCode).toBe(200) + + // Check for query heading + expect(res.body).toContain('## repository') + + // Check for query description + expect(res.body).toContain('Lookup a given repository by the owner and repository name.') + + // Check for type link + expect(res.body).toContain('**Type:** [Repository](/en/graphql/reference/objects#repository)') + }) + + test('query arguments are listed in table format', async () => { + const res = await getCached('/en/graphql/reference/queries') + expect(res.statusCode).toBe(200) + + // Check for arguments table for codeOfConduct query + expect(res.body).toContain('### Arguments for `codeOfConduct`') + expect(res.body).toMatch(/\|\s*Name\s*\|\s*Type\s*\|\s*Description\s*\|/) + expect(res.body).toMatch(/\|\s*-+\s*\|\s*-+\s*\|\s*-+\s*\|/) + + // Check for specific arguments + expect(res.body).toMatch(/\|\s*`key`\s*\|/) + expect(res.body).toContain('[`String!`](/en/graphql/reference/scalars#string)') + expect(res.body).toContain("The code of conduct's key.") + }) + + test('mutations page renders correctly', async () => { + const res = await getCached('/en/graphql/reference/mutations') + expect(res.statusCode).toBe(200) + + // Check for mutation heading + expect(res.body).toContain('## createRepository') + + // Check for mutation description + expect(res.body).toContain('Create a new repository.') + + // Check for input fields table + expect(res.body).toContain('### Input fields for `createRepository`') + expect(res.body).toContain('| `input` |') + + // Check for return fields table + expect(res.body).toContain('### Return fields for `createRepository`') + expect(res.body).toMatch(/\|\s*`repository`\s*\|/) + expect(res.body).toContain('The new repository.') + }) + + test('objects page renders with implements and fields', async () => { + const res = await getCached('/en/graphql/reference/objects') + expect(res.statusCode).toBe(200) + + // Check for object heading - AddedToMergeQueueEvent has implements + expect(res.body).toContain('## AddedToMergeQueueEvent') + + // Check for implements section + expect(res.body).toContain('### Implements') + expect(res.body).toMatch(/[*-]\s*\[`Node`\]\(\/.*graphql\/reference\/interfaces#node\)/) + + // Check for fields table + expect(res.body).toContain('### Fields for `AddedToMergeQueueEvent`') + expect(res.body).toMatch(/\|\s*`id`\s*\|/) + expect(res.body).toMatch(/\|\s*`actor`\s*\|/) + expect(res.body).toMatch(/\|\s*`createdAt`\s*\|/) + }) + + test('objects page shows field arguments inline', async () => { + const res = await getCached('/en/graphql/reference/objects') + expect(res.statusCode).toBe(200) + + // Check for User object with repositories field that has arguments + expect(res.body).toContain('## User') + expect(res.body).toContain('| `repositories` |') + + // Check for inline arguments formatting + expect(res.body).toContain('**Arguments:**') + expect(res.body).toContain('- `first`') + expect(res.body).toContain('Returns the first n elements from the list.') + expect(res.body).toContain('- `orderBy`') + }) + + test('interfaces page renders correctly', async () => { + const res = await getCached('/en/graphql/reference/interfaces') + expect(res.statusCode).toBe(200) + + // Check for interface heading + expect(res.body).toContain('## Node') + + // Check for interface description + expect(res.body).toContain('An object with an ID.') + + // Check for fields table + expect(res.body).toContain('### Fields for `Node`') + expect(res.body).toContain('| `id` |') + expect(res.body).toContain('ID of the object.') + }) + + test('enums page renders with values', async () => { + const res = await getCached('/en/graphql/reference/enums') + expect(res.statusCode).toBe(200) + + // Check for enum heading + expect(res.body).toContain('## RepositoryVisibility') + + // Check for enum description + expect(res.body).toContain("The repository's visibility level.") + + // Check for values section + expect(res.body).toContain('### Values for `RepositoryVisibility`') + expect(res.body).toContain('**`PUBLIC`**') + expect(res.body).toContain('The repository is visible to everyone.') + expect(res.body).toContain('**`PRIVATE`**') + expect(res.body).toContain('The repository is visible only to those with explicit access.') + expect(res.body).toContain('**`INTERNAL`**') + }) + + test('unions page renders with possible types', async () => { + const res = await getCached('/en/graphql/reference/unions') + expect(res.statusCode).toBe(200) + + // Check for union heading + expect(res.body).toContain('## SearchResultItem') + + // Check for union description + expect(res.body).toContain('The results of a search.') + + // Check for possible types + expect(res.body).toContain('### Possible types for `SearchResultItem`') + expect(res.body).toMatch(/[*-]\s*\[`Bot`\]\(\/.*graphql\/reference\/objects#bot\)/) + expect(res.body).toMatch( + /[*-]\s*\[`PullRequest`\]\(\/.*graphql\/reference\/objects#pullrequest\)/, + ) + expect(res.body).toMatch(/[*-]\s*\[`User`\]\(\/.*graphql\/reference\/objects#user\)/) + }) + + test('input-objects page renders correctly', async () => { + const res = await getCached('/en/graphql/reference/input-objects') + expect(res.statusCode).toBe(200) + + // Check for input object heading + expect(res.body).toContain('## AbortQueuedMigrationsInput') + + // Check for input object description + expect(res.body).toContain('Autogenerated input type of CreateRepository.') + + // Check for input fields table + expect(res.body).toContain('### Input fields for `AbortQueuedMigrationsInput`') + expect(res.body).toMatch(/\|\s*`ownerId`\s*\|/) + expect(res.body).toContain('The ID of the organization that is running the migrations.') + }) + + test('scalars page renders correctly', async () => { + const res = await getCached('/en/graphql/reference/scalars') + expect(res.statusCode).toBe(200) + + // Check for scalar heading + expect(res.body).toContain('## Boolean') + + // Check for scalar description + expect(res.body).toContain('Represents true or false values.') + + // Check for other scalars + expect(res.body).toContain('## String') + expect(res.body).toContain('## ID') + expect(res.body).toContain('## Int') + }) + + test('reference index page renders', async () => { + const res = await getCached('/en/graphql/reference') + expect(res.statusCode).toBe(200) + + // Check for main heading + expect(res.body).toContain('# Reference') + + // Check for intro with liquid variable rendered + expect(res.body).toMatch(/(GitHub|HubGit) GraphQL API schema/) + }) + }) + + describe('Overview pages', () => { + test('changelog page renders with changes', async () => { + const res = await getCached('/en/graphql/overview/changelog') + expect(res.statusCode).toBe(200) + + // Check for main heading + expect(res.body).toContain('# Changelog') + + // Check for intro + expect(res.body).toContain( + 'The GraphQL schema changelog is a list of recent and upcoming changes', + ) + + // Check for manual content + expect(res.body).toContain( + 'Breaking changes include changes that will break existing queries', + ) + + // Check for date-based changelog sections + expect(res.body).toContain('## Schema changes for 2025-11-30') + + // Check for change items + expect(res.body).toContain('### The GraphQL schema includes these changes:') + expect(res.body).toContain('Type SuggestedReviewerActor was added') + }) + + test('changelog removes HTML tags from changes', async () => { + const res = await getCached('/en/graphql/overview/changelog') + expect(res.statusCode).toBe(200) + + // Check that HTML tags are removed + expect(res.body).toContain('Field suggestedReviewerActors was added') + expect(res.body).not.toContain('') + expect(res.body).not.toContain('') + expect(res.body).not.toContain('

    ') + expect(res.body).not.toContain('

    ') + }) + + test('breaking changes page renders with scheduled changes', async () => { + const res = await getCached('/en/graphql/overview/breaking-changes') + expect(res.statusCode).toBe(200) + + // Check for main heading + expect(res.body).toContain('# Breaking changes') + + // Check for intro + expect(res.body).toContain('Learn about recent and upcoming breaking changes') + + // Check for manual content + expect(res.body).toContain('## About breaking changes') + expect(res.body).toContain('Breaking:** Changes that will break existing queries') + + // Check for date-based sections + expect(res.body).toContain('## Changes scheduled for 2025-04-01') + expect(res.body).toContain('## Changes scheduled for 2026-04-01') + }) + + test('breaking changes shows criticality levels', async () => { + const res = await getCached('/en/graphql/overview/breaking-changes') + expect(res.statusCode).toBe(200) + + // Check for breaking criticality + expect(res.body).toMatch(/\*\*Breaking\*\*\s+A change will be made to `\w+\.\w+`\./) + expect(res.body).toMatch(/\*\*Description:\*\*.*will be removed/) + expect(res.body).toMatch(/\*\*Reason:\*\*/) + }) + + test('breaking changes removes HTML tags', async () => { + const res = await getCached('/en/graphql/overview/breaking-changes') + expect(res.statusCode).toBe(200) + expect(res.body).toContain('scheduled for') + + // Check that HTML tags are removed from descriptions + expect(res.body).not.toContain('

    ') + expect(res.body).not.toContain('

    ') + expect(res.body).not.toContain('') + expect(res.body).not.toContain('') + expect(res.body).not.toContain('

    ') + expect(res.body).not.toContain('

    ') + }) + }) + + describe('Liquid tags', () => { + test('AUTOTITLE links are resolved in manual content', async () => { + const res = await getCached('/en/graphql/reference/queries') + expect(res.statusCode).toBe(200) + + // Check that AUTOTITLE has been resolved + expect(res.body).toMatch(/(Forming calls with GraphQL|Hello World)/) + expect(res.body).toContain('(/en/get-started/start-your-journey/hello-world)') + + // Make sure the raw AUTOTITLE tag is not present + expect(res.body).not.toContain('[AUTOTITLE]') + }) + + test('Liquid variables are rendered in intro', async () => { + const res = await getCached('/en/graphql/reference') + expect(res.statusCode).toBe(200) + + // Liquid variables should be rendered + expect(res.body).toMatch(/(GitHub|HubGit) GraphQL API schema/) + expect(res.body).not.toContain('{% data variables.product.prodname_dotcom %}') + }) + + test('Liquid variables are rendered in breaking changes', async () => { + const res = await getCached('/en/graphql/overview/breaking-changes') + expect(res.statusCode).toBe(200) + + // Check that liquid variables in intro are rendered + expect(res.body).toMatch(/(GitHub|HubGit) GraphQL API/) + expect(res.body).not.toContain('{% data variables.product.prodname_dotcom %}') + }) + }) + + describe('Multiple items', () => { + test('multiple queries are all rendered', async () => { + const res = await getCached('/en/graphql/reference/queries') + expect(res.statusCode).toBe(200) + + // Check for multiple query headings + expect(res.body).toContain('## repository') + expect(res.body).toContain('## viewer') + }) + + test('multiple objects are all rendered', async () => { + const res = await getCached('/en/graphql/reference/objects') + expect(res.statusCode).toBe(200) + + // Check for multiple object headings + expect(res.body).toContain('## Repository') + expect(res.body).toContain('## User') + }) + + test('multiple enums are all rendered', async () => { + const res = await getCached('/en/graphql/reference/enums') + expect(res.statusCode).toBe(200) + + // Check for multiple enum headings + expect(res.body).toContain('## RepositoryVisibility') + expect(res.body).toContain('## OrderDirection') + }) + }) +}) diff --git a/src/article-api/tests/journey-landing-transformer.ts b/src/article-api/tests/journey-landing-transformer.ts new file mode 100644 index 000000000000..09e56d9af8fc --- /dev/null +++ b/src/article-api/tests/journey-landing-transformer.ts @@ -0,0 +1,20 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('journey landing transformer', () => { + test('renders a journey landing page in markdown', async () => { + // /en/get-started/test-journey is a journey landing page in the fixtures + const res = await get(makeURL('/en/get-started/test-journey')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for journey tracks (now under Links section with track title as h3) + expect(res.body).toContain('## Links') + expect(res.body).toContain('### First Track') + expect(res.body).toContain('* [Hello World](/en/get-started/start-your-journey/hello-world)') + }) +}) diff --git a/src/article-api/tests/load-template.ts b/src/article-api/tests/load-template.ts new file mode 100644 index 000000000000..ade3d72fadf6 --- /dev/null +++ b/src/article-api/tests/load-template.ts @@ -0,0 +1,20 @@ +import { describe, expect, test } from 'vitest' +import { loadTemplate } from '@/article-api/lib/load-template' + +describe('loadTemplate', () => { + test('loads an existing template file', () => { + const content = loadTemplate('landing-page.template.md') + expect(content).toContain('# {{ title }}') + expect(content).toContain('{% for section in sections %}') + }) + + test('throws error for non-existent template', () => { + expect(() => loadTemplate('non-existent-template.md')).toThrow() + }) + + test('returns template content as string', () => { + const content = loadTemplate('landing-page.template.md') + expect(typeof content).toBe('string') + expect(content.length).toBeGreaterThan(0) + }) +}) diff --git a/src/article-api/tests/pagelist.ts b/src/article-api/tests/pagelist.ts index 8c22fa29c276..0cdb55cfcd04 100644 --- a/src/article-api/tests/pagelist.ts +++ b/src/article-api/tests/pagelist.ts @@ -73,3 +73,71 @@ describe('Redirect Tests', () => { expect(res.headers.location).toBe('/api/pagelist/en/free-pro-team@latest') }) }) + +describe('Versions API', () => { + test('returns 200 and JSON with version information', async () => { + const res = await get('/api/pagelist/versions') + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toMatch(/application\/json/) + + const data = JSON.parse(res.body) + + // Check top-level keys exist + expect(data).toHaveProperty('versions') + expect(data).toHaveProperty('ghesVersions') + expect(data).toHaveProperty('ghesLatest') + expect(data).toHaveProperty('ghesLatestStable') + expect(data).toHaveProperty('ghesReleaseCandidate') + expect(data).toHaveProperty('ghesDeprecated') + expect(data).toHaveProperty('allVersions') + + // Versions array should contain expected values + expect(Array.isArray(data.versions)).toBe(true) + expect(data.versions).toContain('free-pro-team@latest') + expect(data.versions).toContain('enterprise-cloud@latest') + + // GHES versions should be an array of version strings + expect(Array.isArray(data.ghesVersions)).toBe(true) + expect(data.ghesVersions.length).toBeGreaterThan(0) + expect(data.ghesVersions[0]).toMatch(/^\d+\.\d+$/) + + // ghesLatest should be a valid version string + expect(data.ghesLatest).toMatch(/^\d+\.\d+$/) + + // allVersions should be an object with version details + expect(typeof data.allVersions).toBe('object') + expect(data.allVersions['free-pro-team@latest']).toHaveProperty('version') + expect(data.allVersions['free-pro-team@latest']).toHaveProperty('versionTitle') + }) +}) + +describe('Languages API', () => { + test('returns 200 and JSON with language information', async () => { + const res = await get('/api/pagelist/languages') + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toMatch(/application\/json/) + + const data = JSON.parse(res.body) + + // Check top-level keys exist + expect(data).toHaveProperty('languages') + expect(data).toHaveProperty('allLanguages') + + // Languages array should contain expected values + expect(Array.isArray(data.languages)).toBe(true) + expect(data.languages).toContain('en') + expect(data.languages).toContain('ja') + expect(data.languages).toContain('es') + + // allLanguages should be an object with language details + expect(typeof data.allLanguages).toBe('object') + expect(data.allLanguages.en).toHaveProperty('name') + expect(data.allLanguages.en).toHaveProperty('code') + expect(data.allLanguages.en).toHaveProperty('hreflang') + expect(data.allLanguages.en).toHaveProperty('locale') + expect(data.allLanguages.en.name).toBe('English') + + // Should not contain redirectPatterns (not JSON serializable) + expect(data.allLanguages.ja).not.toHaveProperty('redirectPatterns') + }) +}) diff --git a/src/article-api/tests/product-guides-transformer.ts b/src/article-api/tests/product-guides-transformer.ts new file mode 100644 index 000000000000..d469e9547942 --- /dev/null +++ b/src/article-api/tests/product-guides-transformer.ts @@ -0,0 +1,37 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('product guides transformer', () => { + test('renders a product guides page with learning tracks', async () => { + // Product guides pages use layout: product-guides + // /en/codespaces/guides is a product guides page + const res = await get(makeURL('/en/codespaces/guides')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Should have Links section + expect(res.body).toContain('## Links') + }) + + test('includes guide cards if present', async () => { + const res = await get(makeURL('/en/codespaces/guides')) + expect(res.statusCode).toBe(200) + + // If includeGuides are present, they should appear under Guides + // The rendering depends on what's in the frontmatter + expect(res.body).toMatch(/##|###/) + }) + + test('includes learning tracks if present', async () => { + const res = await get(makeURL('/en/codespaces/guides')) + expect(res.statusCode).toBe(200) + + // Learning tracks should be rendered as sections with their titles + // The actual content depends on frontmatter configuration + expect(res.body).toContain('## Links') + }) +}) diff --git a/src/article-api/tests/product-landing-transformer.ts b/src/article-api/tests/product-landing-transformer.ts new file mode 100644 index 000000000000..93349c8807e3 --- /dev/null +++ b/src/article-api/tests/product-landing-transformer.ts @@ -0,0 +1,42 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('product landing transformer', () => { + test('renders a product landing page with basic structure', async () => { + // /en/actions is a product landing page in fixtures + const res = await get(makeURL('/en/actions')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title + expect(res.body).toContain('# GitHub Actions Documentation') + + // Should have intro + expect(res.body).toContain('Automate away with') + }) + + test('renders child categories under Links section', async () => { + const res = await get(makeURL('/en/actions')) + expect(res.statusCode).toBe(200) + + // All children should be listed under Links section + expect(res.body).toContain('## Links') + + // Should contain child categories from fixtures (uses full title, not shortTitle) + expect(res.body).toContain('[Category page of GitHub Actions](/en/actions/category)') + expect(res.body).toContain('[Using workflows](/en/actions/using-workflows)') + }) + + test('includes child intros', async () => { + const res = await get(makeURL('/en/actions')) + expect(res.statusCode).toBe(200) + + // Each child should have its intro + expect(res.body).toContain('Learn how to migrate your existing CI/CD workflows') + expect(res.body).toContain('Learn how to use workflows') + }) +}) diff --git a/src/article-api/tests/resolve-path.ts b/src/article-api/tests/resolve-path.ts new file mode 100644 index 000000000000..6156b8c1e689 --- /dev/null +++ b/src/article-api/tests/resolve-path.ts @@ -0,0 +1,123 @@ +import { describe, expect, test } from 'vitest' +import { resolvePath } from '@/article-api/lib/resolve-path' +import type { Context, Page } from '@/types' + +// Helper to create a minimal mock page +function createMockPage(relativePath: string): Page { + return { + relativePath, + permalinks: [], + } as unknown as Page +} + +// Helper to create a minimal context with pages +function createContext(pages: Record): Context { + return { pages } as unknown as Context +} + +describe('resolvePath', () => { + describe('external URLs', () => { + test('returns undefined for http URLs', () => { + const context = createContext({}) + const result = resolvePath('http://example.com', 'en', '/en/copilot', context) + expect(result).toBeUndefined() + }) + + test('returns undefined for https URLs', () => { + const context = createContext({}) + const result = resolvePath('https://example.com/path', 'en', '/en/copilot', context) + expect(result).toBeUndefined() + }) + }) + + describe('missing context.pages', () => { + test('returns undefined when context.pages is undefined', () => { + const context = {} as Context + const result = resolvePath('/en/copilot', 'en', '/en', context) + expect(result).toBeUndefined() + }) + }) + + describe('language-prefixed absolute paths', () => { + test('finds page with exact language-prefixed path', () => { + const page = createMockPage('copilot/quickstart.md') + const context = createContext({ + '/en/copilot/quickstart': page, + }) + const result = resolvePath('/en/copilot/quickstart', 'en', '/en/copilot', context) + expect(result).toBe(page) + }) + + test('handles trailing slash in href', () => { + const page = createMockPage('copilot/quickstart.md') + const context = createContext({ + '/en/copilot/quickstart': page, + }) + const result = resolvePath('/en/copilot/quickstart/', 'en', '/en/copilot', context) + expect(result).toBe(page) + }) + }) + + describe('paths with leading slash (relative to pathname)', () => { + test('resolves path relative to current pathname', () => { + const page = createMockPage('copilot/get-started.md') + const context = createContext({ + '/en/copilot/get-started': page, + }) + const result = resolvePath('/get-started', 'en', '/en/copilot', context) + expect(result).toBe(page) + }) + + test('handles nested paths relative to pathname', () => { + const page = createMockPage('copilot/tutorials/basics.md') + const context = createContext({ + '/en/copilot/tutorials/basics': page, + }) + const result = resolvePath('/tutorials/basics', 'en', '/en/copilot', context) + expect(result).toBe(page) + }) + }) + + describe('relative paths without leading slash', () => { + test('resolves relative path by joining with pathname', () => { + const page = createMockPage('copilot/quickstart.md') + const context = createContext({ + '/en/copilot/quickstart': page, + }) + const result = resolvePath('quickstart', 'en', '/en/copilot', context) + expect(result).toBe(page) + }) + }) + + describe('versioned keys (endsWith matching)', () => { + test('finds versioned page using endsWith strategy', () => { + const page = createMockPage('copilot/index.md') + // The key ends with the path portion after the version string + const context = createContext({ + '/en/enterprise-cloud@latest/copilot': page, + }) + // When looking for /copilot, strategy 4 will find keys ending with /copilot + const result = resolvePath('/copilot', 'en', '/en', context) + expect(result).toBe(page) + }) + + test('finds page when key has trailing slash', () => { + const page = createMockPage('copilot/index.md') + const context = createContext({ + '/en/copilot/': page, + }) + const result = resolvePath('/en/copilot', 'en', '/en', context) + expect(result).toBe(page) + }) + }) + + describe('not found cases', () => { + test('returns undefined when page does not exist', () => { + const context = createContext({ + '/en/other': createMockPage('other.md'), + }) + const result = resolvePath('/en/copilot', 'en', '/en', context) + expect(result).toBeUndefined() + }) + }) +}) diff --git a/src/article-api/tests/rest-transformer.ts b/src/article-api/tests/rest-transformer.ts index f306102197f6..3cd8e6d5ad85 100644 --- a/src/article-api/tests/rest-transformer.ts +++ b/src/article-api/tests/rest-transformer.ts @@ -81,7 +81,13 @@ describe('REST transformer', () => { }) test('Status codes are formatted correctly', async () => { - const res = await get(makeURL('/en/rest/actions/artifacts')) + const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1' + const url = makeURL('/en/rest/actions/artifacts') + const startTime = DEBUG ? Date.now() : 0 + if (DEBUG) console.log(`[DEBUG] Test sending request to ${url}`) + const res = await get(url) + if (DEBUG) + console.log(`[DEBUG] Test response: ${res.statusCode} in ${Date.now() - startTime}ms`) expect(res.statusCode).toBe(200) // Check for status codes section diff --git a/src/article-api/tests/secret-scanning-transformer.ts b/src/article-api/tests/secret-scanning-transformer.ts new file mode 100644 index 000000000000..44b1440fb3be --- /dev/null +++ b/src/article-api/tests/secret-scanning-transformer.ts @@ -0,0 +1,53 @@ +import { describe, expect, test } from 'vitest' +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('secret scanning article body api', () => { + test('supported-secret-scanning-patterns page', async () => { + const res = await get( + makeURL('/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns'), + ) + + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for expected content + expect(res.body).toContain('# Supported secret scanning patterns') + expect(res.body).toContain('## Supported secrets') + + // Verify HTML comments are stripped + expect(res.body).not.toMatch(//) + + // Verify table content is present with providers + expect(res.body).toMatch(/|\s*Provider\s*|/) + expect(res.body).toMatch(/\| (Adafruit|AWS|Alibaba|Amazon)/) + + // Verify Copilot secret scanning section is present (feature-flagged for fpt/ghec) + // Note: This may not appear if feature flags aren't loaded in the test environment + const hasCopilotSection = res.body.match(/###.*Copilot secret scanning/i) + const hasGenericPassword = res.body.match(/\|\s*Generic\s*\|\s*password\s*\|/) + if (hasCopilotSection) { + // If Copilot section is present, verify it has the expected content + expect(hasGenericPassword).toBeTruthy() + } + + // Verify correct section title (should be "Default patterns" for fpt if feature flags load correctly) + // Accept either title since CI may not load feature flags consistently + const hasDefaultPatterns = res.body.includes('### Default patterns') + const hasHighConfidence = res.body.includes('### High confidence patterns') + + // In fixture mode (CI), the page may have minimal content without these sections + // Just verify the main table exists; section headings are optional + expect(res.body).toContain('## Supported secrets') + + // If either section is present, verify mutual exclusivity + if (hasDefaultPatterns) { + expect(hasHighConfidence).toBe(false) + } + if (hasHighConfidence) { + expect(hasDefaultPatterns).toBe(false) + } + }) +}) diff --git a/src/article-api/tests/strip-html-comments.ts b/src/article-api/tests/strip-html-comments.ts new file mode 100644 index 000000000000..e4fcba03b38e --- /dev/null +++ b/src/article-api/tests/strip-html-comments.ts @@ -0,0 +1,105 @@ +import { describe, expect, test } from 'vitest' +import { + stripHtmlComments, + stripHtmlCommentsAndNormalizeWhitespace, +} from '@/article-api/lib/strip-html-comments' + +describe('stripHtmlComments', () => { + test('removes single-line HTML comments', () => { + const input = '' + const expected = '' + expect(stripHtmlComments(input)).toBe(expected) + }) + + test('removes multiple HTML comments', () => { + const input = '\nSome content\n' + const expected = 'Some content' + expect(stripHtmlComments(input)).toBe(expected) + }) + + test('removes inline HTML comments', () => { + const input = 'Text before text after' + const expected = 'Text before text after' + expect(stripHtmlComments(input)).toBe(expected) + }) + + test('preserves content without HTML comments', () => { + const input = 'Just regular markdown content' + const expected = 'Just regular markdown content' + expect(stripHtmlComments(input)).toBe(expected) + }) + + test('handles multiple comments on same line', () => { + const input = ' text ' + const expected = 'text' + expect(stripHtmlComments(input)).toBe(expected) + }) +}) + +describe('stripHtmlCommentsAndNormalizeWhitespace', () => { + test('removes HTML comments and normalizes blank lines', () => { + const input = ` + + + +Content here` + const expected = 'Content here' + expect(stripHtmlCommentsAndNormalizeWhitespace(input)).toBe(expected) + }) + + test('normalizes multiple blank lines to at most two', () => { + const input = `Line 1 + + + +Line 2` + const expected = `Line 1 + +Line 2` + expect(stripHtmlCommentsAndNormalizeWhitespace(input)).toBe(expected) + }) + + test('handles real CodeQL CLI content pattern', () => { + const input = `# database analyze + +Analyze a database, producing meaningful results + + + + + + + +## Synopsis + +\`\`\`shell +codeql database analyze +\`\`\`` + + const expected = `# database analyze + +Analyze a database, producing meaningful results + +## Synopsis + +\`\`\`shell +codeql database analyze +\`\`\`` + + expect(stripHtmlCommentsAndNormalizeWhitespace(input)).toBe(expected) + }) + + test('preserves intentional double line breaks', () => { + const input = `# Title + +Paragraph 1 + +Paragraph 2` + const expected = `# Title + +Paragraph 1 + +Paragraph 2` + expect(stripHtmlCommentsAndNormalizeWhitespace(input)).toBe(expected) + }) +}) diff --git a/src/article-api/tests/toc-transformer.ts b/src/article-api/tests/toc-transformer.ts new file mode 100644 index 000000000000..4bef199a0879 --- /dev/null +++ b/src/article-api/tests/toc-transformer.ts @@ -0,0 +1,55 @@ +import { describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +const makeURL = (pathname: string): string => + `/api/article/body?${new URLSearchParams({ pathname })}` + +describe('toc transformer', () => { + test('renders a category page (3-segment URL) with children', async () => { + // /en/actions/category is a category page (documentType: category) with children but no layout + const res = await get(makeURL('/en/actions/category')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title and intro + expect(res.body).toContain('# Category page of GitHub Actions') + expect(res.body).toContain('Learn how to migrate your existing CI/CD workflows') + + // Should have Links section with children (uses full title, not shortTitle) + expect(res.body).toContain('## Links') + expect(res.body).toContain('[Subcategory page about Actions](/en/actions/category/subcategory)') + }) + + test('renders a subcategory page (4+-segment URL) with children', async () => { + // /en/actions/category/subcategory is a subcategory page (documentType: subcategory) with children but no layout + const res = await get(makeURL('/en/actions/category/subcategory')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Check for title + expect(res.body).toContain('# Subcategory page about Actions') + + // Should have Links section with children + expect(res.body).toContain('## Links') + }) + + test('includes child intro text', async () => { + const res = await get(makeURL('/en/actions/category')) + expect(res.statusCode).toBe(200) + + // Each child link should have its intro text below + expect(res.body).toContain("Here's the intro for") + }) + + test('resolves child page titles correctly', async () => { + const res = await get(makeURL('/en/actions/category/subcategory')) + expect(res.statusCode).toBe(200) + + // Should NOT have href paths as titles + expect(res.body).not.toContain('* [/en/actions/category/subcategory/') + + // Should have proper article titles (or shortTitle) + expect(res.body).toMatch(/\[.*\]\(\/en\/actions\/category\/subcategory\/.*\)/) + }) +}) diff --git a/src/article-api/tests/webhooks-transformer.ts b/src/article-api/tests/webhooks-transformer.ts new file mode 100644 index 000000000000..4bf18d7ef21f --- /dev/null +++ b/src/article-api/tests/webhooks-transformer.ts @@ -0,0 +1,140 @@ +import { beforeAll, describe, expect, test } from 'vitest' + +import { get } from '@/tests/helpers/e2etest' + +function makeURL(pathname: string, queryParams?: Record) { + const params = new URLSearchParams(queryParams || {}) + const queryString = params.toString() + return `/api/article/body?pathname=${encodeURIComponent(pathname)}${queryString ? `&${queryString}` : ''}` +} + +describe('Webhooks transformer', () => { + beforeAll(() => { + if (!process.env.ROOT) { + console.warn( + 'WARNING: The Webhooks transformer tests require the ROOT environment variable to be set to the fixture root', + ) + } + }) + + test('webhook-events-and-payloads page renders with markdown structure', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + expect(res.headers['content-type']).toContain('text/markdown') + + // Should have title + expect(res.body).toContain('# Webhook events and payloads') + + // Should have intro + expect(res.body).toContain('Learn about when each webhook event occurs') + }) + + test('webhooks are formatted as sections with headers', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Check for webhook event headers (## webhook_name) + expect(res.body).toMatch(/^## \w+/m) + }) + + test('webhooks show available actions', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Should list action types for webhooks with multiple actions + expect(res.body).toContain('**Action type:**') + }) + + test('webhooks show availability information', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Should show availability as a heading + expect(res.body).toContain('### Availability') + }) + + test('manual content is included', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Check for some known manual content from the markdown file + expect(res.body).toContain('About webhook events and payloads') + }) + + test('intro is rendered', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + const introMatch = res.body.match(/^Learn about when each webhook event/m) + expect(introMatch).toBeTruthy() + }) + + test('Liquid tags are rendered in content', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Check that data variables are rendered (not left as Liquid syntax) + expect(res.body).not.toContain('{% data') + expect(res.body).not.toContain('{{') + }) + + test('AUTOTITLE links are resolved', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // AUTOTITLE should be replaced with actual titles + expect(res.body).not.toContain('[AUTOTITLE]') + }) + + test('webhooks show payload parameters table', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Should show payload object parameters section + expect(res.body).toContain('### Webhook payload object') + expect(res.body).toContain('#### Webhook payload object parameters') + // Should have a markdown table with parameter columns (may have extra spacing from formatting) + expect(res.body).toMatch(/\|\s*Name\s*\|\s*Type\s*\|\s*Description\s*\|/) + }) + + test('webhooks show descriptions', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Should include webhook descriptions (converted from HTML to plain text) + // Using actual descriptions from real webhook data + expect(res.body).toContain('A check run was completed') + }) + + test('webhooks show body parameters in table', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // Should show parameter names and types in tables + expect(res.body).toContain('`action`') + expect(res.body).toContain('`string`') + expect(res.body).toContain('`object`') + // Should mark required parameters + expect(res.body).toContain('**Required.**') + }) + + test('webhooks show payload examples when available', async () => { + const res = await get(makeURL('/en/webhooks/webhook-events-and-payloads')) + expect(res.statusCode).toBe(200) + + // NOTE: The current webhook source data does not include payloadExample fields, + // so this section won't appear in the output. The transformer code (lines 115-120) + // is ready to display payload examples if/when they are added to the source data. + // For now, we just verify the transformer doesn't crash on missing examples. + expect(res.statusCode).toBe(200) + }) + + test('Non-webhooks pages are not transformed', async () => { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) + expect(res.statusCode).toBe(200) + + // Regular pages should not be transformed by webhooks transformer + // They should have their normal HTML-like structure + expect(res.body).toContain('Hello World') + }) +}) diff --git a/src/article-api/transformers/audit-logs-transformer.ts b/src/article-api/transformers/audit-logs-transformer.ts new file mode 100644 index 000000000000..1da904f694d8 --- /dev/null +++ b/src/article-api/transformers/audit-logs-transformer.ts @@ -0,0 +1,135 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import type { CategorizedEvents } from '@/audit-logs/types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import matter from '@gr2m/gray-matter' + +/** + * Transformer for Audit Logs pages + * Converts audit log events and their data into markdown format using a Liquid template + */ +export class AuditLogsTransformer implements PageTransformer { + templateName = 'audit-logs-page.template.md' + + canTransform(page: Page): boolean { + return page.autogenerated === 'audit-logs' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + // Import audit log lib dynamically to avoid circular dependencies + const { getCategorizedAuditLogEvents, getCategoryNotes, resolveReferenceLinksToMarkdown } = + await import('@/audit-logs/lib/index') + + // Extract version from context + const currentVersion = context.currentVersion! + + let pageType = '' + if (pathname.includes('/security-log-events')) { + pageType = 'user' + } else if (pathname.includes('/audit-log-events-for-your-enterprise')) { + pageType = 'enterprise' + } else if (pathname.includes('/audit-log-events-for-your-organization')) { + pageType = 'organization' + } else { + throw new Error(`Unknown audit log page type for path: ${pathname}`) + } + + // Get the audit log events data + const categorizedEvents = getCategorizedAuditLogEvents(pageType, currentVersion) + const categoryNotes = getCategoryNotes() + + // Prepare manual content + let manualContent = '' + if (page.markdown) { + const markerIndex = page.markdown.indexOf( + '', + ) + if (markerIndex > 0) { + const { content } = matter(page.markdown) + const manualContentMarkerIndex = content.indexOf( + '', + ) + if (manualContentMarkerIndex > 0) { + const rawManualContent = content.substring(0, manualContentMarkerIndex).trim() + if (rawManualContent) { + manualContent = await renderContent(rawManualContent, { + ...context, + markdownRequested: true, + }) + } + } + } + } + + // Prepare data for template + const templateData = await this.prepareTemplateData( + page, + categorizedEvents, + categoryNotes, + context, + manualContent, + resolveReferenceLinksToMarkdown, + ) + + // Load and render template + const templateContent = loadTemplate(this.templateName) + + // Render the template with Liquid + const rendered = await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + + return rendered + } + + /** + * Prepare data for the Liquid template + */ + private async prepareTemplateData( + page: Page, + categorizedEvents: CategorizedEvents, + categoryNotes: Record, + context: Context, + manualContent: string, + resolveReferenceLinksToMarkdown: (docsReferenceLinks: string, context: any) => Promise, + ): Promise> { + // Prepare page intro + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + // Sort categories and events + const sortedCategorizedEvents: CategorizedEvents = {} + const sortedCategories = Object.keys(categorizedEvents).sort((a, b) => a.localeCompare(b)) + + for (const category of sortedCategories) { + // Create a copy of the events array to avoid mutating the cache + const events = [...categorizedEvents[category]].sort((a, b) => + a.action.localeCompare(b.action), + ) + sortedCategorizedEvents[category] = await Promise.all( + events.map(async (event) => { + const newEvent = { ...event } + if (newEvent.docs_reference_links && newEvent.docs_reference_links !== 'N/A') { + newEvent.docs_reference_links = await resolveReferenceLinksToMarkdown( + newEvent.docs_reference_links, + context, + ) + } + return newEvent + }), + ) + } + + return { + page: { + title: page.title, + intro, + }, + manualContent, + categorizedEvents: sortedCategorizedEvents, + categoryNotes, + } + } +} diff --git a/src/article-api/transformers/bespoke-landing-transformer.ts b/src/article-api/transformers/bespoke-landing-transformer.ts new file mode 100644 index 000000000000..1dacd240a3f4 --- /dev/null +++ b/src/article-api/transformers/bespoke-landing-transformer.ts @@ -0,0 +1,125 @@ +import type { Context, Page, ResolvedArticle } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkData } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { getAllTocItems, flattenTocItems } from '@/article-api/lib/get-all-toc-items' + +interface BespokeLandingPage extends Omit { + featuredLinks?: Record> + children?: string[] + carousels?: Record + rawCarousels?: Record + includedCategories?: string[] +} + +/** + * Transforms bespoke-landing pages into markdown format. + * Handles carousels and full article listings. + * Note: Unlike discovery-landing, bespoke-landing shows ALL articles + * regardless of includedCategories. + */ +export class BespokeLandingTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'bespoke-landing' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + + const templateContent = loadTemplate(this.templateName) + + const rendered = await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + + return rendered + } + + private async prepareTemplateData( + page: Page, + _pathname: string, + context: Context, + ): Promise { + const bespokePage = page as BespokeLandingPage + const sections: Section[] = [] + + // Process carousels (each carousel becomes a section) + const carousels = bespokePage.carousels ?? bespokePage.rawCarousels + if (carousels && typeof carousels === 'object') { + const { default: getLearningTrackLinkData } = await import( + '@/learning-track/lib/get-link-data' + ) + + for (const [carouselKey, articles] of Object.entries(carousels)) { + if (!Array.isArray(articles) || articles.length === 0) continue + + let links: LinkData[] + if (typeof articles[0] === 'object' && 'title' in articles[0]) { + // Already resolved articles + links = articles.map((item) => ({ + href: typeof item === 'string' ? item : item.href, + title: (typeof item === 'object' && item.title) || '', + intro: (typeof item === 'object' && item.intro) || '', + })) + } else { + // Raw paths that need resolution + const linkData = await getLearningTrackLinkData(articles as string[], context, { + title: true, + intro: true, + }) + links = (linkData || []).map( + (item: { href: string; title?: string; intro?: string }) => ({ + href: item.href, + title: item.title || '', + intro: item.intro || '', + }), + ) + } + + const validLinks = links.filter((l) => l.href && l.title) + if (validLinks.length > 0) { + // Use carousel key as title (capitalize first letter) + const sectionTitle = carouselKey.charAt(0).toUpperCase() + carouselKey.slice(1) + sections.push({ + title: sectionTitle, + groups: [{ title: null, links: validLinks }], + }) + } + } + } + + // Articles section: recursively gather ALL descendant articles + // This matches the behavior of the site which uses genericTocFlat/genericTocNested + // Note: For bespoke-landing pages, the site shows ALL articles regardless of includedCategories + // (includedCategories only filters for discovery-landing pages) + if (bespokePage.children && bespokePage.children.length > 0) { + const tocItems = await getAllTocItems(page, context, { + recurse: true, + renderIntros: true, + }) + + // Flatten to get all leaf articles (excludeParents: true means only get articles, not category pages) + const allArticles = flattenTocItems(tocItems, { excludeParents: true }) + + if (allArticles.length > 0) { + sections.push({ + title: 'Articles', + groups: [{ title: null, links: allArticles }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} diff --git a/src/article-api/transformers/category-landing-transformer.ts b/src/article-api/transformers/category-landing-transformer.ts new file mode 100644 index 000000000000..3678372fb36c --- /dev/null +++ b/src/article-api/transformers/category-landing-transformer.ts @@ -0,0 +1,155 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkData } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { resolvePath } from '@/article-api/lib/resolve-path' +import { getLinkData } from '@/article-api/lib/get-link-data' + +interface CategoryPage extends Page { + spotlight?: Array<{ article: string; image: string }> + children?: string[] +} + +/** + * Transforms category-landing pages into markdown format. + * Handles spotlight sections and recursively collects all descendant articles. + */ +export class CategoryLandingTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'category-landing' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } + + /** + * Recursively collects all descendant articles from the given parent hrefs. + * Traverses the page tree, adding non-index pages and recursing into children. + * Uses a visited set to prevent infinite loops from circular references. + */ + private async getAllDescendantArticles( + parentHrefs: string[], + languageCode: string, + pathname: string, + context: Context, + visited: Set = new Set(), + ): Promise { + const allArticles: LinkData[] = [] + + for (const href of parentHrefs) { + // Prevent infinite loops from circular references + if (visited.has(href)) continue + visited.add(href) + + const parentPage = resolvePath(href, languageCode, pathname, context) as + | CategoryPage + | undefined + if (!parentPage) continue + + // Add this page if it's an article (not an index) + if (!parentPage.relativePath.endsWith('index.md')) { + const linkData = await getLinkData(href, languageCode, pathname, context, resolvePath) + if (linkData.href) { + allArticles.push(linkData) + } + } + + // Recursively get children + const children = parentPage.children + if (children && Array.isArray(children) && children.length > 0) { + // Get the parent's permalink to use as the base path for resolving children + const parentPermalink = parentPage.permalinks.find( + (p) => p.languageCode === languageCode && p.pageVersion === context.currentVersion, + ) + const parentPathname = parentPermalink ? parentPermalink.href : pathname + + const childArticles = await this.getAllDescendantArticles( + children, + languageCode, + parentPathname, + context, + visited, + ) + allArticles.push(...childArticles) + } + } + + return allArticles + } + + private async prepareTemplateData( + page: Page, + pathname: string, + context: Context, + ): Promise { + const categoryPage = page as CategoryPage + const languageCode = page.languageCode || 'en' + const sections: Section[] = [] + + // Spotlight section + const spotlight = categoryPage.spotlight + if (spotlight && spotlight.length > 0) { + const links = await Promise.all( + spotlight.map(async (item) => { + const linkData = await getLinkData( + item.article, + languageCode, + pathname, + context, + resolvePath, + ) + return { + ...linkData, + intro: linkData.intro + ? `${linkData.intro} (Image: ${item.image})` + : `Image: ${item.image}`, + } + }), + ) + + const validLinks = links.filter((l) => l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Spotlight', + groups: [{ title: null, links: validLinks }], + }) + } + } + + // Children - get all descendant articles recursively + if (categoryPage.children) { + const allArticles = await this.getAllDescendantArticles( + categoryPage.children, + languageCode, + pathname, + context, + ) + + if (allArticles.length > 0) { + sections.push({ + title: 'Links', + groups: [{ title: null, links: allArticles }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} diff --git a/src/article-api/transformers/codeql-cli-transformer.ts b/src/article-api/transformers/codeql-cli-transformer.ts new file mode 100644 index 000000000000..f32c8fbc903e --- /dev/null +++ b/src/article-api/transformers/codeql-cli-transformer.ts @@ -0,0 +1,49 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { stripHtmlCommentsAndNormalizeWhitespace } from '@/article-api/lib/strip-html-comments' + +/** + * Transformer for CodeQL CLI reference pages. + * Renders autogenerated CodeQL CLI documentation pages as markdown using a Liquid template. + * Sets `markdownRequested` to true in the context to ensure the page is rendered as markdown, + * bypassing the default article type check. + */ +export class CodeQLCliTransformer implements PageTransformer { + templateName = 'codeql-cli-page.template.md' + + canTransform(page: Page): boolean { + return page.autogenerated === 'codeql-cli' + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + // CodeQL CLI pages are fully generated markdown files in the repo. + // We render them with markdownRequested=true to get the markdown output. + context.markdownRequested = true + const content = await page.render(context) + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + // Prepare template data + const templateData: Record = { + page: { + title: page.title, + intro, + }, + content, + } + + // Load and render template + const templateContent = loadTemplate(this.templateName) + + const result = await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + + // Strip HTML comments (e.g., markdownlint-disable comments) from the output + return stripHtmlCommentsAndNormalizeWhitespace(result) + } +} diff --git a/src/article-api/transformers/discovery-landing-transformer.ts b/src/article-api/transformers/discovery-landing-transformer.ts new file mode 100644 index 000000000000..e03dea7440e7 --- /dev/null +++ b/src/article-api/transformers/discovery-landing-transformer.ts @@ -0,0 +1,215 @@ +import type { Context, Page, ResolvedArticle } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkData } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { getAllTocItems, flattenTocItems } from '@/article-api/lib/get-all-toc-items' + +interface DiscoveryPage extends Page { + rawIntroLinks?: Record + introLinks?: Record + carousels?: Record + rawCarousels?: Record + includedCategories?: string[] + children?: string[] +} + +/** + * Transforms discovery-landing pages into markdown format. + * Handles recommended carousel, intro links, article grids with + * category filtering, and children listings. + */ +export class DiscoveryLandingTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'discovery-landing' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + + const templateContent = loadTemplate(this.templateName) + + const rendered = await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + + return rendered + } + + private async prepareTemplateData( + page: Page, + _pathname: string, + context: Context, + ): Promise { + const discoveryPage = page as DiscoveryPage + const sections: Section[] = [] + + // Process carousels (each carousel becomes a section) + const carousels = discoveryPage.carousels ?? discoveryPage.rawCarousels + if (carousels && typeof carousels === 'object') { + const { default: getLearningTrackLinkData } = await import( + '@/learning-track/lib/get-link-data' + ) + + for (const [carouselKey, articles] of Object.entries(carousels)) { + if (!Array.isArray(articles) || articles.length === 0) continue + + let links: LinkData[] + if (typeof articles[0] === 'object' && 'title' in articles[0]) { + // Already resolved articles + links = articles.map((item) => ({ + href: typeof item === 'string' ? item : item.href, + title: (typeof item === 'object' && item.title) || '', + intro: (typeof item === 'object' && item.intro) || '', + })) + } else { + // Raw paths that need resolution + const linkData = await getLearningTrackLinkData(articles as string[], context, { + title: true, + intro: true, + }) + links = (linkData || []).map( + (item: { href: string; title?: string; intro?: string }) => ({ + href: item.href, + title: item.title || '', + intro: item.intro || '', + }), + ) + } + + const validLinks = links.filter((l) => l.href && l.title) + if (validLinks.length > 0) { + // Use carousel key as title (capitalize first letter) + const sectionTitle = carouselKey.charAt(0).toUpperCase() + carouselKey.slice(1) + sections.push({ + title: sectionTitle, + groups: [{ title: null, links: validLinks }], + }) + } + } + } + + // Intro links (getting started) + const rawIntroLinks = discoveryPage.introLinks ?? discoveryPage.rawIntroLinks + if (rawIntroLinks) { + const { default: getLearningTrackLinkData } = await import( + '@/learning-track/lib/get-link-data' + ) + const links = await Promise.all( + Object.values(rawIntroLinks).map(async (href): Promise => { + if (typeof href === 'string') { + const linkData = await getLearningTrackLinkData(href, context) + if (Array.isArray(linkData) && linkData.length > 0) { + const item = linkData[0] + return { href: item.href || '', title: item.title || '', intro: item.intro || '' } + } else if ( + linkData && + typeof linkData === 'object' && + !Array.isArray(linkData) && + 'href' in linkData + ) { + const item = linkData as { href?: string; title?: string; intro?: string } + return { + href: item.href || '', + title: item.title || '', + intro: item.intro || '', + } + } + } + return { href: '', title: '' } + }), + ) + const validLinks = links.filter((l) => l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Links', + groups: [{ title: 'Getting started', links: validLinks }], + }) + } + } + + // Articles section: recursively gather ALL descendant articles + // This matches the behavior of the site which uses genericTocFlat/genericTocNested + if (discoveryPage.children && discoveryPage.children.length > 0) { + const tocItems = await getAllTocItems(page, context, { + recurse: true, + renderIntros: true, + }) + + // Flatten to get all leaf articles (excludeParents: true means only get articles, not category pages) + let allArticles = flattenTocItems(tocItems, { excludeParents: true }) + + // Apply includedCategories filter if specified + if (discoveryPage.includedCategories && discoveryPage.includedCategories.length > 0) { + const includedCategories = discoveryPage.includedCategories.map((c) => c.toLowerCase()) + // Filter tocItems before flattening to preserve category info + const filterByCategory = (items: typeof tocItems): typeof tocItems => { + return items.filter((item) => { + const itemCategories = (item.category || []).map((c: string) => c.toLowerCase()) + return itemCategories.some((cat) => includedCategories.includes(cat)) + }) + } + + // Re-flatten with category filtering + const filteredTocItems = filterByCategory(flattenTocItemsWithCategory(tocItems)) + allArticles = filteredTocItems.map((item) => ({ + href: item.href, + title: item.title, + intro: item.intro, + })) + } + + if (allArticles.length > 0) { + sections.push({ + title: 'Articles', + groups: [{ title: null, links: allArticles }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} + +/** + * Helper to flatten TOC items while preserving category info for filtering + */ +interface TocItemWithCategory { + href: string + title: string + intro?: string + category?: string[] + childTocItems?: TocItemWithCategory[] +} + +function flattenTocItemsWithCategory(tocItems: TocItemWithCategory[]): TocItemWithCategory[] { + const result: TocItemWithCategory[] = [] + + function recurse(items: TocItemWithCategory[]) { + for (const item of items) { + const hasChildren = item.childTocItems && item.childTocItems.length > 0 + + // Only include leaf nodes (articles, not category pages) + if (!hasChildren) { + result.push(item) + } + + if (hasChildren) { + recurse(item.childTocItems!) + } + } + } + + recurse(tocItems) + return result +} diff --git a/src/article-api/transformers/github-apps-transformer.ts b/src/article-api/transformers/github-apps-transformer.ts new file mode 100644 index 000000000000..f04b9b1e3c94 --- /dev/null +++ b/src/article-api/transformers/github-apps-transformer.ts @@ -0,0 +1,341 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import matter from '@gr2m/gray-matter' + +const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1' + +// GitHub Apps data types +interface GitHubAppsOperation { + slug: string + subcategory?: string + verb: string + requestPath: string +} + +interface GitHubAppsPermissionOperation { + category: string + slug: string + subcategory: string + verb: string + requestPath: string + access: 'admin' | 'write' | 'read' + 'user-to-server': boolean + 'server-to-server': boolean + 'additional-permissions': boolean +} + +interface GitHubAppsPermissionGroup { + displayTitle: string + permissions: GitHubAppsPermissionOperation[] +} + +type GitHubAppsListData = Record +type GitHubAppsPermissionsData = Record + +interface PreparedOperation { + slug: string + verb: string + requestPath: string + category: string +} + +interface PreparedPermissionOperation extends PreparedOperation { + access: string + userToServer: boolean + serverToServer: boolean + additionalPermissions: boolean +} + +interface PreparedListItem { + category: string + operations: PreparedOperation[] +} + +interface PreparedPermissionItem { + permissionName: string + displayTitle: string + permissions: PreparedPermissionOperation[] +} + +// Map content files to their page types from config.json +const PAGE_TYPE_MAP: Record = { + 'endpoints-available-for-github-app-installation-access-tokens.md': 'server-to-server-rest', + 'endpoints-available-for-github-app-user-access-tokens.md': 'user-to-server-rest', + 'permissions-required-for-github-apps.md': 'server-to-server-permissions', + 'endpoints-available-for-fine-grained-personal-access-tokens.md': 'fine-grained-pat', + 'permissions-required-for-fine-grained-personal-access-tokens.md': 'fine-grained-pat-permissions', +} + +// Page types that display as bullet lists vs tables +const LIST_PAGE_TYPES = new Set([ + 'server-to-server-rest', + 'user-to-server-rest', + 'fine-grained-pat', +]) + +const PERMISSIONS_PAGE_TYPES = new Set([ + 'server-to-server-permissions', + 'fine-grained-pat-permissions', +]) + +/** + * Transformer for GitHub Apps pages. + * Converts GitHub Apps autogenerated data into markdown format. + * Uses a Liquid template for list pages, but builds markdown tables programmatically + * in TypeScript for permissions pages to avoid Liquid escaping issues. + */ +export class GithubAppsTransformer implements PageTransformer { + templateName = 'github-apps-page.template.md' + + canTransform(page: Page): boolean { + return page.autogenerated === 'github-apps' + } + + async transform( + page: Page, + pathname: string, + context: Context, + apiVersion?: string, + ): Promise { + const startTime = DEBUG ? Date.now() : 0 + if (DEBUG) console.log(`[DEBUG] GitHubAppsTransformer: ${pathname}`) + + // Import getAppsData dynamically to avoid circular dependencies + const { getAppsData } = await import('@/github-apps/lib/index') + + // Extract version from context + const currentVersion = context.currentVersion! + + // Use the provided apiVersion, or fall back to the latest from context + const effectiveApiVersion = + apiVersion || + (context.currentVersionObj?.apiVersions?.length + ? context.currentVersionObj.latestApiVersion + : undefined) + + // Determine page type from the page's relative path + const filename = page.relativePath.split('/').pop() + const pageType = filename ? PAGE_TYPE_MAP[filename] : undefined + + if (!pageType) { + throw new Error(`Unknown GitHub Apps page type for path: ${page.relativePath}`) + } + + // Get the GitHub Apps data + const appsData = await getAppsData(pageType, currentVersion, effectiveApiVersion) + + // Prepare manual content + let manualContent = '' + if (page.markdown) { + const { content } = matter(page.markdown) + // GitHub Apps pages don't have the automated marker, so we render all markdown content + if (content.trim()) { + manualContent = await renderContent(content, { + ...context, + markdownRequested: true, + }) + + // Strip HTML comments and normalize whitespace + manualContent = manualContent + .replace(//gs, '') + .replace(/\n{3,}/g, '\n\n') + .trim() + } + } + + // Prepare data for template based on page type + const isListPage = LIST_PAGE_TYPES.has(pageType) + const isPermissionsPage = PERMISSIONS_PAGE_TYPES.has(pageType) + + const templateData = await this.prepareTemplateData( + page, + appsData, + context, + manualContent, + isListPage, + isPermissionsPage, + ) + + // Load template + const templateContent = loadTemplate(this.templateName) + + // For permissions pages, we need to construct the tables manually to avoid Liquid escaping + let finalContent: string + if (isPermissionsPage) { + // Build the intro manually + let introMarkdown = `# ${templateData.page.title}\n\n` + if (templateData.page.intro) { + introMarkdown += `${templateData.page.intro}\n\n` + } + if (templateData.manualContent) { + introMarkdown += `${templateData.manualContent}\n\n` + } + + // Build the tables manually + let tablesMarkdown = '' + for (const item of templateData.items as PreparedPermissionItem[]) { + tablesMarkdown += `## ${item.displayTitle}\n\n` + tablesMarkdown += '| Endpoint | Access | Tokens | Additional Permissions |\n' + tablesMarkdown += '|----------|--------|--------|------------------------|\n' + + for (const perm of item.permissions) { + const lang = context.currentLanguage || 'en' + const version = + context.currentVersion === 'free-pro-team@latest' ? '' : `${context.currentVersion}/` + const endpoint = `[\`${perm.verb} ${perm.requestPath}\`](/${lang}/${version}rest/${perm.category}#${perm.slug})` + + let tokens = '' + if (perm.userToServer) { + tokens += `[UAT](/${lang}/${version}apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user)` + } + if (perm.userToServer && perm.serverToServer) { + tokens += '
    ' + } + if (perm.serverToServer) { + tokens += `[IAT](/${lang}/${version}apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)` + } + + const additionalPerms = perm.additionalPermissions ? '✓' : '✗' + + tablesMarkdown += `| ${endpoint} | ${perm.access} | ${tokens} | ${additionalPerms} |\n` + } + tablesMarkdown += '\n' + } + + finalContent = introMarkdown + tablesMarkdown + } else { + // For list pages, Liquid template works fine + finalContent = await renderContent(templateContent, { + ...context, + pageData: templateData.page, + manualContent: templateData.manualContent, + isListPage: templateData.isListPage, + items: templateData.items, + markdownRequested: true, + }) + } + + if (DEBUG) + console.log( + `[DEBUG] GitHubAppsTransformer.transform completed in ${Date.now() - startTime}ms`, + ) + return finalContent + } + + /** + * Prepare data for the Liquid template + */ + private async prepareTemplateData( + page: Page, + appsData: GitHubAppsListData | GitHubAppsPermissionsData, + context: Context, + manualContent: string, + isListPage: boolean, + isPermissionsPage: boolean, + ): Promise<{ + page: { title: string; intro: string } + manualContent: string + isListPage: boolean + isPermissionsPage: boolean + items: PreparedListItem[] | PreparedPermissionItem[] + }> { + // Prepare page intro + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + // Get categories without subcategories from rest lib + const { categoriesWithoutSubcategories } = await import('@/rest/lib/index') + + // Prepare items based on page type + let preparedItems: PreparedListItem[] | PreparedPermissionItem[] = [] + + if (isListPage) { + // For list pages, data is organized by category -> array of operations + preparedItems = Object.entries(appsData as GitHubAppsListData).map( + ([category, operations]) => ({ + category, + operations: operations.map((op) => + this.prepareOperation(op, category, categoriesWithoutSubcategories), + ), + }), + ) + } else if (isPermissionsPage) { + // For permissions pages, data is organized by permission name -> permission object + preparedItems = Object.entries(appsData as GitHubAppsPermissionsData).map( + ([permissionName, permissionObject]) => { + const { displayTitle, permissions } = permissionObject + // Sort by access level (admin, write, read) + const adminPermissions = permissions.filter((p) => p.access === 'admin') + const writePermissions = permissions.filter((p) => p.access === 'write') + const readPermissions = permissions.filter((p) => p.access === 'read') + const sortedPermissions = [...adminPermissions, ...writePermissions, ...readPermissions] + + return { + permissionName, + displayTitle, + permissions: sortedPermissions.map((op) => + this.preparePermissionOperation(op, categoriesWithoutSubcategories), + ), + } + }, + ) + } + + return { + page: { + title: page.title, + intro, + }, + manualContent, + isListPage, + isPermissionsPage, + items: preparedItems, + } + } + + /** + * Prepare a single operation for list-based rendering (endpoints) + */ + private prepareOperation( + operation: GitHubAppsOperation, + category: string, + categoriesWithoutSubcategories: string[], + ): PreparedOperation { + const fullCategory = operation.subcategory + ? categoriesWithoutSubcategories.includes(category) + ? category + : `${category}/${operation.subcategory}` + : category + + return { + slug: operation.slug, + verb: operation.verb.toUpperCase(), + requestPath: operation.requestPath, + category: fullCategory, + } + } + + /** + * Prepare a single operation for permissions-based rendering (tables) + */ + private preparePermissionOperation( + operation: GitHubAppsPermissionOperation, + categoriesWithoutSubcategories: string[], + ): PreparedPermissionOperation { + const category = categoriesWithoutSubcategories.includes(operation.category) + ? operation.category + : `${operation.category}/${operation.subcategory}` + + return { + slug: operation.slug, + verb: operation.verb.toUpperCase(), + requestPath: operation.requestPath, + access: operation.access, + category, + userToServer: operation['user-to-server'] || false, + serverToServer: operation['server-to-server'] || false, + additionalPermissions: operation['additional-permissions'] || false, + } + } +} diff --git a/src/article-api/transformers/graphql-breaking-changes-transformer.ts b/src/article-api/transformers/graphql-breaking-changes-transformer.ts new file mode 100644 index 000000000000..e0268c7351c5 --- /dev/null +++ b/src/article-api/transformers/graphql-breaking-changes-transformer.ts @@ -0,0 +1,69 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import type { BreakingChangesT } from '@/graphql/components/types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { fastTextOnly } from '@/content-render/unified/text-only' +import { extractManualContent } from '@/article-api/lib/graphql-helpers' +import GithubSlugger from 'github-slugger' + +/** + * Transformer for GraphQL breaking changes page + * Renders breaking changes organized by date + */ +export class GraphQLBreakingChangesTransformer implements PageTransformer { + templateName = 'graphql-breaking-changes.template.md' + + canTransform(page: Page): boolean { + if (page.autogenerated !== 'graphql') return false + + return page.relativePath.includes('graphql/overview/breaking-changes') + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + const currentVersion = context.currentVersion! + + const { getGraphqlBreakingChanges } = await import('@/graphql/lib/index') + + const schema = getGraphqlBreakingChanges(currentVersion) as BreakingChangesT + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const manualContent = await extractManualContent(page, context) + + const slugger = new GithubSlugger() + + // Process breaking changes by date + const breakingChangesByDate = Object.keys(schema).map((date) => { + const items = schema[date] + const heading = `Changes scheduled for ${date}` + const slug = slugger.slug(heading) + + return { + date, + heading, + slug, + items: items.map((item) => ({ + location: item.location, + description: fastTextOnly(item.description), + reason: fastTextOnly(item.reason), + criticality: item.criticality, + })), + } + }) + + const templateData: Record = { + pageTitle: page.title, + pageIntro: intro, + manualContent, + breakingChangesByDate, + } + + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } +} diff --git a/src/article-api/transformers/graphql-changelog-transformer.ts b/src/article-api/transformers/graphql-changelog-transformer.ts new file mode 100644 index 000000000000..0e3b504cbce0 --- /dev/null +++ b/src/article-api/transformers/graphql-changelog-transformer.ts @@ -0,0 +1,69 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import type { ChangelogItemT } from '@/graphql/components/types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { fastTextOnly } from '@/content-render/unified/text-only' +import { extractManualContent } from '@/article-api/lib/graphql-helpers' + +/** + * Transformer for GraphQL changelog page + * Renders the changelog with schema changes, preview changes, and upcoming changes + */ +export class GraphQLChangelogTransformer implements PageTransformer { + templateName = 'graphql-changelog.template.md' + + canTransform(page: Page): boolean { + if (page.autogenerated !== 'graphql') return false + + return page.relativePath.includes('graphql/overview/changelog') + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + const currentVersion = context.currentVersion! + + const { getGraphqlChangelog } = await import('@/graphql/lib/index') + + const schema = getGraphqlChangelog(currentVersion) as ChangelogItemT[] + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const manualContent = await extractManualContent(page, context) + + // Process changelog items + const changelogItems = schema.map((item) => { + const processChanges = (changes: Array<{ title: string; changes: string[] }>) => + changes.map((change) => ({ + title: change.title, + changes: change.changes.map((html: string) => { + // Remove wrapping

    tags if present + if (html.startsWith('

    ') && html.endsWith('

    ')) { + return fastTextOnly(html.slice(3, -4)) + } + return fastTextOnly(html) + }), + })) + + return { + date: item.date, + schemaChanges: processChanges(item.schemaChanges || []), + previewChanges: processChanges(item.previewChanges || []), + upcomingChanges: processChanges(item.upcomingChanges || []), + } + }) + + const templateData: Record = { + pageTitle: page.title, + pageIntro: intro, + manualContent, + changelogItems, + } + + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } +} diff --git a/src/article-api/transformers/graphql-index-transformer.ts b/src/article-api/transformers/graphql-index-transformer.ts new file mode 100644 index 000000000000..b46b41cf9100 --- /dev/null +++ b/src/article-api/transformers/graphql-index-transformer.ts @@ -0,0 +1,55 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { extractManualContent } from '@/article-api/lib/graphql-helpers' + +/** + * Transformer for GraphQL reference index page + * Renders the index page with links to child pages + */ +export class GraphQLIndexTransformer implements PageTransformer { + templateName = 'graphql-index.template.md' + + canTransform(page: Page): boolean { + if (page.autogenerated !== 'graphql') return false + + // Match the reference index page (no specific page type after /reference) + return page.relativePath.endsWith('graphql/reference/index.md') + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + const manualContent = await extractManualContent(page, context) + + // Get children links from page metadata + const children = page.children || [] + const childrenLinks = children + .map((child) => { + const childPath = child.startsWith('/') ? child : `/${child}` + const childName = childPath.split('/').pop() || '' + const displayName = childName + .split('-') + .map((word) => word.charAt(0).toUpperCase() + word.slice(1)) + .join(' ') + return `- [${displayName}](${childPath})` + }) + .join('\n') + + const templateData: Record = { + pageTitle: page.title, + pageIntro: intro, + manualContent, + childrenLinks, + } + + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } +} diff --git a/src/article-api/transformers/graphql-reference-transformer.ts b/src/article-api/transformers/graphql-reference-transformer.ts new file mode 100644 index 000000000000..418ad9ef5ff9 --- /dev/null +++ b/src/article-api/transformers/graphql-reference-transformer.ts @@ -0,0 +1,273 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import type { + QueryT, + MutationT, + ObjectT, + InterfaceT, + EnumT, + UnionT, + InputObjectT, + ScalarT, + FieldT, +} from '@/graphql/components/types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { fastTextOnly } from '@/content-render/unified/text-only' +import { extractManualContent } from '@/article-api/lib/graphql-helpers' + +/** + * Transformer for GraphQL reference pages (queries, mutations, objects, etc.) + * Renders schema items with their fields and arguments + */ +export class GraphQLReferenceTransformer implements PageTransformer { + templateName = 'graphql-reference.template.md' + + canTransform(page: Page): boolean { + if (page.autogenerated !== 'graphql') return false + + // Match reference pages that have a specific page type (not index) + const isReference = page.relativePath.includes('graphql/reference/') + const isNotIndex = !page.relativePath.endsWith('index.md') + + return isReference && isNotIndex + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const currentVersion = context.currentVersion! + + // Determine the page type from the pathname + const pathParts = pathname.split('/').filter(Boolean) + const graphqlIndex = pathParts.indexOf('graphql') + const pageType = pathParts[graphqlIndex + 2] // specific page like 'queries', 'mutations', etc. + + // Import GraphQL data functions dynamically + const { getGraphqlSchema } = await import('@/graphql/lib/index') + + // Map URL-friendly page type to internal schema key + const schemaKey = pageType === 'input-objects' ? 'inputObjects' : pageType + + const schema = getGraphqlSchema(currentVersion, schemaKey) + + // Prepare intro and manual content + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const manualContent = await extractManualContent(page, context) + + // Prepare the schema items based on page type + let preparedItems: Array> = [] + + switch (schemaKey) { + case 'queries': + preparedItems = await Promise.all( + (schema as QueryT[]).map((item) => this.prepareQuery(item)), + ) + break + case 'mutations': + preparedItems = await Promise.all( + (schema as MutationT[]).map((item) => this.prepareMutation(item)), + ) + break + case 'objects': + preparedItems = await Promise.all( + (schema as ObjectT[]).map((item) => this.prepareObject(item)), + ) + break + case 'interfaces': + preparedItems = await Promise.all( + (schema as InterfaceT[]).map((item) => this.prepareInterface(item)), + ) + break + case 'enums': + preparedItems = await Promise.all((schema as EnumT[]).map((item) => this.prepareEnum(item))) + break + case 'unions': + preparedItems = await Promise.all( + (schema as UnionT[]).map((item) => this.prepareUnion(item)), + ) + break + case 'inputObjects': + preparedItems = await Promise.all( + (schema as InputObjectT[]).map((item) => this.prepareInputObject(item)), + ) + break + case 'scalars': + preparedItems = await Promise.all( + (schema as ScalarT[]).map((item) => this.prepareScalar(item)), + ) + break + } + + const templateData: Record = { + pageTitle: page.title, + pageIntro: intro, + manualContent, + items: preparedItems, + pageType: schemaKey, + } + + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } + + /** + * Prepare a query item for rendering + */ + private async prepareQuery(query: QueryT): Promise> { + return { + name: query.name, + slug: query.name.toLowerCase(), + description: query.description ? fastTextOnly(query.description) : '', + type: query.type, + href: query.href, + isDeprecated: query.isDeprecated || false, + deprecationReason: query.deprecationReason + ? fastTextOnly(query.deprecationReason) + : undefined, + args: query.args.map((arg) => ({ + name: arg.name, + type: arg.type, + href: arg.href, + description: arg.description ? fastTextOnly(arg.description) : '', + })), + } + } + + /** + * Prepare a mutation item for rendering + */ + private async prepareMutation(mutation: MutationT): Promise> { + return { + name: mutation.name, + slug: mutation.name.toLowerCase(), + description: mutation.description ? fastTextOnly(mutation.description) : '', + isDeprecated: mutation.isDeprecated || false, + deprecationReason: mutation.deprecationReason + ? fastTextOnly(mutation.deprecationReason) + : undefined, + inputFields: await this.prepareFields(mutation.inputFields), + returnFields: await this.prepareFields(mutation.returnFields), + } + } + + /** + * Prepare an object item for rendering + */ + private async prepareObject(object: ObjectT): Promise> { + return { + name: object.name, + slug: object.name.toLowerCase(), + description: object.description ? fastTextOnly(object.description) : '', + isDeprecated: object.isDeprecated || false, + deprecationReason: object.deprecationReason + ? fastTextOnly(object.deprecationReason) + : undefined, + implements: object.implements || [], + fields: await this.prepareFields(object.fields), + } + } + + /** + * Prepare an interface item for rendering + */ + private async prepareInterface(item: InterfaceT): Promise> { + return { + name: item.name, + slug: item.name.toLowerCase(), + description: item.description ? fastTextOnly(item.description) : '', + isDeprecated: item.isDeprecated || false, + deprecationReason: item.deprecationReason ? fastTextOnly(item.deprecationReason) : undefined, + fields: await this.prepareFields(item.fields), + } + } + + /** + * Prepare an enum item for rendering + */ + private async prepareEnum(item: EnumT): Promise> { + return { + name: item.name, + slug: item.name.toLowerCase(), + description: item.description ? fastTextOnly(item.description) : '', + isDeprecated: item.isDeprecated || false, + deprecationReason: item.deprecationReason ? fastTextOnly(item.deprecationReason) : undefined, + values: item.values.map((value) => ({ + name: value.name, + description: value.description ? fastTextOnly(value.description) : '', + })), + } + } + + /** + * Prepare a union item for rendering + */ + private async prepareUnion(item: UnionT): Promise> { + return { + name: item.name, + slug: item.name.toLowerCase(), + description: item.description ? fastTextOnly(item.description) : '', + isDeprecated: item.isDeprecated || false, + deprecationReason: item.deprecationReason ? fastTextOnly(item.deprecationReason) : undefined, + possibleTypes: item.possibleTypes || [], + } + } + + /** + * Prepare an input object item for rendering + */ + private async prepareInputObject(item: InputObjectT): Promise> { + return { + name: item.name, + slug: item.name.toLowerCase(), + description: item.description ? fastTextOnly(item.description) : '', + isDeprecated: item.isDeprecated || false, + deprecationReason: item.deprecationReason ? fastTextOnly(item.deprecationReason) : undefined, + inputFields: await this.prepareFields(item.inputFields), + } + } + + /** + * Prepare a scalar item for rendering + */ + private async prepareScalar(item: ScalarT): Promise> { + return { + name: item.name, + slug: item.name.toLowerCase(), + description: item.description ? fastTextOnly(item.description) : '', + isDeprecated: item.isDeprecated || false, + deprecationReason: item.deprecationReason ? fastTextOnly(item.deprecationReason) : undefined, + } + } + + /** + * Prepare fields for rendering + */ + private async prepareFields(fields: FieldT[]): Promise>> { + return fields.map((field) => ({ + name: field.name, + type: field.type, + href: field.href, + description: field.description ? fastTextOnly(field.description) : '', + defaultValue: field.defaultValue, + isDeprecated: field.isDeprecated || false, + deprecationReason: field.deprecationReason + ? fastTextOnly(field.deprecationReason) + : undefined, + arguments: field.arguments + ? field.arguments.map((arg) => ({ + name: arg.name, + description: arg.description ? fastTextOnly(arg.description) : '', + defaultValue: arg.defaultValue, + type: { + name: arg.type.name, + href: arg.type.href, + }, + })) + : undefined, + })) + } +} diff --git a/src/article-api/transformers/index.ts b/src/article-api/transformers/index.ts index a759723782c5..b65f846dca9f 100644 --- a/src/article-api/transformers/index.ts +++ b/src/article-api/transformers/index.ts @@ -1,5 +1,22 @@ import { TransformerRegistry } from './types' import { RestTransformer } from './rest-transformer' +import { SecretScanningTransformer } from './secret-scanning-transformer' +import { CodeQLCliTransformer } from './codeql-cli-transformer' +import { AuditLogsTransformer } from './audit-logs-transformer' +import { GraphQLIndexTransformer } from './graphql-index-transformer' +import { GraphQLReferenceTransformer } from './graphql-reference-transformer' +import { GraphQLChangelogTransformer } from './graphql-changelog-transformer' +import { GraphQLBreakingChangesTransformer } from './graphql-breaking-changes-transformer' +import { GithubAppsTransformer } from './github-apps-transformer' +import { WebhooksTransformer } from './webhooks-transformer' +import { TocTransformer } from './toc-transformer' +import { BespokeLandingTransformer } from './bespoke-landing-transformer' +import { JourneyLandingTransformer } from './journey-landing-transformer' +import { CategoryLandingTransformer } from './category-landing-transformer' +import { DiscoveryLandingTransformer } from './discovery-landing-transformer' +import { ProductGuidesTransformer } from './product-guides-transformer' +import { ProductLandingTransformer } from './product-landing-transformer' +import { SearchPageTransformer } from './search-page-transformer' /** * Global transformer registry @@ -7,12 +24,24 @@ import { RestTransformer } from './rest-transformer' */ export const transformerRegistry = new TransformerRegistry() -// Register REST transformer transformerRegistry.register(new RestTransformer()) - -// Future transformers can be registered here: -// transformerRegistry.register(new WebhooksTransformer()) -// transformerRegistry.register(new GitHubAppsTransformer()) +transformerRegistry.register(new SecretScanningTransformer()) +transformerRegistry.register(new CodeQLCliTransformer()) +transformerRegistry.register(new AuditLogsTransformer()) +transformerRegistry.register(new GraphQLIndexTransformer()) +transformerRegistry.register(new GraphQLReferenceTransformer()) +transformerRegistry.register(new GraphQLChangelogTransformer()) +transformerRegistry.register(new GraphQLBreakingChangesTransformer()) +transformerRegistry.register(new GithubAppsTransformer()) +transformerRegistry.register(new WebhooksTransformer()) +transformerRegistry.register(new TocTransformer()) +transformerRegistry.register(new BespokeLandingTransformer()) +transformerRegistry.register(new JourneyLandingTransformer()) +transformerRegistry.register(new CategoryLandingTransformer()) +transformerRegistry.register(new DiscoveryLandingTransformer()) +transformerRegistry.register(new ProductGuidesTransformer()) +transformerRegistry.register(new ProductLandingTransformer()) +transformerRegistry.register(new SearchPageTransformer()) export { TransformerRegistry } from './types' export type { PageTransformer } from './types' diff --git a/src/article-api/transformers/journey-landing-transformer.ts b/src/article-api/transformers/journey-landing-transformer.ts new file mode 100644 index 000000000000..959b28deaf6a --- /dev/null +++ b/src/article-api/transformers/journey-landing-transformer.ts @@ -0,0 +1,115 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkData, LinkGroup } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { resolvePath } from '@/article-api/lib/resolve-path' +import { getLinkData } from '@/article-api/lib/get-link-data' + +interface JourneyGuide { + href: string + alternativeNextStep?: string +} + +interface JourneyTrack { + id: string + title: string + description: string + guides: JourneyGuide[] +} + +interface JourneyPage extends Page { + journeyTracks?: JourneyTrack[] + children?: string[] +} + +/** + * Transforms journey-landing pages into markdown format. + * Handles journey tracks (grouped learning paths) with guides, + * falling back to children listings when tracks aren't available. + */ +export class JourneyLandingTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'journey-landing' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } + + private async prepareTemplateData( + page: Page, + pathname: string, + context: Context, + ): Promise { + const journeyPage = page as JourneyPage + const languageCode = page.languageCode || 'en' + const sections: Section[] = [] + + // Journey tracks + const journeyTracks = journeyPage.journeyTracks + if (journeyTracks) { + const groups: LinkGroup[] = [] + for (const track of journeyTracks) { + const links = await Promise.all( + (track.guides || []).map(async (guide) => { + const guideHref = guide.href + if (!guideHref) return null + const linkData = await getLinkData( + guideHref, + languageCode, + pathname, + context, + resolvePath, + ) + return linkData + }), + ) + const validLinks = links.filter((l): l is LinkData => l !== null && !!l.href) + if (validLinks.length > 0) { + groups.push({ title: track.title, links: validLinks }) + } + } + + if (groups.length > 0) { + sections.push({ + title: 'Links', + groups, + }) + } + } + + // Children fallback + if (sections.length === 0 && journeyPage.children) { + const links = await Promise.all( + journeyPage.children.map(async (childHref) => { + return await getLinkData(childHref, languageCode, pathname, context, resolvePath) + }), + ) + const validLinks = links.filter((l): l is LinkData => !!l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Links', + groups: [{ title: null, links: validLinks }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} diff --git a/src/article-api/transformers/product-guides-transformer.ts b/src/article-api/transformers/product-guides-transformer.ts new file mode 100644 index 000000000000..54d54b00b4aa --- /dev/null +++ b/src/article-api/transformers/product-guides-transformer.ts @@ -0,0 +1,138 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkGroup, LinkData } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' + +interface ProcessedLink { + href: string + title?: string + intro?: string +} + +interface LearningTrack { + title: string + guides: ProcessedLink[] +} + +/** + * ProductGuidesPage extends Page with optional guide and learning track fields. + * - includeGuides/rawIncludeGuides: Curated list of guide articles (processed objects vs raw paths) + * - learningTracks/rawLearningTracks: Grouped tutorials (processed objects vs raw track IDs) + */ +interface ProductGuidesPage extends Page { + includeGuides?: ProcessedLink[] + rawIncludeGuides?: string[] + learningTracks?: LearningTrack[] + rawLearningTracks?: string[] +} + +/** + * Transforms product-guides pages into markdown format. + * Handles includeGuides (curated articles) and learningTracks (grouped tutorials). + */ +export class ProductGuidesTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'product-guides' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } + + private async prepareTemplateData( + page: Page, + pathname: string, + context: Context, + ): Promise { + const guidesPage = page as ProductGuidesPage + const sections: Section[] = [] + const groups: LinkGroup[] = [] + + // Include guides + const includeGuidesData = guidesPage.includeGuides ?? guidesPage.rawIncludeGuides + if (includeGuidesData && includeGuidesData.length > 0) { + const { default: getLinkData } = await import('@/learning-track/lib/get-link-data') + + const isProcessed = typeof includeGuidesData[0] === 'object' + + let processedLinks: ProcessedLink[] + if (isProcessed) { + processedLinks = includeGuidesData as ProcessedLink[] + } else { + processedLinks = + (await getLinkData(includeGuidesData as string[], context, { + title: true, + intro: true, + })) || [] + } + + const links: LinkData[] = (processedLinks || []).map((item) => ({ + href: item.href, + title: item.title || '', + intro: item.intro || '', + })) + + const validLinks = links.filter((l) => l.href) + if (validLinks.length > 0) { + groups.push({ title: 'Guides', links: validLinks }) + } + } + + // Learning tracks + const learningTracksData = guidesPage.learningTracks ?? guidesPage.rawLearningTracks + if (learningTracksData && learningTracksData.length > 0) { + let processedTracks: LearningTrack[] + if (Array.isArray(guidesPage.learningTracks) && guidesPage.learningTracks.length > 0) { + processedTracks = guidesPage.learningTracks + } else { + const { default: processLearningTracks } = await import( + '@/learning-track/lib/process-learning-tracks' + ) + const { learningTracks } = await processLearningTracks( + learningTracksData as string[], + context, + ) + processedTracks = learningTracks + } + + for (const track of processedTracks) { + if (!track.guides || !Array.isArray(track.guides)) continue + + const links: LinkData[] = track.guides.map((guide) => ({ + href: guide.href, + title: guide.title || '', + intro: guide.intro || '', + })) + + if (links.length > 0) { + groups.push({ title: track.title, links }) + } + } + } + + if (groups.length > 0) { + sections.push({ + title: 'Links', + groups, + }) + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} diff --git a/src/article-api/transformers/product-landing-transformer.ts b/src/article-api/transformers/product-landing-transformer.ts new file mode 100644 index 000000000000..7c089d4d2dca --- /dev/null +++ b/src/article-api/transformers/product-landing-transformer.ts @@ -0,0 +1,301 @@ +import type { Context, Page, ResolvedArticle } from '@/types' +import type { PageTransformer, TemplateData, Section, LinkGroup, LinkData } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { resolvePath } from '@/article-api/lib/resolve-path' +import { getLinkData } from '@/article-api/lib/get-link-data' + +interface ProductPage extends Omit { + featuredLinks?: Record> + children?: string[] + carousels?: Record + rawCarousels?: Record + includedCategories?: string[] +} + +interface PageWithChildren extends Page { + children?: string[] + category?: string[] +} + +/** + * Transforms product-landing pages into markdown format. + * Handles featured links (startHere, popular, videos), guide cards, + * article grids with category filtering, and children listings. + */ +export class ProductLandingTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + return page.layout === 'product-landing' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + + const templateContent = loadTemplate(this.templateName) + + const rendered = await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + + return rendered + } + + private async prepareTemplateData( + page: Page, + pathname: string, + context: Context, + ): Promise { + const productPage = page as ProductPage + const languageCode = page.languageCode || 'en' + const sections: Section[] = [] + + // Process carousels (each carousel becomes a section) + const carousels = productPage.carousels ?? productPage.rawCarousels + if (carousels && typeof carousels === 'object') { + const { default: getLearningTrackLinkData } = await import( + '@/learning-track/lib/get-link-data' + ) + + for (const [carouselKey, articles] of Object.entries(carousels)) { + if (!Array.isArray(articles) || articles.length === 0) continue + + let links: LinkData[] + if (typeof articles[0] === 'object' && 'title' in articles[0]) { + // Already resolved articles + links = articles.map((item) => ({ + href: typeof item === 'string' ? item : item.href, + title: (typeof item === 'object' && item.title) || '', + intro: (typeof item === 'object' && item.intro) || '', + })) + } else { + // Raw paths that need resolution + const linkData = await getLearningTrackLinkData(articles as string[], context, { + title: true, + intro: true, + }) + links = (linkData || []).map( + (item: { href: string; title?: string; intro?: string }) => ({ + href: item.href, + title: item.title || '', + intro: item.intro || '', + }), + ) + } + + const validLinks = links.filter((l) => l.href && l.title) + if (validLinks.length > 0) { + // Use carousel key as title (capitalize first letter) + const sectionTitle = carouselKey.charAt(0).toUpperCase() + carouselKey.slice(1) + sections.push({ + title: sectionTitle, + groups: [{ title: null, links: validLinks }], + }) + } + } + } + + // Featured links (startHere, popular, videos, etc.) + const rawFeaturedLinks = productPage.featuredLinks + if (rawFeaturedLinks) { + const { default: getLearningTrackLinkData } = await import( + '@/learning-track/lib/get-link-data' + ) + + const featuredKeys = ['startHere', 'popular', 'videos'] + const featuredGroups: LinkGroup[] = [] + + for (const key of featuredKeys) { + const links = rawFeaturedLinks[key] + if (!Array.isArray(links) || links.length === 0) continue + + const sectionTitle = this.getSectionTitle(key) + + let resolvedLinks: LinkData[] + + if (key === 'videos') { + // Videos are external URLs with title and href properties + const videoLinks = await Promise.all( + links.map(async (link) => { + if (typeof link === 'object' && link.href) { + const title = await renderContent(link.title, context, { textOnly: true }) + return title ? { href: link.href, title, intro: link.intro || '' } : null + } + return null + }), + ) + resolvedLinks = videoLinks.filter((l) => l !== null) as LinkData[] + } else { + // Other featuredLinks are page hrefs that need Liquid evaluation + const stringLinks = links.map((item) => (typeof item === 'string' ? item : item.href)) + const linkData = await getLearningTrackLinkData(stringLinks, context, { + title: true, + intro: true, + }) + resolvedLinks = (linkData || []).map((item) => ({ + href: item.href, + title: item.title || '', + intro: item.intro || '', + })) + } + + const validLinks = resolvedLinks.filter((l) => l.href) + if (validLinks.length > 0) { + featuredGroups.push({ + title: sectionTitle, + links: validLinks, + }) + } + } + + if (featuredGroups.length > 0) { + sections.push({ + title: 'Featured', + groups: featuredGroups, + }) + } + } + + // Guide cards + if (rawFeaturedLinks?.guideCards) { + const links = rawFeaturedLinks.guideCards + if (Array.isArray(links)) { + const resolvedLinks = await Promise.all( + links.map(async (link) => { + if (typeof link === 'string') { + return await getLinkData(link, languageCode, pathname, context, resolvePath) + } else if (link.href) { + return { + href: link.href, + title: link.title, + intro: link.intro || '', + } + } + return null + }), + ) + + const validLinks = resolvedLinks.filter((l): l is LinkData => l !== null && !!l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Guides', + groups: [{ title: null, links: validLinks }], + }) + } + } + } + + // Article grid with includedCategories filtering + if (productPage.children && productPage.includedCategories) { + const gridGroups: LinkGroup[] = [] + const includedCategories = productPage.includedCategories + + for (const childHref of productPage.children) { + const childPage = resolvePath(childHref, languageCode, pathname, context) as + | PageWithChildren + | undefined + if (!childPage?.children) continue + + const childChildren = childPage.children + if (childChildren.length === 0) continue + + // Get the child page's pathname to use for resolving grandchildren + const childPermalink = childPage.permalinks.find( + (p) => p.languageCode === languageCode && p.pageVersion === context.currentVersion, + ) + const childPathname = childPermalink ? childPermalink.href : pathname + childHref + + const articles = await Promise.all( + childChildren.map(async (grandchildHref: string) => { + const linkData = await getLinkData( + grandchildHref, + languageCode, + childPathname, + context, + resolvePath, + ) + + if (includedCategories.length > 0) { + const linkedPage = resolvePath( + grandchildHref, + languageCode, + childPathname, + context, + ) as PageWithChildren | undefined + if (linkedPage) { + const pageCategories = linkedPage.category || [] + const hasMatchingCategory = + Array.isArray(pageCategories) && + pageCategories.some((cat: string) => + includedCategories.some( + (included) => included.toLowerCase() === cat.toLowerCase(), + ), + ) + if (!hasMatchingCategory) { + return null + } + } + } + + return linkData + }), + ) + + const validArticles = articles.filter((a): a is LinkData => a !== null && !!a.href) + if (validArticles.length > 0) { + const childTitle = await childPage.renderTitle(context, { unwrap: true }) + gridGroups.push({ + title: childTitle, + links: validArticles, + }) + } + } + + if (gridGroups.length > 0) { + sections.push({ + title: 'Articles', + groups: gridGroups, + }) + } + } + + // All children (full listing) + if (productPage.children) { + const links = await Promise.all( + productPage.children.map(async (childHref) => { + return await getLinkData(childHref, languageCode, pathname, context, resolvePath) + }), + ) + const validLinks = links.filter((l) => l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Links', + groups: [{ title: null, links: validLinks }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } + + private getSectionTitle(key: string): string { + const map: Record = { + gettingStarted: 'Getting started', + startHere: 'Start here', + guideCards: 'Guides', + popular: 'Popular', + videos: 'Videos', + } + return map[key] || key + } +} diff --git a/src/article-api/transformers/rest-transformer.ts b/src/article-api/transformers/rest-transformer.ts index 87f6b9abd417..2ef6f845d8c9 100644 --- a/src/article-api/transformers/rest-transformer.ts +++ b/src/article-api/transformers/rest-transformer.ts @@ -2,20 +2,19 @@ import type { Context, Page } from '@/types' import type { PageTransformer } from './types' import type { Operation } from '@/rest/components/types' import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' import matter from '@gr2m/gray-matter' -import { readFileSync } from 'fs' -import { join, dirname } from 'path' -import { fileURLToPath } from 'url' import { fastTextOnly } from '@/content-render/unified/text-only' -const __filename = fileURLToPath(import.meta.url) -const __dirname = dirname(__filename) +const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1' /** * Transformer for REST API pages * Converts REST operations and their data into markdown format using a Liquid template */ export class RestTransformer implements PageTransformer { + templateName = 'rest-page.template.md' + canTransform(page: Page): boolean { // Only transform REST pages that are not landing pages // Landing pages (like /en/rest) will be handled by a separate transformer @@ -28,6 +27,9 @@ export class RestTransformer implements PageTransformer { context: Context, apiVersion?: string, ): Promise { + const startTime = DEBUG ? Date.now() : 0 + if (DEBUG) console.log(`[DEBUG] RestTransformer: ${pathname}`) + // Import getRest dynamically to avoid circular dependencies const { default: getRest } = await import('@/rest/lib/index') @@ -100,8 +102,7 @@ export class RestTransformer implements PageTransformer { ) // Load and render template - const templatePath = join(__dirname, '../templates/rest-page.template.md') - const templateContent = readFileSync(templatePath, 'utf8') + const templateContent = loadTemplate(this.templateName) // Render the template with Liquid const rendered = await renderContent(templateContent, { @@ -110,6 +111,7 @@ export class RestTransformer implements PageTransformer { markdownRequested: true, }) + if (DEBUG) console.log(`[DEBUG] RestTransformer completed in ${Date.now() - startTime}ms`) return rendered } diff --git a/src/article-api/transformers/search-page-transformer.ts b/src/article-api/transformers/search-page-transformer.ts new file mode 100644 index 000000000000..c3756298ecc5 --- /dev/null +++ b/src/article-api/transformers/search-page-transformer.ts @@ -0,0 +1,28 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' + +/** + * Transformer for the search page (/en/search). + * This is a special UI-only page with no markdown content. + * Returns minimal markdown with just the title. + */ +export class SearchPageTransformer implements PageTransformer { + templateName = '' + + canTransform(page: Page): boolean { + // Only match the search page specifically + return page.relativePath === 'search/index.md' + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + const title = await page.renderTitle(context, { unwrap: true }) + return `# ${title} + +Use the Search API to search programmatically: + +\`\`\` +curl "https://docs.github.com/api/search?query=actions&language=en&version=free-pro-team@latest" +\`\`\` +` + } +} diff --git a/src/article-api/transformers/secret-scanning-transformer.ts b/src/article-api/transformers/secret-scanning-transformer.ts new file mode 100644 index 000000000000..8bed61b8e2a5 --- /dev/null +++ b/src/article-api/transformers/secret-scanning-transformer.ts @@ -0,0 +1,95 @@ +import type { Context, Page, SecretScanningData } from '@/types' +import type { PageTransformer } from './types' +import fs from 'fs' +import yaml from 'js-yaml' +import path from 'path' +import { getVersionInfo } from '@/app/lib/constants' +import { liquid, renderContent } from '@/content-render/index' +import { allVersions } from '@/versions/lib/all-versions' +import { loadTemplate } from '@/article-api/lib/load-template' + +/** + * Transformer for Secret Scanning pages. + * Loads pattern data and converts secret scanning documentation into markdown format using a Liquid template. + * Used by the Article API to render Secret Scanning documentation dynamically. + */ +export class SecretScanningTransformer implements PageTransformer { + templateName = 'secret-scanning-page.template.md' + + canTransform(page: Page): boolean { + return page.autogenerated === 'secret-scanning' + } + + async transform(page: Page, _pathname: string, context: Context): Promise { + if (!context.secretScanningData) { + const currentVersion = context.currentVersion + if (!currentVersion) throw new Error('currentVersion is required') + + const { isEnterpriseCloud, isEnterpriseServer } = getVersionInfo(currentVersion) + const versionPath = isEnterpriseCloud + ? 'ghec' + : isEnterpriseServer + ? `ghes-${allVersions[currentVersion].currentRelease}` + : 'fpt' + + const secretScanningDir = path.join(process.cwd(), 'src/secret-scanning/data/pattern-docs') + const filepath = path.join(secretScanningDir, versionPath, 'public-docs.yml') + + if (fs.existsSync(filepath)) { + const data = yaml.load(fs.readFileSync(filepath, 'utf-8')) as SecretScanningData[] + + // Process Liquid in values + for (const entry of data) { + // Only process Liquid for the hasValidityCheck field, as in the middleware + if (typeof entry.hasValidityCheck === 'string' && entry.hasValidityCheck.includes('{%')) { + // Render Liquid and parse as YAML to get correct boolean type + entry.hasValidityCheck = yaml.load( + await liquid.parseAndRender(entry.hasValidityCheck, context), + ) as boolean + } + + if (entry.isduplicate) { + entry.secretType += '
    Token versions' + } + if (entry.ismultipart) { + entry.secretType += '
    Multi-part secrets' + } + } + + context.secretScanningData = data + } else { + // If the file does not exist, set to empty array to ensure predictable behavior + context.secretScanningData = [] + } + } + + context.markdownRequested = true + let content = await page.render(context) + + // Strip HTML comments from the rendered content + content = content.replace(//gs, '') + + // Normalize whitespace after stripping comments + content = content.replace(/\n{3,}/g, '\n\n').trim() + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + // Prepare template data + const templateData: Record = { + page: { + title: page.title, + intro, + }, + content, + } + + // Load and render template + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } +} diff --git a/src/article-api/transformers/toc-transformer.ts b/src/article-api/transformers/toc-transformer.ts new file mode 100644 index 000000000000..1ff9f79f1f9c --- /dev/null +++ b/src/article-api/transformers/toc-transformer.ts @@ -0,0 +1,79 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer, TemplateData, Section } from './types' +import { renderContent } from '@/content-render/index' +import { loadTemplate } from '@/article-api/lib/load-template' +import { resolvePath } from '@/article-api/lib/resolve-path' +import { getLinkData } from '@/article-api/lib/get-link-data' + +interface CategoryPage extends Page { + children?: string[] +} + +/** + * Transformer for table of contents (TOC) landing pages - pages with children but no specific layout. + * These are simple navigation pages (category/subcategory/product/homepage) that list child pages with titles and intros. + * Corresponds to TocLanding component in the web UI. + */ +export class TocTransformer implements PageTransformer { + templateName = 'landing-page.template.md' + + canTransform(page: Page): boolean { + // Transform pages that have children but no layout specified + // These are typically category, subcategory, product, or homepage pages + const categoryPage = page as CategoryPage + const validDocTypes = ['category', 'subcategory', 'product', 'homepage'] + return ( + !page.layout && + validDocTypes.includes(page.documentType) && + !!categoryPage.children && + categoryPage.children.length > 0 + ) + } + + async transform(page: Page, pathname: string, context: Context): Promise { + const templateData = await this.prepareTemplateData(page, pathname, context) + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } + + private async prepareTemplateData( + page: Page, + pathname: string, + context: Context, + ): Promise { + const mapPage = page as CategoryPage + const languageCode = page.languageCode || 'en' + const sections: Section[] = [] + + // Get all child pages + if (mapPage.children?.length) { + const links = await Promise.all( + mapPage.children.map(async (childHref) => { + return await getLinkData(childHref, languageCode, pathname, context, resolvePath) + }), + ) + + const validLinks = links.filter((l) => l.href) + if (validLinks.length > 0) { + sections.push({ + title: 'Links', + groups: [{ title: null, links: validLinks }], + }) + } + } + + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + const title = await page.renderTitle(context, { unwrap: true }) + + return { + title, + intro, + sections, + } + } +} diff --git a/src/article-api/transformers/types.ts b/src/article-api/transformers/types.ts index 4916aea2283e..aa2441f816e2 100644 --- a/src/article-api/transformers/types.ts +++ b/src/article-api/transformers/types.ts @@ -1,5 +1,39 @@ import type { Context, Page } from '@/types' +/** + * Link data for landing page sections + */ +export interface LinkData { + href: string + title: string + intro?: string +} + +/** + * Group of links with an optional title + */ +export interface LinkGroup { + title: string | null + links: LinkData[] +} + +/** + * Section containing multiple link groups + */ +export interface Section { + title: string | null + groups: LinkGroup[] +} + +/** + * Template data structure for landing pages + */ +export interface TemplateData { + title: string + intro: string + sections: Section[] +} + /** * Base interface for page-to-markdown transformers * @@ -7,6 +41,13 @@ import type { Context, Page } from '@/types' * into markdown format for the Article API */ export interface PageTransformer { + /** + * Optional: The name of the template file to use for rendering + * If provided, can be used by helper functions to load the template + * Example: 'landing-page.template.md' + */ + templateName?: string + /** * Check if this transformer can handle the given page */ diff --git a/src/article-api/transformers/webhooks-transformer.ts b/src/article-api/transformers/webhooks-transformer.ts new file mode 100644 index 000000000000..d30e84a08fb0 --- /dev/null +++ b/src/article-api/transformers/webhooks-transformer.ts @@ -0,0 +1,90 @@ +import type { Context, Page } from '@/types' +import type { PageTransformer } from './types' +import { renderContent } from '@/content-render/index' +import { fastTextOnly } from '@/content-render/unified/text-only' +import { loadTemplate } from '@/article-api/lib/load-template' +import matter from '@gr2m/gray-matter' + +/** + * Transformer for Webhooks pages. + * Converts webhook events and payloads into markdown format using a Liquid template. + */ +export class WebhooksTransformer implements PageTransformer { + templateName = 'webhooks-page.template.md' + + canTransform(page: Page): boolean { + return page.autogenerated === 'webhooks' + } + + async transform(page: Page, pathname: string, context: Context): Promise { + // Import getInitialPageWebhooks dynamically to avoid circular dependencies + const { getInitialPageWebhooks } = await import('@/webhooks/lib/index') + + // Extract version from context + const currentVersion = context.currentVersion! + + // Get the webhook data + const webhooksData = await getInitialPageWebhooks(currentVersion) + + // Prepare page intro + const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : '' + + // Prepare manual content + let manualContent = '' + if (page.markdown) { + const { content } = matter(page.markdown) + const markerIndex = content.indexOf( + '', + ) + + if (markerIndex > 0) { + const manualMarkdown = content.substring(0, markerIndex).trim() + if (manualMarkdown) { + manualContent = await renderContent(manualMarkdown, { + ...context, + markdownRequested: true, + }) + } + } + } + + // Prepare webhooks data for template + const preparedWebhooks = webhooksData.map((webhook) => ({ + name: webhook.name, + actionTypes: webhook.actionTypes, + summary: webhook.data.summaryHtml ? fastTextOnly(webhook.data.summaryHtml) : '', + description: webhook.data.descriptionHtml ? fastTextOnly(webhook.data.descriptionHtml) : '', + availability: webhook.data.availability || [], + bodyParameters: (webhook.data.bodyParameters || []).map((param) => ({ + name: param.name || '', + type: param.type || '', + description: param.description + ? fastTextOnly(param.description).replace(/\n/g, ' ').trim() + : '', + isRequired: param.isRequired || false, + })), + payloadExample: webhook.data.payloadExample + ? JSON.stringify(webhook.data.payloadExample, null, 2) + : null, + })) + + // Prepare template data + const templateData: Record = { + page: { + title: page.title, + intro, + }, + manualContent, + webhooks: preparedWebhooks, + } + + // Load and render template + const templateContent = loadTemplate(this.templateName) + + return await renderContent(templateContent, { + ...context, + ...templateData, + markdownRequested: true, + }) + } +} diff --git a/src/assets/README.md b/src/assets/README.md index 910b3b244541..d3170b0f63d9 100644 --- a/src/assets/README.md +++ b/src/assets/README.md @@ -1,3 +1,70 @@ # Assets -Assets are files such as images and CSV data that we serve statically to run the docs.github.com application. +This directory contains the logic for serving, processing, and validating static assets used in the GitHub Docs application. While the actual asset files (images, CSVs, etc.) reside in the root `assets/` directory, `src/assets` houses the code that manages how these assets are delivered to the user. + +## Purpose & Scope + +The primary responsibilities of this module are: +- **Dynamic Image Processing**: Converting PNGs to WebP on-the-fly and resizing images based on URL parameters. +- **Caching Strategy**: Setting appropriate cache headers and surrogate keys for assets, especially those with checksums in their URLs. +- **Validation & Maintenance**: Scripts to ensure assets are used correctly, identifying orphaned files, and validating image dimensions. + +## Architecture + +### Middleware + +The core logic resides in `src/assets/middleware`: + +- **`dynamic-assets.ts`**: Intercepts requests for `/assets/`. It handles: + - **WebP Conversion**: If a request ends in `.webp` but the source is a `.png`, it converts the image using `sharp`. + - **Resizing**: Supports virtual path segments like `/mw-1000/` to resize images to a maximum width (e.g., 1000px). + - **Security**: Validates requested widths against an allowed list (`VALID_MAX_WIDTHS`) to prevent DoS attacks. +- **`static-asset-caching.ts`**: Detects if an asset URL contains a checksum (e.g., `/assets/cb-12345/...`) and sets aggressive caching headers (`Surrogate-Key: manual-purge`) because the content is immutable. + +### Scripts + +Located in `src/assets/scripts`, these tools help maintain the asset library: +- `find-orphaned-assets.ts`: Identifies assets present in the disk but not referenced in the content or code. +- `validate-asset-images.ts`: Checks for issues like invalid file types or corruption. +- `list-image-sizes.ts`: Utility for analyzing image dimensions. + +### Library + +- `src/assets/lib/image-density.ts`: Utilities for handling high-density (Retina) images. + +## Setup & Usage + +### Adding New Assets + +Place static files (images, PDFs, etc.) in the root `assets/` directory. +- **Images**: `assets/images` +- **Data**: `assets/` (e.g., CSV files) + +### URL Structure + +The application (via `src/frame`) often rewrites asset URLs to include a checksum for cache busting. +- **Source**: `/assets/images/foo.png` +- **Served**: `/assets/cb-123456/images/foo.png` (The `cb-xxxxx` part is ignored by the file system lookup but used for caching). + +### Dynamic Transformations + +To request a WebP version of a PNG: +`GET /assets/images/foo.webp` (Server looks for `foo.png` and converts it). + +To request a resized version: +`GET /assets/mw-1000/images/foo.webp` (Resizes to max-width 1000px). + +## Dependencies + +- **`sharp`**: Used for high-performance image processing (resizing, format conversion). +- **`assets/` directory**: The source of truth for static files. + +## Ownership + +- **Team**: `@github/docs-engineering` +- **Escalation**: If image serving fails or performance degrades, check the `dynamic-assets` middleware and `sharp` processing. + +## Current State & Known Issues + +- **On-the-fly Processing**: We currently process images on request (cached by CDN). This avoids a massive build-time step but requires CPU resources on the server for uncached requests. +- **WebP**: We prefer WebP for performance but maintain PNGs as the source of truth. \ No newline at end of file diff --git a/src/assets/scripts/deleted-assets-pr-comment.ts b/src/assets/scripts/deleted-assets-pr-comment.ts index 19aca379f7aa..bbe77f96831a 100755 --- a/src/assets/scripts/deleted-assets-pr-comment.ts +++ b/src/assets/scripts/deleted-assets-pr-comment.ts @@ -1,5 +1,5 @@ import github from '@actions/github' -import core from '@actions/core' +import { setOutput } from '@actions/core' const { GITHUB_TOKEN } = process.env const context = github.context @@ -16,7 +16,7 @@ if (import.meta.url.endsWith(process.argv[1])) { const headSHA = context.payload.pull_request?.head.sha const markdown = await main({ owner, repo, baseSHA, headSHA }) - core.setOutput('markdown', markdown) + setOutput('markdown', markdown) } type MainArgs = { diff --git a/src/assets/scripts/find-orphaned-assets.ts b/src/assets/scripts/find-orphaned-assets.ts index da4fd6d8b5dd..15143e4d7fc2 100755 --- a/src/assets/scripts/find-orphaned-assets.ts +++ b/src/assets/scripts/find-orphaned-assets.ts @@ -43,11 +43,42 @@ const EXCEPTIONS = new Set([ 'assets/images/site/evergreens/sequoia.png', 'assets/images/site/evergreens/spruce.png', 'assets/images/site/evergreens/yew.png', + 'assets/images/social-cards/account-and-profile.png', 'assets/images/social-cards/actions.png', + 'assets/images/social-cards/admin.png', + 'assets/images/social-cards/apps.png', + 'assets/images/social-cards/authentication.png', + 'assets/images/social-cards/billing.png', + 'assets/images/social-cards/code-security.png', + 'assets/images/social-cards/codespaces.png', + 'assets/images/social-cards/communities.png', + 'assets/images/social-cards/contributing.png', 'assets/images/social-cards/copilot.png', 'assets/images/social-cards/default.png', + 'assets/images/social-cards/desktop.png', + 'assets/images/social-cards/discussions.png', + 'assets/images/social-cards/education.png', + 'assets/images/social-cards/enterprise-onboarding.png', + 'assets/images/social-cards/get-started.png', + 'assets/images/social-cards/github-cli.png', + 'assets/images/social-cards/github-models.png', + 'assets/images/social-cards/graphql.png', + 'assets/images/social-cards/integrations.png', 'assets/images/social-cards/issues.png', - 'assets/images/social-cards/code-security.png', + 'assets/images/social-cards/migrations.png', + 'assets/images/social-cards/nonprofit.png', + 'assets/images/social-cards/organizations.png', + 'assets/images/social-cards/packages.png', + 'assets/images/social-cards/pages.png', + 'assets/images/social-cards/pull-requests.png', + 'assets/images/social-cards/repositories.png', + 'assets/images/social-cards/rest.png', + 'assets/images/social-cards/search-github.png', + 'assets/images/social-cards/site-policy.png', + 'assets/images/social-cards/sponsors.png', + 'assets/images/social-cards/subscriptions-and-notifications.png', + 'assets/images/social-cards/support.png', + 'assets/images/social-cards/webhooks.png', // Hero images may not be used, but we keep them around for future use 'assets/images/banner-images/hero-1.png', 'assets/images/banner-images/hero-2.png', diff --git a/src/audit-logs/README.md b/src/audit-logs/README.md index b9320daa1d42..e30b51c3e2b6 100644 --- a/src/audit-logs/README.md +++ b/src/audit-logs/README.md @@ -69,3 +69,26 @@ Slack: `#docs-engineering` Repo: `github/docs-engineering` If you have a question about the audit log events pipeline, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with the audit log events pipeline, you can open an issue in the `github/docs-engineering` repository. + +## Ownership & On-call + +### Ownership +- **Team**: Docs Engineering +- **Source data**: github/audit-log-allowlists + +### On-call procedures +If the audit log pipeline fails: +1. Check workflow logs in `.github/workflows/sync-audit-logs.yml` +2. Verify access to `github/audit-log-allowlists` repo +3. Check for schema changes in source data +4. Escalate to #docs-engineering if stuck + +### Monitoring +- Daily workflow runs automatically +- PRs created with `audit-log-pipeline` label when updates detected +- Failures visible in GitHub Actions + +We are not expecting significant investment here. We will support updates to audit log data as we receive them. +- Automate version detection +- Add event usage analytics +- Create event category visualizations diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json index 85d8d81fde1a..a2624a1c21ba 100644 --- a/src/audit-logs/data/fpt/organization.json +++ b/src/audit-logs/data/fpt/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,50 +301,74 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.budget_create", "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -254,22 +376,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -277,25 +411,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -309,17 +455,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -328,19 +487,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -349,15 +520,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -367,15 +551,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -385,18 +582,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -404,16 +614,28 @@ "description": "The premium request paid usage policy for your GitHub account was changed.", "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -425,39 +647,62 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "operation_type", - "user_agent", - "created_at", - "user_id", - "request_id", - "actor", - "action", "@timestamp", "_document_id", - "programmatic_access_type" - ] - }, - { - "action": "checks.auto_trigger_disabled", - "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", - "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", - "fields": [ - "visibility", - "user_agent", - "user", - "@timestamp", - "repo", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "checks.auto_trigger_disabled", + "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -466,20 +711,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -490,17 +746,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -508,207 +776,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "dismissal_request_id", - "alert_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -718,28 +1147,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -747,17 +1182,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -768,25 +1216,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -797,22 +1254,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -824,22 +1292,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -848,15 +1327,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -867,15 +1361,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -885,20 +1392,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -906,19 +1423,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -926,17 +1454,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -946,27 +1487,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -974,19 +1524,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -994,18 +1557,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -1014,20 +1589,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "user_agent", - "action", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1035,21 +1620,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1057,21 +1651,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1079,13 +1685,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1095,23 +1716,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1119,16 +1747,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -1137,24 +1779,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1162,15 +1810,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1180,20 +1841,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1201,19 +1872,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1221,21 +1904,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1243,21 +1935,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1265,21 +1969,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1287,14 +2002,28 @@ "description": "Copilot custom instructions were created for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1305,107 +2034,62 @@ "description": "Copilot custom instructions were updated for the organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "action", - "_document_id", "@timestamp", - "created_at", - "operation_type", - "custom_instructions" - ] - }, - { - "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "custom_instructions" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1417,20 +2101,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1441,18 +2136,30 @@ "description": "MCP Configuration for Copilot coding agent was updated for a specific repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_config", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_config", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1462,22 +2169,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1485,21 +2203,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1509,20 +2237,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1532,21 +2272,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1556,19 +2305,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1578,21 +2336,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1602,18 +2369,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1626,18 +2406,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1651,14 +2444,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1671,8 +2479,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1681,27 +2488,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "definition_id", - "property_name", - "value", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "public_repo", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1710,19 +2525,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1731,16 +2558,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1752,19 +2592,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1773,19 +2624,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1794,19 +2656,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1815,400 +2688,617 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, { - "action": "dependabot_repository_access.default_access_level_updated", - "description": "The default repository access for Dependabot was updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.approve", + "description": "Dismissal of Dependabot alerts was approved.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "access_level", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" - ] + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_repository_access.repositories_updated", - "description": "The repositories that Dependabot can access were updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.cancel", + "description": "Dismissal request for Dependabot alerts was canceled.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates.disable", - "description": "Dependabot security updates were disabled for all existing repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates.enable", - "description": "Dependabot security updates were enabled for all existing repositories.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.create", + "description": "Dismissal of Dependabot alerts was requested.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" - ] + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.disable", - "description": " Dependabot security updates were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "action": "dependabot_closure_request.deny", + "description": "Dismissal of Dependabot alerts was denied.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.enable", - "description": "Dependabot security updates were enabled for all new repositories.", + "action": "dependabot_repository_access.default_access_level_updated", + "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "access_level", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { - "action": "dependency_graph.disable", - "description": "The dependency graph was disabled for all existing repositories.", + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph.enable", - "description": "The dependency graph was enabled for all existing repositories.", + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { - "action": "dependency_graph_new_repos.disable", - "description": "The dependency graph was disabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph_new_repos.enable", - "description": "The dependency graph was enabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "discussion_comment.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ + "programmatic_access_type", "repo", - "org", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor", - "org_id", - "_document_id", - "actor_id", - "operation_type", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type", - "request_access_security_header" + "operation_type", + "created_at" ] }, { - "action": "discussion_comment.update", - "description": "N/A", - "docs_reference_links": "N/A", + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" - ] + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion.destroy", - "description": "N/A", + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "title", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { - "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" + "created_at", + "operation_type" ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", - "user_agent", - "operation_type", - "user_id", + "_document_id", + "action", "actor", - "number", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "operation_type" + ] }, { - "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion_comment.destroy", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "discussion_comment.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", - "number", - "team", + "operation_type", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { - "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion.destroy", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + "user_agent", + "operation_type", + "title", + "created_at" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2219,16 +3309,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2239,18 +3343,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2261,17 +3379,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2280,17 +3411,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2299,22 +3443,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2323,22 +3476,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2346,28 +3509,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2376,27 +3545,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2405,25 +3582,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2432,26 +3617,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2460,21 +3652,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2483,22 +3687,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2507,25 +3721,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2534,22 +3757,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2558,21 +3793,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2583,19 +3828,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2604,20 +3860,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2626,19 +3892,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2647,23 +3924,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2671,18 +3957,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2693,20 +3989,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2716,25 +4022,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2742,25 +4058,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2768,26 +4093,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2796,25 +4130,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", - "repo", - "created_at", - "org", - "name", - "request_id", "actor_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2822,26 +4165,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2849,21 +4201,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2872,19 +4235,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2892,21 +4268,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2915,19 +4302,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2938,20 +4339,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2961,24 +4374,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2989,23 +4413,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -3016,21 +4452,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "url", - "actor", - "actor_id", "created_at", - "request_id", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3041,20 +4489,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3064,20 +4524,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -3087,19 +4560,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -3108,20 +4595,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -3131,20 +4631,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -3153,20 +4666,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -3175,20 +4701,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -3196,19 +4734,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3217,19 +4768,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3238,17 +4802,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3261,21 +4838,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -3289,17 +4879,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3311,19 +4914,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3331,154 +4945,290 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable", + "description": "An IP allow list was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at" ] }, { - "action": "ip_allow_list.enable", - "description": "An IP allow list was enabled.", + "action": "ip_allow_list.enable_for_installed_apps", + "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", + "ip_allow_list_entry", "operation_type", - "org", - "created_at" + "created_at", + "active" ] }, { - "action": "ip_allow_list.enable_for_installed_apps", - "description": "An IP allow list was enabled for installed GitHub Apps.", + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at", + "ip_allow_list_entry", + "active" ] }, { - "action": "ip_allow_list_entry.create", - "description": "An IP address was added to an IP allow list.", + "action": "issue_comment.destroy", + "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { - "action": "ip_allow_list_entry.destroy", - "description": "An IP address was deleted from an IP allow list.", + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" - ] - }, - { - "action": "ip_allow_list_entry.update", - "description": "An IP address or its description was changed.", - "docs_reference_links": "N/A", - "fields": [ + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "actor", - "org", - "action", - "operation_type", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.destroy", - "description": "A comment on an issue was deleted from the repository.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "org", - "repo", - "actor_id", "@timestamp", - "created_at", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3486,22 +5236,31 @@ "description": "A comment on an issue (other than the initial one) changed.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "action", - "repo_id", - "org_id", - "created_at", - "operation_type", "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3509,20 +5268,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3533,19 +5302,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3555,20 +5335,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "title", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3579,20 +5369,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3603,21 +5403,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3626,23 +5436,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3651,22 +5471,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3675,20 +5505,32 @@ "description": "An issue type was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3699,20 +5541,32 @@ "description": "An issue type was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3723,11 +5577,28 @@ "description": "An issue type was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", @@ -3736,11 +5607,6 @@ "old_description", "old_color", "old_enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3751,24 +5617,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3777,19 +5652,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3798,18 +5684,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3819,19 +5716,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3840,18 +5748,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3859,21 +5779,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3881,21 +5814,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3903,22 +5849,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3926,19 +5885,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3948,22 +5920,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3971,22 +5956,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", - "oauth_application_id", - "user", - "user_id", - "action", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3994,20 +5992,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4016,20 +6024,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4038,21 +6056,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4061,22 +6088,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4085,21 +6120,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4108,22 +6152,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4132,19 +6184,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4153,18 +6216,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -4174,21 +6248,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4199,16 +6282,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", + "user_agent", "created_at", - "request_id", - "actor", - "action", "operation_type" ] }, @@ -4217,21 +6311,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4240,19 +6343,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4261,19 +6375,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4281,21 +6407,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4305,16 +6440,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4324,18 +6472,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4345,14 +6506,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -4360,19 +6537,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4380,18 +6568,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4399,23 +6599,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -4423,16 +6631,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4440,24 +6662,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4465,22 +6695,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4489,15 +6734,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -4510,21 +6768,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4533,20 +6806,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4555,20 +6840,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4577,20 +6874,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4599,20 +6908,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "oauth_application", - "oauth_application_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4621,19 +6942,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4642,20 +6976,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4664,20 +7010,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4686,19 +7044,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4707,17 +7078,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4728,20 +7110,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4750,19 +7142,29 @@ "description": "An organization prevented access to resources by users with the given two-factor method.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -4773,21 +7175,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4796,24 +7208,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "inviter", - "org", - "org_id", - "repo", - "repo_id", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4821,21 +7243,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4843,20 +7275,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4864,22 +7306,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4887,20 +7337,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4908,22 +7368,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4931,21 +7399,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4955,19 +7433,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4976,19 +7465,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4998,53 +7498,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5054,17 +7593,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -5073,21 +7625,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -5096,16 +7659,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5114,18 +7690,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -5134,19 +7723,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -5156,22 +7756,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -5179,19 +7790,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5199,16 +7821,28 @@ "description": "Cleared two-factor authentication restrictions for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -5219,23 +7853,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5243,21 +7885,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5265,23 +7917,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5289,23 +7949,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5313,10 +7981,28 @@ "description": "Enablement for Code Security features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5326,10 +8012,28 @@ "description": "Enablement for Code Security features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5339,66 +8043,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -5407,21 +8140,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -5430,16 +8173,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5449,16 +8205,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5468,19 +8237,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5489,17 +8269,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5508,21 +8301,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5530,21 +8332,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5552,16 +8363,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -5571,17 +8395,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5590,17 +8427,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5610,16 +8460,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5628,17 +8491,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "_document_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5647,17 +8523,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5666,22 +8555,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5690,17 +8587,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5711,15 +8619,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5730,18 +8651,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5750,20 +8683,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5772,20 +8716,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5794,21 +8750,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5816,21 +8784,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5846,24 +8823,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5877,21 +8862,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5906,18 +8902,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5925,20 +8933,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5947,16 +8965,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5966,19 +8997,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5987,14 +9029,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -6003,21 +9062,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6026,17 +9094,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6044,19 +9125,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "org_id", - "request_id" + "operation_type", + "created_at" ] }, { @@ -6064,19 +9156,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6084,19 +9187,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6105,17 +9219,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -6124,19 +9251,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6145,19 +9283,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6166,21 +9317,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6189,17 +9349,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6208,17 +9381,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6227,42 +9413,64 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", - "manager", - "operation_type", - "created_at", - "_document_id" - ] - }, - { - "action": "org.invite_member", - "description": "A new user was invited to join an organization.", - "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", - "fields": [ + "business", + "business_id", + "hashed_token", "org", - "user_id", - "invitation_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "manager", "operation_type", + "created_at" + ] + }, + { + "action": "org.invite_member", + "description": "A new user was invited to join an organization.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6271,17 +9479,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6291,19 +9510,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6311,19 +9541,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6331,19 +9572,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -6353,20 +9606,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6375,18 +9639,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -6396,19 +9673,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -6417,20 +9706,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6440,16 +9740,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "actor", - "actor_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6457,20 +9770,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6479,20 +9803,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6501,19 +9835,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6522,19 +9867,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6543,19 +9899,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6564,19 +9931,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6585,19 +9963,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6606,20 +9996,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6628,21 +10029,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6651,18 +10062,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6672,19 +10094,29 @@ "description": "Removed a two-factor authentication method restriction for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -6695,22 +10127,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6718,21 +10160,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6740,21 +10191,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6762,21 +10222,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6784,18 +10254,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6804,19 +10286,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6824,14 +10318,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6842,14 +10350,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6860,14 +10382,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6878,20 +10414,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6900,18 +10446,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6921,19 +10478,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6942,21 +10510,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6966,21 +10546,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6989,20 +10579,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7011,23 +10612,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7036,23 +10647,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7061,19 +10680,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7082,25 +10714,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7109,21 +10752,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -7132,10 +10786,28 @@ "description": "Enablement for Secret Protection features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7145,10 +10817,28 @@ "description": "Enablement for Secret Protection features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7158,21 +10848,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7182,21 +10881,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7206,20 +10914,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7228,22 +10946,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7252,21 +10978,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7275,21 +11010,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7298,22 +11042,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7322,21 +11074,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7345,22 +11106,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7368,22 +11137,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7391,21 +11168,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7415,21 +11201,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7439,19 +11234,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7461,21 +11267,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7485,21 +11300,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7509,19 +11333,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7531,22 +11366,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7555,22 +11398,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7579,22 +11430,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7603,21 +11462,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7626,21 +11494,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7649,22 +11526,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7673,22 +11558,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7697,12 +11590,28 @@ "description": "The push protection setting was updated for a secret type for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -7715,12 +11624,28 @@ "description": "The push protection pattern configuration was updated for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "About push protection" @@ -7730,26 +11655,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7758,26 +11692,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7785,28 +11727,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7814,26 +11764,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7841,15 +11799,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7858,15 +11833,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7875,7 +11867,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7890,18 +11903,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7913,18 +11936,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7936,20 +11969,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7958,16 +12002,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7978,18 +12035,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7998,17 +12068,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8016,18 +12099,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8036,18 +12131,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8056,18 +12164,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8076,22 +12196,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8099,21 +12229,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -8122,19 +12263,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "org", - "org_id", - "business", - "business_id", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8145,15 +12297,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8163,19 +12328,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -8184,20 +12362,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -8206,23 +12396,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8231,20 +12432,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -8253,20 +12466,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8274,18 +12499,30 @@ "description": "The settings policy for immutable releases was updated for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_policy", "new_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8296,22 +12533,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -8320,20 +12568,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8341,17 +12600,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8361,20 +12633,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8383,17 +12666,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -8402,17 +12698,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8423,19 +12732,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8443,18 +12765,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8463,21 +12797,31 @@ "description": "An organization's custom property value was manually set for the first time.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8489,21 +12833,31 @@ "description": "An organization's custom property value was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8515,18 +12869,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -8535,17 +12901,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -8554,17 +12933,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -8573,20 +12965,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8595,16 +13000,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8613,14 +13033,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8631,16 +13066,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8649,16 +13099,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8668,17 +13131,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8688,16 +13162,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8707,20 +13194,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8728,19 +13225,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8749,19 +13257,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8770,18 +13289,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -8791,23 +13321,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -8816,25 +13356,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8846,25 +13393,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8875,19 +13429,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8898,26 +13463,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8930,22 +13502,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8953,20 +13536,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8976,23 +13570,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9001,21 +13606,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -9026,21 +13642,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9049,20 +13678,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9071,17 +13714,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9092,20 +13750,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9114,18 +13786,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9133,16 +13817,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9150,18 +13848,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -9169,18 +13879,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9191,22 +13914,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9214,22 +13946,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9237,18 +13978,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9259,18 +14013,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9281,18 +14045,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9303,23 +14077,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9327,21 +14112,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9349,17 +14145,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9370,18 +14179,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9393,17 +14215,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9415,20 +14250,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9440,20 +14284,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9465,20 +14318,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9490,20 +14352,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9515,15 +14386,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9533,17 +14419,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9553,15 +14450,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9571,19 +14483,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9591,23 +14514,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9615,23 +14545,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", + "actor", + "actor_id", "business", - "user_agent", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "repo_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9639,17 +14576,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9659,17 +14607,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9679,17 +14638,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9699,17 +14669,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9719,17 +14700,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9739,17 +14733,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9757,25 +14764,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9783,20 +14801,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9806,25 +14835,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9832,20 +14873,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9853,25 +14906,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9879,17 +14944,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9897,17 +14975,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9915,18 +15006,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9935,18 +15038,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9955,19 +15070,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9975,17 +15101,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9997,22 +15136,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -10020,19 +15168,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -10040,17 +15199,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10058,18 +15230,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -10077,20 +15262,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10098,18 +15293,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10118,18 +15325,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10138,16 +15357,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -10159,21 +15391,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -10181,22 +15425,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -10205,29 +15459,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10235,24 +15494,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", "user_agent", - "repo", + "operation_type", "name", - "org_id", - "user", - "_document_id", - "request_id", - "actor", - "actor_id", - "org", - "action", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10263,21 +15530,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10288,22 +15565,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -10311,24 +15598,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -10336,30 +15633,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10369,28 +15673,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10401,23 +15713,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10425,22 +15746,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10448,23 +15779,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "_document_id", - "actor", - "repo", "operation_type", - "request_id", "allow_force_pushes_enforcement_level", - "@timestamp", - "org", - "action", - "created_at", - "user_agent", - "repo_id", - "token_scopes", - "programmatic_access_type" + "created_at" ] }, { @@ -10472,24 +15812,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10498,22 +15847,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10521,24 +15880,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10547,27 +15915,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10576,18 +15951,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10598,24 +15986,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10623,25 +16020,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10649,22 +16053,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10672,22 +16086,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10696,22 +16121,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10719,25 +16154,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10745,22 +16187,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10768,22 +16220,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10791,23 +16253,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10816,24 +16289,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10842,20 +16326,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10864,21 +16362,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "_document_id", "title", - "request_id", "key", - "action", - "actor", "read_only", "explanation", - "repo_id", - "@timestamp", - "actor_id", - "repo", - "user_agent", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10888,22 +16399,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10912,25 +16435,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10939,23 +16472,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10964,18 +16508,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10985,21 +16543,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -11008,19 +16577,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -11031,23 +16613,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11057,17 +16651,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11075,19 +16683,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11095,19 +16716,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -11117,21 +16751,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -11140,27 +16785,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11168,23 +16820,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -11193,18 +16857,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11212,19 +16890,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11234,20 +16924,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11255,40 +16956,65 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" + ] + }, + { + "action": "pull_request_review.delete", + "description": "A review on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "comment_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "pull_request_review.delete", - "description": "A review on a pull request was deleted.", - "docs_reference_links": "N/A", - "fields": [ + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11296,20 +17022,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11318,19 +17057,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11340,22 +17093,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11364,21 +17127,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11387,25 +17159,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11414,23 +17193,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11439,24 +17226,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11465,23 +17259,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11491,22 +17293,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11515,19 +17326,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11536,24 +17360,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11562,24 +17396,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11587,24 +17429,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11612,24 +17462,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11637,24 +17495,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11662,23 +17528,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11689,17 +17564,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11709,17 +17596,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11729,102 +17628,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11833,19 +17766,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11853,17 +17797,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11872,15 +17829,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11891,16 +17861,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11910,17 +17893,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11930,19 +17926,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "actor_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11951,17 +17958,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11970,26 +17990,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11998,30 +18024,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -12031,20 +18062,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12053,25 +18095,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12080,23 +18130,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12104,25 +18165,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -12132,23 +18202,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -12158,24 +18237,32 @@ "description": "The setting for immutable releases was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12184,20 +18271,30 @@ "description": "The setting for immutable releases was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12208,23 +18305,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12232,21 +18339,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12254,21 +18371,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12276,22 +18403,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12299,21 +18435,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12321,20 +18467,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12342,22 +18499,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12365,18 +18531,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12384,22 +18564,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12407,21 +18597,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12429,18 +18629,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12449,22 +18661,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12473,24 +18694,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12499,23 +18728,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12523,26 +18762,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12551,21 +18795,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12574,25 +18827,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12600,22 +18859,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12624,25 +18893,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -12652,19 +18930,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12672,17 +18961,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12691,17 +18995,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12710,7 +19029,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12725,22 +19065,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12752,22 +19100,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12779,23 +19135,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12805,20 +19170,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12829,21 +19205,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12852,22 +19239,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12876,21 +19273,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12899,22 +19307,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12925,16 +19343,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12944,22 +19373,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12968,23 +19408,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", - "new_nwo", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12994,19 +19444,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -13014,21 +19474,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -13037,24 +19507,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13062,25 +19541,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -13089,24 +19575,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13115,25 +19611,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -13142,22 +19646,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13166,26 +19679,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -13193,31 +19714,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "_document_id", - "actor", - "repo_id", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13226,42 +19754,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -13270,17 +19817,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -13289,21 +19849,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13311,18 +19880,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13330,21 +19911,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13352,17 +19942,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -13371,21 +19974,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13393,24 +20005,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13419,24 +20037,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13445,25 +20069,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13472,25 +20102,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13499,19 +20135,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13520,21 +20167,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13543,23 +20199,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13568,47 +20231,133 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repository_dependency_updates_self_hosted.disabled", + "description": "Dependency updates on self-hosted runners was disabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", + "fields": [ "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" + }, + { + "action": "repository_dependency_updates_self_hosted.enabled", + "description": "Dependency updates on self-hosted runners was enabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "actor_is_bot" - ] + "user", + "user_id", + "user_agent", + "topic", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" }, { "action": "repository_image.create", "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13616,21 +20365,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13638,21 +20397,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13660,20 +20430,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13681,21 +20463,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13703,19 +20496,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13723,17 +20529,31 @@ "description": "An organization has reached their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13744,17 +20564,31 @@ "description": "An organization is approaching their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13765,19 +20599,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "business_id", - "business", - "operation_type", - "actor", - "actor_id", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -13786,20 +20631,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -13808,20 +20663,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -13829,31 +20693,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13862,19 +20734,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13882,8 +20765,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13892,23 +20774,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13933,26 +20824,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13961,26 +20858,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13989,23 +20892,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14015,23 +20925,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14041,24 +20958,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14068,24 +20992,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -14094,24 +21025,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14121,23 +21059,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14147,23 +21092,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -14172,47 +21125,131 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_secret_scanning_extended_metadata.disabled", + "description": "Metadata for secret scanning alerts has been disabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enabling extended metadata checks for your repository" + }, + { + "action": "repository_secret_scanning_extended_metadata.enabled", + "description": "Metadata for secret scanning alerts has been enabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", + "fields": [ "@timestamp", "_document_id", - "programmatic_access_type" - ] + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enabling extended metadata checks for your repository" }, { "action": "repository_secret_scanning_generic_secrets.disabled", "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14220,22 +21257,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14244,24 +21290,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14270,24 +21324,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14296,19 +21358,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14317,24 +21391,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14343,24 +21425,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14369,19 +21459,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14390,26 +21492,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14418,26 +21525,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "public_repo", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14446,28 +21558,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14475,27 +21595,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14503,28 +21631,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14532,49 +21668,135 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_updates.disable", + "description": "Dependabot security updates was disabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot security updates" + }, + { + "action": "repository_security_updates.enable", + "description": "Dependabot security updates was enabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header" - ] + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot security updates" }, { "action": "repository_visibility_change.clear", "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -14583,20 +21805,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14604,19 +21836,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", - "org", - "org_id", - "action", - "actor_id", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14624,29 +21867,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14655,29 +21906,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14686,44 +21945,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14734,21 +22015,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14757,26 +22050,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14784,21 +22085,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14806,21 +22118,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14829,20 +22155,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "repo", "org_id", - "operation_type", - "created_at", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14851,24 +22187,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14876,26 +22219,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14903,23 +22252,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14927,23 +22283,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14952,24 +22315,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14978,21 +22348,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -15001,18 +22381,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15021,19 +22414,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15041,23 +22446,34 @@ "action": "role.create", "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -15068,23 +22484,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -15093,23 +22520,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -15120,14 +22558,28 @@ "description": "A user was assigned to a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15135,42 +22587,70 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.create", "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.delete", "description": "A secret scanning alert was deleted by GitHub.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15179,21 +22659,35 @@ "created_at", "reason" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15201,29 +22695,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -15232,14 +22736,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -15247,35 +22765,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -15283,25 +22810,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15309,14 +22843,28 @@ "description": "A user was unassigned from a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15324,21 +22872,35 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.validate", "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -15348,33 +22910,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15383,25 +22953,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -15411,27 +22989,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -15441,26 +23027,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15469,19 +23063,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15490,19 +23095,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15511,20 +23127,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15533,19 +23159,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15554,14 +23191,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -15579,25 +23230,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -15606,79 +23265,103 @@ "description": "A user canceled a request to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.complete", "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.deny", "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -15688,49 +23371,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -15744,10 +23448,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15762,15 +23484,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15779,7 +23494,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15787,22 +23503,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15811,22 +23538,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15835,10 +23573,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15853,15 +23609,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15869,7 +23618,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15877,15 +23627,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15895,10 +23660,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15913,15 +23696,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15930,7 +23706,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15938,16 +23715,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15957,18 +23747,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15977,16 +23780,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15996,15 +23812,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -16016,15 +23845,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -16034,15 +23876,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -16051,17 +23908,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16070,17 +23940,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16089,16 +23973,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -16108,14 +24005,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -16125,17 +24037,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16144,17 +24069,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16163,18 +24101,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16183,15 +24134,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -16201,16 +24166,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16218,15 +24196,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -16237,16 +24228,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -16256,17 +24260,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16277,17 +24294,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16298,18 +24328,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16319,16 +24360,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16338,16 +24392,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16359,17 +24426,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16378,19 +24458,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16399,21 +24492,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16422,36 +24524,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -16462,20 +24588,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16483,18 +24623,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -16502,16 +24657,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16519,23 +24689,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16543,23 +24723,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16567,23 +24757,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16591,23 +24791,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16615,21 +24825,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -16639,22 +24859,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -16663,20 +24892,30 @@ "description": "A team was added to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16687,20 +24926,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -16709,18 +24959,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -16730,127 +24993,99 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "org_id", - "user_agent", - "team", - "org", - "actor", - "created_at", "_document_id", - "token_scopes", - "programmatic_access_type", - "team_type" - ] - }, - { - "action": "team.demote_maintainer", - "description": "A user was demoted from a team maintainer to a team member.", - "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" - ], - "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" - }, - { - "action": "team.destroy", - "description": "A team was deleted.", - "docs_reference_links": "N/A", - "fields": [ - "created_at", - "org", - "team", - "org_id", - "actor_id", - "actor", - "action", - "@timestamp", "user_agent", - "request_id", + "oauth_application_id", "operation_type", - "_document_id", - "programmatic_access_type", + "team", + "created_at", "team_type" ] }, { - "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", - "docs_reference_links": "N/A", + "action": "team.demote_maintainer", + "description": "A user was demoted from a team maintainer to a team member.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", - "actor", - "actor_id", - "user", - "business", - "action", - "request_id", - "created_at", - "user_id", - "_document_id" - ] - }, - { - "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", - "fields": [ - "org_id", - "action", - "operation_type", - "request_id", + "_document_id", + "action", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" + "team", + "operation_type", + "created_at" ], - "docs_reference_titles": "Organizations and teams documentation" + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, { - "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "action": "team.destroy", + "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "actor", - "created_at" + "team_type" ] }, { @@ -16858,19 +25093,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -16878,19 +25125,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -16898,22 +25157,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -16921,22 +25189,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -16945,20 +25222,30 @@ "description": "A team was removed from an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16969,22 +25256,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16994,43 +25290,64 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { "action": "team.rename", - "description": "A team's name was changed.", - "docs_reference_links": "N/A", - "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "description": "A team's name was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -17039,17 +25356,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17058,19 +25388,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17079,19 +25420,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -17099,28 +25451,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -17128,23 +25489,38 @@ "description": "Triggered when a user content edit is deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_content_id", "user_content_type", "created_at", - "user_agent", "deleted_by", "editor_id", - "_document_id", "deleted_at", - "action", - "actor_id", "editor", "deleted_by_id", "deleted_content", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -17152,16 +25528,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17171,16 +25561,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17190,18 +25594,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17211,21 +25628,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17233,21 +25662,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17255,21 +25695,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17277,16 +25728,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17296,27 +25761,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17325,23 +25796,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17349,10 +25830,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17363,20 +25862,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17385,23 +25873,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17411,10 +25907,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17426,19 +25940,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17449,10 +25953,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17461,21 +25983,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17485,23 +25996,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -17510,22 +26033,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17533,21 +26067,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -17555,25 +26100,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17581,23 +26134,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -17611,24 +26177,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17637,10 +26212,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17650,21 +26243,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -17674,25 +26257,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/fpt/user.json b/src/audit-logs/data/fpt/user.json index 97af53a1b41b..86bcc2b8bf74 100644 --- a/src/audit-logs/data/fpt/user.json +++ b/src/audit-logs/data/fpt/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,28 +227,42 @@ "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -177,22 +270,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -200,25 +305,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -232,17 +349,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -251,19 +381,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -272,15 +414,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -290,15 +445,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -308,18 +476,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -327,16 +508,28 @@ "description": "The premium request paid usage policy for your GitHub account was changed.", "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -348,18 +541,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,15 +572,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -385,26 +603,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -412,24 +640,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -437,26 +675,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "user", - "user_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -464,20 +712,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -488,17 +747,29 @@ "description": "The cache retention policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -510,17 +781,29 @@ "description": "The cache storage policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -532,17 +815,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -553,20 +849,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -575,19 +883,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -596,19 +917,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -617,20 +950,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -639,19 +984,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -660,20 +1017,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -682,20 +1050,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -706,17 +1085,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -724,14 +1115,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -741,25 +1147,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -770,22 +1185,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -797,22 +1223,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -821,15 +1258,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -840,17 +1292,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -860,27 +1325,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", "org", - "owner", - "pull_request_id", - "machine_type", - "user_id", - "user", - "devcontainer_path", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -888,19 +1362,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -908,18 +1395,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -928,23 +1427,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -952,16 +1458,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -970,24 +1490,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -995,15 +1521,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1013,20 +1552,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1034,19 +1583,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1054,21 +1615,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1076,22 +1646,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "owner_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1099,21 +1680,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1123,20 +1714,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1146,21 +1749,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1170,19 +1782,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1192,21 +1813,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1216,19 +1846,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1237,19 +1878,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1258,19 +1910,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1279,38 +1942,206 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_closure_request.approve", + "description": "Dismissal of Dependabot alerts was approved.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.cancel", + "description": "Dismissal request for Dependabot alerts was canceled.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.create", + "description": "Dismissal of Dependabot alerts was requested.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.deny", + "description": "Dismissal of Dependabot alerts was denied.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", - "_document_id" + "operation_type", + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "dependabot_repository_access.repositories_updated", "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1318,19 +2149,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1339,19 +2181,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1359,19 +2212,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1380,19 +2244,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1400,19 +2275,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1421,19 +2307,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1441,19 +2338,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1462,20 +2370,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1483,22 +2401,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1507,22 +2434,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1530,28 +2467,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1560,27 +2503,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1589,25 +2540,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1616,26 +2575,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1644,21 +2610,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1667,22 +2645,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1691,25 +2679,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1718,22 +2715,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1742,21 +2751,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1767,21 +2786,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1789,20 +2819,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1810,21 +2852,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", "visibility", - "user_id", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ] }, { @@ -1832,22 +2885,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1856,23 +2920,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1881,23 +2956,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1905,18 +2989,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1927,20 +3021,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1950,18 +3054,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1969,18 +3085,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1988,25 +3116,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2014,25 +3152,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "created_at", - "oauth_application_id", - "action", - "events", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" ] }, { @@ -2040,26 +3187,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2068,25 +3224,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2094,26 +3259,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2121,21 +3295,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2144,19 +3329,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2164,21 +3362,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2187,19 +3396,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2210,20 +3433,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2233,24 +3468,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2261,23 +3507,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2288,20 +3546,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2311,19 +3582,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2332,20 +3617,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2355,20 +3653,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2377,20 +3688,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2399,20 +3723,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2420,19 +3756,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2441,19 +3790,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2462,17 +3824,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2485,21 +3860,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2513,17 +3901,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2535,20 +3936,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2559,19 +3970,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2581,20 +4003,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2605,20 +4037,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2629,18 +4071,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2648,21 +4102,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2670,21 +4137,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2692,22 +4172,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2715,19 +4208,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2738,21 +4244,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2760,22 +4281,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2783,21 +4319,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2806,21 +4357,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2829,22 +4395,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2852,22 +4431,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2875,19 +4467,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2895,21 +4499,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2919,16 +4532,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2938,18 +4564,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2959,14 +4598,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2974,19 +4629,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2994,18 +4660,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3013,23 +4691,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3037,43 +4723,64 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "user_agent", + "action", "actor", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "operation_type", "created_at", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" + }, + { + "action": "oauth_access.destroy", + "description": "An OAuth access token was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "request_access_security_header", - "oauth_application_name" - ], - "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" - }, - { - "action": "oauth_access.destroy", - "description": "An OAuth access token was deleted.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", - "fields": [ - "@timestamp", + "user", + "user_id", "user_agent", - "action", "operation_type", - "_document_id", - "actor", "created_at", - "user", - "user_id", - "request_id", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -3083,19 +4790,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -3104,16 +4822,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3123,18 +4853,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3142,20 +4884,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3164,20 +4918,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3186,20 +4952,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3208,20 +4986,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3230,19 +5020,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3251,20 +5054,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "oauth_application", - "oauth_application_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3273,20 +5088,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3295,19 +5122,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3316,24 +5156,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3343,20 +5190,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -3367,20 +5225,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3390,21 +5259,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3413,24 +5292,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3438,20 +5327,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3459,22 +5358,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3482,20 +5389,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3503,22 +5420,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3526,21 +5451,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3548,26 +5482,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3576,26 +5519,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3603,28 +5554,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3632,26 +5591,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3659,18 +5626,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3682,18 +5659,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3705,20 +5692,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3727,16 +5725,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3747,18 +5758,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3767,18 +5791,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3787,18 +5823,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3807,18 +5856,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3828,20 +5889,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3849,17 +5921,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3869,20 +5954,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3891,20 +5987,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3913,17 +6023,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3934,20 +6059,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3956,19 +6095,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3976,19 +6127,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3996,18 +6159,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4015,16 +6190,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4032,18 +6221,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4051,18 +6252,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4073,18 +6287,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4095,17 +6322,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4115,19 +6355,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4135,12 +6387,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -4151,20 +6420,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4172,17 +6453,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4193,18 +6487,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4216,17 +6523,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4238,17 +6558,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4259,15 +6592,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4277,17 +6625,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4297,15 +6656,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4315,17 +6689,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4335,17 +6720,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4355,17 +6751,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4375,17 +6782,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4395,17 +6813,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -4415,17 +6846,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4433,20 +6877,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4456,25 +6911,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4482,20 +6949,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4503,25 +6982,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4529,17 +7020,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4547,17 +7051,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4565,18 +7082,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4585,18 +7114,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -4605,19 +7146,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -4625,17 +7177,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4647,22 +7212,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4670,19 +7244,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4690,17 +7275,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4708,18 +7306,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "actor_id", - "_document_id", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "team", - "@timestamp", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4727,20 +7338,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4748,18 +7369,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4768,18 +7401,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4788,16 +7433,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4809,21 +7467,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4831,18 +7501,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4853,23 +7536,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4878,24 +7572,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4904,20 +7609,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4926,21 +7645,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4950,22 +7682,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4974,25 +7718,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -5001,23 +7755,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -5026,22 +7791,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -5050,21 +7825,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -5073,25 +7857,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -5100,23 +7891,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -5125,24 +7924,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -5151,23 +7957,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -5177,22 +7991,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5201,19 +8024,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5222,24 +8058,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -5248,23 +8094,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5275,17 +8130,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5294,15 +8162,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -5313,16 +8194,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5332,17 +8226,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5352,19 +8259,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5373,17 +8291,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5392,26 +8323,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5420,30 +8357,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5453,20 +8395,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5475,25 +8428,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5502,23 +8463,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5526,25 +8498,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5554,23 +8535,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5578,21 +8569,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5600,21 +8601,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5622,22 +8633,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5645,21 +8665,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5667,20 +8697,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5688,22 +8729,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5711,18 +8761,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5730,44 +8794,64 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { "action": "repo.pages_source", "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", - "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", + "fields": [ "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5775,18 +8859,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5795,22 +8891,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5819,24 +8924,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5845,23 +8958,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5869,26 +8992,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5897,21 +9025,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5920,25 +9057,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5946,22 +9089,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5970,19 +9123,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5990,22 +9154,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -6017,22 +9189,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -6044,23 +9224,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -6070,20 +9259,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -6094,21 +9294,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -6117,22 +9328,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -6141,21 +9362,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -6164,22 +9396,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -6190,16 +9432,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6208,22 +9461,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -6233,22 +9495,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -6257,23 +9530,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -6283,19 +9566,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -6303,21 +9596,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -6326,24 +9629,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -6351,25 +9663,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6378,24 +9697,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6404,25 +9733,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6431,22 +9768,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6455,26 +9801,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6482,31 +9836,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6515,21 +9876,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6537,21 +9908,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6559,21 +9940,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6581,62 +9973,98 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "operation_type", + "invitee", + "created_at" + ] + }, + { + "action": "repository_invitation.create", + "description": "An invitation to join a repository was sent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "invitee", + "inviter", "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "operation_type" ] }, { - "action": "repository_invitation.create", - "description": "An invitation to join a repository was sent.", + "action": "repository_invitation.reject", + "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "repository_invitation.reject", - "description": "An invitation to join a repository was declined.", - "docs_reference_links": "N/A", - "fields": [ - "repo", - "_document_id", - "actor", + "user", + "user_id", + "user_agent", "invitee", - "action", - "@timestamp", - "request_id", - "actor_id", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6644,31 +10072,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6677,19 +10113,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6697,8 +10144,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6707,23 +10153,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6748,18 +10203,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6767,18 +10234,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6786,14 +10265,28 @@ "description": "A user linked a social identity to their account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "request_access_security_header", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6803,14 +10296,28 @@ "description": "A user unlinked a social identity from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6820,15 +10327,28 @@ "description": "A user unlinked all social identities from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -6838,16 +10358,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6857,18 +10390,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6877,16 +10423,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6897,15 +10456,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6915,15 +10487,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6932,17 +10519,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6951,17 +10551,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6970,16 +10584,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6989,14 +10616,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -7006,17 +10648,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", - "user", - "operation_type", - "@timestamp", - "created_at", "actor_id", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7025,17 +10680,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7044,18 +10712,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7064,15 +10745,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -7082,16 +10777,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7099,15 +10807,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -7118,16 +10839,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -7137,17 +10871,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -7156,17 +10903,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7177,17 +10937,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7198,18 +10971,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "sponsors_listing_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", "created_at", "operation_type" ] @@ -7219,16 +11003,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7238,17 +11035,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7257,16 +11067,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7276,23 +11099,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7300,23 +11133,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7324,23 +11167,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7348,23 +11201,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7372,15 +11235,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7389,15 +11267,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7406,15 +11299,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7423,15 +11331,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7440,15 +11363,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7456,15 +11394,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7473,17 +11426,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7491,17 +11457,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7509,14 +11488,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7525,15 +11519,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -7541,13 +11550,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7555,35 +11581,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_decline", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "action", - "_document_id" - ] - }, - { - "action": "two_factor_account_recovery.staff_decline", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_id", - "actor", - "action", - "@timestamp", - "user_agent", - "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7591,16 +11643,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7608,15 +11674,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7624,18 +11705,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7644,18 +11737,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7664,18 +11769,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7684,15 +11801,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7700,16 +11832,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -7718,18 +11863,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7738,15 +11895,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "operation_type", - "user_id", - "user", - "user_agent", - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7755,16 +11927,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7772,19 +11957,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7793,18 +11990,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7812,15 +12021,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7830,20 +12052,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7851,18 +12084,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7870,18 +12115,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7890,17 +12147,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7909,19 +12179,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7929,21 +12211,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "visibility", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "visibility", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7951,20 +12245,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7972,18 +12277,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7992,19 +12309,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -8012,18 +12340,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8031,18 +12371,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8050,18 +12402,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -8070,17 +12434,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8088,17 +12464,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8106,17 +12495,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8124,17 +12526,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8142,21 +12557,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8164,21 +12589,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -8187,17 +12622,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8205,17 +12653,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8223,17 +12684,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8241,18 +12715,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8260,17 +12746,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -8279,17 +12779,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8297,18 +12810,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8317,19 +12842,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", "operation_type", - "_document_id", - "request_id", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -8337,18 +12874,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8356,18 +12905,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8375,21 +12936,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8397,16 +12968,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -8415,20 +12999,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -8436,20 +13031,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8457,20 +13064,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -8478,18 +13096,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8497,16 +13127,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -8517,16 +13160,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8535,18 +13190,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8554,18 +13221,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8573,22 +13252,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8596,23 +13286,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8621,21 +13321,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8643,18 +13353,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8662,18 +13384,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8683,16 +13417,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8700,18 +13446,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", "user_agent", - "request_id", - "user", - "action", - "actor", - "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8719,18 +13477,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8738,17 +13508,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8756,18 +13539,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8775,17 +13570,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8794,19 +13602,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8814,21 +13634,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8836,21 +13666,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8858,46 +13700,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8906,23 +13766,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8930,23 +13800,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8956,23 +13834,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8981,22 +13871,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9004,21 +13905,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9026,25 +13938,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9052,24 +13972,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -9078,25 +14007,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 0f4e3b71e650..f536162bc9a1 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,31 +238,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -201,18 +279,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -220,20 +310,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -241,16 +343,29 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "audit_log_stream_id" @@ -261,15 +376,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -281,17 +409,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -314,17 +455,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -335,20 +487,30 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" }, @@ -357,28 +519,42 @@ "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -386,22 +562,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -409,25 +597,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -441,17 +641,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -460,19 +673,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", - "org_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -481,15 +706,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -499,15 +737,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -517,18 +768,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -536,16 +800,28 @@ "description": "The premium request paid usage policy for your GitHub account was changed.", "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -557,18 +833,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -576,15 +864,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -594,22 +895,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -618,20 +928,31 @@ "description": "A billing manager was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", + "@timestamp", + "_document_id", + "action", "actor", - "name", + "actor_id", "business", "business_id", - "action", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -639,20 +960,30 @@ "description": "An enterprise prevented access to resources by users with the given two-factor method.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", - "two_factor_method", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -663,22 +994,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", - "actor", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -686,20 +1027,31 @@ "description": "A support entitlement was added to a member of an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing support entitlements for your enterprise" }, @@ -708,20 +1060,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -730,17 +1092,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -751,21 +1124,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -774,17 +1157,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -795,17 +1189,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -816,21 +1221,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -839,15 +1254,28 @@ "description": "Enablement for Advanced Security features on new repositories has been locked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -858,15 +1286,28 @@ "description": "Enablement for Advanced Security features on new repositories has been unlocked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -877,42 +1318,66 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" - ], - "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, { "action": "business.advanced_security_repo_admin_enablement_policy_update", "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -920,17 +1385,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -942,21 +1418,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -965,17 +1451,30 @@ "description": "An export of the enterprise audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise", "fields": [ - "user_agent", - "business", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "request_id", - "actor", - "action", - "_document_id", "query_phrase" ], "docs_reference_titles": "Exporting audit log activity for your enterprise" @@ -985,19 +1484,32 @@ "description": "An export of the enterprise's Git events was created.", "docs_reference_links": "admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Exporting audit log activity for your enterprise" }, @@ -1006,21 +1518,32 @@ "description": "An invitation for someone to be an owner of an enterprise was canceled.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "invitation_id", - "user_id", - "_document_id", "operation_type", "created_at", - "name", - "request_id", - "actor", - "@timestamp", - "business", - "business_id", - "action" + "name" ] }, { @@ -1028,21 +1551,32 @@ "description": "An invitation for someone to be an billing manager of an enterprise was canceled.", "docs_reference_links": "N/A", "fields": [ - "business_id", - "action", "@timestamp", - "actor", - "name", "_document_id", + "action", + "actor", "actor_id", - "created_at", "business", - "user_id", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "invitation_id", - "user" + "name", + "created_at", + "operation_type", + "invitation_id" ] }, { @@ -1050,16 +1584,29 @@ "description": "The trial of GitHub Enterprise Cloud was canceled.", "docs_reference_links": "/admin/overview/setting-up-a-trial-of-github-enterprise-cloud", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -1070,18 +1617,31 @@ "description": "The seats plan type was changed for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "seats_plan_type_was", "seats_plan_type", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1092,18 +1652,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1112,17 +1685,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1132,17 +1718,29 @@ "description": "Cleared two-factor authentication restrictions for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1153,19 +1751,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1174,21 +1785,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1196,21 +1819,33 @@ "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" }, @@ -1219,18 +1854,30 @@ "description": "The policy for Code Security enablement was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1242,15 +1889,28 @@ "description": "Enablement for Code Security features on new repositories has been locked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1261,15 +1921,28 @@ "description": "Enablement for Code Security features on new repositories has been unlocked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1280,32 +1953,62 @@ "description": "Server statistics were exported for the enterprise.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ], - "docs_reference_titles": "Exporting Server Statistics" - }, - { - "action": "business.convert_trial", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Exporting Server Statistics" + }, + { + "action": "business.convert_trial", "description": "The enterprise account on a trial of GitHub Enterprise Cloud was upgraded to a paid enterprise account.", "docs_reference_links": "/admin/overview/setting-up-a-trial-of-github-enterprise-cloud", "fields": [ - "name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -1316,19 +2019,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -1336,16 +2051,29 @@ "description": "A trial of GitHub Enterprise Cloud began.", "docs_reference_links": "/admin/overview/setting-up-a-trial-of-github-enterprise-cloud", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -1356,16 +2084,29 @@ "description": "The enterprise was deleted.", "docs_reference_links": "/admin/overview/deleting-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", "business", - "action", "business_id", - "@timestamp", - "operation_type", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "operation_type", "name", "created_at" ], @@ -1376,17 +2117,28 @@ "description": "Dependabot alerts were disabled for your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -1396,17 +2148,28 @@ "description": "Dependabot alerts were enabled for your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -1416,17 +2179,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -1436,17 +2210,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -1456,17 +2241,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1476,38 +2274,62 @@ "description": "OIDC single sign-on was disabled for an enterprise.", "docs_reference_links": "/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "Configuring OIDC for Enterprise Managed Users" - }, - { - "action": "business.disable_open_scim", - "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring OIDC for Enterprise Managed Users" + }, + { + "action": "business.disable_open_scim", + "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1515,18 +2337,31 @@ "description": "SAML single sign-on was disabled for an enterprise.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "business", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "user_agent", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "_document_id", "issuer", - "@timestamp", - "actor_id", "name", "sso_url" ] @@ -1536,17 +2371,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1557,18 +2403,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "name" ] }, { @@ -1576,15 +2435,28 @@ "description": "OIDC single sign-on was enabled for an enterprise.", "docs_reference_links": "/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1595,15 +2467,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1613,20 +2498,33 @@ "description": "SAML single sign-on was enabled for an enterprise.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", - "sso_url", "@timestamp", - "issuer", - "action", - "actor_id", "_document_id", - "request_id", - "created_at", + "action", "actor", - "business_id", + "actor_id", "business", - "user_agent" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "sso_url", + "issuer", + "created_at" ] }, { @@ -1634,17 +2532,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1655,18 +2564,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -1674,19 +2596,30 @@ "description": "A GitHub Enterprise Server license was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", - "user_agent", - "action", - "request_id", - "user", "business_id", - "_document_id", - "actor_id", - "operation_type", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1694,12 +2627,29 @@ "description": "The trial of GitHub Enterprise Cloud expired.", "docs_reference_links": "/admin/overview/setting-up-a-trial-of-github-enterprise-cloud", "fields": [ - "name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -1710,17 +2660,29 @@ "description": "GitHub Models billing was disabled for the business.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1731,17 +2693,29 @@ "description": "GitHub Models billing was enabled for the business.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1752,18 +2726,31 @@ "description": "License usage information was imported from a GitHub Enterprise Server instance to an enterprise account on GitHub.com.", "docs_reference_links": "/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud#manually-uploading-github-enterprise-server-license-usage", "fields": [ - "name", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "business", - "action", - "@timestamp", - "_document_id", - "actor_id" + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Syncing license usage from GitHub Enterprise Server to Cloud" }, @@ -1772,106 +2759,266 @@ "description": "An invitation for someone to be an enterprise owner of an enterprise was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "name", - "request_id", + "actor", + "actor_id", "business", - "invitation_id", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor", - "actor_id", - "_document_id", - "@timestamp", - "user", + "name", + "invitation_id", "operation_type", "created_at" ] }, { "action": "business.invite_billing_manager", - "description": "An invitation for someone to be an billing manager of an enterprise was sent.", + "description": "An invitation for someone to be a billing manager of an enterprise was sent.", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", - "user_agent", - "invitation_id", + "@timestamp", "_document_id", - "business", - "actor", - "user_id", "action", - "@timestamp", - "name", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "invitation_id", + "name", "created_at" ] }, { - "action": "business.members_can_update_protected_branches.clear", - "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", + "action": "business.invite_unaffiliated_member", + "description": "An invitation for someone to join an enterprise was sent.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "name", + "invitation_id", + "email", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "business.members_can_update_protected_branches.disable", - "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", + "action": "business.members_can_update_protected_branches.clear", + "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", + "user_agent", "created_at", - "_document_id" + "name", + "operation_type" ] }, { - "action": "business.members_can_update_protected_branches.enable", - "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", + "action": "business.members_can_update_protected_branches.disable", + "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business.members_can_update_protected_branches.enable", + "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business.members_limit_reached", + "description": "An enterprise has reached its members limit.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", + "count", "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.organizations_limit_warning", + "description": "An enterprise is approaching its organizations limit.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", + "count", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -1879,16 +3026,28 @@ "description": "The proxy security header was disabled for an enterprise. All users on the network can now access GitHub, unless blocked by other means.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1899,15 +3058,28 @@ "description": "The proxy security header was enabled for an enterprise. When the header is provided in requests, only Enterprise Managed Users matching the header will be able to access GitHub.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1918,15 +3090,29 @@ "description": "A user outside the enterprise tried to access GitHub while the proxy security header was enabled and provided in the request.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "programmatic_access_type", - "name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1937,17 +3123,30 @@ "description": "An enterprise owner failed to sign into a enterprise with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "reason", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1958,16 +3157,29 @@ "description": "An enterprise owner successfully signed into an enterprise with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -1978,37 +3190,62 @@ "description": "An enterprise owner downloaded the enterprise's SSO recovery codes.", "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "Downloading your enterprise account's single sign-on recovery codes" - }, - { - "action": "business.recovery_codes_generated", - "description": "An enterprise owner generated the enterprise's SSO recovery codes.", - "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes", - "fields": [ - "actor", - "actor_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Downloading your enterprise account's single sign-on recovery codes" + }, + { + "action": "business.recovery_codes_generated", + "description": "An enterprise owner generated the enterprise's SSO recovery codes.", + "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -2019,19 +3256,31 @@ "description": "An enterprise owner printed the enterprise's SSO recovery codes.", "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Downloading your enterprise account's single sign-on recovery codes" }, @@ -2040,16 +3289,29 @@ "description": "An enterprise owner viewed the enterprise's SSO recovery codes.", "docs_reference_links": "/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type" ], @@ -2060,20 +3322,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -2082,19 +3355,30 @@ "description": "A billing manager was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", "business", - "actor", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "request_id", - "action", - "_document_id", "operation_type", - "@timestamp", "name", - "business_id", - "user", "created_at" ] }, @@ -2103,20 +3387,30 @@ "description": "Removed a two-factor authentication method restriction for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", - "two_factor_method", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -2127,20 +3421,30 @@ "description": "A member was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", - "business_id", - "actor_id", + "_document_id", + "action", "actor", - "operation_type", - "user", - "created_at", + "actor_id", "business", - "user_id", - "action", - "_document_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2148,20 +3452,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -2169,20 +3484,31 @@ "description": "A support entitlement was removed from a member of an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing support entitlements for your enterprise" }, @@ -2191,18 +3517,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -2210,19 +3549,31 @@ "description": "The deleted enterprise was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2230,20 +3581,31 @@ "description": "The external identity for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", "actor", - "created_at", - "name", - "user_agent", "actor_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "business" + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -2251,20 +3613,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -2272,15 +3645,28 @@ "description": "Enablement for Secret Protection features on new repositories has been locked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2291,15 +3677,28 @@ "description": "Enablement for Secret Protection features on new repositories has been unlocked for this enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2310,17 +3709,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2331,17 +3741,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2352,20 +3773,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -2374,40 +3805,61 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "business_secret_scanning_custom_pattern.publish", - "description": "An enterprise-level custom pattern was published for secret scanning.", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business_secret_scanning_custom_pattern.publish", + "description": "An enterprise-level custom pattern was published for secret scanning.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2415,17 +3867,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2436,20 +3899,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -2458,17 +3931,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2478,17 +3962,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2499,17 +3994,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2520,17 +4026,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2541,17 +4058,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2562,17 +4090,28 @@ "description": "Generic secrets have been disabled at the business level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2583,21 +4122,31 @@ "description": "Generic secrets have been enabled at the business level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -2605,17 +4154,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2627,17 +4187,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2649,17 +4220,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2670,17 +4252,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2691,17 +4284,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2712,17 +4316,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2733,17 +4348,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2754,17 +4380,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2775,17 +4412,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -2796,10 +4444,28 @@ "description": "The push protection setting was updated for a secret type for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -2812,10 +4478,28 @@ "description": "The push protection pattern configuration was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" @@ -2825,20 +4509,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "new_policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2846,26 +4542,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -2873,24 +4579,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -2898,26 +4614,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -2925,20 +4651,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2949,17 +4686,29 @@ "description": "The cache retention policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -2971,17 +4720,29 @@ "description": "The cache storage policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -2993,17 +4754,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -3014,20 +4788,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -3036,19 +4822,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -3057,19 +4856,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -3078,20 +4889,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -3100,19 +4923,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -3121,20 +4956,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -3142,18 +4989,31 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "updated_github_owned_allowed", "updated_verified_allowed", "updated_patterns", @@ -3168,20 +5028,33 @@ "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3190,18 +5063,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "old_emu_repo_runners_policy", "new_emu_repo_runners_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3211,19 +5097,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3233,19 +5132,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3254,40 +5166,66 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "old_repo_runners_policy", - "new_repo_runners_policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "business.update_saml_provider_settings", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_repo_runners_policy", + "new_repo_runners_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "business.update_saml_provider_settings", "description": "The SAML single sign-on provider settings for an enterprise were updated.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "business_id", - "sso_url", - "user_agent", "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", "name", "created_at", "operation_type", - "actor_id", - "@timestamp", "issuer" ] }, @@ -3296,20 +5234,30 @@ "description": "The organization was upgraded to an enterprise account.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Upgrading your account's plan" }, @@ -3318,20 +5266,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -3340,20 +5299,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -3364,17 +5334,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3382,224 +5364,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers", - "dismissal_approver_id" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code_scanning.alert_closure_approved", - "description": "Dismissal of code scanning alerts was approved.", - "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "dismissal_request_id", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", + "alert_numbers", + "dismissal_approver_id" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_approved", + "description": "Dismissal of code scanning alerts was approved.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" + "user_agent", + "alert_number", + "alert_numbers" ], - "docs_reference_titles": "/search-github/github-code-search" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3609,28 +5735,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -3638,17 +5770,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", - "organization_names", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", + "organization_names", "created_at", "operation_type" ], @@ -3659,25 +5804,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -3688,22 +5842,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -3715,22 +5880,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -3739,15 +5915,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -3758,15 +5949,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -3776,20 +5980,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -3797,19 +6011,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -3817,17 +6042,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3837,27 +6075,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3865,19 +6112,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -3885,18 +6145,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -3905,20 +6177,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -3926,21 +6208,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3948,21 +6239,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3970,17 +6273,30 @@ "description": "The Copilot enablement policy changed at the enterprise level to either allow or disable access for all organizations, or to allow access for selected organizations.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "previous_value", "current_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3991,15 +6307,28 @@ "description": "Copilot feature settings were changed at the enterprise level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4009,13 +6338,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4025,23 +6369,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4049,17 +6400,31 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], "docs_reference_titles": "What is GitHub Copilot?" }, { @@ -4067,24 +6432,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4092,15 +6463,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4110,20 +6494,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4131,19 +6525,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -4151,21 +6557,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4173,21 +6588,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4195,15 +6622,28 @@ "description": "The GitHub Copilot Product Terms or Pre-Release Preview Terms were accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4213,21 +6653,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4235,109 +6686,63 @@ "description": "Copilot access was enabled or disabled at the enterprise level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "previous_value", "current_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] }, { - "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "action": "copilot.plan_changed", + "description": "The plan for GitHub Copilot was updated.", + "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.plan_changed", - "description": "The plan for GitHub Copilot was updated.", - "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", - "fields": [ - "actor", - "actor_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -4349,20 +6754,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -4373,21 +6789,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4397,19 +6822,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4419,21 +6853,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4443,18 +6886,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -4467,18 +6923,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -4492,14 +6961,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -4512,8 +6996,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -4522,27 +7005,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -4551,19 +7042,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -4572,16 +7075,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -4593,19 +7109,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -4614,19 +7141,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -4635,19 +7173,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -4656,400 +7205,617 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, { - "action": "dependabot_repository_access.default_access_level_updated", - "description": "The default repository access for Dependabot was updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.approve", + "description": "Dismissal of Dependabot alerts was approved.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "access_level", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" - ] + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_repository_access.repositories_updated", - "description": "The repositories that Dependabot can access were updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.cancel", + "description": "Dismissal request for Dependabot alerts was canceled.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates.disable", - "description": "Dependabot security updates were disabled for all existing repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", - "_document_id" + "operation_type", + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates.enable", - "description": "Dependabot security updates were enabled for all existing repositories.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.create", + "description": "Dismissal of Dependabot alerts was requested.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" - ] + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.disable", - "description": " Dependabot security updates were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "action": "dependabot_closure_request.deny", + "description": "Dismissal of Dependabot alerts was denied.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.enable", - "description": "Dependabot security updates were enabled for all new repositories.", + "action": "dependabot_repository_access.default_access_level_updated", + "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "access_level", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { - "action": "dependency_graph.disable", - "description": "The dependency graph was disabled for all existing repositories.", + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph.enable", - "description": "The dependency graph was enabled for all existing repositories.", + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { - "action": "dependency_graph_new_repos.disable", - "description": "The dependency graph was disabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph_new_repos.enable", - "description": "The dependency graph was enabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "discussion_comment.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ + "programmatic_access_type", "repo", - "org", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor", - "org_id", - "_document_id", - "actor_id", - "operation_type", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type", - "request_access_security_header" + "operation_type", + "created_at" ] }, { - "action": "discussion_comment.update", - "description": "N/A", - "docs_reference_links": "N/A", + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" - ] + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion.destroy", - "description": "N/A", + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "title", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { - "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" + "created_at", + "operation_type" ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", - "user_agent", - "operation_type", - "user_id", + "_document_id", + "action", "actor", - "number", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "operation_type" + ] }, { - "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion_comment.destroy", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", - "number", - "team", + "operation_type", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { - "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion_comment.update", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", "_document_id", - "title", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "org", "operation_type", - "actor_id", + "created_at" + ] + }, + { + "action": "discussion.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + "user_agent", + "operation_type", + "title", + "created_at" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5060,16 +7826,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5080,18 +7860,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5102,23 +7896,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -5127,19 +7929,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -5148,18 +7964,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -5168,18 +7999,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -5188,18 +8034,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -5208,17 +8069,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -5227,17 +8101,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -5246,18 +8133,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5266,20 +8165,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5288,20 +8197,30 @@ "description": "An enterprise role was assigned to a user or enterprise team.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "enterprise_role_id", - "enterprise_role_name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", "created_at", "operation_type", "actor_is_bot" @@ -5313,20 +8232,32 @@ "description": "A custom enterprise role was created in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5338,20 +8269,32 @@ "description": "A custom enterprise role was deleted in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5363,20 +8306,30 @@ "description": "A user or enterprise team was unassigned an enterprise role.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "enterprise_role_id", - "enterprise_role_name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", "created_at", "operation_type", "actor_is_bot" @@ -5388,21 +8341,33 @@ "description": "A custom enterprise role was edited in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5414,18 +8379,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -5435,18 +8413,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -5455,18 +8446,31 @@ "description": "A GitHub Actions self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -5475,20 +8479,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -5497,19 +8514,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -5518,19 +8547,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "oauth_application_id", "runner_group_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -5539,24 +8581,36 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -5565,19 +8619,32 @@ "description": "The visibility of a GitHub Actions self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -5586,14 +8653,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -5602,14 +8687,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -5618,18 +8721,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -5638,22 +8759,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5661,21 +8792,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5683,17 +8826,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5704,17 +8860,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5724,17 +8893,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5745,22 +8927,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5768,18 +8960,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5790,22 +8995,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -5814,22 +9028,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5837,28 +9061,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -5867,27 +9097,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -5896,25 +9134,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -5923,26 +9169,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "public_repo", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "request_access_security_header" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at", + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -5951,21 +9204,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5974,22 +9239,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -5998,25 +9273,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -6025,22 +9309,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6049,21 +9345,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -6074,27 +9380,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -6102,19 +9414,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -6123,22 +9447,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -6146,21 +9481,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "oauth_application_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -6168,26 +9513,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6195,15 +9546,29 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -6211,15 +9576,9 @@ "url_path", "scim_group_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -6228,30 +9587,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -6260,18 +9627,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -6280,22 +9660,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -6303,25 +9693,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -6329,20 +9727,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -6350,33 +9759,61 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { "action": "external_identity.scim_api_failure", - "description": "Failed external identity SCIM API request.", - "docs_reference_links": "/rest/scim/scim", - "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "description": "Failed external identity SCIM API request.", + "docs_reference_links": "/rest/scim/scim", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -6384,15 +9821,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -6401,30 +9832,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -6433,18 +9872,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -6452,19 +9904,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -6473,20 +9936,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -6495,19 +9968,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -6516,23 +10000,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6540,18 +10033,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -6562,20 +10065,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -6585,25 +10098,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6611,25 +10134,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -6637,26 +10169,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -6665,25 +10206,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -6691,26 +10241,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -6718,21 +10277,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -6741,19 +10311,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -6761,21 +10344,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -6784,19 +10378,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", - "integration", - "_document_id", - "programmatic_access_type", + "integration", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -6807,20 +10415,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -6830,24 +10450,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -6858,23 +10489,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -6885,21 +10528,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -6910,20 +10565,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -6933,20 +10600,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -6956,19 +10636,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -6977,20 +10671,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -7000,20 +10707,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "name", - "org_id", "manager", "operation_type", - "actor", - "integration", - "org", - "@timestamp", - "actor_id", - "request_id", - "user_agent" + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -7022,20 +10742,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -7044,20 +10777,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -7065,19 +10810,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -7086,19 +10844,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -7107,17 +10878,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -7130,21 +10914,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -7158,17 +10955,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -7180,19 +10990,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7200,19 +11021,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7220,15 +11052,28 @@ "description": "Identity Provider based IP allow list for web interactions was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7239,15 +11084,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7257,17 +11115,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7277,20 +11146,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -7299,19 +11177,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7319,15 +11208,28 @@ "description": "Identity Provider based IP allow list for web interactions was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7338,15 +11240,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7356,130 +11271,259 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", "created_at", - "operation_type" + "active" ] }, { - "action": "ip_allow_list_entry.create", - "description": "An IP address was added to an IP allow list.", + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "ip_allow_list_entry", + "active" ] }, { - "action": "ip_allow_list_entry.destroy", - "description": "An IP address was deleted from an IP allow list.", + "action": "ip_allow_list.update_ip_allowlist_configuration", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { - "action": "ip_allow_list_entry.update", - "description": "An IP address or its description was changed.", + "action": "issue_comment.destroy", + "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "actor", - "org", "action", - "operation_type", - "created_at", - "user_agent", + "actor", "actor_id", - "ip_allow_list_entry", - "active", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { - "action": "ip_allow_list.update_ip_allowlist_configuration", - "description": "N/A", + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", - "operation_type" + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.destroy", - "description": "A comment on an issue was deleted from the repository.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "org", - "repo", - "actor_id", "@timestamp", - "created_at", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -7487,22 +11531,31 @@ "description": "A comment on an issue (other than the initial one) changed.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "action", - "repo_id", - "org_id", - "created_at", - "operation_type", "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7510,21 +11563,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -7533,23 +11596,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -7558,22 +11631,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -7582,24 +11665,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -7608,19 +11700,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -7629,18 +11732,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -7650,19 +11764,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -7671,18 +11796,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7690,21 +11827,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -7712,21 +11862,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7734,22 +11897,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -7757,19 +11933,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -7779,22 +11968,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -7802,22 +12004,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7825,20 +12040,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -7847,20 +12072,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -7869,21 +12104,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -7892,22 +12136,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -7916,19 +12168,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -7937,18 +12200,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -7958,21 +12232,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -7983,16 +12266,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -8001,21 +12295,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -8024,19 +12327,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -8045,19 +12359,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8065,21 +12391,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8089,16 +12424,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8108,18 +12456,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8129,14 +12490,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8144,19 +12521,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -8164,18 +12552,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8183,23 +12583,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -8207,16 +12615,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8224,24 +12646,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8249,22 +12679,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -8273,15 +12718,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -8294,21 +12752,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -8317,20 +12790,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8339,20 +12824,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8361,20 +12858,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8383,20 +12892,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8405,19 +12926,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8426,20 +12960,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8448,20 +12994,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8470,19 +13028,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -8491,17 +13062,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -8512,20 +13094,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -8534,21 +13126,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -8557,24 +13159,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8582,21 +13194,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -8604,20 +13226,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -8625,22 +13257,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -8648,20 +13288,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -8669,22 +13319,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -8692,21 +13350,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -8716,19 +13384,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -8737,19 +13416,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -8759,17 +13449,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -8778,21 +13481,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -8801,16 +13515,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -8819,18 +13546,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -8839,19 +13579,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -8861,22 +13612,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -8884,19 +13646,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -8904,23 +13677,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8928,21 +13709,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8950,23 +13741,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8974,23 +13773,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8998,66 +13805,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -9066,21 +13902,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -9089,16 +13935,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9108,16 +13967,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9127,19 +13999,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -9148,17 +14031,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -9167,21 +14063,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -9189,38 +14094,60 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", - "fields": [ - "request_id", - "org", - "action", - "operation_type", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -9230,17 +14157,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -9249,17 +14189,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -9269,16 +14222,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -9287,17 +14253,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -9306,17 +14285,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -9325,22 +14317,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -9349,17 +14349,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -9370,18 +14381,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -9390,20 +14413,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -9412,20 +14446,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -9434,21 +14480,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -9456,21 +14514,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -9486,24 +14553,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -9517,21 +14592,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -9546,18 +14632,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9565,20 +14663,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -9587,16 +14695,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -9606,19 +14727,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -9627,14 +14759,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -9643,17 +14792,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9661,19 +14823,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9681,19 +14854,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -9701,19 +14885,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -9722,17 +14917,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -9741,19 +14949,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -9762,19 +14981,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -9783,17 +15015,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -9802,17 +15047,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -9821,18 +15079,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -9840,23 +15111,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -9865,17 +15145,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9885,19 +15176,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -9905,19 +15207,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9925,19 +15238,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -9947,20 +15272,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -9969,18 +15305,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -9990,41 +15339,64 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "created_at", - "user_agent", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "url", - "org_id", - "action", + "oauth_application_name" + ] + }, + { + "action": "org.oauth_app_access_unblocked", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "oauth_application_name" - ] - }, - { - "action": "org.oauth_app_access_unblocked", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "actor_id", - "user_agent", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "url", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -10034,16 +15406,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -10051,20 +15436,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -10073,20 +15469,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -10095,19 +15501,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -10116,19 +15533,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -10137,19 +15565,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -10158,19 +15597,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -10179,19 +15629,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -10200,20 +15662,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10222,21 +15695,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -10245,18 +15728,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -10266,22 +15760,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -10289,21 +15793,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -10311,21 +15824,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -10333,21 +15855,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -10355,18 +15887,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -10375,19 +15919,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -10395,14 +15951,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -10413,14 +15983,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -10431,14 +16015,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -10449,20 +16047,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -10471,21 +16079,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -10495,21 +16115,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -10518,20 +16148,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -10540,23 +16181,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -10565,23 +16216,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -10590,19 +16249,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -10611,25 +16283,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -10638,21 +16321,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -10661,21 +16355,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -10685,21 +16388,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -10709,20 +16421,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10731,22 +16453,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10755,21 +16485,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10778,21 +16517,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10801,22 +16549,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10825,21 +16581,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -10848,22 +16613,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10871,22 +16644,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10894,21 +16675,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -10918,21 +16708,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -10942,19 +16741,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -10964,21 +16774,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -10988,21 +16807,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -11012,19 +16840,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -11034,22 +16873,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11058,22 +16905,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11082,22 +16937,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11106,21 +16969,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11129,21 +17001,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11152,22 +17033,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11176,22 +17065,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -11200,12 +17097,28 @@ "description": "The push protection setting was updated for a secret type for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -11218,12 +17131,28 @@ "description": "The push protection pattern configuration was updated for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "About push protection" @@ -11233,15 +17162,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11250,15 +17196,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11267,7 +17230,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11282,18 +17266,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -11305,18 +17299,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -11328,20 +17332,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -11350,16 +17365,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -11370,18 +17398,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -11390,17 +17431,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -11408,18 +17462,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -11428,18 +17494,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -11448,18 +17527,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11468,22 +17559,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11491,21 +17592,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -11514,19 +17626,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11537,19 +17660,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -11558,20 +17694,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11580,23 +17728,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -11605,20 +17764,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11627,20 +17798,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -11648,18 +17831,30 @@ "description": "The settings policy for immutable releases was updated for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_policy", "new_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -11670,22 +17865,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11694,20 +17900,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -11715,17 +17932,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -11735,20 +17965,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -11757,17 +17998,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -11776,19 +18030,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -11796,18 +18063,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -11816,11 +18095,28 @@ "description": "A new organization custom property definition was created.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "description", @@ -11828,11 +18124,6 @@ "required", "allowed_values", "default_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -11844,11 +18135,28 @@ "description": "An organization custom property definition was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "description", @@ -11856,11 +18164,6 @@ "required", "allowed_values", "default_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -11872,20 +18175,32 @@ "description": "An organization custom property definition was updated.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "old_values_editable_by", - "values_editable_by", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "values_editable_by", "created_at", "operation_type", "actor_is_bot", @@ -11900,21 +18215,31 @@ "description": "An organization's custom property value was manually set for the first time.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -11926,21 +18251,31 @@ "description": "An organization's custom property value was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -11952,18 +18287,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -11972,17 +18319,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -11991,17 +18351,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -12010,20 +18383,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -12032,16 +18418,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -12050,14 +18451,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -12068,16 +18484,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -12086,16 +18517,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -12105,17 +18549,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -12125,16 +18580,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -12144,20 +18612,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -12165,19 +18643,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12186,19 +18675,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12207,18 +18707,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -12228,23 +18739,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -12253,25 +18774,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12283,25 +18811,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "name", - "owner", - "role_permissions", - "base_role", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", "created_at", "operation_type" ], @@ -12312,19 +18847,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -12335,26 +18881,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -12367,22 +18920,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12390,20 +18954,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -12413,23 +18988,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -12438,21 +19024,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -12463,21 +19060,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -12486,20 +19096,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -12508,17 +19132,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12529,20 +19168,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -12551,18 +19204,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12570,16 +19235,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12587,18 +19266,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -12606,18 +19297,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12628,22 +19332,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12651,22 +19364,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12674,18 +19396,28 @@ "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -12696,18 +19428,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12718,18 +19463,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -12740,18 +19495,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -12762,18 +19527,28 @@ "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -12784,23 +19559,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12808,21 +19594,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12830,17 +19627,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -12851,18 +19661,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -12874,17 +19697,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -12896,20 +19732,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -12921,20 +19766,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -12946,20 +19800,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -12971,20 +19834,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "org", - "org_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -12996,15 +19868,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13014,17 +19901,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -13034,15 +19932,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13052,19 +19965,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13072,23 +19996,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13096,23 +20027,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13120,17 +20058,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -13140,17 +20089,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -13160,17 +20120,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -13180,17 +20151,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -13200,17 +20182,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -13220,17 +20215,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13238,25 +20246,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13264,20 +20283,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -13287,25 +20317,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -13313,20 +20355,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -13334,25 +20388,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -13360,17 +20426,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -13378,17 +20457,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -13396,18 +20488,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -13416,18 +20520,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -13436,19 +20552,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -13456,17 +20583,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -13478,22 +20618,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -13501,19 +20650,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -13521,17 +20681,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13539,18 +20712,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -13558,20 +20744,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13579,18 +20775,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -13599,18 +20807,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -13619,16 +20839,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -13640,21 +20873,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -13662,22 +20907,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -13686,29 +20941,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -13716,24 +20976,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -13744,21 +21012,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -13769,22 +21047,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -13792,24 +21080,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -13817,30 +21115,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -13850,28 +21155,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -13882,23 +21195,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -13906,23 +21228,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -13930,24 +21261,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13956,24 +21296,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -13982,27 +21331,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -14011,18 +21367,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -14033,24 +21402,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -14058,25 +21436,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -14084,22 +21469,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -14107,22 +21502,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -14131,22 +21537,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -14154,25 +21570,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -14180,22 +21603,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -14203,22 +21636,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -14226,23 +21669,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -14251,24 +21705,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -14277,20 +21742,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -14299,21 +21778,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -14323,22 +21815,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -14347,25 +21851,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -14374,23 +21888,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -14399,18 +21924,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -14420,21 +21959,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -14443,19 +21993,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -14466,23 +22029,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -14492,17 +22067,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14510,19 +22099,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -14530,19 +22132,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -14552,21 +22167,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -14575,27 +22201,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -14603,23 +22236,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -14628,18 +22273,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -14647,19 +22306,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -14669,20 +22340,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -14690,18 +22372,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -14709,21 +22404,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -14731,20 +22438,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -14753,19 +22473,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -14775,22 +22509,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -14799,21 +22543,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -14822,25 +22575,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -14849,23 +22609,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -14874,24 +22642,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -14900,23 +22675,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -14926,22 +22709,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -14950,19 +22742,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -14971,24 +22776,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -14997,24 +22812,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15022,24 +22845,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15047,24 +22878,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15072,24 +22911,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15097,23 +22944,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -15124,17 +22980,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15144,17 +23012,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15164,102 +23044,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -15268,19 +23182,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15288,17 +23213,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -15307,15 +23245,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15326,16 +23277,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -15345,17 +23309,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -15365,19 +23342,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -15386,17 +23374,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -15405,26 +23406,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -15433,30 +23440,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -15466,20 +23478,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -15488,25 +23511,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", - "visibility", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -15515,23 +23546,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -15539,25 +23581,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -15567,23 +23618,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -15593,24 +23653,32 @@ "description": "The setting for immutable releases was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15619,20 +23687,30 @@ "description": "The setting for immutable releases was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -15643,23 +23721,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -15667,21 +23755,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -15689,21 +23787,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -15711,22 +23819,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -15734,21 +23851,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -15756,20 +23883,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15777,22 +23915,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -15800,18 +23947,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15819,22 +23980,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15842,21 +24013,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -15864,18 +24045,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -15884,22 +24077,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -15908,24 +24110,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -15934,23 +24144,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -15958,26 +24178,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -15986,21 +24211,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -16009,25 +24243,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -16035,22 +24275,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -16059,25 +24309,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -16087,19 +24346,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -16107,17 +24377,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", - "runner_name", - "action", - "_document_id", + "runner_name", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -16126,17 +24411,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -16145,7 +24445,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -16160,22 +24481,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16187,22 +24516,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16214,23 +24551,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -16240,20 +24586,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -16264,21 +24621,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -16287,22 +24655,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -16311,21 +24689,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -16334,22 +24723,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -16360,16 +24759,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -16378,22 +24788,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -16403,22 +24822,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -16427,23 +24857,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -16453,19 +24893,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -16473,21 +24923,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -16496,24 +24956,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -16521,51 +24990,68 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.update_actions_settings", + "description": "A repository administrator changed GitHub Actions policy settings for a repository.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ], - "docs_reference_titles": "Using secrets in GitHub Actions" - }, - { - "action": "repo.update_actions_settings", - "description": "A repository administrator changed GitHub Actions policy settings for a repository.", - "docs_reference_links": "N/A", - "fields": [ + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -16574,25 +25060,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -16601,22 +25095,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -16625,26 +25128,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16652,31 +25163,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -16685,42 +25203,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -16729,17 +25266,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -16748,40 +25298,61 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "repository_advisory.open", "description": "Someone opened a draft security advisory.", - "docs_reference_links": "N/A", - "fields": [ - "operation_type", - "user_agent", - "actor_id", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16789,21 +25360,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16811,17 +25391,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -16830,21 +25423,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16852,24 +25454,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -16878,24 +25486,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -16904,25 +25518,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -16931,25 +25551,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -16958,19 +25584,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -16978,22 +25615,31 @@ "action": "repository_content_analysis.enable", "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", - "fields": [ - "user", - "org", - "user_id", - "repo_id", + "fields": [ "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -17002,23 +25648,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -17027,47 +25680,133 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, { - "action": "repository_image.create", - "description": "An image to represent a repository was uploaded.", - "docs_reference_links": "N/A", + "action": "repository_dependency_updates_self_hosted.disabled", + "description": "Dependency updates on self-hosted runners was disabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", "fields": [ - "user_agent", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" + }, + { + "action": "repository_dependency_updates_self_hosted.enabled", + "description": "Dependency updates on self-hosted runners was enabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" + }, + { + "action": "repository_image.create", + "description": "An image to represent a repository was uploaded.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -17075,21 +25814,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -17097,21 +25846,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -17119,20 +25879,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -17140,21 +25912,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -17162,19 +25945,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -17182,19 +25978,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -17203,20 +26010,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -17225,20 +26042,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -17246,31 +26072,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -17279,19 +26113,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -17299,8 +26144,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -17309,23 +26153,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -17350,26 +26203,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -17378,26 +26237,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -17406,23 +26271,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -17432,23 +26304,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -17458,24 +26337,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -17485,24 +26371,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -17511,24 +26404,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -17538,98 +26438,197 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning.disable", + "description": "Secret scanning was disabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "public_repo" ], - "docs_reference_titles": "Defining custom patterns for secret scanning" + "docs_reference_titles": "About secret scanning" + }, + { + "action": "repository_secret_scanning.enable", + "description": "Secret scanning was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] }, { - "action": "repository_secret_scanning.disable", - "description": "Secret scanning was disabled for a repository.", - "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "action": "repository_secret_scanning_extended_metadata.disabled", + "description": "Metadata for secret scanning alerts has been disabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "programmatic_access_type" + "created_at", + "operation_type", + "actor_is_bot" ], - "docs_reference_titles": "About secret scanning" + "docs_reference_titles": "Enabling extended metadata checks for your repository" }, { - "action": "repository_secret_scanning.enable", - "description": "Secret scanning was enabled for a repository.", - "docs_reference_links": "N/A", + "action": "repository_secret_scanning_extended_metadata.enabled", + "description": "Metadata for secret scanning alerts has been enabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" - ] + "actor_is_bot" + ], + "docs_reference_titles": "Enabling extended metadata checks for your repository" }, { "action": "repository_secret_scanning_generic_secrets.disabled", "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17637,22 +26636,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -17661,24 +26669,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -17687,24 +26703,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -17713,19 +26737,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -17734,24 +26770,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -17760,24 +26804,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -17786,19 +26838,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -17807,26 +26871,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -17835,26 +26904,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -17863,28 +26937,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17892,27 +26974,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17920,28 +27010,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17949,49 +27047,135 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_updates.disable", + "description": "Dependabot security updates was disabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot security updates" + }, + { + "action": "repository_security_updates.enable", + "description": "Dependabot security updates was enabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header" - ] + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot security updates" }, { "action": "repository_visibility_change.clear", "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -18000,20 +27184,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -18021,19 +27215,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18041,29 +27246,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -18072,29 +27285,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -18103,44 +27324,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -18151,21 +27394,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -18174,26 +27429,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -18201,21 +27464,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -18223,21 +27497,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -18246,20 +27534,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -18268,24 +27566,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -18293,26 +27598,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -18320,23 +27631,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -18344,23 +27662,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -18369,24 +27694,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -18395,21 +27727,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -18418,18 +27760,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -18438,19 +27793,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -18459,22 +27826,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -18485,23 +27863,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -18510,23 +27899,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -18537,14 +27937,28 @@ "description": "A user was assigned to a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -18552,42 +27966,70 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.create", "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.delete", "description": "A secret scanning alert was deleted by GitHub.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -18596,21 +28038,35 @@ "created_at", "reason" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -18618,29 +28074,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -18649,14 +28115,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -18664,35 +28144,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -18700,25 +28189,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -18726,14 +28222,28 @@ "description": "A user was unassigned from a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -18741,21 +28251,35 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.validate", "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -18765,33 +28289,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -18800,25 +28332,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -18828,27 +28368,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -18858,26 +28406,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -18886,19 +28442,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -18907,19 +28474,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -18928,20 +28506,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -18950,19 +28538,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -18971,14 +28570,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -18996,25 +28609,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -19023,79 +28644,103 @@ "description": "A user canceled a request to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.complete", "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.deny", "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -19105,49 +28750,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -19161,10 +28827,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -19179,15 +28863,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -19196,7 +28873,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -19204,22 +28882,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -19228,22 +28917,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -19252,10 +28952,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -19270,15 +28988,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -19286,7 +28997,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -19294,15 +29006,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19312,10 +29039,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -19330,15 +29075,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -19347,7 +29085,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -19355,16 +29094,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19374,18 +29126,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -19394,16 +29159,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19414,15 +29192,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -19432,15 +29223,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -19449,17 +29255,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -19468,17 +29287,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -19487,16 +29320,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -19506,14 +29352,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -19523,17 +29384,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -19542,17 +29416,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -19561,18 +29448,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -19581,15 +29481,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -19599,16 +29513,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -19616,15 +29543,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -19635,16 +29575,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -19654,17 +29607,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -19675,17 +29641,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -19696,18 +29675,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19717,16 +29707,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19736,16 +29739,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -19757,17 +29773,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -19776,19 +29805,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -19797,21 +29839,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -19820,36 +29871,124 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "sso_lockdown.disable", + "description": "SSO lockdown for users was disabled.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sso_lockdown.enable", + "description": "SSO lockdown for users was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "user_agent" - ], - "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + "operation_type", + "actor_is_bot" + ] }, { "action": "sso_redirect.disable", "description": "Automatic redirects for users to single sign-on (SSO) was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -19859,15 +29998,28 @@ "description": "Automatic redirects for users to single sign-on (SSO) was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -19877,20 +30029,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -19898,18 +30064,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -19917,16 +30098,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -19934,21 +30130,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -19958,22 +30164,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -19982,20 +30197,30 @@ "description": "A team was added to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -20006,20 +30231,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -20028,148 +30264,133 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", - "action", - "team", - "created_at", - "operation_type", - "actor_id", - "org_id", "@timestamp", - "actor", "_document_id", - "team_type" - ], - "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" - }, - { - "action": "team.create", - "description": "A new team is created.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "actor_id", - "oauth_application_id", "action", - "operation_type", - "@timestamp", - "org_id", - "user_agent", - "team", - "org", - "actor", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "team_type" - ] - }, - { - "action": "team.demote_maintainer", - "description": "A user was demoted from a team maintainer to a team member.", - "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", - "fields": [ - "user_agent", - "request_id", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" - ], - "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" - }, - { - "action": "team.destroy", - "description": "A team was deleted.", - "docs_reference_links": "N/A", - "fields": [ - "created_at", - "org", - "team", - "org_id", - "actor_id", - "actor", - "action", - "@timestamp", "user_agent", - "request_id", + "team", + "created_at", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" - ] + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" }, { - "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "action": "team.create", + "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "oauth_application_id", + "operation_type", + "team", + "created_at", + "team_type" ] }, { - "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "action": "team.demote_maintainer", + "description": "A user was demoted from a team maintainer to a team member.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" + "team", + "operation_type", + "created_at" ], - "docs_reference_titles": "Organizations and teams documentation" + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, { - "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "action": "team.destroy", + "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "actor", - "created_at" + "team_type" ] }, { @@ -20177,22 +30398,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -20201,20 +30431,30 @@ "description": "A team was removed from an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -20225,22 +30465,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -20250,21 +30499,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -20272,21 +30531,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -20295,17 +30565,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -20314,19 +30597,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -20335,19 +30629,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -20355,28 +30660,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -20384,23 +30698,38 @@ "description": "Triggered when a user content edit is deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_content_id", "user_content_type", "created_at", - "user_agent", "deleted_by", "editor_id", - "_document_id", "deleted_at", - "action", - "actor_id", "editor", "deleted_by_id", "deleted_content", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -20408,21 +30737,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -20430,21 +30769,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -20453,16 +30802,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -20472,16 +30835,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -20491,18 +30868,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -20512,21 +30902,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -20534,21 +30936,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -20556,21 +30969,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -20578,16 +31002,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -20597,27 +31035,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -20626,23 +31070,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -20650,10 +31104,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -20664,20 +31136,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -20686,23 +31147,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -20712,10 +31181,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -20727,19 +31214,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -20750,10 +31227,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -20762,21 +31257,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -20786,23 +31270,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -20811,22 +31307,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -20834,21 +31341,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -20856,25 +31374,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -20882,23 +31408,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -20912,24 +31451,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -20938,10 +31486,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -20951,21 +31517,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -20975,25 +31531,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json index 85d8d81fde1a..a2624a1c21ba 100644 --- a/src/audit-logs/data/ghec/organization.json +++ b/src/audit-logs/data/ghec/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,50 +301,74 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.budget_create", "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -254,22 +376,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -277,25 +411,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -309,17 +455,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -328,19 +487,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -349,15 +520,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -367,15 +551,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -385,18 +582,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -404,16 +614,28 @@ "description": "The premium request paid usage policy for your GitHub account was changed.", "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -425,39 +647,62 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "operation_type", - "user_agent", - "created_at", - "user_id", - "request_id", - "actor", - "action", "@timestamp", "_document_id", - "programmatic_access_type" - ] - }, - { - "action": "checks.auto_trigger_disabled", - "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", - "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", - "fields": [ - "visibility", - "user_agent", - "user", - "@timestamp", - "repo", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "checks.auto_trigger_disabled", + "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -466,20 +711,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -490,17 +746,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -508,207 +776,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "dismissal_request_id", - "alert_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -718,28 +1147,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -747,17 +1182,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -768,25 +1216,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -797,22 +1254,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -824,22 +1292,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -848,15 +1327,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -867,15 +1361,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -885,20 +1392,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -906,19 +1423,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -926,17 +1454,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -946,27 +1487,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -974,19 +1524,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -994,18 +1557,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -1014,20 +1589,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "user_agent", - "action", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1035,21 +1620,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1057,21 +1651,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1079,13 +1685,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1095,23 +1716,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1119,16 +1747,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -1137,24 +1779,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1162,15 +1810,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1180,20 +1841,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1201,19 +1872,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1221,21 +1904,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1243,21 +1935,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1265,21 +1969,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1287,14 +2002,28 @@ "description": "Copilot custom instructions were created for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1305,107 +2034,62 @@ "description": "Copilot custom instructions were updated for the organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "action", - "_document_id", "@timestamp", - "created_at", - "operation_type", - "custom_instructions" - ] - }, - { - "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "custom_instructions" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1417,20 +2101,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1441,18 +2136,30 @@ "description": "MCP Configuration for Copilot coding agent was updated for a specific repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_config", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_config", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1462,22 +2169,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1485,21 +2203,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1509,20 +2237,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1532,21 +2272,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1556,19 +2305,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1578,21 +2336,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1602,18 +2369,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1626,18 +2406,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1651,14 +2444,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1671,8 +2479,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1681,27 +2488,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "definition_id", - "property_name", - "value", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "public_repo", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1710,19 +2525,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1731,16 +2558,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1752,19 +2592,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1773,19 +2624,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1794,19 +2656,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1815,400 +2688,617 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, { - "action": "dependabot_repository_access.default_access_level_updated", - "description": "The default repository access for Dependabot was updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.approve", + "description": "Dismissal of Dependabot alerts was approved.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "access_level", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" - ] + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_repository_access.repositories_updated", - "description": "The repositories that Dependabot can access were updated.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.cancel", + "description": "Dismissal request for Dependabot alerts was canceled.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates.disable", - "description": "Dependabot security updates were disabled for all existing repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates.enable", - "description": "Dependabot security updates were enabled for all existing repositories.", - "docs_reference_links": "N/A", + "action": "dependabot_closure_request.create", + "description": "Dismissal of Dependabot alerts was requested.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" - ] + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.disable", - "description": " Dependabot security updates were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "action": "dependabot_closure_request.deny", + "description": "Dismissal of Dependabot alerts was denied.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", - "@timestamp", - "_document_id" + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + "docs_reference_titles": "About Dependabot alerts" }, { - "action": "dependabot_security_updates_new_repos.enable", - "description": "Dependabot security updates were enabled for all new repositories.", + "action": "dependabot_repository_access.default_access_level_updated", + "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "access_level", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { - "action": "dependency_graph.disable", - "description": "The dependency graph was disabled for all existing repositories.", + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph.enable", - "description": "The dependency graph was enabled for all existing repositories.", + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { - "action": "dependency_graph_new_repos.disable", - "description": "The dependency graph was disabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "dependency_graph_new_repos.enable", - "description": "The dependency graph was enabled for all new repositories.", + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "discussion_comment.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ + "programmatic_access_type", "repo", - "org", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor", - "org_id", - "_document_id", - "actor_id", - "operation_type", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type", - "request_access_security_header" + "operation_type", + "created_at" ] }, { - "action": "discussion_comment.update", - "description": "N/A", - "docs_reference_links": "N/A", + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" - ] + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion.destroy", - "description": "N/A", + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "title", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { - "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" + "created_at", + "operation_type" ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, { - "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", - "user_agent", - "operation_type", - "user_id", + "_document_id", + "action", "actor", - "number", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "operation_type" + ] }, { - "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion_comment.destroy", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "discussion_comment.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", - "number", - "team", + "operation_type", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { - "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "action": "discussion.destroy", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + "user_agent", + "operation_type", + "title", + "created_at" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2219,16 +3309,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2239,18 +3343,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2261,17 +3379,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2280,17 +3411,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2299,22 +3443,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2323,22 +3476,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2346,28 +3509,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2376,27 +3545,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2405,25 +3582,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2432,26 +3617,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2460,21 +3652,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2483,22 +3687,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2507,25 +3721,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2534,22 +3757,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2558,21 +3793,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2583,19 +3828,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2604,20 +3860,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2626,19 +3892,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2647,23 +3924,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2671,18 +3957,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2693,20 +3989,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2716,25 +4022,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2742,25 +4058,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2768,26 +4093,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2796,25 +4130,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", - "repo", - "created_at", - "org", - "name", - "request_id", "actor_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2822,26 +4165,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2849,21 +4201,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2872,19 +4235,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2892,21 +4268,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2915,19 +4302,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2938,20 +4339,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2961,24 +4374,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2989,23 +4413,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -3016,21 +4452,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "url", - "actor", - "actor_id", "created_at", - "request_id", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3041,20 +4489,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3064,20 +4524,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -3087,19 +4560,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -3108,20 +4595,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -3131,20 +4631,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -3153,20 +4666,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -3175,20 +4701,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -3196,19 +4734,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3217,19 +4768,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3238,17 +4802,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3261,21 +4838,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -3289,17 +4879,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3311,19 +4914,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3331,154 +4945,290 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable", + "description": "An IP allow list was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at" ] }, { - "action": "ip_allow_list.enable", - "description": "An IP allow list was enabled.", + "action": "ip_allow_list.enable_for_installed_apps", + "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", + "ip_allow_list_entry", "operation_type", - "org", - "created_at" + "created_at", + "active" ] }, { - "action": "ip_allow_list.enable_for_installed_apps", - "description": "An IP allow list was enabled for installed GitHub Apps.", + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at", + "ip_allow_list_entry", + "active" ] }, { - "action": "ip_allow_list_entry.create", - "description": "An IP address was added to an IP allow list.", + "action": "issue_comment.destroy", + "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { - "action": "ip_allow_list_entry.destroy", - "description": "An IP address was deleted from an IP allow list.", + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" - ] - }, - { - "action": "ip_allow_list_entry.update", - "description": "An IP address or its description was changed.", - "docs_reference_links": "N/A", - "fields": [ + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "actor", - "org", - "action", - "operation_type", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.destroy", - "description": "A comment on an issue was deleted from the repository.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "org", - "repo", - "actor_id", "@timestamp", - "created_at", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3486,22 +5236,31 @@ "description": "A comment on an issue (other than the initial one) changed.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "action", - "repo_id", - "org_id", - "created_at", - "operation_type", "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3509,20 +5268,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3533,19 +5302,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3555,20 +5335,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "title", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3579,20 +5369,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3603,21 +5403,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3626,23 +5436,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3651,22 +5471,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3675,20 +5505,32 @@ "description": "An issue type was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3699,20 +5541,32 @@ "description": "An issue type was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3723,11 +5577,28 @@ "description": "An issue type was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", @@ -3736,11 +5607,6 @@ "old_description", "old_color", "old_enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3751,24 +5617,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3777,19 +5652,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3798,18 +5684,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3819,19 +5716,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3840,18 +5748,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3859,21 +5779,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3881,21 +5814,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3903,22 +5849,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3926,19 +5885,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3948,22 +5920,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3971,22 +5956,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", - "oauth_application_id", - "user", - "user_id", - "action", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3994,20 +5992,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4016,20 +6024,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4038,21 +6056,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4061,22 +6088,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4085,21 +6120,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4108,22 +6152,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4132,19 +6184,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4153,18 +6216,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -4174,21 +6248,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4199,16 +6282,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", + "user_agent", "created_at", - "request_id", - "actor", - "action", "operation_type" ] }, @@ -4217,21 +6311,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4240,19 +6343,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4261,19 +6375,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4281,21 +6407,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4305,16 +6440,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4324,18 +6472,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4345,14 +6506,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -4360,19 +6537,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4380,18 +6568,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4399,23 +6599,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -4423,16 +6631,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4440,24 +6662,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4465,22 +6695,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4489,15 +6734,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -4510,21 +6768,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4533,20 +6806,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4555,20 +6840,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4577,20 +6874,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4599,20 +6908,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "oauth_application", - "oauth_application_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4621,19 +6942,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4642,20 +6976,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4664,20 +7010,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4686,19 +7044,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4707,17 +7078,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4728,20 +7110,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4750,19 +7142,29 @@ "description": "An organization prevented access to resources by users with the given two-factor method.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -4773,21 +7175,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4796,24 +7208,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "inviter", - "org", - "org_id", - "repo", - "repo_id", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4821,21 +7243,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4843,20 +7275,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4864,22 +7306,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4887,20 +7337,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4908,22 +7368,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4931,21 +7399,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4955,19 +7433,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4976,19 +7465,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4998,53 +7498,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5054,17 +7593,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -5073,21 +7625,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -5096,16 +7659,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5114,18 +7690,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -5134,19 +7723,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -5156,22 +7756,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -5179,19 +7790,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5199,16 +7821,28 @@ "description": "Cleared two-factor authentication restrictions for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -5219,23 +7853,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5243,21 +7885,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5265,23 +7917,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5289,23 +7949,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5313,10 +7981,28 @@ "description": "Enablement for Code Security features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5326,10 +8012,28 @@ "description": "Enablement for Code Security features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5339,66 +8043,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -5407,21 +8140,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -5430,16 +8173,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5449,16 +8205,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5468,19 +8237,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5489,17 +8269,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5508,21 +8301,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5530,21 +8332,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5552,16 +8363,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -5571,17 +8395,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5590,17 +8427,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5610,16 +8460,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5628,17 +8491,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "_document_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5647,17 +8523,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5666,22 +8555,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5690,17 +8587,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5711,15 +8619,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5730,18 +8651,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5750,20 +8683,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5772,20 +8716,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5794,21 +8750,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5816,21 +8784,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5846,24 +8823,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5877,21 +8862,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5906,18 +8902,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5925,20 +8933,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5947,16 +8965,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5966,19 +8997,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5987,14 +9029,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -6003,21 +9062,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6026,17 +9094,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6044,19 +9125,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "org_id", - "request_id" + "operation_type", + "created_at" ] }, { @@ -6064,19 +9156,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6084,19 +9187,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6105,17 +9219,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -6124,19 +9251,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6145,19 +9283,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6166,21 +9317,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6189,17 +9349,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6208,17 +9381,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6227,42 +9413,64 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", - "manager", - "operation_type", - "created_at", - "_document_id" - ] - }, - { - "action": "org.invite_member", - "description": "A new user was invited to join an organization.", - "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", - "fields": [ + "business", + "business_id", + "hashed_token", "org", - "user_id", - "invitation_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "manager", "operation_type", + "created_at" + ] + }, + { + "action": "org.invite_member", + "description": "A new user was invited to join an organization.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6271,17 +9479,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6291,19 +9510,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6311,19 +9541,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6331,19 +9572,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -6353,20 +9606,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6375,18 +9639,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -6396,19 +9673,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -6417,20 +9706,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6440,16 +9740,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "actor", - "actor_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6457,20 +9770,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6479,20 +9803,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6501,19 +9835,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6522,19 +9867,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6543,19 +9899,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6564,19 +9931,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6585,19 +9963,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6606,20 +9996,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6628,21 +10029,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6651,18 +10062,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6672,19 +10094,29 @@ "description": "Removed a two-factor authentication method restriction for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -6695,22 +10127,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6718,21 +10160,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6740,21 +10191,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6762,21 +10222,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6784,18 +10254,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6804,19 +10286,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6824,14 +10318,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6842,14 +10350,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6860,14 +10382,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6878,20 +10414,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6900,18 +10446,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6921,19 +10478,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6942,21 +10510,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6966,21 +10546,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6989,20 +10579,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7011,23 +10612,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7036,23 +10647,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7061,19 +10680,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7082,25 +10714,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7109,21 +10752,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -7132,10 +10786,28 @@ "description": "Enablement for Secret Protection features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7145,10 +10817,28 @@ "description": "Enablement for Secret Protection features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7158,21 +10848,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7182,21 +10881,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7206,20 +10914,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7228,22 +10946,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7252,21 +10978,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7275,21 +11010,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7298,22 +11042,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7322,21 +11074,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7345,22 +11106,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7368,22 +11137,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7391,21 +11168,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7415,21 +11201,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7439,19 +11234,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7461,21 +11267,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7485,21 +11300,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7509,19 +11333,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7531,22 +11366,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7555,22 +11398,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7579,22 +11430,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7603,21 +11462,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7626,21 +11494,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7649,22 +11526,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7673,22 +11558,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7697,12 +11590,28 @@ "description": "The push protection setting was updated for a secret type for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -7715,12 +11624,28 @@ "description": "The push protection pattern configuration was updated for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "About push protection" @@ -7730,26 +11655,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7758,26 +11692,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7785,28 +11727,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7814,26 +11764,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7841,15 +11799,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7858,15 +11833,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7875,7 +11867,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7890,18 +11903,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7913,18 +11936,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7936,20 +11969,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7958,16 +12002,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7978,18 +12035,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7998,17 +12068,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8016,18 +12099,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8036,18 +12131,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8056,18 +12164,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8076,22 +12196,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8099,21 +12229,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -8122,19 +12263,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "org", - "org_id", - "business", - "business_id", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8145,15 +12297,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8163,19 +12328,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -8184,20 +12362,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -8206,23 +12396,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8231,20 +12432,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -8253,20 +12466,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8274,18 +12499,30 @@ "description": "The settings policy for immutable releases was updated for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_policy", "new_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8296,22 +12533,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -8320,20 +12568,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8341,17 +12600,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8361,20 +12633,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8383,17 +12666,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -8402,17 +12698,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8423,19 +12732,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8443,18 +12765,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8463,21 +12797,31 @@ "description": "An organization's custom property value was manually set for the first time.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8489,21 +12833,31 @@ "description": "An organization's custom property value was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8515,18 +12869,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -8535,17 +12901,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -8554,17 +12933,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -8573,20 +12965,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8595,16 +13000,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8613,14 +13033,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8631,16 +13066,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8649,16 +13099,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8668,17 +13131,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8688,16 +13162,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8707,20 +13194,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8728,19 +13225,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8749,19 +13257,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8770,18 +13289,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -8791,23 +13321,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -8816,25 +13356,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8846,25 +13393,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8875,19 +13429,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8898,26 +13463,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8930,22 +13502,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8953,20 +13536,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8976,23 +13570,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9001,21 +13606,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -9026,21 +13642,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9049,20 +13678,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9071,17 +13714,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9092,20 +13750,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9114,18 +13786,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9133,16 +13817,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9150,18 +13848,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -9169,18 +13879,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9191,22 +13914,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9214,22 +13946,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9237,18 +13978,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9259,18 +14013,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9281,18 +14045,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9303,23 +14077,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9327,21 +14112,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9349,17 +14145,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9370,18 +14179,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9393,17 +14215,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9415,20 +14250,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9440,20 +14284,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9465,20 +14318,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9490,20 +14352,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9515,15 +14386,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9533,17 +14419,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9553,15 +14450,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9571,19 +14483,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9591,23 +14514,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9615,23 +14545,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", + "actor", + "actor_id", "business", - "user_agent", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "repo_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9639,17 +14576,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9659,17 +14607,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9679,17 +14638,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9699,17 +14669,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9719,17 +14700,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9739,17 +14733,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9757,25 +14764,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9783,20 +14801,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9806,25 +14835,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9832,20 +14873,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9853,25 +14906,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9879,17 +14944,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9897,17 +14975,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9915,18 +15006,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9935,18 +15038,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9955,19 +15070,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9975,17 +15101,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9997,22 +15136,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -10020,19 +15168,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -10040,17 +15199,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10058,18 +15230,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -10077,20 +15262,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10098,18 +15293,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10118,18 +15325,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10138,16 +15357,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -10159,21 +15391,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -10181,22 +15425,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -10205,29 +15459,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10235,24 +15494,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", "user_agent", - "repo", + "operation_type", "name", - "org_id", - "user", - "_document_id", - "request_id", - "actor", - "actor_id", - "org", - "action", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10263,21 +15530,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10288,22 +15565,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -10311,24 +15598,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -10336,30 +15633,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10369,28 +15673,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10401,23 +15713,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10425,22 +15746,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10448,23 +15779,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "_document_id", - "actor", - "repo", "operation_type", - "request_id", "allow_force_pushes_enforcement_level", - "@timestamp", - "org", - "action", - "created_at", - "user_agent", - "repo_id", - "token_scopes", - "programmatic_access_type" + "created_at" ] }, { @@ -10472,24 +15812,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10498,22 +15847,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10521,24 +15880,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10547,27 +15915,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10576,18 +15951,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10598,24 +15986,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10623,25 +16020,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10649,22 +16053,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10672,22 +16086,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10696,22 +16121,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10719,25 +16154,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10745,22 +16187,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10768,22 +16220,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10791,23 +16253,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10816,24 +16289,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10842,20 +16326,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10864,21 +16362,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "_document_id", "title", - "request_id", "key", - "action", - "actor", "read_only", "explanation", - "repo_id", - "@timestamp", - "actor_id", - "repo", - "user_agent", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10888,22 +16399,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10912,25 +16435,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10939,23 +16472,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10964,18 +16508,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10985,21 +16543,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -11008,19 +16577,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -11031,23 +16613,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11057,17 +16651,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11075,19 +16683,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11095,19 +16716,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -11117,21 +16751,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -11140,27 +16785,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11168,23 +16820,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -11193,18 +16857,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11212,19 +16890,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11234,20 +16924,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11255,40 +16956,65 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" + ] + }, + { + "action": "pull_request_review.delete", + "description": "A review on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "comment_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "pull_request_review.delete", - "description": "A review on a pull request was deleted.", - "docs_reference_links": "N/A", - "fields": [ + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11296,20 +17022,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11318,19 +17057,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11340,22 +17093,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11364,21 +17127,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11387,25 +17159,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11414,23 +17193,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11439,24 +17226,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11465,23 +17259,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11491,22 +17293,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11515,19 +17326,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11536,24 +17360,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11562,24 +17396,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11587,24 +17429,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11612,24 +17462,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11637,24 +17495,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11662,23 +17528,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11689,17 +17564,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11709,17 +17596,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11729,102 +17628,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11833,19 +17766,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11853,17 +17797,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11872,15 +17829,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11891,16 +17861,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11910,17 +17893,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11930,19 +17926,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "actor_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11951,17 +17958,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11970,26 +17990,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11998,30 +18024,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -12031,20 +18062,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12053,25 +18095,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12080,23 +18130,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12104,25 +18165,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -12132,23 +18202,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -12158,24 +18237,32 @@ "description": "The setting for immutable releases was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12184,20 +18271,30 @@ "description": "The setting for immutable releases was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12208,23 +18305,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12232,21 +18339,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12254,21 +18371,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12276,22 +18403,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12299,21 +18435,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12321,20 +18467,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12342,22 +18499,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12365,18 +18531,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12384,22 +18564,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12407,21 +18597,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12429,18 +18629,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12449,22 +18661,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12473,24 +18694,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12499,23 +18728,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12523,26 +18762,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12551,21 +18795,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12574,25 +18827,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12600,22 +18859,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12624,25 +18893,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -12652,19 +18930,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12672,17 +18961,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12691,17 +18995,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12710,7 +19029,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12725,22 +19065,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12752,22 +19100,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12779,23 +19135,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12805,20 +19170,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12829,21 +19205,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12852,22 +19239,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12876,21 +19273,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12899,22 +19307,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12925,16 +19343,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12944,22 +19373,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12968,23 +19408,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", - "new_nwo", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12994,19 +19444,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -13014,21 +19474,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -13037,24 +19507,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13062,25 +19541,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -13089,24 +19575,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13115,25 +19611,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -13142,22 +19646,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13166,26 +19679,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -13193,31 +19714,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "_document_id", - "actor", - "repo_id", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13226,42 +19754,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -13270,17 +19817,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -13289,21 +19849,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13311,18 +19880,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13330,21 +19911,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13352,17 +19942,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -13371,21 +19974,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13393,24 +20005,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13419,24 +20037,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13445,25 +20069,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13472,25 +20102,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13499,19 +20135,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13520,21 +20167,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13543,23 +20199,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13568,47 +20231,133 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repository_dependency_updates_self_hosted.disabled", + "description": "Dependency updates on self-hosted runners was disabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", + "fields": [ "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" + }, + { + "action": "repository_dependency_updates_self_hosted.enabled", + "description": "Dependency updates on self-hosted runners was enabled.", + "docs_reference_links": "code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/managing-dependabot-on-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "actor_is_bot" - ] + "user", + "user_id", + "user_agent", + "topic", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot on self-hosted runners" }, { "action": "repository_image.create", "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13616,21 +20365,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13638,21 +20397,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13660,20 +20430,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13681,21 +20463,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13703,19 +20496,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13723,17 +20529,31 @@ "description": "An organization has reached their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13744,17 +20564,31 @@ "description": "An organization is approaching their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13765,19 +20599,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "business_id", - "business", - "operation_type", - "actor", - "actor_id", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -13786,20 +20631,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -13808,20 +20663,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -13829,31 +20693,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13862,19 +20734,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13882,8 +20765,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13892,23 +20774,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13933,26 +20824,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13961,26 +20858,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13989,23 +20892,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14015,23 +20925,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14041,24 +20958,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14068,24 +20992,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -14094,24 +21025,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14121,23 +21059,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14147,23 +21092,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -14172,47 +21125,131 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_secret_scanning_extended_metadata.disabled", + "description": "Metadata for secret scanning alerts has been disabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enabling extended metadata checks for your repository" + }, + { + "action": "repository_secret_scanning_extended_metadata.enabled", + "description": "Metadata for secret scanning alerts has been enabled at the repository level", + "docs_reference_links": "/code-security/secret-scanning/enabling-secret-scanning-features/enabling-extended-metadata-checks-for-your-repository", + "fields": [ "@timestamp", "_document_id", - "programmatic_access_type" - ] + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enabling extended metadata checks for your repository" }, { "action": "repository_secret_scanning_generic_secrets.disabled", "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14220,22 +21257,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14244,24 +21290,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14270,24 +21324,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14296,19 +21358,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14317,24 +21391,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14343,24 +21425,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14369,19 +21459,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14390,26 +21492,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14418,26 +21525,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "public_repo", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14446,28 +21558,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14475,27 +21595,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14503,28 +21631,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14532,49 +21668,135 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_updates.disable", + "description": "Dependabot security updates was disabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring Dependabot security updates" + }, + { + "action": "repository_security_updates.enable", + "description": "Dependabot security updates was enabled.", + "docs_reference_links": "/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header" - ] + "actor_is_agent" + ], + "docs_reference_titles": "Configuring Dependabot security updates" }, { "action": "repository_visibility_change.clear", "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -14583,20 +21805,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14604,19 +21836,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", - "org", - "org_id", - "action", - "actor_id", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14624,29 +21867,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14655,29 +21906,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14686,44 +21945,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14734,21 +22015,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14757,26 +22050,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14784,21 +22085,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14806,21 +22118,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14829,20 +22155,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "repo", "org_id", - "operation_type", - "created_at", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14851,24 +22187,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14876,26 +22219,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14903,23 +22252,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14927,23 +22283,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14952,24 +22315,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14978,21 +22348,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -15001,18 +22381,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15021,19 +22414,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15041,23 +22446,34 @@ "action": "role.create", "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -15068,23 +22484,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -15093,23 +22520,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -15120,14 +22558,28 @@ "description": "A user was assigned to a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15135,42 +22587,70 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.create", "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.delete", "description": "A secret scanning alert was deleted by GitHub.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15179,21 +22659,35 @@ "created_at", "reason" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15201,29 +22695,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -15232,14 +22736,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -15247,35 +22765,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -15283,25 +22810,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15309,14 +22843,28 @@ "description": "A user was unassigned from a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15324,21 +22872,35 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.validate", "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -15348,33 +22910,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15383,25 +22953,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -15411,27 +22989,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -15441,26 +23027,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15469,19 +23063,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15490,19 +23095,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15511,20 +23127,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15533,19 +23159,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15554,14 +23191,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -15579,25 +23230,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -15606,79 +23265,103 @@ "description": "A user canceled a request to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.complete", "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.deny", "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -15688,49 +23371,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -15744,10 +23448,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15762,15 +23484,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15779,7 +23494,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15787,22 +23503,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15811,22 +23538,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15835,10 +23573,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15853,15 +23609,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15869,7 +23618,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15877,15 +23627,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15895,10 +23660,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15913,15 +23696,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15930,7 +23706,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15938,16 +23715,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15957,18 +23747,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15977,16 +23780,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15996,15 +23812,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -16016,15 +23845,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -16034,15 +23876,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -16051,17 +23908,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16070,17 +23940,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16089,16 +23973,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -16108,14 +24005,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -16125,17 +24037,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16144,17 +24069,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16163,18 +24101,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16183,15 +24134,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -16201,16 +24166,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16218,15 +24196,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -16237,16 +24228,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -16256,17 +24260,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16277,17 +24294,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16298,18 +24328,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16319,16 +24360,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16338,16 +24392,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16359,17 +24426,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16378,19 +24458,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16399,21 +24492,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16422,36 +24524,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -16462,20 +24588,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16483,18 +24623,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -16502,16 +24657,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16519,23 +24689,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16543,23 +24723,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16567,23 +24757,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16591,23 +24791,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16615,21 +24825,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -16639,22 +24859,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -16663,20 +24892,30 @@ "description": "A team was added to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16687,20 +24926,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -16709,18 +24959,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -16730,127 +24993,99 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "org_id", - "user_agent", - "team", - "org", - "actor", - "created_at", "_document_id", - "token_scopes", - "programmatic_access_type", - "team_type" - ] - }, - { - "action": "team.demote_maintainer", - "description": "A user was demoted from a team maintainer to a team member.", - "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" - ], - "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" - }, - { - "action": "team.destroy", - "description": "A team was deleted.", - "docs_reference_links": "N/A", - "fields": [ - "created_at", - "org", - "team", - "org_id", - "actor_id", - "actor", - "action", - "@timestamp", "user_agent", - "request_id", + "oauth_application_id", "operation_type", - "_document_id", - "programmatic_access_type", + "team", + "created_at", "team_type" ] }, { - "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", - "docs_reference_links": "N/A", + "action": "team.demote_maintainer", + "description": "A user was demoted from a team maintainer to a team member.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", - "actor", - "actor_id", - "user", - "business", - "action", - "request_id", - "created_at", - "user_id", - "_document_id" - ] - }, - { - "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", - "fields": [ - "org_id", - "action", - "operation_type", - "request_id", + "_document_id", + "action", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" + "team", + "operation_type", + "created_at" ], - "docs_reference_titles": "Organizations and teams documentation" + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, { - "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "action": "team.destroy", + "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "actor", - "created_at" + "team_type" ] }, { @@ -16858,19 +25093,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -16878,19 +25125,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -16898,22 +25157,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -16921,22 +25189,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -16945,20 +25222,30 @@ "description": "A team was removed from an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16969,22 +25256,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16994,43 +25290,64 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { "action": "team.rename", - "description": "A team's name was changed.", - "docs_reference_links": "N/A", - "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "description": "A team's name was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -17039,17 +25356,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17058,19 +25388,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17079,19 +25420,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -17099,28 +25451,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -17128,23 +25489,38 @@ "description": "Triggered when a user content edit is deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_content_id", "user_content_type", "created_at", - "user_agent", "deleted_by", "editor_id", - "_document_id", "deleted_at", - "action", - "actor_id", "editor", "deleted_by_id", "deleted_content", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -17152,16 +25528,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17171,16 +25561,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17190,18 +25594,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17211,21 +25628,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17233,21 +25662,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17255,21 +25695,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17277,16 +25728,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17296,27 +25761,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17325,23 +25796,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17349,10 +25830,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17363,20 +25862,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17385,23 +25873,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17411,10 +25907,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17426,19 +25940,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17449,10 +25953,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17461,21 +25983,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17485,23 +25996,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -17510,22 +26033,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17533,21 +26067,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -17555,25 +26100,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17581,23 +26134,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -17611,24 +26177,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17637,10 +26212,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17650,21 +26243,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -17674,25 +26257,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghec/user.json b/src/audit-logs/data/ghec/user.json index 97af53a1b41b..86bcc2b8bf74 100644 --- a/src/audit-logs/data/ghec/user.json +++ b/src/audit-logs/data/ghec/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,28 +227,42 @@ "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -177,22 +270,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -200,25 +305,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -232,17 +349,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -251,19 +381,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -272,15 +414,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -290,15 +445,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -308,18 +476,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -327,16 +508,28 @@ "description": "The premium request paid usage policy for your GitHub account was changed.", "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -348,18 +541,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,15 +572,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -385,26 +603,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -412,24 +640,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -437,26 +675,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "user", - "user_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -464,20 +712,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -488,17 +747,29 @@ "description": "The cache retention policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -510,17 +781,29 @@ "description": "The cache storage policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -532,17 +815,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -553,20 +849,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -575,19 +883,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -596,19 +917,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -617,20 +950,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -639,19 +984,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -660,20 +1017,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -682,20 +1050,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -706,17 +1085,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -724,14 +1115,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -741,25 +1147,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -770,22 +1185,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -797,22 +1223,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -821,15 +1258,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -840,17 +1292,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -860,27 +1325,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", "org", - "owner", - "pull_request_id", - "machine_type", - "user_id", - "user", - "devcontainer_path", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -888,19 +1362,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -908,18 +1395,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -928,23 +1427,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -952,16 +1458,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -970,24 +1490,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -995,15 +1521,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1013,20 +1552,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1034,19 +1583,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1054,21 +1615,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1076,22 +1646,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "owner_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1099,21 +1680,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1123,20 +1714,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1146,21 +1749,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1170,19 +1782,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1192,21 +1813,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1216,19 +1846,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1237,19 +1878,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1258,19 +1910,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1279,38 +1942,206 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_closure_request.approve", + "description": "Dismissal of Dependabot alerts was approved.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.cancel", + "description": "Dismissal request for Dependabot alerts was canceled.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.create", + "description": "Dismissal of Dependabot alerts was requested.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "dependabot_closure_request.deny", + "description": "Dismissal of Dependabot alerts was denied.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", "created_at", - "_document_id" + "operation_type", + "actor_is_bot" ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "dependabot_repository_access.repositories_updated", "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1318,19 +2149,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1339,19 +2181,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1359,19 +2212,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1380,19 +2244,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1400,19 +2275,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1421,19 +2307,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1441,19 +2338,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1462,20 +2370,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1483,22 +2401,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1507,22 +2434,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1530,28 +2467,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1560,27 +2503,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1589,25 +2540,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1616,26 +2575,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1644,21 +2610,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1667,22 +2645,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1691,25 +2679,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1718,22 +2715,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1742,21 +2751,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1767,21 +2786,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1789,20 +2819,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1810,21 +2852,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", "visibility", - "user_id", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ] }, { @@ -1832,22 +2885,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1856,23 +2920,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1881,23 +2956,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1905,18 +2989,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1927,20 +3021,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1950,18 +3054,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1969,18 +3085,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1988,25 +3116,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2014,25 +3152,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "created_at", - "oauth_application_id", - "action", - "events", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" ] }, { @@ -2040,26 +3187,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2068,25 +3224,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2094,26 +3259,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2121,21 +3295,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2144,19 +3329,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2164,21 +3362,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2187,19 +3396,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2210,20 +3433,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2233,24 +3468,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2261,23 +3507,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2288,20 +3546,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2311,19 +3582,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2332,20 +3617,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2355,20 +3653,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2377,20 +3688,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2399,20 +3723,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2420,19 +3756,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2441,19 +3790,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2462,17 +3824,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2485,21 +3860,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2513,17 +3901,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2535,20 +3936,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2559,19 +3970,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2581,20 +4003,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2605,20 +4037,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2629,18 +4071,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2648,21 +4102,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2670,21 +4137,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2692,22 +4172,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2715,19 +4208,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2738,21 +4244,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2760,22 +4281,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2783,21 +4319,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2806,21 +4357,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2829,22 +4395,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2852,22 +4431,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2875,19 +4467,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2895,21 +4499,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2919,16 +4532,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2938,18 +4564,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2959,14 +4598,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2974,19 +4629,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2994,18 +4660,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3013,23 +4691,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3037,43 +4723,64 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "user_agent", + "action", "actor", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "operation_type", "created_at", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" + }, + { + "action": "oauth_access.destroy", + "description": "An OAuth access token was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "request_access_security_header", - "oauth_application_name" - ], - "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" - }, - { - "action": "oauth_access.destroy", - "description": "An OAuth access token was deleted.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", - "fields": [ - "@timestamp", + "user", + "user_id", "user_agent", - "action", "operation_type", - "_document_id", - "actor", "created_at", - "user", - "user_id", - "request_id", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -3083,19 +4790,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -3104,16 +4822,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3123,18 +4853,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3142,20 +4884,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3164,20 +4918,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3186,20 +4952,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3208,20 +4986,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3230,19 +5020,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3251,20 +5054,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "oauth_application", - "oauth_application_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3273,20 +5088,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3295,19 +5122,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3316,24 +5156,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3343,20 +5190,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -3367,20 +5225,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3390,21 +5259,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3413,24 +5292,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3438,20 +5327,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3459,22 +5358,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3482,20 +5389,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3503,22 +5420,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3526,21 +5451,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3548,26 +5482,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3576,26 +5519,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3603,28 +5554,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3632,26 +5591,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3659,18 +5626,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3682,18 +5659,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3705,20 +5692,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3727,16 +5725,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3747,18 +5758,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3767,18 +5791,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3787,18 +5823,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3807,18 +5856,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3828,20 +5889,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3849,17 +5921,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3869,20 +5954,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3891,20 +5987,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3913,17 +6023,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3934,20 +6059,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3956,19 +6095,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3976,19 +6127,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3996,18 +6159,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4015,16 +6190,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4032,18 +6221,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4051,18 +6252,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4073,18 +6287,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4095,17 +6322,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4115,19 +6355,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4135,12 +6387,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -4151,20 +6420,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4172,17 +6453,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4193,18 +6487,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4216,17 +6523,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4238,17 +6558,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4259,15 +6592,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4277,17 +6625,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4297,15 +6656,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4315,17 +6689,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4335,17 +6720,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4355,17 +6751,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4375,17 +6782,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4395,17 +6813,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -4415,17 +6846,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4433,20 +6877,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4456,25 +6911,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4482,20 +6949,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4503,25 +6982,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4529,17 +7020,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4547,17 +7051,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4565,18 +7082,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4585,18 +7114,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -4605,19 +7146,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -4625,17 +7177,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4647,22 +7212,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4670,19 +7244,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4690,17 +7275,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4708,18 +7306,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "actor_id", - "_document_id", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "team", - "@timestamp", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4727,20 +7338,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4748,18 +7369,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4768,18 +7401,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4788,16 +7433,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4809,21 +7467,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4831,18 +7501,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4853,23 +7536,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4878,24 +7572,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4904,20 +7609,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4926,21 +7645,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4950,22 +7682,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4974,25 +7718,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -5001,23 +7755,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -5026,22 +7791,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -5050,21 +7825,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -5073,25 +7857,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -5100,23 +7891,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -5125,24 +7924,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -5151,23 +7957,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -5177,22 +7991,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5201,19 +8024,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5222,24 +8058,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -5248,23 +8094,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5275,17 +8130,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5294,15 +8162,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -5313,16 +8194,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5332,17 +8226,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5352,19 +8259,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5373,17 +8291,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5392,26 +8323,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5420,30 +8357,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5453,20 +8395,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5475,25 +8428,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5502,23 +8463,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5526,25 +8498,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5554,23 +8535,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5578,21 +8569,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5600,21 +8601,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5622,22 +8633,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5645,21 +8665,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5667,20 +8697,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5688,22 +8729,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5711,18 +8761,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5730,44 +8794,64 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { "action": "repo.pages_source", "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", - "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", + "fields": [ "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5775,18 +8859,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5795,22 +8891,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5819,24 +8924,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5845,23 +8958,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5869,26 +8992,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5897,21 +9025,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5920,25 +9057,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5946,22 +9089,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5970,19 +9123,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5990,22 +9154,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -6017,22 +9189,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -6044,23 +9224,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -6070,20 +9259,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -6094,21 +9294,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -6117,22 +9328,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -6141,21 +9362,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -6164,22 +9396,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -6190,16 +9432,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6208,22 +9461,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -6233,22 +9495,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -6257,23 +9530,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -6283,19 +9566,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -6303,21 +9596,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -6326,24 +9629,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -6351,25 +9663,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6378,24 +9697,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6404,25 +9733,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6431,22 +9768,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6455,26 +9801,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6482,31 +9836,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6515,21 +9876,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6537,21 +9908,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6559,21 +9940,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6581,62 +9973,98 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "operation_type", + "invitee", + "created_at" + ] + }, + { + "action": "repository_invitation.create", + "description": "An invitation to join a repository was sent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "invitee", + "inviter", "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "operation_type" ] }, { - "action": "repository_invitation.create", - "description": "An invitation to join a repository was sent.", + "action": "repository_invitation.reject", + "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "repository_invitation.reject", - "description": "An invitation to join a repository was declined.", - "docs_reference_links": "N/A", - "fields": [ - "repo", - "_document_id", - "actor", + "user", + "user_id", + "user_agent", "invitee", - "action", - "@timestamp", - "request_id", - "actor_id", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6644,31 +10072,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6677,19 +10113,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6697,8 +10144,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6707,23 +10153,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6748,18 +10203,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6767,18 +10234,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6786,14 +10265,28 @@ "description": "A user linked a social identity to their account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "request_access_security_header", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6803,14 +10296,28 @@ "description": "A user unlinked a social identity from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6820,15 +10327,28 @@ "description": "A user unlinked all social identities from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -6838,16 +10358,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6857,18 +10390,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6877,16 +10423,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6897,15 +10456,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6915,15 +10487,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6932,17 +10519,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6951,17 +10551,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6970,16 +10584,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6989,14 +10616,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -7006,17 +10648,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", - "user", - "operation_type", - "@timestamp", - "created_at", "actor_id", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7025,17 +10680,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7044,18 +10712,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7064,15 +10745,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -7082,16 +10777,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7099,15 +10807,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -7118,16 +10839,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -7137,17 +10871,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -7156,17 +10903,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7177,17 +10937,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7198,18 +10971,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "sponsors_listing_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", "created_at", "operation_type" ] @@ -7219,16 +11003,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7238,17 +11035,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7257,16 +11067,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7276,23 +11099,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7300,23 +11133,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7324,23 +11167,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7348,23 +11201,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7372,15 +11235,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7389,15 +11267,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7406,15 +11299,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7423,15 +11331,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7440,15 +11363,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7456,15 +11394,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7473,17 +11426,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7491,17 +11457,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7509,14 +11488,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7525,15 +11519,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -7541,13 +11550,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7555,35 +11581,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_decline", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "action", - "_document_id" - ] - }, - { - "action": "two_factor_account_recovery.staff_decline", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_id", - "actor", - "action", - "@timestamp", - "user_agent", - "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7591,16 +11643,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7608,15 +11674,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7624,18 +11705,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7644,18 +11737,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7664,18 +11769,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7684,15 +11801,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7700,16 +11832,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -7718,18 +11863,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7738,15 +11895,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "operation_type", - "user_id", - "user", - "user_agent", - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7755,16 +11927,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7772,19 +11957,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7793,18 +11990,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7812,15 +12021,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7830,20 +12052,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7851,18 +12084,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7870,18 +12115,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7890,17 +12147,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7909,19 +12179,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7929,21 +12211,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "visibility", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "visibility", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7951,20 +12245,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7972,18 +12277,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7992,19 +12309,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -8012,18 +12340,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8031,18 +12371,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8050,18 +12402,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -8070,17 +12434,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8088,17 +12464,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8106,17 +12495,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8124,17 +12526,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8142,21 +12557,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8164,21 +12589,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -8187,17 +12622,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8205,17 +12653,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8223,17 +12684,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8241,18 +12715,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8260,17 +12746,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -8279,17 +12779,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8297,18 +12810,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8317,19 +12842,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", "operation_type", - "_document_id", - "request_id", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -8337,18 +12874,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8356,18 +12905,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8375,21 +12936,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8397,16 +12968,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -8415,20 +12999,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -8436,20 +13031,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8457,20 +13064,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -8478,18 +13096,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8497,16 +13127,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -8517,16 +13160,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8535,18 +13190,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8554,18 +13221,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8573,22 +13252,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8596,23 +13286,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8621,21 +13321,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8643,18 +13353,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8662,18 +13384,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8683,16 +13417,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8700,18 +13446,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", "user_agent", - "request_id", - "user", - "action", - "actor", - "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8719,18 +13477,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8738,17 +13508,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8756,18 +13539,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8775,17 +13570,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8794,19 +13602,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8814,21 +13634,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8836,21 +13666,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8858,46 +13700,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8906,23 +13766,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8930,23 +13800,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8956,23 +13834,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8981,22 +13871,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9004,21 +13905,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9026,25 +13938,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9052,24 +13972,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -9078,25 +14007,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index b5a4813ef395..b49112ba6e3d 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,17 +413,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -299,19 +445,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -320,18 +478,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -339,18 +510,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -358,15 +541,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -376,22 +572,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -400,22 +605,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -423,20 +638,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -445,17 +670,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -466,21 +702,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -489,17 +735,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -510,17 +767,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -531,21 +799,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -554,20 +832,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -576,20 +866,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -597,17 +899,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -619,21 +932,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -642,18 +965,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -662,17 +998,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -682,19 +1031,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -703,21 +1065,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -725,19 +1099,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -745,17 +1131,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -765,17 +1162,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -785,17 +1193,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -805,18 +1226,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -824,17 +1257,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -845,18 +1289,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", - "operation_type", - "created_at", - "user_agent", "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -864,15 +1321,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -882,17 +1352,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -903,18 +1384,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -922,20 +1416,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -943,20 +1448,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -964,20 +1480,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -985,20 +1512,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1007,20 +1545,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1028,18 +1577,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1047,20 +1609,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ - "business_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1068,17 +1641,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1089,17 +1673,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1110,20 +1705,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1132,17 +1737,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1152,20 +1768,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1173,17 +1799,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1194,20 +1831,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1216,17 +1863,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1236,17 +1894,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1257,17 +1926,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1278,17 +1958,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1299,17 +1990,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1320,17 +2022,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1342,17 +2055,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1364,17 +2088,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1385,17 +2120,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1406,17 +2152,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1427,17 +2184,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1448,17 +2216,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1469,17 +2248,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1490,17 +2280,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1511,20 +2312,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1532,17 +2345,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1553,20 +2379,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1575,19 +2413,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1596,19 +2447,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1617,20 +2480,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1639,19 +2514,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1660,20 +2547,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -1681,46 +2580,72 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "updated_github_owned_allowed", - "updated_verified_allowed", - "updated_patterns", - "new_policy", - "old_policy", - "updated_access_policy" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" - }, - { - "action": "business.update_default_repository_permission", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "updated_github_owned_allowed", + "updated_verified_allowed", + "updated_patterns", + "new_policy", + "old_policy", + "updated_access_policy" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.update_default_repository_permission", "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1729,19 +2654,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1751,19 +2689,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1772,20 +2723,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -1794,20 +2756,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -1818,49 +2791,59 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, - { - "action": "codespaces.allow_permissions", - "description": "A codespace using custom permissions from its devcontainer.json file was launched.", - "docs_reference_links": "N/A", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1870,25 +2853,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -1899,22 +2891,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -1926,22 +2929,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -1950,15 +2964,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -1969,17 +2998,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1989,27 +3031,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2017,19 +3068,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -2037,18 +3101,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2057,23 +3133,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2081,16 +3164,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2099,24 +3196,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2124,15 +3227,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2142,20 +3258,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2163,19 +3289,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2183,21 +3321,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2205,21 +3352,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2229,19 +3385,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2251,21 +3416,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2275,18 +3449,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2299,18 +3486,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2324,14 +3524,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -2344,8 +3559,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2354,27 +3568,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2383,19 +3605,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2404,16 +3638,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -2425,19 +3672,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2446,19 +3704,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2467,19 +3736,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2488,19 +3768,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2509,17 +3800,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2527,40 +3831,62 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" - }, - { - "action": "dependabot_security_updates.enable", - "description": "Dependabot security updates were enabled for all existing repositories.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", + "user_agent", "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "_document_id" + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2568,19 +3894,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2589,19 +3926,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2609,19 +3957,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2630,19 +3989,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2650,19 +4020,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2671,128 +4052,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2803,16 +4251,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2823,18 +4285,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2845,23 +4321,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -2870,19 +4354,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2891,18 +4389,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2911,18 +4424,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2931,18 +4459,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2951,18 +4494,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -2971,20 +4526,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -2993,18 +4558,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3014,18 +4592,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3034,20 +4625,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3056,19 +4660,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3077,19 +4693,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -3098,24 +4727,36 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3124,14 +4765,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3140,14 +4799,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3156,18 +4833,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3176,22 +4871,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3199,21 +4904,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3221,17 +4938,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3242,17 +4972,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3262,17 +5005,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "business_id", - "enterprise_team_id", - "enterprise_team", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", "created_at", "operation_type", "actor_is_bot" @@ -3283,22 +5039,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3306,18 +5072,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3328,22 +5107,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3352,22 +5140,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3375,28 +5173,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3405,27 +5209,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -3434,25 +5246,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3461,26 +5281,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3489,21 +5316,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3512,22 +5351,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3536,25 +5385,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3563,22 +5421,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3587,21 +5457,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -3612,27 +5492,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3640,19 +5526,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -3661,22 +5559,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3684,21 +5593,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -3706,26 +5625,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor", - "actor_id", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -3733,15 +5658,29 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -3749,15 +5688,9 @@ "url_path", "scim_group_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3766,30 +5699,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3798,18 +5739,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -3818,22 +5772,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -3841,25 +5805,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3867,20 +5839,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -3888,17 +5871,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -3906,31 +5903,39 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "message", - "action", - "_document_id", - "@timestamp", + "message", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3939,30 +5944,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3971,18 +5984,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -3990,21 +6016,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4012,20 +6049,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4033,21 +6082,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4055,19 +6115,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4076,20 +6147,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4098,19 +6179,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4119,22 +6211,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4143,23 +6246,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4168,23 +6282,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4192,18 +6315,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4214,20 +6347,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4237,18 +6380,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -4256,18 +6411,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4275,25 +6442,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4301,25 +6478,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -4327,26 +6513,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -4355,25 +6550,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -4381,26 +6585,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -4408,21 +6621,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -4431,19 +6655,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -4451,21 +6688,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -4474,19 +6722,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -4497,20 +6759,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4520,51 +6794,74 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", + "repositories_added_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation.repositories_removed", + "description": "Repositories were removed from a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "repositories_added_names", - "programmatic_access_type", - "actor_is_bot", - "application_client_id" - ], - "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" - }, - { - "action": "integration_installation.repositories_removed", - "description": "Repositories were removed from a GitHub App.", - "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", - "fields": [ "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4575,20 +6872,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4598,19 +6908,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -4619,20 +6943,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -4642,20 +6979,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -4664,20 +7014,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -4686,20 +7049,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -4707,19 +7082,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4728,19 +7116,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4749,17 +7150,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -4772,21 +7186,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -4800,17 +7227,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -4822,19 +7262,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4842,19 +7293,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4862,17 +7324,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4882,20 +7355,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -4904,19 +7386,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4924,17 +7417,28 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4944,24 +7448,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -4969,24 +7481,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -4994,19 +7514,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5014,18 +7547,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5033,21 +7578,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5055,21 +7613,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5077,22 +7648,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5100,19 +7684,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -5123,44 +7720,74 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", + "yearly_price_in_cents", + "description", + "bullets", + "monthly_price_in_cents", + "marketplace_listing_plan" + ] + }, + { + "action": "marketplace_listing_plan.publish", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "yearly_price_in_cents", - "description", - "bullets", - "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" - ] - }, - { - "action": "marketplace_listing_plan.publish", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -5168,21 +7795,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -5191,21 +7833,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -5214,22 +7871,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -5237,22 +7907,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5260,19 +7943,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5280,21 +7975,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5304,16 +8008,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5323,18 +8040,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5344,14 +8074,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", "user_id", - "action", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -5359,19 +8105,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5379,18 +8136,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5398,23 +8167,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -5422,20 +8199,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -5446,19 +8233,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -5468,19 +8266,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -5489,18 +8298,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -5508,20 +8329,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5530,20 +8363,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user_id", "operation_type", - "@timestamp", - "user_agent", - "oauth_application", - "_document_id", - "actor", - "actor_id", - "request_id", - "action", - "user", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5552,20 +8397,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5574,20 +8431,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5596,19 +8465,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5617,20 +8499,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5639,20 +8533,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5662,18 +8568,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -5681,19 +8600,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5702,15 +8634,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5719,24 +8668,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", - "actor_id", - "user", - "business", - "business_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -5746,20 +8702,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -5770,20 +8737,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -5793,17 +8771,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5814,20 +8803,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -5836,21 +8835,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -5859,24 +8868,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5884,21 +8903,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5906,20 +8935,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5927,22 +8966,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5950,20 +8997,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5971,22 +9028,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5994,19 +9059,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6015,19 +9091,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6037,16 +9124,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6055,16 +9155,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6073,18 +9186,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -6093,19 +9219,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -6115,22 +9252,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -6138,19 +9286,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6158,23 +9317,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6182,21 +9349,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6204,62 +9381,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -6269,17 +9477,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6288,17 +9509,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6308,16 +9542,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6326,17 +9573,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6345,17 +9605,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6364,22 +9637,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -6388,17 +9669,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6409,18 +9701,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -6429,18 +9733,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6448,20 +9764,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6470,19 +9796,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6491,14 +9828,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -6507,17 +9861,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6525,19 +9892,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6545,19 +9923,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6565,19 +9954,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6586,19 +9986,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6607,19 +10018,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6628,17 +10052,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6647,17 +10084,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6666,18 +10116,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6685,23 +10148,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6710,17 +10182,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6730,19 +10213,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6750,19 +10244,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "actor", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6771,16 +10276,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6788,17 +10306,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6806,19 +10337,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6827,18 +10370,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6848,21 +10402,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6870,21 +10433,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6892,21 +10464,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6914,18 +10496,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6934,19 +10528,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", - "org", - "action", - "actor", "old_login", - "org_id", - "request_id", - "actor_id", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6954,20 +10560,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6976,21 +10592,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7000,21 +10628,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7023,23 +10661,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7048,23 +10696,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7073,19 +10729,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7094,25 +10763,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7121,21 +10801,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7145,21 +10834,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7169,20 +10867,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7191,22 +10899,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7215,21 +10931,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7238,21 +10963,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7261,22 +10995,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7285,21 +11027,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7308,21 +11059,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7332,21 +11092,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7356,19 +11125,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7378,21 +11158,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7402,21 +11191,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7426,19 +11224,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7448,22 +11257,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7472,22 +11289,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7496,22 +11321,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7520,21 +11353,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7543,21 +11385,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7566,22 +11417,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7590,22 +11449,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7614,15 +11481,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7631,15 +11515,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7648,7 +11549,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7663,20 +11585,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7685,16 +11618,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7705,18 +11651,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7725,17 +11684,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7743,18 +11715,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7763,18 +11747,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7783,18 +11780,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7803,22 +11812,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7826,19 +11845,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -7847,19 +11878,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7868,23 +11912,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7893,20 +11948,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7915,20 +11982,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7936,17 +12014,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7956,20 +12047,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7978,19 +12080,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -7998,18 +12113,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8018,20 +12145,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8040,16 +12180,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8058,14 +12213,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8076,16 +12246,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8094,20 +12279,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8117,23 +12313,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8142,21 +12349,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8167,21 +12385,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8190,20 +12421,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8212,17 +12457,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8233,20 +12493,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8255,19 +12529,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8275,19 +12561,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8295,18 +12593,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8314,16 +12624,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8331,18 +12655,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8350,18 +12686,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8372,18 +12721,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8394,17 +12756,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8414,19 +12789,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8434,12 +12821,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -8450,20 +12854,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8471,17 +12887,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8492,18 +12921,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8515,17 +12957,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8537,17 +12992,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8558,15 +13026,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8576,35 +13059,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "premium_runner.update", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8614,17 +13123,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8634,17 +13154,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8654,17 +13185,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8674,17 +13216,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8694,17 +13247,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -8714,17 +13280,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8732,20 +13311,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -8755,17 +13345,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -8773,17 +13376,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -8791,18 +13407,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -8811,18 +13439,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -8831,19 +13471,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -8851,17 +13502,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -8873,22 +13537,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -8896,19 +13569,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -8916,17 +13600,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8934,18 +13631,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -8953,20 +13663,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8974,18 +13694,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -8994,18 +13726,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9014,22 +13758,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9038,29 +13792,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9068,24 +13827,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9096,21 +13863,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9121,22 +13898,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9144,24 +13931,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9169,30 +13966,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", - "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", + "overridden_codes", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9202,28 +14006,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9234,23 +14046,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9258,22 +14079,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9281,23 +14112,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9305,24 +14145,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9331,22 +14180,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9354,24 +14213,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9380,27 +14248,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9409,18 +14284,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9431,24 +14319,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9456,25 +14353,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9482,22 +14386,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -9505,22 +14419,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -9529,22 +14454,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -9552,25 +14487,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -9578,22 +14520,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -9601,22 +14553,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", - "user_agent", - "name", - "actor", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -9624,23 +14586,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -9649,24 +14622,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -9675,20 +14659,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9697,21 +14695,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -9721,22 +14732,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9745,25 +14768,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9772,23 +14805,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9797,18 +14841,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -9818,21 +14876,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -9841,19 +14910,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -9864,23 +14946,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -9890,17 +14984,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -9908,19 +15016,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -9928,19 +15049,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -9950,21 +15084,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -9973,27 +15118,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10001,23 +15153,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10026,18 +15190,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10045,19 +15223,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10067,20 +15257,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10088,18 +15289,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10107,21 +15321,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10129,20 +15355,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10151,19 +15390,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10173,22 +15426,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10197,21 +15460,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10220,25 +15492,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_id", - "action", "user_id", - "oauth_application_id", - "org", - "org_id", - "token_scopes", - "programmatic_access_type" + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10247,23 +15526,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10272,24 +15559,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10298,23 +15592,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10324,22 +15626,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10348,19 +15659,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10369,24 +15693,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10395,24 +15729,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10420,24 +15762,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10445,23 +15795,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", - "category", - "repo", - "repo_id", + "category", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10472,103 +15831,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10576,17 +15969,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10595,15 +16001,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -10614,16 +16033,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10633,17 +16065,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10653,19 +16098,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10674,17 +16130,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10693,26 +16162,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -10721,30 +16196,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -10754,20 +16234,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10776,25 +16267,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -10803,23 +16302,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10827,25 +16337,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -10855,17 +16374,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -10874,23 +16406,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -10900,20 +16441,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "visibility", - "repo_id", - "created_at", - "actor", - "action", - "@timestamp", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -10921,20 +16473,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", - "actor_id", - "created_at", - "user", - "operation_type", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -10943,19 +16506,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10963,20 +16537,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -10984,23 +16569,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11008,21 +16603,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11030,21 +16635,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11052,22 +16667,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11075,21 +16699,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", "visibility", - "actor", - "actor_id", - "user", - "operation_type", - "repo_id", - "action", - "repo", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -11097,20 +16731,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11118,22 +16763,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11141,18 +16795,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11160,22 +16828,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11183,21 +16861,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11205,18 +16893,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11225,22 +16925,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11249,24 +16958,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11275,23 +16992,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11299,26 +17026,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11327,21 +17059,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11350,25 +17091,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11376,22 +17123,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11400,20 +17157,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11421,19 +17189,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -11441,17 +17220,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11460,17 +17254,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11479,7 +17288,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11494,23 +17324,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -11520,20 +17359,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11544,21 +17394,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -11567,22 +17428,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -11591,21 +17462,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -11614,22 +17496,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11640,16 +17532,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -11658,22 +17561,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -11683,22 +17595,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -11707,23 +17630,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11733,19 +17666,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -11753,21 +17696,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11776,24 +17729,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -11801,25 +17763,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11828,24 +17797,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11854,25 +17833,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11881,22 +17868,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11905,26 +17901,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11932,31 +17936,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11965,24 +17976,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -11991,24 +18008,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12017,21 +18040,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12039,21 +18072,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12061,21 +18104,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12083,20 +18137,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12104,21 +18170,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12126,19 +18203,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "actor", - "invitee", - "action", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12146,31 +18236,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12179,19 +18277,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12199,8 +18308,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12209,23 +18317,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12250,26 +18367,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12278,26 +18401,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12306,23 +18435,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12332,23 +18468,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12358,24 +18501,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12385,24 +18535,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -12411,24 +18568,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12438,23 +18602,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12464,23 +18635,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -12489,22 +18668,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12512,24 +18699,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12538,24 +18733,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12564,19 +18767,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12585,24 +18800,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12611,24 +18834,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12637,19 +18868,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12658,26 +18901,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12686,26 +18934,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12714,18 +18967,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -12734,19 +19000,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -12755,43 +19033,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -12800,28 +19102,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -12829,25 +19140,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "number", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12855,14 +19173,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -12872,26 +19204,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -12900,19 +19243,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -12921,20 +19275,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -12943,19 +19307,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -12964,14 +19339,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -12989,25 +19378,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13016,25 +19413,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -13044,45 +19449,65 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "number", - "repository", - "repository_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "security_key.register", "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -13090,18 +19515,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13109,16 +19546,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13128,18 +19578,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -13148,16 +19611,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13168,15 +19644,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -13186,15 +19675,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -13203,17 +19707,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13222,17 +19739,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13241,16 +19772,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -13260,14 +19804,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -13277,17 +19836,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13296,17 +19868,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13315,18 +19900,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13335,15 +19933,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -13353,16 +19965,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13370,15 +19995,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -13389,16 +20027,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -13408,17 +20059,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -13427,17 +20091,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "patreon_email", "patreon_username", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13448,17 +20125,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -13469,18 +20159,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13490,16 +20191,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13509,17 +20223,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13528,16 +20255,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13549,17 +20289,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13568,19 +20321,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13589,21 +20355,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13612,19 +20387,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13633,20 +20419,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13654,18 +20454,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -13673,16 +20488,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13690,15 +20520,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -13707,15 +20552,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -13724,15 +20584,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -13741,15 +20616,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -13758,15 +20648,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13774,15 +20679,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -13791,21 +20711,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -13815,22 +20745,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -13839,20 +20778,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -13861,18 +20811,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -13882,21 +20845,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -13905,21 +20879,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -13928,80 +20912,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -14010,22 +21038,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -14034,22 +21071,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -14059,21 +21105,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -14081,21 +21137,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -14104,17 +21171,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14123,19 +21203,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14144,28 +21235,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -14173,17 +21273,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14191,17 +21304,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14209,14 +21335,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -14225,15 +21366,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -14241,13 +21397,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14255,17 +21428,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -14273,17 +21459,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -14291,16 +21490,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14308,15 +21521,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14324,18 +21552,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -14344,18 +21584,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -14364,18 +21616,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -14384,15 +21648,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "@timestamp", - "request_id", - "_document_id", - "user_agent" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14400,16 +21679,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -14418,18 +21710,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -14438,15 +21742,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -14455,16 +21774,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -14472,19 +21804,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -14493,18 +21837,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -14512,15 +21868,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -14530,20 +21899,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -14551,18 +21931,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14570,18 +21962,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -14590,17 +21994,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -14609,16 +22026,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14626,16 +22057,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14643,16 +22088,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14660,19 +22119,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -14680,21 +22151,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -14702,20 +22185,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -14723,18 +22217,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14743,19 +22249,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -14763,18 +22280,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14782,18 +22311,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14801,18 +22342,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -14821,17 +22374,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14839,17 +22404,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14857,17 +22435,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14875,17 +22466,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14893,21 +22497,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14915,21 +22529,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -14938,17 +22562,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14956,17 +22593,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14974,17 +22624,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14992,18 +22655,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15011,16 +22686,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -15029,17 +22717,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -15048,17 +22750,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15066,18 +22781,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -15086,19 +22813,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -15106,18 +22845,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15125,38 +22876,61 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.new_device_used", + "description": "A user signed in from a new device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "user.new_device_used", - "description": "A user signed in from a new device.", - "docs_reference_links": "N/A", - "fields": [ "user", "user_id", - "actor", - "operation_type", - "created_at", "user_agent", - "actor_id", - "action", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15164,14 +22938,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15179,21 +22969,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15201,16 +23001,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -15219,20 +23032,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -15240,20 +23064,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15261,17 +23097,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15279,20 +23128,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -15300,17 +23160,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -15319,18 +23191,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -15339,18 +23223,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15358,16 +23254,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -15378,16 +23287,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -15396,18 +23317,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -15415,18 +23348,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15434,18 +23379,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15453,22 +23410,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -15476,23 +23444,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -15501,21 +23479,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -15523,18 +23511,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "actor_id", - "@timestamp", - "operation_type", - "_document_id", - "user_agent", - "actor", - "action", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15542,18 +23542,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15563,16 +23575,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15580,18 +23604,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15599,18 +23635,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15618,17 +23666,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15636,18 +23697,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -15655,17 +23728,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -15674,19 +23760,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -15695,15 +23793,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -15712,21 +23823,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -15734,21 +23855,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15756,18 +23889,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15775,27 +23920,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -15804,23 +23955,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15828,10 +23989,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15842,20 +24021,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -15864,23 +24032,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15890,10 +24066,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15905,19 +24099,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -15928,10 +24112,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15940,21 +24142,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -15964,23 +24155,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -15989,22 +24192,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16012,21 +24226,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16034,25 +24259,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16060,23 +24293,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -16090,24 +24336,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16116,10 +24371,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16129,21 +24402,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -16153,25 +24416,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json index 3e1d456d7bbe..489dcc450f7f 100644 --- a/src/audit-logs/data/ghes-3.14/organization.json +++ b/src/audit-logs/data/ghes-3.14/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,39 +301,62 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.change_billing_type", "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -244,19 +365,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -265,18 +398,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -284,18 +430,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -303,20 +461,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -325,20 +494,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -349,49 +529,59 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, - { - "action": "codespaces.allow_permissions", - "description": "A codespace using custom permissions from its devcontainer.json file was launched.", - "docs_reference_links": "N/A", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -401,46 +591,65 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", - "repository", - "repository_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo", - "token_scopes", "programmatic_access_type", - "request_access_security_header" - ] - }, + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "created_at", + "operation_type", + "public_repo" + ] + }, { "action": "codespaces.business_enablement_updated", "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -451,25 +660,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -480,22 +698,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -507,22 +736,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -531,15 +771,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -550,15 +805,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -568,20 +836,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -589,19 +867,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -609,17 +898,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -629,27 +931,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -657,19 +968,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -677,18 +1001,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -697,20 +1033,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -718,21 +1064,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -740,21 +1095,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -762,13 +1129,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -778,23 +1160,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -802,16 +1191,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -820,24 +1223,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -845,15 +1254,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -863,20 +1285,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -884,19 +1316,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -904,21 +1348,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -926,21 +1379,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -948,111 +1413,159 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" - }, - { - "action": "copilot.plan_changed", - "description": "The plan for GitHub Copilot was updated.", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "copilot.plan_changed", + "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1064,21 +1577,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1088,19 +1610,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1110,21 +1641,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1134,18 +1674,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1158,18 +1711,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1183,14 +1749,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1203,8 +1784,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1213,27 +1793,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1242,19 +1830,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1263,16 +1863,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1284,19 +1897,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1305,19 +1929,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1326,19 +1961,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1347,19 +1993,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1368,17 +2025,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1386,19 +2056,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1407,19 +2088,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1427,19 +2119,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1448,19 +2151,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1468,19 +2182,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1489,19 +2214,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1509,19 +2245,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1530,20 +2277,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1551,21 +2308,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1573,20 +2339,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1594,130 +2370,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1728,16 +2570,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1748,18 +2604,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1770,17 +2640,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1789,17 +2672,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1808,22 +2704,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1832,22 +2737,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1855,28 +2770,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1885,27 +2806,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1914,25 +2843,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1941,26 +2878,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1969,21 +2913,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1992,22 +2948,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2016,25 +2982,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2043,22 +3018,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2067,21 +3054,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2092,19 +3089,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2113,20 +3121,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2135,19 +3153,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2156,23 +3185,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2180,18 +3218,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2202,20 +3250,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2225,25 +3283,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2251,25 +3319,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2277,26 +3354,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2305,25 +3391,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2331,26 +3426,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2358,21 +3462,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2381,19 +3496,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2401,21 +3529,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2424,19 +3563,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2447,20 +3600,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2470,24 +3635,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2498,23 +3674,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2525,21 +3713,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2550,20 +3750,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2573,20 +3785,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2596,19 +3821,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2617,20 +3856,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2640,20 +3892,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "action", - "_document_id", "name", - "org_id", "manager", "operation_type", - "actor", - "integration", - "org", - "@timestamp", - "actor_id", - "request_id", - "user_agent" + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2662,20 +3927,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2684,20 +3962,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2705,19 +3995,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2726,19 +4029,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2747,17 +4063,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2770,21 +4099,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2798,17 +4140,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2820,19 +4175,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2840,19 +4206,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2860,20 +4237,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -2882,19 +4268,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2902,24 +4299,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -2927,24 +4332,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -2952,19 +4365,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -2972,45 +4398,130 @@ "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.update", - "description": "A comment on an issue (other than the initial one) changed.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", + "@timestamp", + "_document_id", "action", - "repo_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.update", + "description": "A comment on an issue (other than the initial one) changed.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3018,21 +4529,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3041,23 +4562,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3066,22 +4597,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3090,24 +4631,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3116,19 +4666,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3137,18 +4698,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3158,19 +4730,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3179,18 +4762,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3198,21 +4793,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3220,21 +4828,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3242,22 +4863,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3265,19 +4899,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3287,22 +4934,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3310,22 +4970,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3333,20 +5006,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3355,20 +5038,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3377,21 +5070,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3400,22 +5102,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3424,21 +5134,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3447,22 +5166,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3471,19 +5198,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3492,18 +5230,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3513,21 +5262,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3538,16 +5296,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -3556,21 +5325,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3579,19 +5357,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3600,19 +5389,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3620,21 +5421,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "hashed_token", - "programmatic_access_type", - "actor", - "actor_id", - "oauth_application_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3644,16 +5454,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3663,18 +5486,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3684,14 +5520,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -3699,19 +5551,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -3719,18 +5582,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3738,23 +5613,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3762,16 +5645,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3779,24 +5676,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3804,22 +5709,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3828,15 +5748,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -3849,21 +5782,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3872,20 +5820,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3894,20 +5854,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3916,20 +5888,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3938,20 +5922,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3960,19 +5956,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3981,20 +5990,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4003,41 +6024,66 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, { - "action": "oauth_application.transfer", - "description": "An OAuth application was transferred from one account to another.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", - "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", + "action": "oauth_application.transfer", + "description": "An OAuth application was transferred from one account to another.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4046,17 +6092,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4067,20 +6124,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4089,21 +6156,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4112,24 +6189,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4137,21 +6224,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4159,20 +6256,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4180,22 +6287,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4203,20 +6318,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4224,22 +6349,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4247,19 +6380,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4268,19 +6412,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4290,53 +6445,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4346,17 +6540,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -4365,21 +6572,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -4388,16 +6606,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4406,18 +6637,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -4426,19 +6670,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "org", - "org_id", + "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -4448,22 +6703,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -4471,19 +6737,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4491,23 +6768,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4515,21 +6800,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4537,66 +6832,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -4605,21 +6929,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -4628,16 +6962,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4647,16 +6994,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4666,19 +7026,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4687,17 +7058,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4706,21 +7090,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4728,21 +7121,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4750,16 +7152,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -4769,17 +7184,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4788,17 +7216,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4808,16 +7249,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4826,17 +7280,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4845,17 +7312,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "org_id", - "operation_type", - "org", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4864,22 +7344,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -4888,17 +7376,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4909,15 +7408,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4928,18 +7440,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -4948,20 +7472,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -4970,20 +7505,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4992,21 +7539,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5014,21 +7573,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5044,24 +7612,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5075,21 +7651,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5104,20 +7691,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5126,16 +7723,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5145,19 +7755,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5166,14 +7787,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5182,21 +7820,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5205,17 +7852,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5223,19 +7883,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5243,19 +7914,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -5263,19 +7945,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", - "operation_type", - "_document_id", "user_id", - "created_at", "user_agent", - "actor_id", - "org", - "request_id", - "action", - "@timestamp" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5284,17 +7977,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -5303,19 +8009,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5324,19 +8041,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -5345,21 +8075,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5368,17 +8107,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -5387,17 +8139,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -5406,18 +8171,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5425,23 +8203,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -5450,17 +8237,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5470,19 +8268,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5490,19 +8299,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5510,19 +8330,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -5532,20 +8364,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5554,18 +8397,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -5575,19 +8431,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -5596,20 +8464,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5619,16 +8498,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -5636,20 +8528,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5658,20 +8561,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5680,19 +8593,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5701,19 +8625,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5722,19 +8657,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5743,19 +8689,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5764,19 +8721,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5785,20 +8754,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5807,21 +8787,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5830,18 +8820,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -5851,22 +8852,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5874,21 +8885,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", - "action", - "user_id", "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5896,21 +8916,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5918,21 +8947,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5940,18 +8979,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5960,19 +9011,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -5980,14 +9043,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5998,14 +9075,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6016,14 +9107,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6034,20 +9139,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6056,18 +9171,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", - "user_agent", - "_document_id", - "request_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6077,19 +9203,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6098,21 +9235,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6122,21 +9271,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6145,20 +9304,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6167,23 +9337,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -6192,23 +9372,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6217,19 +9405,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -6238,25 +9439,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6265,21 +9477,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -6288,21 +9511,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6312,21 +9544,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6336,20 +9577,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6358,22 +9609,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6382,21 +9641,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6405,21 +9673,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6428,22 +9705,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6452,21 +9737,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6475,22 +9769,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6498,22 +9800,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6521,21 +9831,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6545,21 +9864,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6569,19 +9897,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6591,21 +9930,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6615,21 +9963,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6639,19 +9996,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6661,22 +10029,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6685,22 +10061,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6709,22 +10093,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6733,21 +10125,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6756,21 +10157,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6779,22 +10189,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6803,22 +10221,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6827,15 +10253,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -6844,15 +10287,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -6861,7 +10321,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -6876,20 +10357,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -6898,16 +10390,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -6918,18 +10423,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "limit", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -6938,17 +10456,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6956,18 +10487,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -6976,18 +10519,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -6996,18 +10552,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7016,22 +10584,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7039,21 +10617,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -7062,19 +10651,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7085,15 +10685,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7103,19 +10716,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7124,20 +10750,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -7146,23 +10784,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7171,20 +10820,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -7193,20 +10854,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7214,22 +10887,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7238,20 +10922,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7259,17 +10954,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7279,20 +10987,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7301,17 +11020,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -7320,17 +11052,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_repo_runners_policy", - "new_repo_runners_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_repo_runners_policy", + "new_repo_runners_policy", "created_at", "operation_type" ], @@ -7341,19 +11086,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -7361,18 +11119,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -7381,18 +11151,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -7401,17 +11183,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -7420,17 +11215,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -7439,20 +11247,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -7461,16 +11282,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7479,14 +11315,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -7497,16 +11348,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7515,16 +11381,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7534,17 +11413,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7554,16 +11444,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -7573,20 +11476,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -7594,19 +11507,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7615,19 +11539,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7636,18 +11571,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -7657,23 +11603,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -7682,25 +11638,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -7712,25 +11675,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", - "role_permissions", - "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "role_permissions", + "base_role", "created_at", "operation_type" ], @@ -7741,19 +11711,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -7764,26 +11745,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -7796,20 +11784,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -7819,23 +11818,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -7844,21 +11854,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -7869,21 +11890,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -7892,20 +11926,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -7914,17 +11962,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7935,20 +11998,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -7957,18 +12034,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7976,16 +12065,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7993,18 +12096,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8012,18 +12127,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8034,18 +12162,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8056,17 +12197,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8077,18 +12231,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8100,17 +12267,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8122,20 +12302,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8147,20 +12336,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8172,20 +12370,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8197,20 +12404,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8222,15 +12438,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8240,17 +12471,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8260,15 +12502,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8278,19 +12535,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8298,23 +12566,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8322,23 +12597,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8346,17 +12628,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8366,17 +12659,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8386,17 +12690,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8406,17 +12721,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8426,17 +12752,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -8446,17 +12785,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8464,20 +12816,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -8487,17 +12850,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -8505,17 +12881,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -8523,18 +12912,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -8543,18 +12944,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -8563,19 +12976,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -8583,17 +13007,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -8605,22 +13042,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -8628,19 +13074,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -8648,17 +13105,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8666,18 +13136,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -8685,20 +13168,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8706,18 +13199,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -8726,18 +13231,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -8746,22 +13263,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -8770,29 +13297,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8800,24 +13332,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -8828,21 +13368,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -8853,22 +13403,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -8876,24 +13436,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8901,30 +13471,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -8934,28 +13511,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -8966,23 +13551,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -8990,22 +13584,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "repo_id", - "request_access_security_header" + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9013,23 +13617,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9037,24 +13650,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9063,22 +13685,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9086,24 +13718,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9112,27 +13753,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9141,18 +13789,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9163,24 +13824,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9188,25 +13858,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9214,22 +13891,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", + "@timestamp", + "_document_id", "action", - "@timestamp", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -9237,22 +13924,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -9261,22 +13959,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -9284,25 +13992,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -9310,22 +14025,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -9333,22 +14058,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -9356,23 +14091,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -9381,24 +14127,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -9407,20 +14164,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "title", - "key", - "fingerprint", - "read_only", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "title", + "key", + "fingerprint", + "read_only", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9429,21 +14200,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -9453,22 +14237,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9477,25 +14273,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9504,23 +14310,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9529,18 +14346,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -9550,21 +14381,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -9573,19 +14415,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -9596,23 +14451,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -9622,17 +14489,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -9640,19 +14521,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -9660,19 +14554,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -9682,21 +14589,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -9705,27 +14623,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9733,23 +14658,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -9758,18 +14695,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -9777,19 +14728,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -9799,20 +14762,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -9820,18 +14794,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -9839,21 +14826,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -9861,20 +14860,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -9883,19 +14895,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -9905,22 +14931,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -9929,21 +14965,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -9952,25 +14997,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -9979,23 +15031,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10004,24 +15064,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10030,23 +15097,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10056,22 +15131,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10080,19 +15164,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10101,24 +15198,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10127,24 +15234,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10152,24 +15267,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10177,23 +15300,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10204,102 +15336,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -10308,19 +15474,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10328,17 +15505,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10347,15 +15537,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -10366,16 +15569,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10385,17 +15601,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10405,19 +15634,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10426,17 +15666,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10445,26 +15698,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -10473,30 +15732,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "visibility", - "repo_id", - "user", - "request_id", - "actor_id", - "action", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -10506,20 +15770,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10528,25 +15803,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -10555,23 +15838,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10579,25 +15873,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -10607,23 +15910,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -10633,23 +15945,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -10657,21 +15979,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -10679,21 +16011,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -10701,22 +16043,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -10724,21 +16075,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -10746,20 +16107,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10767,22 +16139,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -10790,18 +16171,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10809,22 +16204,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10832,21 +16237,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -10854,18 +16269,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -10874,22 +16301,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10898,24 +16334,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -10924,23 +16368,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -10948,26 +16402,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -10976,21 +16435,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -10999,25 +16467,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11025,22 +16499,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11049,25 +16533,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -11077,37 +16570,63 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.self_hosted_runner_offline", + "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" - ] - }, - { - "action": "repo.self_hosted_runner_offline", - "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", - "fields": [ - "repo_id", - "repo", - "org_id", - "org", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11116,17 +16635,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11135,7 +16669,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11150,23 +16705,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -11176,20 +16740,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11200,21 +16775,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -11223,22 +16809,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -11247,21 +16843,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -11270,22 +16877,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11296,16 +16913,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -11315,22 +16943,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -11339,23 +16978,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11365,19 +17014,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -11385,21 +17044,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11408,24 +17077,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -11433,25 +17111,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11460,24 +17145,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11486,25 +17181,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11513,22 +17216,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11537,26 +17249,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11564,31 +17284,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11597,42 +17324,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -11641,17 +17387,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11660,21 +17419,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -11682,18 +17450,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -11701,21 +17481,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -11723,17 +17512,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "repo", - "action", + "operation_type", "created_at", - "@timestamp", - "request_id", - "actor_id", - "_document_id", - "actor", - "repo_id", "public_repo" ] }, @@ -11742,21 +17544,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -11764,24 +17575,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -11790,24 +17607,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -11816,19 +17639,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -11837,21 +17671,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -11860,23 +17703,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -11885,24 +17735,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11911,43 +17768,63 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", "created_at", - "actor_id", - "repo_id", + "content_type" + ] + }, + { + "action": "repository_image.destroy", + "description": "An image to represent a repository was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" - ] - }, - { - "action": "repository_image.destroy", - "description": "An image to represent a repository was deleted.", - "docs_reference_links": "N/A", - "fields": [ + "user_agent", "content_type", "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", - "_document_id", - "actor", - "repo_id", - "user_agent", - "repo", - "user", - "action", - "@timestamp", - "request_access_security_header" + "operation_type" ] }, { @@ -11955,21 +17832,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -11977,20 +17865,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -11998,21 +17898,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12020,19 +17931,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12040,19 +17964,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12061,20 +17996,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -12083,20 +18028,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -12104,31 +18058,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12137,19 +18099,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12157,8 +18130,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12167,23 +18139,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12208,26 +18189,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12236,26 +18223,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12264,23 +18257,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12290,23 +18290,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12316,24 +18323,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12343,24 +18357,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -12369,24 +18390,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12396,23 +18424,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12422,23 +18457,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -12447,22 +18490,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12470,24 +18521,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12495,22 +18554,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12519,24 +18587,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12545,24 +18621,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12571,19 +18655,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12592,24 +18688,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12618,24 +18722,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12644,19 +18756,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12665,26 +18789,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12693,26 +18822,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12721,20 +18855,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -12743,20 +18887,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12764,19 +18918,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12784,29 +18949,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -12815,29 +18988,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -12846,44 +19027,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "action", - "repo", "created_at", - "_document_id", - "token_scopes", - "alert_number", - "programmatic_access_type" + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -12894,21 +19097,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -12917,26 +19132,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -12944,21 +19167,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -12966,20 +19200,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -12988,24 +19232,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13013,26 +19264,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13040,23 +19297,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13064,23 +19328,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -13089,24 +19360,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -13115,21 +19393,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -13138,18 +19426,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13158,19 +19459,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13179,22 +19492,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -13205,23 +19529,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -13230,23 +19565,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -13257,43 +19603,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -13302,28 +19672,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -13331,25 +19710,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13357,14 +19743,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -13374,26 +19774,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13402,19 +19813,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13423,20 +19845,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13445,19 +19877,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13466,14 +19909,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -13491,25 +19948,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13518,25 +19983,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -13546,43 +20019,64 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "sponsors.agreement_sign", "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13592,18 +20086,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -13612,16 +20119,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13631,15 +20151,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -13651,15 +20184,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -13669,15 +20215,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -13686,17 +20247,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13705,17 +20279,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13724,16 +20312,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -13743,14 +20344,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -13760,17 +20376,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13779,17 +20408,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13798,18 +20440,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13818,15 +20473,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -13836,16 +20505,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13853,15 +20535,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -13872,16 +20567,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -13891,17 +20599,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -13912,17 +20633,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -13933,18 +20667,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13954,16 +20699,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13973,16 +20731,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13994,17 +20765,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14013,19 +20797,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14034,21 +20831,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14057,36 +20863,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -14097,20 +20927,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14118,18 +20962,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -14137,16 +20996,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14154,21 +21028,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -14178,22 +21062,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -14202,20 +21095,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -14224,18 +21128,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -14245,21 +21162,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -14268,21 +21196,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "user_agent", + "team", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -14291,80 +21229,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -14373,19 +21355,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -14393,19 +21387,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -14413,22 +21419,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -14436,22 +21451,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -14460,22 +21484,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -14483,23 +21516,33 @@ { "action": "team.remove_repository", "description": "A repository was removed from a team's control.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -14507,21 +21550,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -14530,17 +21584,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14549,19 +21616,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14570,19 +21648,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -14590,28 +21679,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -14619,16 +21717,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14638,16 +21750,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14657,18 +21783,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14678,21 +21817,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -14700,21 +21851,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14722,21 +21884,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14744,16 +21917,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14763,27 +21950,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -14792,23 +21985,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -14816,10 +22019,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -14830,20 +22051,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -14852,23 +22062,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14878,10 +22096,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -14893,19 +22129,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -14916,10 +22142,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -14928,21 +22172,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -14952,23 +22185,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -14977,22 +22222,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15000,21 +22256,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -15022,25 +22289,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15048,23 +22323,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -15078,24 +22366,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -15104,10 +22401,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15117,21 +22432,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -15141,25 +22446,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json index a5aecbaf6331..315369a09f99 100644 --- a/src/audit-logs/data/ghes-3.14/user.json +++ b/src/audit-logs/data/ghes-3.14/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,17 +227,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -167,19 +259,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -188,18 +292,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -207,18 +324,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -226,15 +355,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -244,17 +386,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -265,20 +420,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -287,19 +454,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -308,19 +488,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -329,20 +521,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -351,19 +555,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -372,20 +588,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -394,20 +621,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -418,17 +656,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -436,14 +686,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -453,25 +718,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -482,22 +756,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -509,22 +794,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -533,15 +829,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -552,17 +863,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -572,27 +896,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -600,38 +933,63 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "owner", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "codespaces.trusted_repositories_access_update", - "description": "A personal account's access and security setting for Codespaces were updated.", - "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", "created_at", - "_document_id" + "public_repo" + ] + }, + { + "action": "codespaces.trusted_repositories_access_update", + "description": "A personal account's access and security setting for Codespaces were updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -640,23 +998,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -664,16 +1029,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -682,24 +1061,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -707,15 +1092,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -725,20 +1123,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -746,19 +1154,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -766,65 +1186,92 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" - ] - }, - { - "action": "custom_hosted_runner.create", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "runner_group_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] }, { - "action": "custom_hosted_runner.destroy", + "action": "custom_hosted_runner.create", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -834,21 +1281,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -858,19 +1314,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -879,19 +1346,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -900,19 +1378,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -921,19 +1410,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -942,17 +1442,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -960,19 +1473,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -981,39 +1505,61 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates_new_repos.disable", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1022,19 +1568,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1042,19 +1599,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1063,19 +1631,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1083,19 +1662,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1104,20 +1694,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1125,22 +1725,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1149,22 +1758,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1172,28 +1791,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "business", "business_id", - "public_repo", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1202,27 +1827,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1231,25 +1864,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1258,26 +1899,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1286,21 +1934,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1309,22 +1969,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1333,25 +2003,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1360,22 +2039,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1384,23 +2075,33 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", - "new_value", - "approvers_was", - "approvers", "programmatic_access_type", - "can_admins_bypass", - "prevent_self_review" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_value", + "approvers_was", + "approvers", + "can_admins_bypass", + "prevent_self_review" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1409,21 +2110,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1431,20 +2143,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1452,21 +2176,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1474,22 +2209,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1498,23 +2244,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1523,23 +2280,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1547,18 +2313,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1569,20 +2345,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1592,37 +2378,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", - "user_agent", - "request_access_security_header" - ] - }, - { - "action": "gpg_key.destroy", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.destroy", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1630,25 +2440,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1656,25 +2476,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -1682,26 +2511,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -1710,25 +2548,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -1736,26 +2583,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -1763,21 +2619,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -1786,41 +2653,65 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "actor_id", - "request_id", "@timestamp", - "name", - "integration", - "user", "_document_id", "action", - "operation_type", - "created_at", - "user_agent" - ] - }, - { - "action": "integration.generate_client_secret", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", "operation_type", + "created_at" + ] + }, + { + "action": "integration.generate_client_secret", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -1829,19 +2720,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -1852,20 +2757,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -1875,24 +2792,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -1903,23 +2831,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -1930,20 +2870,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -1953,19 +2906,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -1974,20 +2941,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -1997,20 +2977,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2019,20 +3012,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2041,20 +3047,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2062,19 +3080,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2083,19 +3114,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2104,17 +3148,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2127,21 +3184,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2155,17 +3225,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2177,18 +3260,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2196,43 +3291,69 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", - "user_id", - "user_agent", - "operation_type", - "created_at", - "request_id", + "action", + "actor", "actor_id", - "marketplace_listing", - "integration", - "action" - ] - }, - { + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "primary_category", + "operation_type", + "created_at", + "marketplace_listing", + "integration" + ] + }, + { "action": "marketplace_listing.change_category", "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2240,22 +3361,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2263,19 +3397,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2286,21 +3433,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2308,22 +3470,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2331,21 +3508,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2354,21 +3546,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2377,22 +3584,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2400,22 +3620,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2423,19 +3656,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2443,21 +3688,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2467,16 +3721,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2486,18 +3753,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2507,14 +3787,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2522,19 +3818,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2542,18 +3849,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2561,23 +3880,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -2585,20 +3912,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -2609,19 +3946,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -2631,19 +3979,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -2652,18 +4011,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -2671,20 +4042,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2693,20 +4076,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2715,20 +4110,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2737,20 +4144,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2759,19 +4178,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2780,20 +4212,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2802,20 +4246,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2824,19 +4280,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2845,24 +4314,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -2872,20 +4348,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -2896,21 +4383,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -2919,24 +4416,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2944,20 +4451,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -2965,22 +4482,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -2988,20 +4513,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3009,22 +4544,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3032,21 +4575,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3054,20 +4606,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3076,16 +4639,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3096,18 +4672,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3116,18 +4705,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3136,18 +4737,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3156,18 +4770,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3177,20 +4803,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3198,17 +4835,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3218,20 +4868,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3240,20 +4901,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3262,17 +4937,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3283,20 +4973,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3305,19 +5009,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3325,19 +5041,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3345,18 +5073,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3364,16 +5104,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3381,18 +5135,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3400,18 +5166,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3422,18 +5201,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3444,17 +5236,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3464,19 +5269,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3484,12 +5301,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -3500,20 +5334,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3521,17 +5367,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3542,18 +5401,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3565,17 +5437,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3587,17 +5472,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3608,15 +5506,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3626,17 +5539,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -3646,15 +5570,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3664,17 +5603,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3684,17 +5634,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3704,17 +5665,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3724,17 +5696,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3744,17 +5727,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -3764,17 +5760,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3782,20 +5791,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -3805,17 +5825,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -3823,17 +5856,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -3841,18 +5887,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -3861,18 +5919,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -3881,19 +5951,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -3901,17 +5982,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -3923,22 +6017,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -3946,19 +6049,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -3966,17 +6080,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3984,39 +6111,62 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", - "user_agent", - "actor" - ] - }, - { - "action": "project.update_user_permission", - "description": "A user was added to or removed from a project board or had their permission level changed.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "user_id", - "operation_type", - "@timestamp", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor", "created_at", - "org", + "operation_type", + "team" + ] + }, + { + "action": "project.update_user_permission", + "description": "A user was added to or removed from a project board or had their permission level changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "org_id", "action", - "programmatic_access_type" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4024,18 +6174,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4044,18 +6206,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4064,18 +6238,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4086,23 +6273,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4111,24 +6309,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4137,20 +6346,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4159,21 +6382,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4183,22 +6419,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4207,25 +6455,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4234,23 +6492,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4259,22 +6528,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -4283,21 +6562,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -4306,25 +6594,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -4333,23 +6628,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -4358,24 +6661,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -4384,23 +6694,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -4410,22 +6728,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -4434,19 +6761,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -4455,24 +6795,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -4481,23 +6831,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4508,17 +6867,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4527,15 +6899,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -4546,16 +6931,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4565,17 +6963,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4585,19 +6996,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4606,17 +7028,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4625,26 +7060,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -4653,30 +7094,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -4686,20 +7132,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -4708,25 +7165,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4735,23 +7200,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -4759,25 +7235,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -4787,23 +7272,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -4811,21 +7306,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -4833,21 +7338,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", - "action", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4855,22 +7370,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -4878,21 +7402,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -4900,20 +7434,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -4921,22 +7466,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -4944,18 +7498,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4963,22 +7531,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4986,21 +7564,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5008,42 +7596,63 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", - "repo_id", - "request_access_security_header" - ], - "docs_reference_titles": "Adding self-hosted runners" - }, - { - "action": "repo.remove_actions_secret", - "description": "A GitHub Actions secret was deleted for a repository.", - "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "repo.remove_actions_secret", + "description": "A GitHub Actions secret was deleted for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5052,24 +7661,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5078,23 +7695,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5102,26 +7729,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5130,21 +7762,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5153,25 +7794,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5179,22 +7826,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5203,43 +7860,63 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" - ] + "operation_type", + "created_at" + ] }, { "action": "repo.set_actions_fork_pr_approvals_policy", "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -5249,20 +7926,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5273,21 +7961,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -5296,22 +7995,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -5320,21 +8029,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -5343,22 +8063,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -5369,16 +8099,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5387,22 +8128,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -5412,22 +8162,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -5436,23 +8197,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", - "new_nwo", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", + "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5462,19 +8233,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -5482,21 +8263,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5505,24 +8296,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5530,25 +8330,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5557,24 +8364,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5583,25 +8400,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5610,22 +8435,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5634,26 +8468,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5661,31 +8503,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5694,21 +8543,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -5716,21 +8575,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -5738,21 +8607,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -5760,20 +8640,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -5781,21 +8673,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -5803,19 +8706,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -5823,31 +8739,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -5856,19 +8780,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -5876,8 +8811,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -5886,23 +8820,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -5927,18 +8870,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -5946,18 +8901,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5965,16 +8932,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5984,18 +8964,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6004,16 +8997,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6024,15 +9030,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6042,15 +9061,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6059,17 +9093,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6078,35 +9125,62 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", - "actor", - "actor_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" - }, - { - "action": "sponsors.sponsor_sponsorship_preference_change", - "description": "The option to receive email updates from a sponsored account was changed.", - "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", - "fields": [ - "actor_id", - "action", "@timestamp", - "request_id", - "user_id", - "created_at", - "user", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_preference_change", + "description": "The option to receive email updates from a sponsored account was changed.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6116,14 +9190,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6133,17 +9222,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6152,17 +9254,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6171,18 +9286,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6191,15 +9319,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -6209,16 +9351,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6226,15 +9381,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -6245,16 +9413,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -6264,17 +9445,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -6283,17 +9477,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6304,17 +9511,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6325,18 +9545,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6346,16 +9577,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6365,17 +9609,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6384,16 +9641,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6403,15 +9673,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6420,15 +9705,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6437,15 +9737,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6454,15 +9769,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6471,15 +9801,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6487,15 +9832,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6504,17 +9864,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6522,17 +9895,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6540,14 +9926,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -6556,15 +9957,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -6572,13 +9988,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6586,17 +10019,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -6604,17 +10050,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -6622,32 +10081,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", - "request_id", - "created_at", - "user_id", - "action", "_document_id", - "request_access_security_header" - ] - }, - { - "action": "two_factor_account_recovery.two_factor_destroy", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.two_factor_destroy", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6655,18 +10143,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -6675,18 +10175,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -6695,18 +10207,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -6715,15 +10239,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6731,16 +10270,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -6749,18 +10301,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -6769,15 +10333,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -6786,16 +10365,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -6803,19 +10395,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ - "action", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -6824,18 +10428,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6843,15 +10459,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -6861,20 +10490,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -6882,18 +10522,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6901,18 +10553,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -6921,17 +10585,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -6940,19 +10617,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -6960,21 +10649,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6982,39 +10683,62 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, { "action": "user.delete", "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7023,19 +10747,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7043,18 +10778,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7062,18 +10809,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7081,18 +10840,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -7101,17 +10872,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7119,17 +10902,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7137,17 +10933,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7155,17 +10964,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7173,21 +10995,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -7195,21 +11027,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -7218,17 +11060,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7236,17 +11091,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7254,17 +11122,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7272,18 +11153,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7291,17 +11184,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -7310,17 +11217,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7328,18 +11248,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7348,19 +11280,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -7368,18 +11312,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7387,18 +11343,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7406,21 +11374,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7428,16 +11406,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -7446,20 +11437,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -7467,20 +11469,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7488,20 +11502,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -7509,18 +11534,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7528,16 +11565,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7548,16 +11598,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7566,18 +11628,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", - "user", - "user_id", - "operation_type", - "created_at", + "action", "actor", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7585,18 +11659,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7604,22 +11690,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7627,23 +11724,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -7652,21 +11759,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -7674,18 +11791,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7693,18 +11822,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7714,16 +11855,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -7731,18 +11884,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7750,18 +11915,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -7769,17 +11946,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7787,18 +11977,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7806,17 +12008,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -7825,19 +12040,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -7845,21 +12072,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -7867,21 +12104,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7889,46 +12138,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -7937,23 +12204,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7961,23 +12238,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7987,23 +12272,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8012,22 +12309,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8035,21 +12343,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -8057,25 +12376,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8083,24 +12410,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8109,25 +12445,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.15/enterprise.json b/src/audit-logs/data/ghes-3.15/enterprise.json index c676a2320b82..eb46d115068d 100644 --- a/src/audit-logs/data/ghes-3.15/enterprise.json +++ b/src/audit-logs/data/ghes-3.15/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,17 +413,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -299,19 +445,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -320,18 +478,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -339,18 +510,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -358,15 +541,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -376,22 +572,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -400,22 +605,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -423,20 +638,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -445,17 +670,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -466,21 +702,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -489,17 +735,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -510,17 +767,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -531,21 +799,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -554,20 +832,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -576,20 +866,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -597,17 +899,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -619,21 +932,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -642,18 +965,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -662,17 +998,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -682,19 +1031,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -703,21 +1065,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -725,19 +1099,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -745,17 +1131,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -765,17 +1162,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -785,17 +1193,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -805,18 +1226,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -824,17 +1257,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -845,18 +1289,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", - "operation_type", - "created_at", - "user_agent", "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -864,15 +1321,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -882,17 +1352,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -903,18 +1384,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -922,20 +1416,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -943,20 +1448,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -964,20 +1480,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -985,20 +1512,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1007,20 +1545,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1028,18 +1577,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1047,20 +1609,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ - "business_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1068,17 +1641,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1089,17 +1673,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1110,20 +1705,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1132,17 +1737,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1152,20 +1768,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1173,17 +1799,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1194,20 +1831,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1216,17 +1863,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1236,17 +1894,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1257,17 +1926,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1278,17 +1958,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1299,17 +1990,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1320,17 +2022,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1342,17 +2055,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1364,17 +2088,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1385,17 +2120,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1406,17 +2152,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1427,17 +2184,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1448,17 +2216,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1469,17 +2248,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1490,17 +2280,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1511,20 +2312,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1532,17 +2345,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1553,20 +2379,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1575,19 +2413,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1596,19 +2447,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1617,20 +2480,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1639,19 +2514,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1660,20 +2547,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -1681,46 +2580,72 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "updated_github_owned_allowed", - "updated_verified_allowed", - "updated_patterns", - "new_policy", - "old_policy", - "updated_access_policy" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" - }, - { - "action": "business.update_default_repository_permission", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "updated_github_owned_allowed", + "updated_verified_allowed", + "updated_patterns", + "new_policy", + "old_policy", + "updated_access_policy" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.update_default_repository_permission", "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1729,19 +2654,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1751,19 +2689,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1772,20 +2723,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -1794,20 +2756,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -1818,49 +2791,59 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, - { - "action": "codespaces.allow_permissions", - "description": "A codespace using custom permissions from its devcontainer.json file was launched.", - "docs_reference_links": "N/A", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1870,25 +2853,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -1899,22 +2891,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -1926,22 +2929,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -1950,15 +2964,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -1969,17 +2998,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1989,27 +3031,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2017,19 +3068,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -2037,18 +3101,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2057,23 +3133,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2081,16 +3164,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2099,24 +3196,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2124,15 +3227,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2142,20 +3258,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2163,19 +3289,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2183,21 +3321,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2205,21 +3352,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2229,19 +3385,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2251,21 +3416,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2275,18 +3449,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2299,18 +3486,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2324,14 +3524,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -2344,8 +3559,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2354,27 +3568,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2383,19 +3605,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2404,16 +3638,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -2425,19 +3672,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2446,19 +3704,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2467,19 +3736,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2488,19 +3768,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2509,17 +3800,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2527,40 +3831,62 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" - }, - { - "action": "dependabot_security_updates.enable", - "description": "Dependabot security updates were enabled for all existing repositories.", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2568,19 +3894,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2589,19 +3926,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2609,19 +3957,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2630,19 +3989,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2650,19 +4020,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2671,128 +4052,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", - "user_id", - "@timestamp", "number", - "org", "title", + "operation_type" + ] + }, + { + "action": "discussion_post_reply.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" - }, - { - "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", - "fields": [ - "actor_id", - "action", - "@timestamp", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2803,16 +4251,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2823,18 +4285,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2845,23 +4321,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -2870,19 +4354,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2891,18 +4389,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2911,18 +4424,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2931,18 +4459,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -2951,18 +4494,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -2971,20 +4526,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -2993,18 +4558,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3014,18 +4592,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3034,20 +4625,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3056,19 +4660,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3077,19 +4693,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -3098,24 +4727,36 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3124,14 +4765,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3140,14 +4799,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3156,18 +4833,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3176,22 +4871,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3199,21 +4904,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3221,17 +4938,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3242,17 +4972,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3262,17 +5005,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3283,22 +5039,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3306,18 +5072,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", - "enterprise_team_id", - "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", + "enterprise_team_id", + "enterprise_team", "created_at", "operation_type", "actor_is_bot" @@ -3328,22 +5107,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3352,22 +5140,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3375,28 +5173,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3405,27 +5209,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -3434,25 +5246,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3461,26 +5281,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3489,21 +5316,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3512,22 +5351,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3536,25 +5385,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3563,22 +5421,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3587,21 +5457,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -3612,27 +5492,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3640,19 +5526,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -3661,22 +5559,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3684,21 +5593,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -3706,26 +5625,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -3733,31 +5658,39 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "message", - "action", - "_document_id", - "@timestamp", + "message", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3766,30 +5699,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3798,18 +5739,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -3818,22 +5772,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -3841,25 +5805,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3867,20 +5839,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -3888,17 +5871,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -3906,15 +5903,29 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -3922,15 +5933,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3939,30 +5944,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3971,18 +5984,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -3990,21 +6016,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4012,20 +6049,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4033,21 +6082,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4055,19 +6115,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4076,20 +6147,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4098,19 +6179,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4119,22 +6211,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4143,48 +6246,68 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "github_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "request_access_security_header" - ], - "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" - }, - { - "action": "github_hosted_runner.create", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "actor_id", + "user", + "user_id", "user_agent", - "request_id", "name", "runner_group_id", - "business", - "user", - "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4192,18 +6315,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4214,20 +6347,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4237,18 +6380,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -4256,18 +6411,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4275,25 +6442,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4301,25 +6478,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -4327,26 +6513,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -4355,25 +6550,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", - "repo", - "created_at", - "org", - "name", - "request_id", "actor_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", + "operation_type", + "oauth_application_id", + "hook_id" ] }, { @@ -4381,26 +6585,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -4408,21 +6621,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -4431,19 +6655,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -4451,21 +6688,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -4474,19 +6722,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -4497,20 +6759,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4520,24 +6794,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4548,23 +6833,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4575,20 +6872,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4598,19 +6908,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -4619,20 +6943,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -4642,20 +6979,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -4664,20 +7014,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -4686,20 +7049,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -4707,19 +7082,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4728,19 +7116,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4749,44 +7150,70 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "integration.transfer", + "description": "Ownership of a GitHub App was transferred to another user or organization.", + "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "application_client_id" - ], - "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" - }, - { - "action": "integration.transfer", - "description": "Ownership of a GitHub App was transferred to another user or organization.", - "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", - "fields": [ - "@timestamp", - "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -4800,17 +7227,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -4822,19 +7262,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4842,19 +7293,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4862,17 +7324,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4882,20 +7355,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -4904,19 +7386,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4924,17 +7417,28 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4944,24 +7448,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -4969,24 +7481,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ip_allow_list_entry", - "org", "operation_type", "created_at", - "active", - "action", - "@timestamp", - "business", - "business_id", - "user_agent", - "org_id", - "actor", - "actor_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "active" ] }, { @@ -4994,19 +7514,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5014,18 +7547,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5033,21 +7578,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5055,21 +7613,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5077,22 +7648,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5100,19 +7684,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -5123,21 +7720,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -5145,22 +7757,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -5168,21 +7795,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -5191,21 +7833,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -5214,22 +7871,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -5237,22 +7907,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5260,19 +7943,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5280,21 +7975,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5304,16 +8008,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5323,18 +8040,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5344,14 +8074,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -5359,19 +8105,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5379,18 +8136,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5398,23 +8167,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -5422,20 +8199,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -5446,19 +8233,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -5468,19 +8266,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -5489,18 +8298,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -5508,20 +8329,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5530,20 +8363,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5552,20 +8397,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5574,20 +8431,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "oauth_application", - "oauth_application_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5596,19 +8465,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5617,20 +8499,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5639,20 +8533,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5662,18 +8568,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -5681,19 +8600,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5702,15 +8634,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5719,24 +8668,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -5746,20 +8702,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -5770,20 +8737,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -5793,17 +8771,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5814,20 +8803,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -5836,21 +8835,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -5859,24 +8868,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5884,21 +8903,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5906,20 +8935,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5927,22 +8966,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5950,20 +8997,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5971,22 +9028,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5994,19 +9059,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6015,19 +9091,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6037,16 +9124,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6055,16 +9155,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6073,18 +9186,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -6093,19 +9219,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -6115,22 +9252,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -6138,19 +9286,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6158,23 +9317,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6182,21 +9349,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6204,62 +9381,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -6269,17 +9477,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6288,17 +9509,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6308,16 +9542,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6326,17 +9573,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6345,17 +9605,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6364,22 +9637,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -6388,17 +9669,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6409,18 +9701,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -6429,18 +9733,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6448,20 +9764,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6470,19 +9796,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6491,14 +9828,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -6507,17 +9861,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6525,19 +9892,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6545,19 +9923,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6565,19 +9954,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6586,19 +9986,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", - "org", - "org_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6607,19 +10018,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6628,17 +10052,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6647,17 +10084,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6666,18 +10116,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6685,23 +10148,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6710,17 +10182,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6730,19 +10213,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6750,19 +10244,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6771,16 +10276,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6788,17 +10306,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6806,19 +10337,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6827,18 +10370,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6848,21 +10402,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6870,21 +10433,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6892,21 +10464,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6914,18 +10496,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6934,19 +10528,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6954,20 +10560,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6976,21 +10592,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "runner_group_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7000,21 +10628,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7023,23 +10661,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7048,23 +10696,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7073,19 +10729,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7094,25 +10763,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7121,21 +10801,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7145,21 +10834,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7169,20 +10867,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7191,22 +10899,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7215,21 +10931,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7238,21 +10963,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7261,22 +10995,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7285,21 +11027,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7308,21 +11059,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7332,21 +11092,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7356,19 +11125,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7378,21 +11158,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7402,21 +11191,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7426,19 +11224,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7448,22 +11257,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7472,22 +11289,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7496,22 +11321,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7520,21 +11353,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7543,21 +11385,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7566,22 +11417,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7590,22 +11449,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7614,26 +11481,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7641,28 +11516,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7670,26 +11553,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7697,15 +11588,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7714,15 +11622,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7731,7 +11656,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7746,20 +11692,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7768,16 +11725,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7788,18 +11758,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7808,17 +11791,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7826,18 +11822,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7846,18 +11854,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "policy", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7866,18 +11887,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7886,22 +11919,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7909,19 +11952,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -7930,19 +11985,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7951,23 +12019,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7976,20 +12055,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7998,20 +12089,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8019,17 +12121,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8039,41 +12154,65 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, { "action": "org.update_saml_provider_settings", - "description": "An organization's SAML provider settings were updated.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", + "description": "An organization's SAML provider settings were updated.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8081,18 +12220,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8101,20 +12252,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8123,16 +12287,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8141,14 +12320,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8159,16 +12353,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8177,20 +12386,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8200,23 +12420,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8225,21 +12456,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8250,21 +12492,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", - "is_republished", - "actor", - "action", + "is_republished", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8273,20 +12528,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8295,17 +12564,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8316,20 +12600,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8338,19 +12636,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8358,19 +12668,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8378,18 +12700,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8397,16 +12731,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8414,18 +12762,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8433,18 +12793,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8455,18 +12828,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8477,17 +12863,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8497,19 +12896,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8517,12 +12928,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -8533,20 +12961,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8554,17 +12994,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8575,18 +13028,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8598,17 +13064,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8620,17 +13099,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8641,15 +13133,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8659,17 +13166,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8679,15 +13197,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8697,17 +13230,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8717,17 +13261,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8737,17 +13292,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8757,17 +13323,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8777,17 +13354,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -8797,17 +13387,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8815,20 +13418,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -8838,25 +13452,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -8864,20 +13490,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8885,25 +13523,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8911,17 +13561,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -8929,17 +13592,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -8947,18 +13623,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -8967,18 +13655,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -8987,19 +13687,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9007,17 +13718,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9029,22 +13753,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9052,19 +13785,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9072,17 +13816,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", - "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9090,18 +13847,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9109,20 +13879,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9130,18 +13910,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9150,18 +13942,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9170,16 +13974,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9191,21 +14008,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9213,22 +14042,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9237,54 +14076,67 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { "action": "protected_branch.create", "description": "Branch protection was enabled on a branch.", - "docs_reference_links": "N/A", - "fields": [ - "operation_type", - "repo_id", - "user_id", - "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9295,21 +14147,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9320,22 +14182,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9343,24 +14215,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9368,30 +14250,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9401,28 +14290,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9433,23 +14330,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9457,22 +14363,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9480,23 +14396,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9504,24 +14429,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9530,22 +14464,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9553,24 +14497,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9579,27 +14532,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9608,18 +14568,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9630,24 +14603,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9655,25 +14637,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9681,22 +14670,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -9704,22 +14703,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -9728,22 +14738,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -9751,25 +14771,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -9777,22 +14804,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -9800,22 +14837,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -9823,23 +14870,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -9848,24 +14906,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -9874,20 +14943,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9896,21 +14979,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "_document_id", "title", - "request_id", "key", - "action", - "actor", "read_only", "explanation", - "repo_id", - "@timestamp", - "actor_id", - "repo", - "user_agent", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -9920,22 +15016,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9944,25 +15052,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9971,23 +15089,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9996,18 +15125,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10017,21 +15160,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10040,19 +15194,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10063,23 +15230,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10089,17 +15268,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10107,19 +15300,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10127,19 +15333,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10149,21 +15368,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10172,27 +15402,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10200,23 +15437,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10225,18 +15474,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10244,19 +15507,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10266,20 +15541,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10287,18 +15573,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10306,21 +15605,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10328,20 +15639,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10350,19 +15674,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10372,22 +15710,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10396,21 +15744,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10419,25 +15776,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10446,23 +15810,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10471,24 +15843,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10497,23 +15876,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10523,22 +15910,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10547,19 +15943,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10568,24 +15977,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10594,24 +16013,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10619,24 +16046,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10644,23 +16079,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10671,103 +16115,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10775,17 +16253,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10794,15 +16285,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -10813,16 +16317,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10832,17 +16349,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10852,19 +16382,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10873,17 +16414,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10892,26 +16446,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -10920,30 +16480,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -10953,20 +16518,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10975,25 +16551,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11002,23 +16586,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11026,25 +16621,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11054,17 +16658,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -11073,23 +16690,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11099,20 +16725,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "visibility", - "repo_id", - "created_at", - "actor", - "action", - "@timestamp", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -11120,20 +16757,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", - "actor_id", - "created_at", - "user", - "operation_type", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -11142,19 +16790,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11162,20 +16821,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -11183,23 +16853,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11207,21 +16887,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11229,21 +16919,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11251,22 +16951,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11274,21 +16983,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11296,20 +17015,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11317,22 +17047,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11340,18 +17079,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11359,22 +17112,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11382,21 +17145,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11404,18 +17177,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11424,22 +17209,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11448,24 +17242,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11474,23 +17276,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11498,26 +17310,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11526,21 +17343,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11549,25 +17375,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11575,22 +17407,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", - "@timestamp", - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11599,20 +17441,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11620,19 +17473,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -11640,17 +17504,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11659,17 +17538,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11678,7 +17572,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11693,23 +17608,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -11719,20 +17643,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11743,21 +17678,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -11766,22 +17712,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -11790,21 +17746,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -11813,22 +17780,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11839,16 +17816,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -11857,22 +17845,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -11882,22 +17879,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -11906,23 +17914,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11932,19 +17950,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -11952,21 +17980,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11975,24 +18013,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" + "created_at", + "operation_type" ] }, { @@ -12000,25 +18047,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12027,24 +18081,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12053,25 +18117,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12080,22 +18152,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12104,26 +18185,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12131,31 +18220,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12164,24 +18260,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12190,24 +18292,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12216,21 +18324,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "content_type", - "repo", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12238,21 +18356,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12260,21 +18388,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12282,20 +18421,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12303,21 +18454,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12325,19 +18487,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12345,31 +18520,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12378,19 +18561,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12398,8 +18592,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12408,23 +18601,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12449,26 +18651,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12477,26 +18685,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12505,23 +18719,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12531,23 +18752,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12557,24 +18785,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12584,24 +18819,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -12610,24 +18852,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12637,23 +18886,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12663,23 +18919,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -12688,22 +18952,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12711,24 +18983,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12737,24 +19017,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12763,19 +19051,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12784,24 +19084,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12810,24 +19118,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12836,19 +19152,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12857,26 +19185,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12885,26 +19218,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12913,18 +19251,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -12933,19 +19284,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -12954,43 +19317,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -12999,28 +19386,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -13028,25 +19424,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13054,14 +19457,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -13071,26 +19488,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13099,19 +19527,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13120,20 +19559,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13142,19 +19591,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13163,14 +19623,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -13188,25 +19662,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13215,25 +19697,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -13243,45 +19733,65 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "security_key.register", "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -13289,18 +19799,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13308,16 +19830,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13327,18 +19862,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -13347,16 +19895,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13367,15 +19928,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -13385,15 +19959,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -13402,17 +19991,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13421,17 +20023,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -13440,16 +20056,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -13459,14 +20088,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -13476,17 +20120,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13495,17 +20152,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13514,18 +20184,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13534,15 +20217,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -13552,16 +20249,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13569,15 +20279,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -13588,16 +20311,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -13607,17 +20343,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -13626,17 +20375,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -13647,17 +20409,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -13668,18 +20443,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13689,16 +20475,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13708,17 +20507,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -13727,16 +20539,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -13748,17 +20573,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13767,19 +20605,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13788,21 +20639,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13811,19 +20671,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -13832,20 +20703,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13853,18 +20738,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -13872,16 +20772,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -13889,23 +20804,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13913,23 +20838,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "title", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13937,23 +20872,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13961,23 +20906,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13985,15 +20940,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -14002,15 +20972,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -14019,15 +21004,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -14036,15 +21036,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -14053,15 +21068,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14069,15 +21099,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -14086,21 +21131,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -14110,22 +21165,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -14134,20 +21198,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -14156,18 +21231,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -14177,21 +21265,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -14200,21 +21299,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -14223,80 +21332,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -14305,22 +21458,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -14329,22 +21491,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -14354,21 +21525,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -14376,21 +21557,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -14399,17 +21591,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14418,19 +21623,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -14439,28 +21655,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -14468,17 +21693,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14486,17 +21724,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14504,14 +21755,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -14520,15 +21786,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -14536,13 +21817,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14550,17 +21848,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -14568,17 +21879,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -14586,16 +21910,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14603,15 +21941,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14619,18 +21972,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -14639,18 +22004,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -14659,18 +22036,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -14679,15 +22068,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "@timestamp", - "request_id", - "_document_id", - "user_agent" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14695,16 +22099,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -14713,18 +22130,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -14733,15 +22162,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -14750,16 +22194,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -14767,19 +22224,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -14788,18 +22257,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -14807,15 +22288,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -14825,20 +22319,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -14846,18 +22351,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14865,18 +22382,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -14885,17 +22414,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -14904,16 +22446,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14921,16 +22477,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14938,16 +22508,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14955,19 +22539,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -14975,21 +22571,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -14997,20 +22605,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -15018,18 +22637,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15038,19 +22669,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -15058,18 +22700,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15077,18 +22731,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15096,18 +22762,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -15116,17 +22794,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15134,17 +22824,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15152,17 +22855,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15170,17 +22886,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15188,21 +22917,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15210,21 +22949,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -15233,17 +22982,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15251,17 +23013,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15269,17 +23044,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15287,18 +23075,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15306,16 +23106,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -15324,17 +23137,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -15343,17 +23170,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15361,18 +23201,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -15381,19 +23233,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -15401,18 +23265,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15420,38 +23296,61 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.new_device_used", + "description": "A user signed in from a new device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "user.new_device_used", - "description": "A user signed in from a new device.", - "docs_reference_links": "N/A", - "fields": [ "user", "user_id", - "actor", - "operation_type", - "created_at", "user_agent", - "actor_id", - "action", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15459,14 +23358,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15474,21 +23389,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15496,16 +23421,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -15514,20 +23452,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -15535,20 +23484,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15556,17 +23517,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15574,20 +23548,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -15595,17 +23580,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -15614,18 +23611,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -15634,18 +23643,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15653,16 +23674,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -15673,16 +23707,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -15691,18 +23737,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -15710,18 +23768,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15729,18 +23799,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15748,22 +23830,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -15771,23 +23864,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -15796,21 +23899,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -15818,18 +23931,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "actor_id", - "@timestamp", - "operation_type", - "_document_id", - "user_agent", - "actor", - "action", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15837,18 +23962,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15858,16 +23995,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15875,18 +24024,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15894,18 +24055,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -15913,17 +24086,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15931,18 +24117,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -15950,17 +24148,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -15969,19 +24180,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -15990,15 +24213,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -16007,21 +24243,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -16029,21 +24275,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16051,18 +24309,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16070,27 +24340,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16099,23 +24375,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16123,10 +24409,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16137,20 +24441,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -16159,23 +24452,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16185,10 +24486,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16200,19 +24519,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -16223,10 +24532,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16235,21 +24562,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -16259,23 +24575,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -16284,22 +24612,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16307,21 +24646,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16329,25 +24679,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16355,23 +24713,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -16385,24 +24756,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16411,10 +24791,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16424,21 +24822,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -16448,25 +24836,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.15/organization.json b/src/audit-logs/data/ghes-3.15/organization.json index 8b74fcf66745..d9be92aea738 100644 --- a/src/audit-logs/data/ghes-3.15/organization.json +++ b/src/audit-logs/data/ghes-3.15/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,39 +301,62 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.change_billing_type", "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -244,19 +365,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -265,18 +398,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -284,18 +430,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -303,20 +461,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -325,20 +494,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -349,17 +529,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,14 +559,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -384,28 +591,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -413,17 +626,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -434,25 +660,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -463,22 +698,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -490,22 +736,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -514,15 +771,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -533,15 +805,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -551,20 +836,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -572,19 +867,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -592,17 +898,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -612,27 +931,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", "org", - "owner", - "pull_request_id", - "machine_type", - "user_id", - "user", - "devcontainer_path", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -640,19 +968,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -660,18 +1001,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -680,20 +1033,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -701,21 +1064,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -723,21 +1095,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -745,13 +1129,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -761,23 +1160,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -785,16 +1191,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -803,40 +1223,59 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_assignment_reused", - "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", + "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -846,20 +1285,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -867,19 +1316,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -887,21 +1348,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -909,21 +1379,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -931,111 +1413,159 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1047,20 +1577,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1071,21 +1612,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1095,19 +1645,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1117,21 +1676,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1141,18 +1709,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1165,18 +1746,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1190,14 +1784,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1210,8 +1819,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1220,27 +1828,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1249,19 +1865,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1270,16 +1898,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1291,19 +1932,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1312,19 +1964,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1333,19 +1996,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1354,19 +2028,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1375,17 +2060,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1393,19 +2091,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1414,19 +2123,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1434,19 +2154,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1455,19 +2186,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1475,19 +2217,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1496,19 +2249,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1516,19 +2280,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1537,20 +2312,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1558,21 +2343,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1580,20 +2374,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1601,130 +2405,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1735,16 +2605,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1755,18 +2639,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1777,17 +2675,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1796,17 +2707,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1815,22 +2739,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1839,22 +2772,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1862,28 +2805,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1892,27 +2841,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1921,25 +2878,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1948,26 +2913,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1976,21 +2948,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1999,22 +2983,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2023,49 +3017,70 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", "programmatic_access_type", - "request_access_security_header" - ], - "docs_reference_titles": "Managing environments for deployment" - }, - { - "action": "environment.update_actions_variable", - "description": "A variable was updated for a GitHub Actions environment.", - "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_variable", + "description": "A variable was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2074,21 +3089,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2099,19 +3124,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2120,20 +3156,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2142,19 +3188,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2163,23 +3220,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2187,18 +3253,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2209,20 +3285,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2232,25 +3318,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2258,25 +3354,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2284,26 +3389,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2312,25 +3426,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2338,26 +3461,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2365,21 +3497,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2388,19 +3531,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2408,21 +3564,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2431,19 +3598,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2454,21 +3635,33 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", - "actor", - "created_at", "_document_id", - "repository_selection", - "integration", - "user_id", - "user", "action", - "operation_type", - "name", + "actor", "actor_id", - "user_agent", - "programmatic_access_type", - "application_client_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "repository_selection", + "integration", + "operation_type", + "name", + "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2477,24 +3670,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2505,23 +3709,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2532,21 +3748,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2557,20 +3785,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2580,20 +3820,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2603,19 +3856,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2624,20 +3891,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2647,42 +3927,68 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", - "actor_id", - "request_id", - "user_agent" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" - }, - { - "action": "integration.manager_removed", - "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", - "fields": [ - "user_agent", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "integration", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" + }, + { + "action": "integration.manager_removed", + "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", + "fields": [ + "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "integration", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2691,20 +3997,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2712,19 +4030,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2733,19 +4064,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2754,17 +4098,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2777,21 +4134,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2805,17 +4175,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2827,19 +4210,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2847,19 +4241,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2867,20 +4272,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -2889,112 +4303,228 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", "created_at", + "active" + ] + }, + { + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "_document_id" + "created_at", + "ip_allow_list_entry", + "active" ] }, { - "action": "ip_allow_list_entry.create", - "description": "An IP address was added to an IP allow list.", + "action": "issue_comment.destroy", + "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { - "action": "ip_allow_list_entry.destroy", - "description": "An IP address was deleted from an IP allow list.", + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" - ] - }, - { - "action": "ip_allow_list_entry.update", - "description": "An IP address or its description was changed.", - "docs_reference_links": "N/A", - "fields": [ + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", - "actor", - "org", - "action", - "operation_type", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.destroy", - "description": "A comment on an issue was deleted from the repository.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "org", - "repo", - "actor_id", "@timestamp", - "created_at", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3002,22 +4532,31 @@ "description": "A comment on an issue (other than the initial one) changed.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "action", - "repo_id", - "org_id", - "created_at", - "operation_type", "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3025,21 +4564,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3048,23 +4597,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3073,22 +4632,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3097,24 +4666,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "repo_id", - "actor", - "action", + "event", "created_at", - "request_id", - "repo", "operation_type", - "_document_id", "number", - "owner_type", - "@timestamp", - "user", - "user_id", - "token_scopes", - "request_access_security_header" + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3123,19 +4701,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3144,18 +4733,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3165,19 +4765,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3186,18 +4797,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3205,21 +4828,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3227,21 +4863,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3249,22 +4898,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3272,19 +4934,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3294,22 +4969,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "secondary_category", "oauth_application_id", - "@timestamp", - "action", - "user_agent", - "user_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3317,22 +5005,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3340,20 +5041,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3362,20 +5073,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3384,21 +5105,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3407,22 +5137,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3431,21 +5169,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3454,22 +5201,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3478,19 +5233,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3499,18 +5265,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "user_agent", - "actor", - "operation_type", - "org_id", - "action", - "@timestamp", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3520,21 +5297,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3545,16 +5331,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -3563,21 +5360,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3586,19 +5392,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3607,19 +5424,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3627,21 +5456,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3651,16 +5489,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3670,18 +5521,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3691,14 +5555,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -3706,19 +5586,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "org", - "org_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -3726,18 +5617,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3745,23 +5648,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3769,16 +5680,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3786,24 +5711,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3811,22 +5744,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3835,15 +5783,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -3856,21 +5817,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3879,20 +5855,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3901,20 +5889,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3923,20 +5923,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3945,20 +5957,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3967,19 +5991,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3988,20 +6025,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4010,20 +6059,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4032,19 +6093,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4053,17 +6127,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4074,20 +6159,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4096,21 +6191,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4119,24 +6224,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4144,21 +6259,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4166,20 +6291,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4187,22 +6322,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4210,20 +6353,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4231,22 +6384,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4254,19 +6415,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4275,19 +6447,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4297,53 +6480,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4353,17 +6575,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -4372,21 +6607,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -4395,16 +6641,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4413,18 +6672,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -4433,19 +6705,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -4455,22 +6738,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -4478,19 +6772,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4498,23 +6803,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4522,21 +6835,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4544,66 +6867,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -4612,21 +6964,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -4635,16 +6997,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4654,16 +7029,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4673,19 +7061,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4694,17 +7093,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4713,21 +7125,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4735,21 +7156,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4757,16 +7187,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -4776,17 +7219,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4795,17 +7251,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4815,16 +7284,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4833,17 +7315,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4852,17 +7347,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4871,22 +7379,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -4895,17 +7411,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4916,15 +7443,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4935,18 +7475,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -4955,20 +7507,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -4977,20 +7540,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4999,21 +7574,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5021,21 +7608,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5051,24 +7647,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5082,21 +7686,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5111,18 +7726,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5130,20 +7757,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5152,16 +7789,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5171,19 +7821,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5192,14 +7853,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5208,21 +7886,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5231,17 +7918,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5249,19 +7949,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5269,19 +7980,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -5289,19 +8011,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5310,17 +8043,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -5329,19 +8075,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5350,19 +8107,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -5371,21 +8141,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5394,17 +8173,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -5413,17 +8205,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -5432,18 +8237,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5451,23 +8269,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -5476,17 +8303,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5496,19 +8334,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5516,19 +8365,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5536,19 +8396,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -5558,20 +8430,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "url", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5580,18 +8463,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -5601,19 +8497,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -5622,20 +8530,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5645,16 +8564,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -5662,20 +8594,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5684,20 +8627,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5706,19 +8659,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5727,19 +8691,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5748,19 +8723,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5769,19 +8755,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "user_agent", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5790,19 +8787,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5811,20 +8820,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5833,21 +8853,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5856,18 +8886,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -5877,22 +8918,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -5900,21 +8951,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5922,21 +8982,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5944,21 +9013,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5966,18 +9045,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", - "_document_id", - "user_agent", - "request_id", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5986,19 +9077,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6006,14 +9109,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6024,14 +9141,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6042,14 +9173,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6060,20 +9205,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6082,18 +9237,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6103,19 +9269,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6124,21 +9301,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6148,21 +9337,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6171,20 +9370,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6193,23 +9403,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -6218,23 +9438,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6243,19 +9471,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -6264,25 +9505,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6291,21 +9543,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -6314,21 +9577,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6338,21 +9610,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6362,20 +9643,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6384,22 +9675,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6408,21 +9707,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6431,21 +9739,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6454,22 +9771,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6478,21 +9803,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6501,22 +9835,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6524,22 +9866,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6547,21 +9897,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6571,21 +9930,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6595,19 +9963,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6617,21 +9996,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6641,21 +10029,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6665,19 +10062,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6687,22 +10095,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6711,22 +10127,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6735,22 +10159,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6759,21 +10191,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6782,21 +10223,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6805,22 +10255,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6829,22 +10287,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6853,26 +10319,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6880,28 +10354,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6909,26 +10391,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6936,15 +10426,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -6953,15 +10460,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -6970,7 +10494,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -6985,20 +10530,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7007,16 +10563,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7027,18 +10596,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7047,17 +10629,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", - "org_id", - "operation_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7065,18 +10660,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7085,18 +10692,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7105,18 +10725,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7125,22 +10757,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7148,21 +10790,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -7171,19 +10824,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7194,15 +10858,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7212,19 +10889,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7233,20 +10923,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "created_at", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "key", + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -7255,23 +10957,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7280,20 +10993,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -7302,20 +11027,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7323,22 +11060,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7347,20 +11095,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7368,17 +11127,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7388,20 +11160,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7410,17 +11193,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -7429,17 +11225,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7450,19 +11259,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "sso_url", - "actor_id", "operation_type", - "@timestamp", "issuer", - "org", - "_document_id", - "actor", - "org_id", - "created_at", - "request_id", - "action" + "created_at" ] }, { @@ -7470,18 +11292,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -7490,18 +11324,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -7510,17 +11356,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -7529,17 +11388,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -7548,20 +11420,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -7570,16 +11455,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7588,14 +11488,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -7606,16 +11521,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7624,16 +11554,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -7642,18 +11585,29 @@ "action": "organization_moderators.add_user", "description": "N/A", "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7663,16 +11617,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -7682,20 +11649,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -7703,19 +11680,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7724,19 +11712,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7745,18 +11744,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -7766,23 +11776,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -7791,25 +11811,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -7821,25 +11848,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7850,19 +11884,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "organization_role_id", "organization_role_name", - "org", - "org_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7873,26 +11918,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -7905,20 +11957,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -7928,23 +11991,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -7953,21 +12027,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -7978,21 +12063,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8001,20 +12099,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8023,17 +12135,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8044,20 +12171,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8066,18 +12207,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8085,16 +12238,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", - "actor_id", - "@timestamp", "user_id", - "action", - "operation_type", - "actor", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8102,18 +12269,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8121,18 +12300,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8143,18 +12335,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8165,17 +12370,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8186,18 +12404,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8209,17 +12440,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8231,20 +12475,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8256,20 +12509,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8281,20 +12543,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8306,20 +12577,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8331,15 +12611,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8349,17 +12644,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8369,15 +12675,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8387,19 +12708,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8407,23 +12739,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8431,23 +12770,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8455,17 +12801,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8475,17 +12832,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8495,17 +12863,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8515,17 +12894,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8535,17 +12925,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -8555,17 +12958,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8573,20 +12989,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -8596,25 +13023,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -8622,20 +13061,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8643,25 +13094,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8669,17 +13132,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -8687,17 +13163,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -8705,18 +13194,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -8725,18 +13226,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -8745,19 +13258,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -8765,17 +13289,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -8787,22 +13324,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -8810,19 +13356,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -8830,17 +13387,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8848,18 +13418,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -8867,20 +13450,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8888,18 +13481,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -8908,18 +13513,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -8928,16 +13545,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -8949,21 +13579,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -8971,22 +13613,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -8995,29 +13647,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9025,24 +13682,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9053,21 +13718,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9078,22 +13753,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9101,24 +13786,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9126,30 +13821,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9159,28 +13861,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9191,23 +13901,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9215,22 +13934,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9238,23 +13967,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9262,24 +14000,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9288,22 +14035,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9311,24 +14068,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9337,27 +14103,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9366,18 +14139,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9388,24 +14174,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9413,25 +14208,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9439,22 +14241,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -9462,22 +14274,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -9486,22 +14309,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -9509,25 +14342,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -9535,22 +14375,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -9558,22 +14408,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -9581,23 +14441,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -9606,24 +14477,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -9632,20 +14514,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9654,21 +14550,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -9678,22 +14587,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9702,25 +14623,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9729,23 +14660,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -9754,18 +14696,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -9775,21 +14731,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -9798,19 +14765,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -9821,23 +14801,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -9847,17 +14839,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -9865,19 +14871,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -9885,19 +14904,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -9907,21 +14939,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -9930,27 +14973,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9958,23 +15008,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", - "business_id", - "org_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -9983,18 +15045,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10002,19 +15078,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10024,20 +15112,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10045,18 +15144,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10064,21 +15176,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10086,20 +15210,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10108,19 +15245,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10130,22 +15281,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10154,21 +15315,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10177,25 +15347,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10204,23 +15381,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10229,24 +15414,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10255,23 +15447,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10281,22 +15481,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10305,19 +15514,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10326,24 +15548,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10352,24 +15584,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10377,24 +15617,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10402,23 +15650,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10429,102 +15686,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -10533,19 +15824,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10553,17 +15855,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10572,15 +15887,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -10591,16 +15919,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10610,17 +15951,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo_id", - "repo", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -10630,19 +15984,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10651,17 +16016,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10670,26 +16048,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -10698,30 +16082,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -10731,20 +16120,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -10753,25 +16153,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -10780,23 +16188,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10804,25 +16223,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -10832,23 +16260,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -10858,23 +16295,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -10882,21 +16329,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -10904,21 +16361,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -10926,22 +16393,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -10949,21 +16425,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -10971,20 +16457,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10992,22 +16489,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11015,18 +16521,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11034,22 +16554,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11057,21 +16587,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11079,18 +16619,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11099,22 +16651,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11123,24 +16684,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11149,23 +16718,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11173,26 +16752,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11201,21 +16785,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11224,25 +16817,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "repo_id", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11250,22 +16849,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11274,25 +16883,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -11302,19 +16920,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -11322,17 +16951,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11341,17 +16985,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11360,7 +17019,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11375,23 +17055,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -11401,20 +17090,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11425,21 +17125,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -11448,22 +17159,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -11472,21 +17193,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -11495,22 +17227,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11521,16 +17263,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -11540,22 +17293,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -11564,23 +17328,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11590,19 +17364,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -11610,21 +17394,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11633,24 +17427,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -11658,25 +17461,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11685,24 +17495,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11711,25 +17531,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11738,22 +17566,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11762,26 +17599,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11789,31 +17634,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11822,42 +17674,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -11866,17 +17737,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11885,21 +17769,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -11907,18 +17800,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -11926,21 +17831,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -11948,17 +17862,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -11967,21 +17894,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -11989,24 +17925,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12015,24 +17957,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12041,19 +17989,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12062,21 +18021,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12085,23 +18053,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12110,24 +18085,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12136,21 +18118,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12158,21 +18150,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12180,21 +18182,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12202,20 +18215,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12223,21 +18248,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12245,19 +18281,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12265,19 +18314,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12286,20 +18346,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -12308,20 +18378,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -12329,31 +18408,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12362,19 +18449,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12382,8 +18480,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12392,23 +18489,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12433,26 +18539,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12461,26 +18573,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12489,23 +18607,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12515,23 +18640,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12541,24 +18673,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12568,24 +18707,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -12594,24 +18740,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12621,23 +18774,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12647,23 +18807,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -12672,22 +18840,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12695,24 +18871,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12720,22 +18904,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12744,24 +18937,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12770,24 +18971,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -12796,19 +19005,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12817,24 +19038,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12843,24 +19072,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -12869,19 +19106,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -12890,26 +19139,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12918,26 +19172,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -12946,28 +19205,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12975,27 +19242,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13003,28 +19278,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13032,28 +19315,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13061,20 +19352,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -13083,20 +19384,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13104,19 +19415,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13124,29 +19446,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13155,29 +19485,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13186,44 +19524,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -13234,21 +19594,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -13257,26 +19629,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -13284,21 +19664,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -13306,20 +19697,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -13328,24 +19729,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13353,26 +19761,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13380,23 +19794,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13404,23 +19825,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -13429,24 +19857,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -13455,21 +19890,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -13478,18 +19923,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13498,19 +19956,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13519,22 +19989,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -13545,23 +20026,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -13570,23 +20062,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -13597,43 +20100,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -13642,14 +20169,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -13657,35 +20198,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -13693,25 +20243,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13719,14 +20276,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -13736,26 +20307,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13764,19 +20346,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13785,20 +20378,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13807,19 +20410,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13828,14 +20442,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -13853,25 +20481,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", - "repository", - "repository_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13880,25 +20516,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -13908,37 +20552,63 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "security_configuration.create", "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -13953,15 +20623,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -13970,7 +20633,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -13978,22 +20642,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14002,22 +20677,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14026,10 +20712,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14044,15 +20748,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14060,7 +20757,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14068,15 +20766,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14086,10 +20799,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14104,15 +20835,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14121,7 +20845,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14129,16 +20854,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14148,18 +20886,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -14168,16 +20919,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14187,15 +20951,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -14207,15 +20984,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -14225,15 +21015,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -14242,17 +21047,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14261,17 +21079,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14280,16 +21112,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -14299,14 +21144,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -14316,17 +21176,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14335,17 +21208,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14354,18 +21240,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14374,15 +21273,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -14392,16 +21305,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14409,15 +21335,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -14428,16 +21367,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -14447,17 +21399,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14468,17 +21433,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14489,18 +21467,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14510,16 +21499,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14529,16 +21531,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14550,17 +21565,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14569,19 +21597,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14590,21 +21631,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14613,36 +21663,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -14653,20 +21727,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14674,18 +21762,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -14693,16 +21796,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14710,23 +21828,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14734,23 +21862,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14758,23 +21896,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14782,23 +21930,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14806,21 +21964,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -14830,22 +21998,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -14854,20 +22031,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -14876,18 +22064,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -14897,21 +22098,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -14920,21 +22132,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "user_agent", + "team", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -14943,80 +22165,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15025,19 +22291,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -15045,19 +22323,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -15065,22 +22355,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -15088,22 +22387,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15112,22 +22420,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -15135,23 +22452,33 @@ { "action": "team.remove_repository", "description": "A repository was removed from a team's control.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -15159,21 +22486,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -15182,17 +22520,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15201,19 +22552,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15222,19 +22584,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -15242,28 +22615,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -15271,16 +22653,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15290,16 +22686,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15309,18 +22719,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15330,21 +22753,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15352,21 +22787,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15374,21 +22820,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15396,16 +22853,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15415,27 +22886,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -15444,23 +22921,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15468,10 +22955,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15482,20 +22987,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -15504,23 +22998,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15530,10 +23032,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15545,19 +23065,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -15568,10 +23078,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15580,21 +23108,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -15604,23 +23121,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -15629,22 +23158,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15652,21 +23192,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -15674,25 +23225,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15700,23 +23259,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -15730,24 +23302,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -15756,10 +23337,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15769,21 +23368,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -15793,25 +23382,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.15/user.json b/src/audit-logs/data/ghes-3.15/user.json index f302c013870a..8f6a88ea4bc6 100644 --- a/src/audit-logs/data/ghes-3.15/user.json +++ b/src/audit-logs/data/ghes-3.15/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,17 +227,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -167,19 +259,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -188,18 +292,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -207,18 +324,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -226,15 +355,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -244,17 +386,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -265,20 +420,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -287,19 +454,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -308,19 +488,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -329,20 +521,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -351,19 +555,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -372,20 +588,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -394,20 +621,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -418,17 +656,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -436,14 +686,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -453,25 +718,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -482,22 +756,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -509,22 +794,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -533,15 +829,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -552,17 +863,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -572,27 +896,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -600,38 +933,63 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "owner", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "codespaces.trusted_repositories_access_update", - "description": "A personal account's access and security setting for Codespaces were updated.", - "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", "created_at", - "_document_id" + "public_repo" + ] + }, + { + "action": "codespaces.trusted_repositories_access_update", + "description": "A personal account's access and security setting for Codespaces were updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -640,23 +998,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -664,16 +1029,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -682,24 +1061,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -707,15 +1092,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -725,20 +1123,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -746,19 +1154,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -766,65 +1186,92 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" - ] - }, - { - "action": "custom_hosted_runner.create", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "runner_group_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] }, { - "action": "custom_hosted_runner.destroy", + "action": "custom_hosted_runner.create", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -834,21 +1281,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -858,19 +1314,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -879,19 +1346,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -900,19 +1378,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -921,19 +1410,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -942,17 +1442,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -960,19 +1473,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -981,39 +1505,61 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates_new_repos.disable", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1022,19 +1568,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1042,19 +1599,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1063,19 +1631,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1083,19 +1662,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1104,20 +1694,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1125,22 +1725,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1149,22 +1758,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1172,28 +1791,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "business", "business_id", - "public_repo", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1202,27 +1827,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1231,25 +1864,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1258,26 +1899,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1286,21 +1934,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1309,22 +1969,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1333,25 +2003,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1360,22 +2039,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1384,23 +2075,33 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", - "new_value", - "approvers_was", - "approvers", "programmatic_access_type", - "can_admins_bypass", - "prevent_self_review" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_value", + "approvers_was", + "approvers", + "can_admins_bypass", + "prevent_self_review" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1409,21 +2110,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1431,20 +2143,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1452,21 +2176,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1474,22 +2209,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1498,23 +2244,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1523,23 +2280,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1547,18 +2313,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1569,20 +2345,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1592,37 +2378,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", - "user_agent", - "request_access_security_header" - ] - }, - { - "action": "gpg_key.destroy", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.destroy", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1630,25 +2440,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1656,25 +2476,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -1682,26 +2511,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -1710,25 +2548,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -1736,26 +2583,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -1763,21 +2619,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -1786,41 +2653,65 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "actor_id", - "request_id", "@timestamp", - "name", - "integration", - "user", "_document_id", "action", - "operation_type", - "created_at", - "user_agent" - ] - }, - { - "action": "integration.generate_client_secret", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", "operation_type", + "created_at" + ] + }, + { + "action": "integration.generate_client_secret", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -1829,19 +2720,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -1852,20 +2757,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -1875,24 +2792,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -1903,23 +2831,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -1930,20 +2870,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -1953,19 +2906,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -1974,20 +2941,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -1997,20 +2977,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2019,20 +3012,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2041,20 +3047,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2062,19 +3080,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2083,19 +3114,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2104,17 +3148,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2127,21 +3184,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2155,17 +3225,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2177,18 +3260,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2196,43 +3291,69 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", - "user_id", - "user_agent", - "operation_type", - "created_at", - "request_id", + "action", + "actor", "actor_id", - "marketplace_listing", - "integration", - "action" - ] - }, - { + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "primary_category", + "operation_type", + "created_at", + "marketplace_listing", + "integration" + ] + }, + { "action": "marketplace_listing.change_category", "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2240,22 +3361,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2263,19 +3397,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2286,21 +3433,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2308,22 +3470,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2331,21 +3508,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2354,21 +3546,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2377,22 +3584,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2400,22 +3620,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2423,19 +3656,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2443,21 +3688,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2467,16 +3721,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2486,18 +3753,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2507,14 +3787,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2522,19 +3818,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2542,18 +3849,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2561,23 +3880,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -2585,20 +3912,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -2609,19 +3946,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -2631,19 +3979,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -2652,18 +4011,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -2671,20 +4042,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2693,20 +4076,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2715,20 +4110,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2737,20 +4144,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2759,19 +4178,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2780,20 +4212,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2802,20 +4246,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2824,19 +4280,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2845,24 +4314,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -2872,20 +4348,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -2896,21 +4383,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -2919,24 +4416,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2944,20 +4451,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -2965,22 +4482,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -2988,20 +4513,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3009,22 +4544,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3032,21 +4575,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3054,26 +4606,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3081,28 +4641,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3110,26 +4678,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3137,20 +4713,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3159,16 +4746,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3179,18 +4779,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3199,18 +4812,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3219,18 +4844,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3239,18 +4877,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3260,20 +4910,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3281,17 +4942,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3301,20 +4975,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3323,20 +5008,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3345,17 +5044,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3366,20 +5080,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3388,19 +5116,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3408,19 +5148,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3428,18 +5180,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3447,16 +5211,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3464,18 +5242,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3483,18 +5273,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3505,18 +5308,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3527,17 +5343,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3547,19 +5376,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3567,12 +5408,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -3583,20 +5441,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3604,17 +5474,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3625,18 +5508,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3648,17 +5544,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3670,17 +5579,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3691,15 +5613,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3709,17 +5646,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -3729,15 +5677,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3747,17 +5710,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3767,17 +5741,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3787,17 +5772,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3807,17 +5803,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3827,17 +5834,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", - "request_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -3847,17 +5867,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3865,20 +5898,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -3888,25 +5932,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -3914,20 +5970,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3935,25 +6003,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3961,17 +6041,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -3979,17 +6072,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -3997,18 +6103,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4017,18 +6135,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -4037,19 +6167,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -4057,17 +6198,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4079,22 +6233,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4102,19 +6265,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4122,17 +6296,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4140,18 +6327,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4159,20 +6359,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4180,18 +6390,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4200,18 +6422,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4220,17 +6454,30 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", "operation_type", "project_kind", "project_name" @@ -4241,21 +6488,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4263,18 +6522,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4285,23 +6557,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4310,24 +6593,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4336,20 +6630,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4358,21 +6666,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4382,22 +6703,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4406,25 +6739,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4433,23 +6776,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4458,22 +6812,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -4482,21 +6846,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -4505,25 +6878,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -4532,23 +6912,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -4557,24 +6945,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -4583,23 +6978,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -4609,22 +7012,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -4633,19 +7045,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -4654,24 +7079,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -4680,23 +7115,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4707,17 +7151,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4726,15 +7183,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -4745,16 +7215,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4764,17 +7247,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4784,19 +7280,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4805,17 +7312,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4824,26 +7344,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -4852,30 +7378,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ - "repo", - "user_id", - "visibility", - "repo_id", - "user", - "request_id", - "actor_id", - "action", - "operation_type", - "request_category", "@timestamp", - "created_at", "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "oauth_application_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "request_category", + "created_at", + "oauth_application_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -4885,20 +7416,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -4907,25 +7449,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4934,23 +7484,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -4958,25 +7519,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -4986,23 +7556,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5010,21 +7590,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5032,21 +7622,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5054,22 +7654,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5077,21 +7686,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5099,20 +7718,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5120,22 +7750,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5143,18 +7782,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5162,22 +7815,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5185,21 +7848,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5207,18 +7880,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5227,22 +7912,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5251,49 +7945,67 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", - "repo", - "repo_id", - "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ], - "docs_reference_titles": "Store information in variables" - }, - { + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { "action": "repo.remove_integration_secret", "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5301,26 +8013,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5329,21 +8046,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5352,25 +8078,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5378,22 +8110,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5402,19 +8144,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5422,23 +8175,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -5448,20 +8210,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5472,21 +8245,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -5495,22 +8279,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -5519,21 +8313,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -5542,22 +8347,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -5568,16 +8383,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5586,22 +8412,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -5611,22 +8446,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -5635,23 +8481,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5661,19 +8517,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -5681,22 +8547,32 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" - ], + "user_agent", + "operation_type", + "created_at", + "visibility" + ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, { @@ -5704,24 +8580,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5729,25 +8614,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5756,24 +8648,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5782,25 +8684,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5809,22 +8719,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5833,26 +8752,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5860,31 +8787,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5893,21 +8827,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -5915,21 +8859,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -5937,21 +8891,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -5959,20 +8924,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -5980,21 +8957,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -6002,19 +8990,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6022,31 +9023,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6055,19 +9064,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6075,8 +9095,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6085,23 +9104,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6126,18 +9154,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6145,18 +9185,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6164,16 +9216,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6183,18 +9248,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6203,16 +9281,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6223,15 +9314,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6241,15 +9345,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6258,17 +9377,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6277,17 +9409,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6296,16 +9442,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6315,14 +9474,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6332,36 +9506,62 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", - "user", - "operation_type", - "@timestamp", - "created_at", "actor_id", - "_document_id" - ], - "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" - }, - { + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { "action": "sponsors.sponsored_developer_create", "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6370,18 +9570,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6390,15 +9603,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -6408,16 +9635,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6425,15 +9665,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -6444,16 +9697,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -6463,17 +9729,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -6482,17 +9761,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6503,17 +9795,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6524,18 +9829,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6545,16 +9861,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6564,17 +9893,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6583,16 +9925,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6602,23 +9957,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6626,23 +9991,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6650,23 +10025,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6674,23 +10059,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6698,15 +10093,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6715,32 +10125,62 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" - }, - { - "action": "successor_invitation.create", - "description": "Triggered when you create a succession invitation.", - "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", - "fields": [ - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.create", + "description": "Triggered when you create a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6749,15 +10189,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6766,15 +10221,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6782,15 +10252,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6799,17 +10284,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6817,17 +10315,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6835,14 +10346,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -6851,15 +10377,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -6867,13 +10408,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6881,17 +10439,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -6899,17 +10470,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -6917,16 +10501,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6934,15 +10532,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6950,18 +10563,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -6970,18 +10595,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -6990,18 +10627,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7010,15 +10659,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7026,16 +10690,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -7044,18 +10721,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7064,15 +10753,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "operation_type", - "user_id", - "user", - "user_agent", - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7081,16 +10785,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7098,19 +10815,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7119,18 +10848,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7138,15 +10879,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7156,20 +10910,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7177,18 +10942,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7196,18 +10973,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7216,17 +11005,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7235,19 +11037,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7255,21 +11069,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7277,20 +11103,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7298,18 +11135,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7318,19 +11167,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7338,18 +11198,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7357,18 +11229,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7376,18 +11260,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -7396,17 +11292,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7414,17 +11322,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7432,35 +11353,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, { "action": "user.disable_sockpuppet_disallowed", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7468,21 +11415,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7490,21 +11447,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -7513,17 +11480,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7531,17 +11511,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7549,17 +11542,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7567,18 +11573,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7586,17 +11604,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -7605,17 +11637,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7623,18 +11668,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7643,19 +11700,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -7663,18 +11732,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7682,18 +11763,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7701,21 +11794,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7723,16 +11826,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -7741,20 +11857,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -7762,20 +11889,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7783,20 +11922,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -7804,18 +11954,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7823,16 +11985,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7843,16 +12018,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7861,18 +12048,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -7880,18 +12079,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7899,22 +12110,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7922,23 +12144,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -7947,21 +12179,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -7969,18 +12211,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7988,18 +12242,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8009,35 +12275,59 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", - "actor_id", - "user", - "actor", - "user_agent", - "request_id", "action", - "created_at", - "request_access_security_header" - ] - }, + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, { "action": "user.two_factor_recover", "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8045,18 +12335,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8064,17 +12366,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8082,18 +12397,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8101,17 +12428,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8120,19 +12460,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8140,21 +12492,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8162,21 +12524,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8184,46 +12558,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8232,23 +12624,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8256,23 +12658,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8282,23 +12692,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8307,22 +12729,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8330,21 +12763,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -8352,25 +12796,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8378,24 +12830,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8404,25 +12865,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json index aa9ef721b364..ba6d85fc78da 100644 --- a/src/audit-logs/data/ghes-3.16/enterprise.json +++ b/src/audit-logs/data/ghes-3.16/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,17 +413,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -299,19 +445,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -320,18 +478,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -339,18 +510,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -358,15 +541,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -376,22 +572,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -400,22 +605,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -423,20 +638,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -445,17 +670,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -466,21 +702,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -489,17 +735,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -510,17 +767,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -531,21 +799,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -554,20 +832,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -576,20 +866,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -597,17 +899,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -619,21 +932,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -642,18 +965,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -662,17 +998,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -682,19 +1031,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -703,21 +1065,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -725,21 +1099,33 @@ "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" }, @@ -748,19 +1134,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -768,17 +1166,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -788,17 +1197,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -808,17 +1228,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -828,18 +1261,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -847,17 +1292,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -868,18 +1324,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "name" ] }, { @@ -887,15 +1356,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -905,17 +1387,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -926,18 +1419,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -945,20 +1451,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -966,20 +1483,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -987,20 +1515,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -1008,20 +1547,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1030,20 +1580,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1051,18 +1612,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1070,20 +1644,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1091,17 +1676,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1112,17 +1708,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1133,20 +1740,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1155,17 +1772,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1175,20 +1803,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1196,17 +1834,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1217,20 +1866,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1239,17 +1898,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1259,17 +1929,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1280,17 +1961,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1301,17 +1993,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1322,17 +2025,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1343,17 +2057,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1365,17 +2090,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1387,17 +2123,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1408,17 +2155,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1429,17 +2187,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1450,17 +2219,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1471,17 +2251,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1492,17 +2283,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1513,17 +2315,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1534,20 +2347,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1555,26 +2380,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1582,24 +2417,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1607,26 +2452,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1634,20 +2489,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1658,17 +2524,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1679,20 +2558,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1701,19 +2592,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1722,41 +2626,65 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" - }, - { + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { "action": "business.set_fork_pr_workflows_policy", "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1765,19 +2693,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1786,20 +2726,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -1807,18 +2759,31 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "updated_github_owned_allowed", "updated_verified_allowed", "updated_patterns", @@ -1833,20 +2798,33 @@ "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1855,19 +2833,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1877,19 +2868,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1898,20 +2902,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -1920,20 +2935,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -1944,17 +2970,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1962,138 +3000,230 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" + "user_agent", + "alert_number", + "alert_numbers" ], - "docs_reference_titles": "/search-github/github-code-search" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2103,25 +3233,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", - "repository", - "pull_request_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner", - "name", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", - "token_scopes", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "public_repo", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2132,22 +3271,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2159,22 +3309,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -2183,15 +3344,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -2202,17 +3378,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2222,27 +3411,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2250,19 +3448,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -2270,18 +3481,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2290,23 +3513,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2314,16 +3544,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2332,24 +3576,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2357,15 +3607,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2375,20 +3638,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2396,19 +3669,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2416,21 +3701,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2438,21 +3732,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2462,19 +3765,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2484,21 +3796,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2508,18 +3829,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2532,18 +3866,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "property_name", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", "value_type", "required", "default_value", @@ -2557,14 +3904,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -2577,8 +3939,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2587,27 +3948,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2616,19 +3985,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2637,16 +4018,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -2658,19 +4052,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2679,19 +4084,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2700,19 +4116,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2721,19 +4148,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2742,17 +4180,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2760,19 +4211,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2781,19 +4243,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2801,19 +4274,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2822,19 +4306,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2842,19 +4337,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2863,19 +4369,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2883,19 +4400,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2904,128 +4432,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", - "fields": [ - "actor_id", - "action", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3036,16 +4631,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3056,18 +4665,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3078,23 +4701,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -3103,19 +4734,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3124,18 +4769,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3144,18 +4804,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", - "request_id", - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3164,18 +4839,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3184,18 +4874,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -3204,20 +4906,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -3226,18 +4938,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3247,18 +4972,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3267,20 +5005,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3289,19 +5040,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3310,19 +5073,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -3331,40 +5107,70 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "runner_group_name", - "runner_group_allow_public", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "runner_group_restricted_to_workflows", - "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" - ], - "docs_reference_titles": "Managing access to self-hosted runners using groups" - }, - { + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "runner_group_name", + "runner_group_allow_public", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { "action": "enterprise.self_hosted_runner_offline", "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3373,14 +5179,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3389,18 +5213,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3409,22 +5251,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3432,21 +5284,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3454,17 +5318,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3475,17 +5352,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3495,17 +5385,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3516,22 +5419,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3539,18 +5452,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3561,22 +5487,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3585,22 +5520,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3608,28 +5553,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3638,27 +5589,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -3667,25 +5626,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3694,26 +5661,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3722,21 +5696,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3745,22 +5731,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3769,25 +5765,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3796,22 +5801,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3820,21 +5837,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -3845,27 +5872,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3873,19 +5906,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -3894,22 +5939,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -3917,21 +5973,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -3939,26 +6005,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -3966,15 +6038,29 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -3982,15 +6068,9 @@ "url_path", "scim_group_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -3999,30 +6079,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4031,18 +6119,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -4051,22 +6152,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -4074,25 +6185,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4100,20 +6219,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -4121,17 +6251,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4139,15 +6283,29 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4155,15 +6313,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4172,30 +6324,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4204,18 +6364,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4223,21 +6396,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4245,20 +6429,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4266,21 +6462,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4288,19 +6495,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4309,20 +6527,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4331,19 +6559,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4352,22 +6591,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4376,23 +6626,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4401,23 +6662,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4425,18 +6695,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4447,20 +6727,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4470,18 +6760,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -4489,18 +6791,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4508,25 +6822,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4534,25 +6858,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -4560,26 +6893,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -4588,25 +6930,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -4614,26 +6965,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -4641,21 +7001,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -4664,19 +7035,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -4684,21 +7068,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -4707,19 +7102,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -4730,20 +7139,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4753,24 +7174,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4781,23 +7213,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4808,42 +7252,69 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", - "request_id", - "name", - "repository_selection", - "actor_id", - "integration", - "user", - "user_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "request_access_security_header", - "application_client_id" - ], - "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" - }, - { - "action": "integration_installation.unsuspend", - "description": "A GitHub App was unsuspended.", - "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", - "fields": [ - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", + "operation_type", + "created_at", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "repository_selection", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -4852,20 +7323,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -4875,20 +7359,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -4897,20 +7394,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -4919,20 +7429,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -4940,19 +7462,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4961,19 +7496,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -4982,19 +7530,32 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", "application_client_id" ], "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" @@ -5005,21 +7566,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -5033,17 +7607,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5055,19 +7642,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5075,19 +7673,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5095,17 +7704,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5115,20 +7735,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -5137,19 +7766,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5157,17 +7797,28 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5177,24 +7828,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -5202,24 +7861,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -5227,19 +7894,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5247,18 +7927,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5266,21 +7958,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5288,21 +7993,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5310,22 +8028,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5333,19 +8064,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -5356,21 +8100,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -5378,22 +8137,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -5401,21 +8175,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", - "_document_id", - "request_id", - "description", - "yearly_price_in_cents", "@timestamp", - "created_at", + "_document_id", + "action", + "actor", "actor_id", - "bullets", - "has_free_trial", - "marketplace_listing", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "marketplace_listing_plan", + "description", + "yearly_price_in_cents", + "created_at", + "bullets", + "has_free_trial", + "marketplace_listing", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -5424,21 +8213,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -5447,22 +8251,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -5470,22 +8287,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5493,19 +8323,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5513,21 +8355,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5537,16 +8388,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5556,18 +8420,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5577,53 +8454,92 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", - "operation_type", - "created_at", - "request_access_security_header" - ] - }, - { - "action": "metered_billing_configuration.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { - "action": "metered_billing_configuration.update", + "action": "metered_billing_configuration.destroy", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5631,23 +8547,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -5655,20 +8579,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -5679,19 +8613,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -5701,19 +8646,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -5722,18 +8678,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -5741,20 +8709,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5763,20 +8743,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5785,20 +8777,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", - "user", - "user_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5807,20 +8811,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5829,19 +8845,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5850,20 +8879,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5872,20 +8913,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5895,18 +8948,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -5914,19 +8980,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5935,15 +9014,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5952,24 +9048,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -5979,20 +9082,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", - "_document_id", - "request_id", - "operation_type", "@timestamp", - "actor", - "created_at", - "explanation", - "user", - "user_id", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", "actor_is_bot", "oauth_application_name" ], @@ -6003,20 +9117,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6026,17 +9151,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6047,20 +9183,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -6069,21 +9215,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -6092,24 +9248,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6117,21 +9283,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6139,20 +9315,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6160,22 +9346,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6183,43 +9377,61 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes" - ] + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] }, { "action": "org.advanced_security_enabled_on_all_repos", "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6227,19 +9439,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6248,19 +9471,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6270,16 +9504,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6288,16 +9535,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6306,18 +9566,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -6326,19 +9599,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -6348,22 +9632,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -6371,19 +9666,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6391,23 +9697,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6415,21 +9729,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6437,23 +9761,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6461,23 +9793,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6485,62 +9825,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -6550,17 +9921,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6569,17 +9953,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6589,16 +9986,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6607,17 +10017,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6626,17 +10049,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6645,22 +10081,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -6669,17 +10113,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6690,18 +10145,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -6710,18 +10177,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6729,20 +10208,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6751,19 +10240,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6772,14 +10272,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -6788,17 +10305,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6806,19 +10336,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6826,19 +10367,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6846,19 +10398,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6867,19 +10430,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6888,19 +10462,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6909,17 +10496,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6928,17 +10528,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6947,18 +10560,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6966,23 +10592,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6991,59 +10626,92 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "org.members_can_update_protected_branches.disable", - "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", + "user_agent", "created_at", - "_document_id" + "operation_type" ] }, { - "action": "org.members_can_update_protected_branches.enable", - "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", + "action": "org.members_can_update_protected_branches.disable", + "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", - "actor_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", + "created_at" + ] + }, + { + "action": "org.members_can_update_protected_branches.enable", + "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7052,16 +10720,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -7069,17 +10750,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7087,19 +10781,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -7108,18 +10814,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -7129,21 +10846,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7151,21 +10877,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7173,40 +10908,62 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", - "org", - "team", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "programmatic_access_type" - ] - }, - { - "action": "org.remove_self_hosted_runner", - "description": "A self-hosted runner was removed.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", - "fields": [ - "operation_type", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", + "fields": [ "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -7215,19 +10972,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -7235,20 +11004,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -7257,21 +11036,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7281,21 +11072,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7304,23 +11105,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7329,23 +11140,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7354,19 +11173,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7375,25 +11207,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "runner_group_name", - "runner_group_allow_public", - "org", - "org_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "runner_group_name", + "runner_group_allow_public", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7402,21 +11245,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7426,21 +11278,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7450,20 +11311,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7472,22 +11343,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7496,21 +11375,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7519,21 +11407,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7542,22 +11439,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7566,21 +11471,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7589,21 +11503,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7613,21 +11536,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7637,19 +11569,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7659,21 +11602,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7683,21 +11635,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7707,19 +11668,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7729,22 +11701,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7753,22 +11733,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7777,22 +11765,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7801,21 +11797,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7824,21 +11829,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", - "business_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7847,22 +11861,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7871,22 +11893,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7895,26 +11925,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7923,26 +11962,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7950,28 +11997,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7979,26 +12034,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8006,15 +12069,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8023,15 +12103,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8040,7 +12137,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -8055,20 +12173,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "policy", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -8077,16 +12206,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -8097,18 +12239,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -8117,17 +12272,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8135,18 +12303,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8155,18 +12335,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8175,18 +12368,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8195,22 +12400,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8218,19 +12433,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -8239,44 +12466,68 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" - ], - "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" - }, - { - "action": "org.update_actions_settings", - "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", - "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", - "fields": [ - "user_agent", - "request_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" + }, + { + "action": "org.update_actions_settings", + "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8285,20 +12536,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8307,20 +12570,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8328,17 +12602,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8348,20 +12635,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8370,19 +12668,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8390,18 +12701,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8410,20 +12733,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8432,32 +12768,62 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", - "user_agent", - "actor" - ], - "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" - }, - { - "action": "organization_domain.destroy", - "description": "A domain was removed from an organization.", - "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", - "fields": [ - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "domain_name", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" + }, + { + "action": "organization_domain.destroy", + "description": "A domain was removed from an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", + "fields": [ "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8468,16 +12834,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8486,20 +12867,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8509,23 +12901,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8534,21 +12937,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8559,21 +12973,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8582,20 +13009,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8604,17 +13045,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8625,20 +13081,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8647,19 +13117,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8667,19 +13149,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8687,18 +13181,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8706,16 +13212,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8723,18 +13243,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8742,18 +13274,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8764,18 +13309,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8786,17 +13344,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8806,19 +13377,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8826,36 +13409,65 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", - "user", - "user_id", - "action", - "_document_id", "@timestamp", - "created_at", - "operation_type" - ], - "docs_reference_titles": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users" - }, - { - "action": "personal_access_token.destroy", - "description": "Triggered when you delete a fine-grained personal access token.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "explanation", - "action", - "_document_id", + "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users" + }, + { + "action": "personal_access_token.destroy", + "description": "Triggered when you delete a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "explanation", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8863,23 +13475,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8887,21 +13510,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8909,17 +13543,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8930,18 +13577,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8953,17 +13613,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8975,17 +13648,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8996,15 +13682,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9014,35 +13715,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "premium_runner.update", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9052,17 +13779,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9072,17 +13810,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9092,17 +13841,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9112,17 +13872,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9132,17 +13903,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9152,17 +13936,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9170,20 +13967,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9193,25 +14001,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9219,20 +14039,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9240,25 +14072,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9266,17 +14110,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9284,17 +14141,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9302,18 +14172,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9322,18 +14204,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9342,19 +14236,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9362,17 +14267,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9384,79 +14302,125 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" - ] - }, - { - "action": "project.unlink", - "description": "A repository was unlinked from a project board.", - "docs_reference_links": "N/A", - "fields": [ + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "actor", - "action", - "created_at", - "actor_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "created_at", + "old_name", + "operation_type" ] }, { - "action": "project.update_org_permission", - "description": "The project's base-level permission for all organization members was changed or removed.", + "action": "project.unlink", + "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { - "action": "project.update_team_permission", - "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "action": "project.update_org_permission", + "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "team", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_team_permission", + "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9464,20 +14428,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9485,18 +14459,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9505,18 +14491,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9525,16 +14523,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9546,21 +14557,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9568,22 +14591,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9592,29 +14625,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "authorized_actors", - "policy", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "authorized_actors", + "policy", + "public_repo", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9622,24 +14660,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9650,21 +14696,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9675,22 +14731,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9698,24 +14764,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9723,30 +14799,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9756,28 +14839,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9788,23 +14879,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9812,46 +14912,65 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", - "repo_id", - "request_access_security_header" - ] - }, + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" + ] + }, { "action": "protected_branch.update_allow_force_pushes_enforcement_level", "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9859,24 +14978,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9885,22 +15013,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9908,24 +15046,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9934,27 +15081,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9963,18 +15117,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9985,24 +15152,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10010,48 +15186,65 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", - "token_scopes", - "programmatic_access_type" - ] + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" + ] }, { "action": "protected_branch.update_require_code_owner_review", "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10059,22 +15252,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10083,22 +15287,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10106,25 +15320,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10132,22 +15353,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10155,22 +15386,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10178,23 +15419,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10203,24 +15455,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10229,20 +15492,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", - "request_id", - "title", - "key", - "fingerprint", - "read_only", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "title", + "key", + "fingerprint", + "read_only", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10251,21 +15528,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10275,22 +15565,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10299,25 +15601,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10326,23 +15638,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10351,18 +15674,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10372,21 +15709,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10395,19 +15743,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10418,23 +15779,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10444,17 +15817,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10462,19 +15849,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10482,19 +15882,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10504,21 +15917,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10527,27 +15951,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10555,23 +15986,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10580,18 +16023,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10599,19 +16056,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10621,20 +16090,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10642,18 +16122,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10661,21 +16154,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10683,20 +16188,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10705,19 +16223,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10727,22 +16259,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10751,21 +16293,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10774,25 +16325,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10801,23 +16359,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10826,24 +16392,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10852,23 +16425,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10878,22 +16459,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10902,19 +16492,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10923,24 +16526,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10949,24 +16562,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10974,24 +16595,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10999,24 +16628,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11024,24 +16661,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11049,23 +16694,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11076,103 +16730,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11180,17 +16868,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11199,15 +16900,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11218,16 +16932,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11237,17 +16964,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11257,19 +16997,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11278,45 +17029,64 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" - }, - { - "action": "repo.configure_self_hosted_jit_runner", - "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11325,30 +17095,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11358,20 +17133,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11380,25 +17166,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11407,23 +17201,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11431,25 +17236,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11459,17 +17273,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -11478,46 +17305,66 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo", - "token_scopes", "programmatic_access_type", - "actor_is_bot" - ], - "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" - }, - { - "action": "repo.hide_from_discovery", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "actor_id", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "operation_type", "visibility", - "repo_id", "created_at", - "actor", - "action", + "operation_type", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" + }, + { + "action": "repo.hide_from_discovery", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -11525,20 +17372,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", - "actor_id", - "created_at", - "user", - "operation_type", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -11547,19 +17405,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11567,20 +17436,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -11588,23 +17468,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11612,21 +17502,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11634,21 +17534,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11656,22 +17566,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11679,21 +17598,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11701,20 +17630,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11722,22 +17662,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11745,18 +17694,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11764,22 +17727,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11787,21 +17760,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11809,18 +17792,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11829,22 +17824,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11853,24 +17857,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11879,23 +17891,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11903,26 +17925,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11931,21 +17958,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11954,25 +17990,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11980,22 +18022,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12004,20 +18056,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12025,19 +18088,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12045,17 +18119,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12064,26 +18153,62 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "runner_id", - "runner_name", - "action", + "@timestamp", "_document_id", - "operation_type", - "created_at", - "@timestamp" - ], - "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" - }, - { - "action": "repo.self_hosted_runner_updated", - "description": "The runner application was updated. This event is not included in the JSON/CSV export.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "repo.self_hosted_runner_updated", + "description": "The runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12098,23 +18223,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12124,20 +18258,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12148,21 +18293,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12171,22 +18327,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12195,21 +18361,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12218,22 +18395,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12244,16 +18431,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12262,22 +18460,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -12287,22 +18494,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12311,23 +18529,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12337,19 +18565,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12357,21 +18595,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12380,24 +18628,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12405,25 +18662,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12432,24 +18696,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12458,25 +18732,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12485,22 +18767,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", - "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -12509,26 +18800,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12536,31 +18835,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12569,24 +18875,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12595,24 +18907,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12621,21 +18939,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12643,21 +18971,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12665,21 +19003,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12687,20 +19036,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12708,21 +19069,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12730,19 +19102,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12750,31 +19135,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12783,19 +19176,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12803,8 +19207,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12813,23 +19216,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12854,26 +19266,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12882,26 +19300,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12910,23 +19334,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12936,23 +19367,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12962,24 +19400,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12989,24 +19434,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13015,24 +19467,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13042,23 +19501,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13068,23 +19534,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13093,22 +19567,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13116,24 +19598,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13142,24 +19632,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13168,19 +19666,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13189,24 +19699,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13215,24 +19733,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13241,19 +19767,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13262,26 +19800,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13290,26 +19833,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13318,28 +19866,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13347,27 +19903,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13375,28 +19939,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13404,28 +19976,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "security_configuration_id", - "security_configuration_name", - "repository_security_configuration_state", - "repository_security_configuration_failure_reason", - "repo", - "repo_id", - "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -13433,29 +20013,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13464,29 +20052,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13495,44 +20091,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -13543,21 +20161,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -13566,26 +20196,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -13593,21 +20231,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -13615,21 +20264,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "alert_number", - "ghsa_id", - "created_at", - "active", + "@timestamp", + "_document_id", "action", - "repository_id", - "repo", - "repo_id", - "public_repo", - "owner", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "created_at", + "active", + "public_repo", + "owner", "operation_type" ] }, @@ -13638,20 +20301,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -13660,24 +20333,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13685,26 +20365,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13712,23 +20398,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13736,23 +20429,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -13761,18 +20461,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13781,19 +20494,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13802,43 +20527,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -13847,28 +20596,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -13876,25 +20634,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13902,14 +20667,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -13919,26 +20698,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13947,19 +20737,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -13968,20 +20769,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -13990,19 +20801,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14011,14 +20833,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14036,25 +20872,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14063,25 +20907,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -14091,37 +20943,63 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "security_configuration.create", "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14136,15 +21014,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14153,7 +21024,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14161,22 +21033,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14185,22 +21068,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14209,10 +21103,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14227,15 +21139,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14243,7 +21148,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14251,15 +21157,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14269,10 +21190,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14287,15 +21226,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14304,7 +21236,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14312,18 +21245,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -14331,18 +21276,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14350,16 +21307,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14369,18 +21339,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -14389,16 +21372,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14409,15 +21405,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -14427,15 +21436,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -14444,17 +21468,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14463,17 +21500,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14482,16 +21533,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -14501,14 +21565,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -14518,17 +21597,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", - "user", - "operation_type", - "@timestamp", - "created_at", "actor_id", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14537,17 +21629,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14556,18 +21661,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14576,15 +21694,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -14594,16 +21726,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14611,15 +21756,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -14630,16 +21788,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -14649,17 +21820,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -14668,17 +21852,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14689,17 +21886,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14710,18 +21920,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "sponsors_listing_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", "created_at", "operation_type" ] @@ -14731,16 +21952,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14750,17 +21984,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14769,16 +22016,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14790,17 +22050,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14809,19 +22082,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14830,21 +22116,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14853,19 +22148,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -14874,20 +22180,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14895,18 +22215,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -14914,16 +22249,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14931,23 +22281,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14955,23 +22315,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14979,23 +22349,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15003,23 +22383,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15027,15 +22417,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15044,15 +22449,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15061,15 +22481,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15078,15 +22513,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15095,15 +22545,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15111,15 +22576,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15128,21 +22608,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -15152,22 +22642,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -15176,20 +22675,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -15198,18 +22708,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -15219,21 +22742,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -15242,21 +22776,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -15265,80 +22809,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", - "request_id", - "created_at", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15347,22 +22935,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15371,22 +22968,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -15396,21 +23002,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -15418,21 +23034,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -15441,17 +23068,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15460,19 +23100,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15481,28 +23132,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", - "operation_type", - "created_at", - "user_agent", - "permission", - "new_repo_permission", - "new_repo_base_role", - "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", + "operation_type", + "created_at", + "permission", + "new_repo_permission", + "new_repo_base_role", + "old_repo_permission", + "old_repo_base_role" ] }, { @@ -15510,17 +23170,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15528,17 +23201,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15546,14 +23232,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -15562,15 +23263,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -15578,13 +23294,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15592,17 +23325,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -15610,17 +23356,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -15628,16 +23387,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15645,15 +23418,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15661,18 +23449,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -15681,18 +23481,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -15701,18 +23513,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -15721,15 +23545,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15737,16 +23576,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -15755,18 +23607,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -15775,15 +23639,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -15792,16 +23671,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -15809,19 +23701,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -15830,18 +23734,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -15849,15 +23765,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -15867,20 +23796,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -15888,18 +23828,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15907,18 +23859,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -15927,17 +23891,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -15946,16 +23923,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15963,16 +23954,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15980,16 +23985,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15997,62 +24016,97 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", - "actor", - "actor_id", "action", - "programmatic_access_type" - ] - }, - { - "action": "user.create_integration_secret", - "description": "A user secret for Codespaces was created.", - "docs_reference_links": "N/A", - "fields": [ "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "visibility", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", + "user_agent", + "email", "operation_type", - "request_access_security_header" + "created_at" ] }, { - "action": "user.creation_rate_limit_exceeded", - "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", + "action": "user.create_integration_secret", + "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.creation_rate_limit_exceeded", + "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -16060,18 +24114,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16080,19 +24146,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -16100,18 +24177,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16119,18 +24208,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16138,18 +24239,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -16158,17 +24271,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16176,17 +24301,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16194,35 +24332,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, - { - "action": "user.disable_sockpuppet_disallowed", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_sockpuppet_disallowed", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16230,21 +24394,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16252,21 +24426,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -16275,17 +24459,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16293,17 +24490,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16311,17 +24521,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16329,18 +24552,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16348,16 +24583,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -16366,17 +24614,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -16385,36 +24647,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", - "operation_type", - "request_id" - ] - }, + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, { "action": "user.hide_private_contributions_count", "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -16423,19 +24710,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -16443,18 +24742,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16462,19 +24773,30 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", - "user", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16482,18 +24804,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16501,14 +24835,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16516,21 +24866,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16538,16 +24898,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -16556,20 +24929,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -16577,20 +24961,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16598,17 +24994,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16616,20 +25025,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -16637,17 +25057,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -16656,18 +25088,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -16676,18 +25120,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16695,16 +25151,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -16715,16 +25184,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -16733,18 +25214,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -16752,18 +25245,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16771,18 +25276,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16790,22 +25307,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -16813,23 +25341,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -16838,21 +25376,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -16860,18 +25408,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16879,18 +25439,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16900,16 +25472,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -16917,18 +25501,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16936,18 +25532,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -16955,17 +25563,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16973,18 +25594,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", - "actor", - "user_id", - "action", - "created_at", - "user", - "operation_type", "@timestamp", - "request_id", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16992,17 +25625,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -17011,19 +25657,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -17032,15 +25690,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -17049,21 +25720,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -17071,21 +25752,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17093,18 +25786,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17112,16 +25817,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17131,16 +25850,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17150,18 +25883,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17171,21 +25917,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17193,21 +25951,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17215,21 +25984,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17237,16 +26017,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17256,27 +26050,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17285,23 +26085,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17309,10 +26119,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17323,20 +26151,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17345,23 +26162,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17371,10 +26196,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17386,19 +26229,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17409,10 +26242,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17421,21 +26272,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17445,23 +26285,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -17470,22 +26322,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17493,21 +26356,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -17515,25 +26389,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17541,23 +26423,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -17571,24 +26466,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17597,10 +26501,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17610,21 +26532,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -17634,25 +26546,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.16/organization.json b/src/audit-logs/data/ghes-3.16/organization.json index 674b5f0acc7d..7c945881903c 100644 --- a/src/audit-logs/data/ghes-3.16/organization.json +++ b/src/audit-logs/data/ghes-3.16/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,39 +301,62 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.change_billing_type", "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -244,19 +365,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -265,18 +398,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -284,18 +430,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -303,20 +461,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -325,20 +494,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -349,17 +529,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,121 +559,230 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -491,28 +792,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -520,17 +827,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -541,25 +861,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -570,22 +899,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -597,22 +937,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "repository_id", - "repository", - "pull_request_id", - "owner", - "name", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "token_scopes", - "programmatic_access_type" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -621,15 +972,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -640,15 +1006,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -658,20 +1037,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -679,19 +1068,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -699,17 +1099,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -719,27 +1132,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -747,19 +1169,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -767,18 +1202,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -787,42 +1234,61 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" - ] + "created_at", + "operation_type" + ] }, { "action": "commit_comment.update", "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -830,21 +1296,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -852,13 +1330,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -868,23 +1361,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -892,16 +1392,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -910,24 +1424,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -935,15 +1455,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -953,20 +1486,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -974,19 +1517,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -994,43 +1549,64 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" - ] - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, { "action": "copilot.cfb_seat_management_changed", "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1038,111 +1614,159 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1154,20 +1778,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1178,21 +1813,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1202,19 +1846,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1224,21 +1877,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1248,18 +1910,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1272,18 +1947,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1297,14 +1985,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1317,8 +2020,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1327,27 +2029,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1356,19 +2066,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1377,16 +2099,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1398,19 +2133,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1419,40 +2165,62 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" - }, - { - "action": "dependabot_alerts_new_repos.disable", - "description": "Dependabot alerts were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1461,19 +2229,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1482,17 +2261,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1500,19 +2292,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1521,19 +2324,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1541,19 +2355,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1562,19 +2387,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1582,19 +2418,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1603,39 +2450,61 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependency_graph_new_repos.disable", - "description": "The dependency graph was disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1644,20 +2513,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1665,21 +2544,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1687,20 +2575,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1708,130 +2606,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1842,16 +2806,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1862,18 +2840,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -1884,17 +2876,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1903,17 +2908,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -1922,22 +2940,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1946,22 +2973,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1969,28 +3006,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1999,27 +3042,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2028,25 +3079,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2055,26 +3114,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2083,21 +3149,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2106,22 +3184,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2130,25 +3218,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2157,22 +3254,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2181,21 +3290,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2206,19 +3325,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2227,20 +3357,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2249,19 +3389,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2270,23 +3421,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2294,18 +3454,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2316,20 +3486,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2339,25 +3519,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2365,25 +3555,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2391,26 +3590,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2419,25 +3627,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2445,26 +3662,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2472,21 +3698,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2495,19 +3732,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2515,21 +3765,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2538,19 +3799,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2561,20 +3836,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2584,24 +3871,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2612,23 +3910,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2639,21 +3949,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2664,20 +3986,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2687,20 +4021,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2710,19 +4057,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2731,20 +4092,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2754,20 +4128,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2776,20 +4163,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2798,20 +4198,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2819,19 +4231,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2840,19 +4265,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2861,17 +4299,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2884,21 +4335,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2912,17 +4376,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2934,19 +4411,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2954,19 +4442,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2974,20 +4473,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "business", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -2996,19 +4504,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3016,24 +4535,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -3041,24 +4568,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -3066,19 +4601,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -3086,45 +4634,130 @@ "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.update", - "description": "A comment on an issue (other than the initial one) changed.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", + "@timestamp", + "_document_id", "action", - "repo_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.update", + "description": "A comment on an issue (other than the initial one) changed.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3132,21 +4765,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "operation_type", "user_agent", - "repo", - "token_scopes", - "programmatic_access_type" + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3155,23 +4798,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3180,22 +4833,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3204,24 +4867,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3230,19 +4902,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3251,18 +4934,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3272,19 +4966,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3293,18 +4998,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3312,21 +5029,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3334,21 +5064,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", "marketplace_listing", - "@timestamp", "integration", - "org_id", - "action", - "org", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3356,22 +5099,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3379,19 +5135,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3401,22 +5170,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3424,22 +5206,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3447,20 +5242,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3469,20 +5274,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3491,21 +5306,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3514,22 +5338,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3538,21 +5370,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3561,22 +5402,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3585,19 +5434,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3606,18 +5466,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3627,21 +5498,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3652,16 +5532,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -3670,21 +5561,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3693,19 +5593,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3714,19 +5625,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3734,21 +5657,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", - "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", "operation_type" ] @@ -3758,16 +5690,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3777,18 +5722,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3798,14 +5756,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -3813,19 +5787,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -3833,18 +5818,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3852,23 +5849,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3876,16 +5881,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3893,24 +5912,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3918,22 +5945,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3942,15 +5984,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -3963,21 +6018,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -3986,20 +6056,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4008,20 +6090,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4030,20 +6124,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4052,20 +6158,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4074,19 +6192,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4095,20 +6226,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4117,20 +6260,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4139,19 +6294,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4160,17 +6328,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4181,20 +6360,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4203,21 +6392,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4226,24 +6425,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4251,21 +6460,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4273,20 +6492,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4294,22 +6523,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4317,20 +6554,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4338,22 +6585,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4361,19 +6616,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4382,19 +6648,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4404,53 +6681,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4460,17 +6776,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -4479,21 +6808,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -4502,16 +6842,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4520,18 +6873,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -4540,19 +6906,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -4562,22 +6939,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -4585,19 +6973,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4605,23 +7004,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4629,21 +7036,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4651,23 +7068,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4675,23 +7100,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4699,66 +7132,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -4767,21 +7229,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -4790,16 +7262,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4809,16 +7294,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4828,19 +7326,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4849,17 +7358,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -4868,21 +7390,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4890,21 +7421,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -4912,16 +7452,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -4931,17 +7484,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4950,17 +7516,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4970,16 +7549,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -4988,17 +7580,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "_document_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5007,17 +7612,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5026,22 +7644,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5050,17 +7676,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5071,15 +7708,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5090,18 +7740,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5110,20 +7772,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5132,20 +7805,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5154,21 +7839,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5176,21 +7873,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5206,24 +7912,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5237,21 +7951,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5266,18 +7991,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5285,20 +8022,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5307,16 +8054,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5326,19 +8086,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5347,14 +8118,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5363,21 +8151,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5386,17 +8183,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5404,19 +8214,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "org_id", - "request_id" + "operation_type", + "created_at" ] }, { @@ -5424,19 +8245,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -5444,19 +8276,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5465,17 +8308,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -5484,19 +8340,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5505,19 +8372,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -5526,21 +8406,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5549,17 +8438,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -5568,17 +8470,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -5587,18 +8502,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5606,23 +8534,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "invitation_id", - "org_id", - "user", - "action", "operation_type", - "_document_id", - "actor", - "@timestamp", "created_at", - "user_agent", - "actor_id", - "request_id", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -5631,17 +8568,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5651,19 +8599,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5671,19 +8630,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5691,19 +8661,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -5713,20 +8695,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5735,18 +8728,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -5756,19 +8762,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -5777,20 +8795,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5800,16 +8829,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -5817,20 +8859,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5839,20 +8892,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -5861,19 +8924,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5882,19 +8956,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5903,19 +8988,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5924,19 +9020,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -5945,19 +9052,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5966,20 +9085,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5988,21 +9118,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6011,18 +9151,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6032,22 +9183,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6055,21 +9216,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6077,21 +9247,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6099,21 +9278,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6121,18 +9310,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6141,19 +9342,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6161,14 +9374,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6179,14 +9406,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6197,14 +9438,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6215,20 +9470,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6237,18 +9502,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6258,19 +9534,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6279,21 +9566,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6303,21 +9602,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6326,20 +9635,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6348,23 +9668,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -6373,23 +9703,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6398,19 +9736,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -6418,26 +9769,37 @@ "action": "org.runner_group_updated", "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6446,21 +9808,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -6469,21 +9842,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6493,21 +9875,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6517,20 +9908,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6539,22 +9940,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6563,21 +9972,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6586,21 +10004,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6609,22 +10036,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6633,21 +10068,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6656,22 +10100,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6679,22 +10131,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6702,21 +10162,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6726,21 +10195,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6750,19 +10228,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6772,21 +10261,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6796,21 +10294,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6820,19 +10327,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6842,22 +10360,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6866,22 +10392,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6890,22 +10424,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6914,21 +10456,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6937,21 +10488,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6960,22 +10520,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -6984,22 +10552,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7008,26 +10584,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7036,26 +10621,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7063,28 +10656,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7092,26 +10693,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7119,15 +10728,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7136,15 +10762,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7153,7 +10796,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7168,20 +10832,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7190,16 +10865,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7210,18 +10898,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7230,17 +10931,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7248,18 +10962,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7268,18 +10994,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7288,18 +11027,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7308,22 +11059,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7331,21 +11092,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -7354,19 +11126,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7377,15 +11160,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7395,19 +11191,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7416,20 +11225,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -7438,23 +11259,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7463,20 +11295,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -7485,20 +11329,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7506,22 +11362,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7530,20 +11397,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7551,17 +11429,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7571,20 +11462,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7593,17 +11495,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -7612,17 +11527,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7633,19 +11561,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -7653,18 +11594,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -7673,18 +11626,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -7693,17 +11658,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -7712,17 +11690,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -7731,20 +11722,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -7753,16 +11757,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7771,14 +11790,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -7789,16 +11823,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7807,16 +11856,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -7826,17 +11888,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7846,16 +11919,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -7865,20 +11951,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -7886,19 +11982,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7907,19 +12014,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -7928,18 +12046,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -7949,23 +12078,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -7974,25 +12113,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8004,25 +12150,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8033,19 +12186,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8056,26 +12220,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8088,22 +12259,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8111,20 +12293,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8134,23 +12327,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8159,21 +12363,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8184,21 +12399,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8207,20 +12435,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8229,17 +12471,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8250,20 +12507,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8272,18 +12543,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8291,16 +12574,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8308,18 +12605,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8327,18 +12636,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8349,22 +12671,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8372,22 +12703,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8395,18 +12735,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8417,18 +12770,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8439,18 +12802,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8461,23 +12834,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8485,21 +12869,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8507,17 +12902,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8528,18 +12936,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8551,17 +12972,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", - "repository_selection", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8573,20 +13007,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8598,20 +13041,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8623,20 +13075,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8648,20 +13109,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8673,15 +13143,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8691,17 +13176,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8711,15 +13207,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8729,19 +13240,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8749,23 +13271,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8773,23 +13302,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8797,17 +13333,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8817,17 +13364,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8837,17 +13395,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8857,17 +13426,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -8877,17 +13457,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -8897,17 +13490,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8915,25 +13521,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8941,20 +13558,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -8964,25 +13592,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -8990,20 +13630,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9011,25 +13663,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9037,17 +13701,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9055,17 +13732,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9073,18 +13763,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9093,18 +13795,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9113,19 +13827,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9133,17 +13858,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9155,22 +13893,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9178,19 +13925,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9198,17 +13956,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9216,18 +13987,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9235,20 +14019,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9256,18 +14050,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9276,18 +14082,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9296,16 +14114,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9317,21 +14148,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9339,22 +14182,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9363,29 +14216,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9393,24 +14251,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", "user_agent", - "repo", + "operation_type", "name", - "org_id", - "user", - "_document_id", - "request_id", - "actor", - "actor_id", - "org", - "action", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9421,21 +14287,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9446,22 +14322,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9469,24 +14355,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9494,30 +14390,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9527,28 +14430,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9559,23 +14470,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9583,22 +14503,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9606,23 +14536,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "_document_id", - "actor", - "repo", "operation_type", - "request_id", "allow_force_pushes_enforcement_level", - "@timestamp", - "org", - "action", - "created_at", - "user_agent", - "repo_id", - "token_scopes", - "programmatic_access_type" + "created_at" ] }, { @@ -9630,24 +14569,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9656,22 +14604,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9679,24 +14637,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9705,27 +14672,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9734,18 +14708,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9756,24 +14743,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9781,25 +14777,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9807,22 +14810,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -9830,22 +14843,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -9854,22 +14878,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -9877,25 +14911,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -9903,22 +14944,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -9926,22 +14977,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -9949,23 +15010,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -9974,24 +15046,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10000,20 +15083,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10022,21 +15119,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "_document_id", "title", - "request_id", "key", - "action", - "actor", "read_only", "explanation", - "repo_id", - "@timestamp", - "actor_id", - "repo", - "user_agent", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10046,22 +15156,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10070,25 +15192,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10097,23 +15229,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10122,18 +15265,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10143,21 +15300,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10166,19 +15334,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10189,23 +15370,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10215,17 +15408,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10233,19 +15440,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10253,19 +15473,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10275,21 +15508,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10298,27 +15542,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10326,23 +15577,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10351,18 +15614,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10370,19 +15647,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10392,20 +15681,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10413,40 +15713,65 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" + ] + }, + { + "action": "pull_request_review.delete", + "description": "A review on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "comment_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "pull_request_review.delete", - "description": "A review on a pull request was deleted.", - "docs_reference_links": "N/A", - "fields": [ + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10454,20 +15779,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10476,19 +15814,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10498,22 +15850,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10522,21 +15884,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10545,25 +15916,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10572,23 +15950,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10597,24 +15983,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10623,23 +16016,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10649,22 +16050,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10673,19 +16083,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10694,24 +16117,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10720,24 +16153,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10745,24 +16186,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10770,24 +16219,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10795,24 +16252,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10820,23 +16285,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10847,102 +16321,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -10951,19 +16459,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10971,17 +16490,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -10990,15 +16522,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11009,16 +16554,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11028,17 +16586,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11048,19 +16619,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11069,17 +16651,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11087,27 +16682,33 @@ "action": "repo.configure_self_hosted_jit_runner", "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", - "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11116,30 +16717,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11149,20 +16755,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11171,25 +16788,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11198,23 +16823,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11222,25 +16858,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11250,23 +16895,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11276,23 +16930,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11300,21 +16964,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11322,21 +16996,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11344,22 +17028,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11367,21 +17060,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11389,20 +17092,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11410,22 +17124,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11433,18 +17156,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11452,22 +17189,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11475,40 +17222,62 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { "action": "repo.register_self_hosted_runner", - "description": "A new self-hosted runner was registered.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", - "fields": [ - "actor_id", - "repo", - "operation_type", - "action", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", + "fields": [ "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11517,22 +17286,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11541,24 +17319,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11567,23 +17353,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11591,26 +17387,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11619,21 +17420,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11642,25 +17452,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11668,22 +17484,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11692,25 +17518,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_branch", "new_branch", "default_branch", - "repo", - "repo_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -11720,19 +17555,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -11740,17 +17586,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11759,17 +17620,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11778,7 +17654,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -11793,23 +17690,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -11819,20 +17725,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11843,21 +17760,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -11866,22 +17794,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -11890,21 +17828,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -11913,22 +17862,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -11939,16 +17898,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -11958,22 +17928,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -11982,23 +17963,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12008,19 +17999,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12028,21 +18029,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12051,24 +18062,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12076,25 +18096,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12103,24 +18130,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12129,25 +18166,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12156,22 +18201,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12180,26 +18234,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12207,31 +18269,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12240,42 +18309,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -12284,17 +18372,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -12303,21 +18404,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12325,18 +18435,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12344,21 +18466,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "business_id", - "business", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "created_at", - "org_id", - "org" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12366,17 +18497,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -12385,21 +18529,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12407,24 +18560,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12433,24 +18592,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12459,19 +18624,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12480,21 +18656,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12503,23 +18688,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12528,24 +18720,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12554,21 +18753,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "content_type", - "repo", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12576,21 +18785,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12598,21 +18817,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12620,20 +18850,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12641,21 +18883,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12663,19 +18916,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12683,19 +18949,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12704,20 +18981,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -12726,20 +19013,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -12747,31 +19043,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -12780,19 +19084,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -12800,8 +19115,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -12810,23 +19124,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -12851,26 +19174,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12879,26 +19208,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -12907,23 +19242,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12933,23 +19275,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12959,24 +19308,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -12986,24 +19342,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13012,24 +19375,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13039,23 +19409,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13065,23 +19442,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13090,22 +19475,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13113,24 +19506,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13138,22 +19539,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13162,24 +19572,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13188,24 +19606,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13214,19 +19640,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13235,24 +19673,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13261,24 +19707,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13287,19 +19741,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13308,26 +19774,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13336,26 +19807,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13364,28 +19840,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13393,27 +19877,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13421,28 +19913,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13450,28 +19950,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13479,20 +19987,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -13501,20 +20019,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13522,19 +20050,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13542,29 +20081,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13573,29 +20120,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13604,44 +20159,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -13652,21 +20229,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -13675,26 +20264,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -13702,21 +20299,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -13724,21 +20332,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -13747,20 +20369,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -13769,24 +20401,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13794,26 +20433,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13821,23 +20466,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13845,23 +20497,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -13870,47 +20529,64 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, { "action": "required_status_check.destroy", - "description": "A status check was no longer marked as required for a protected branch.", - "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", - "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", + "description": "A status check was no longer marked as required for a protected branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", + "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -13919,18 +20595,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13939,19 +20628,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -13960,22 +20661,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -13986,23 +20698,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -14011,23 +20734,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -14038,35 +20772,63 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -14074,29 +20836,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -14105,14 +20877,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -14120,35 +20906,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -14156,25 +20951,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14182,14 +20984,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -14199,26 +21015,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14227,19 +21054,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14248,20 +21086,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14270,19 +21118,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14291,14 +21150,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14316,25 +21189,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", - "repository", - "repository_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14343,25 +21224,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -14371,37 +21260,63 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "security_configuration.create", "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14416,15 +21331,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14433,7 +21341,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14441,22 +21350,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14465,22 +21385,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14489,10 +21420,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14507,15 +21456,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14523,7 +21465,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14531,15 +21474,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14549,10 +21507,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14567,15 +21543,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14584,7 +21553,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14592,16 +21562,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14611,18 +21594,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -14631,16 +21627,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14650,15 +21659,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -14670,15 +21692,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -14688,15 +21723,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -14705,17 +21755,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14724,17 +21787,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14743,16 +21820,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -14762,14 +21852,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -14779,17 +21884,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14798,17 +21916,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14817,18 +21948,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -14837,15 +21981,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -14855,16 +22013,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14872,15 +22043,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -14891,16 +22075,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -14910,17 +22107,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14931,17 +22141,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -14952,18 +22175,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14973,16 +22207,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14992,16 +22239,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15013,17 +22273,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15032,19 +22305,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15053,21 +22339,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15076,36 +22371,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -15116,20 +22435,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15137,18 +22470,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -15156,16 +22504,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15173,23 +22536,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15197,23 +22570,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15221,23 +22604,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15245,23 +22638,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15269,21 +22672,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -15293,22 +22706,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -15317,20 +22739,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -15339,18 +22772,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -15360,21 +22806,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -15383,21 +22840,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "user_agent", + "team", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -15406,80 +22873,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15488,19 +22999,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -15508,19 +23031,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -15528,22 +23063,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -15551,22 +23095,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15575,22 +23128,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -15598,23 +23160,33 @@ { "action": "team.remove_repository", "description": "A repository was removed from a team's control.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -15622,21 +23194,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -15645,17 +23228,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15664,19 +23260,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15685,19 +23292,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -15705,28 +23323,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -15734,16 +23361,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15753,16 +23394,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15772,18 +23427,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15793,21 +23461,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15815,21 +23495,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15837,21 +23528,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15859,16 +23561,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15878,27 +23594,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -15907,23 +23629,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -15931,10 +23663,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -15945,20 +23695,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -15967,23 +23706,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15993,10 +23740,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16008,19 +23773,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -16031,10 +23786,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16043,21 +23816,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -16067,23 +23829,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -16092,22 +23866,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16115,21 +23900,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16137,25 +23933,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16163,23 +23967,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -16193,24 +24010,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16219,10 +24045,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16232,21 +24076,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -16256,25 +24090,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.16/user.json b/src/audit-logs/data/ghes-3.16/user.json index 62161498f9ce..b8a542124b3e 100644 --- a/src/audit-logs/data/ghes-3.16/user.json +++ b/src/audit-logs/data/ghes-3.16/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,17 +227,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -167,19 +259,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -188,18 +292,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -207,18 +324,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -226,15 +355,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -244,26 +386,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -271,24 +423,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -296,26 +458,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -323,20 +495,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -347,17 +530,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -368,20 +564,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -390,19 +598,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -411,19 +632,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -432,20 +665,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -454,19 +699,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -475,20 +732,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -497,20 +765,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -521,17 +800,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -539,14 +830,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -556,25 +862,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -585,22 +900,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -612,22 +938,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -636,36 +973,64 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "owner", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo" - ] - }, + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, { "action": "codespaces.restore", "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -675,27 +1040,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -703,19 +1077,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -723,18 +1110,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -743,23 +1142,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -767,16 +1173,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -785,24 +1205,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -810,15 +1236,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -828,40 +1267,62 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_cancelled", - "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -869,21 +1330,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -891,21 +1361,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -915,19 +1394,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -937,21 +1425,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -961,19 +1458,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -982,19 +1490,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1003,19 +1522,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1024,19 +1554,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1045,17 +1586,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1063,19 +1617,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1084,19 +1649,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1104,19 +1680,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1125,19 +1712,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1145,19 +1743,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1166,19 +1775,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1186,19 +1806,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1207,43 +1838,62 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "created_at", - "user", - "user_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", "_document_id", - "request_access_security_header" - ] - }, - { - "action": "environment.add_protection_rule", - "description": "A GitHub Actions deployment protection rule was created via the API.", - "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "environment.add_protection_rule", + "description": "A GitHub Actions deployment protection rule was created via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1252,22 +1902,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1275,28 +1935,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1305,27 +1971,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1334,25 +2008,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1361,26 +2043,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1389,21 +2078,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1412,23 +2113,33 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", - "request_access_security_header" - ], + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo" + ], "docs_reference_titles": "Managing environments for deployment" }, { @@ -1436,25 +2147,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1463,22 +2183,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1487,21 +2219,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1512,21 +2254,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1534,20 +2287,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1555,21 +2320,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1577,22 +2353,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1601,23 +2388,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1626,23 +2424,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1650,18 +2457,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1672,20 +2489,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1695,18 +2522,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1714,18 +2553,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1733,25 +2584,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1759,25 +2620,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -1785,26 +2655,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -1813,25 +2692,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -1839,26 +2727,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", - "repo", - "operation_type", - "action", - "_document_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "operation_type", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -1866,21 +2763,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -1889,19 +2797,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -1909,21 +2830,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -1932,19 +2864,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -1955,20 +2901,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -1978,24 +2936,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2006,23 +2975,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2033,20 +3014,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2056,19 +3050,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2077,20 +3085,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2100,20 +3121,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2122,20 +3156,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2144,20 +3191,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2165,19 +3224,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2186,19 +3258,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2207,17 +3292,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2230,21 +3328,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2258,17 +3369,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2280,18 +3404,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2299,21 +3435,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2321,21 +3470,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2343,22 +3505,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2366,19 +3541,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2389,21 +3577,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2411,22 +3614,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2434,21 +3652,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2457,21 +3690,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", - "description", - "bullets", - "yearly_price_in_cents", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", + "description", + "bullets", + "yearly_price_in_cents", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2480,22 +3728,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2503,22 +3764,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2526,19 +3800,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2546,21 +3832,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2570,16 +3865,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2589,18 +3897,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2610,14 +3931,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2625,19 +3962,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2645,42 +3993,62 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "org", - "created_at", - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", - "request_access_security_header" - ] - }, - { - "action": "migration.create", - "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", - "docs_reference_links": "N/A", - "fields": [ - "repo", - "org_id", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", + "operation_type" + ] + }, + { + "action": "migration.create", + "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "user_agent", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -2688,20 +4056,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -2712,19 +4090,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -2734,19 +4123,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -2755,18 +4155,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -2774,20 +4186,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2796,20 +4220,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2818,20 +4254,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2840,20 +4288,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2862,19 +4322,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2883,20 +4356,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2905,20 +4390,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2927,19 +4424,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2948,24 +4458,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -2975,20 +4492,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -2999,20 +4527,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3022,21 +4561,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3045,24 +4594,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3070,20 +4629,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3091,22 +4660,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3114,20 +4691,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3135,22 +4722,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3158,21 +4753,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3180,26 +4784,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3208,26 +4821,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3235,28 +4856,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3264,26 +4893,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3291,20 +4928,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3313,16 +4961,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3333,18 +4994,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3353,18 +5027,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3373,18 +5059,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3393,18 +5092,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3414,20 +5125,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3435,17 +5157,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3455,20 +5190,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3477,20 +5223,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", - "owner_type", - "domain", - "state", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3499,17 +5259,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3520,20 +5295,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3542,19 +5331,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3562,19 +5363,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3582,18 +5395,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3601,16 +5426,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3618,18 +5457,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3637,18 +5488,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3659,18 +5523,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3681,17 +5558,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3701,19 +5591,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3721,12 +5623,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -3737,20 +5656,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3758,17 +5689,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3779,18 +5723,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3802,17 +5759,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3824,17 +5794,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3845,15 +5828,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3863,35 +5861,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "premium_runner.update", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3901,17 +5925,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3921,17 +5956,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3941,17 +5987,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3961,17 +6018,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3981,17 +6049,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -4001,17 +6082,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4019,20 +6113,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4042,25 +6147,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4068,20 +6185,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4089,25 +6218,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4115,17 +6256,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4133,17 +6287,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4151,18 +6318,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4171,18 +6350,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -4191,19 +6382,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -4211,17 +6413,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4233,79 +6448,125 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" - ] - }, - { - "action": "project.unlink", - "description": "A repository was unlinked from a project board.", - "docs_reference_links": "N/A", - "fields": [ + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "actor", - "action", - "created_at", - "actor_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "created_at", + "old_name", + "operation_type" ] }, { - "action": "project.update_org_permission", - "description": "The project's base-level permission for all organization members was changed or removed.", + "action": "project.unlink", + "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", - "org_id", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { - "action": "project.update_team_permission", - "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "action": "project.update_org_permission", + "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "team", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_team_permission", + "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4313,20 +6574,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4334,18 +6605,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4354,18 +6637,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4374,16 +6669,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4395,21 +6703,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4417,18 +6737,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4439,49 +6772,71 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", - "actor_id", - "operation_type", - "created_at", + "@timestamp", "_document_id", - "key", - "fingerprint", - "actor", "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" - ], - "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" - }, - { - "action": "public_key.delete", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", + "operation_type", + "created_at", + "key", + "fingerprint", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" + }, + { + "action": "public_key.delete", "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4490,20 +6845,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4512,21 +6881,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4536,22 +6918,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4560,25 +6954,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4587,23 +6991,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4612,22 +7027,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -4636,21 +7061,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -4659,25 +7093,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -4686,23 +7127,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -4711,24 +7160,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -4737,23 +7193,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -4763,22 +7227,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -4787,19 +7260,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -4808,24 +7294,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -4834,23 +7330,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4861,34 +7366,60 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "actor", - "actor_id", - "repo_id", + "@timestamp", "_document_id", "action", - "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" - }, - { - "action": "repo.config.disable_contributors_only", - "description": "The interaction limit for prior contributors only was disabled in a repository.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", - "fields": [ - "repo", - "@timestamp", - "request_id", "actor", - "_document_id", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -4899,16 +7430,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4918,17 +7462,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4938,19 +7495,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4959,17 +7527,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4978,26 +7559,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5006,30 +7593,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5039,20 +7631,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5061,25 +7664,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5088,23 +7699,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5112,25 +7734,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5140,23 +7771,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5164,21 +7805,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5186,21 +7837,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5208,22 +7869,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5231,21 +7901,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5253,43 +7933,63 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ] - }, - { - "action": "repo.pages_public", - "description": "A GitHub Pages site visibility was changed to public.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "visibility", + "programmatic_access_type", "repo", "repo_id", - "org", - "org_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_public", + "description": "A GitHub Pages site visibility was changed to public.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5297,18 +7997,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5316,22 +8030,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5339,21 +8063,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5361,18 +8095,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5381,22 +8127,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5405,24 +8160,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5431,50 +8194,65 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "key", - "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "public_repo", - "request_access_security_header" - ] - }, - { - "action": "repo.remove_member", - "description": "A collaborator was removed from a repository.", - "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", - "fields": [ - "request_id", - "user", - "business", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "key", + "integration", "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.remove_member", + "description": "A collaborator was removed from a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", + "fields": [ "@timestamp", "_document_id", - "visibility", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5483,21 +8261,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5506,25 +8293,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5532,22 +8325,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5556,19 +8359,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5576,23 +8390,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -5602,20 +8425,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5626,21 +8460,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -5649,22 +8494,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -5673,21 +8528,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -5696,22 +8562,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -5722,16 +8598,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5740,22 +8627,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -5765,22 +8661,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -5789,23 +8696,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5815,19 +8732,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -5835,21 +8762,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5858,24 +8795,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5883,25 +8829,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5910,24 +8863,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5936,25 +8899,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5963,22 +8934,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5987,26 +8967,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6014,31 +9002,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6047,21 +9042,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6069,21 +9074,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6091,21 +9106,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6113,20 +9139,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -6134,21 +9172,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -6156,19 +9205,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6176,31 +9238,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6209,19 +9279,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6229,8 +9310,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6239,23 +9319,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6280,18 +9369,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6299,18 +9400,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6318,37 +9431,63 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "sponsors.custom_amount_settings_change", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.custom_amount_settings_change", "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6357,16 +9496,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6377,15 +9529,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6395,15 +9560,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6412,17 +9592,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6431,17 +9624,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6450,16 +9657,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6469,14 +9689,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6486,17 +9721,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6505,37 +9753,63 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", - "user_agent", - "actor" - ], - "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, { "action": "sponsors.sponsored_developer_disable", "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6544,15 +9818,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -6562,16 +9850,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6579,15 +9880,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -6598,16 +9912,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -6617,17 +9944,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -6636,17 +9976,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6657,17 +10010,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6678,18 +10044,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6699,16 +10076,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6718,17 +10108,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6737,16 +10140,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6756,23 +10172,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6780,23 +10206,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6804,23 +10240,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6828,23 +10274,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6852,15 +10308,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6869,15 +10340,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6886,32 +10372,62 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "action", - "operation_type", "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" - }, - { - "action": "successor_invitation.decline", - "description": "Triggered when you decline a succession invitation.", - "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", - "fields": [ - "user_agent", - "request_id", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.decline", + "description": "Triggered when you decline a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ "@timestamp", - "created_at", - "_document_id" + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6920,15 +10436,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6936,15 +10467,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6953,17 +10499,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6971,17 +10530,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6989,14 +10561,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7005,15 +10592,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -7021,13 +10623,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7035,17 +10654,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -7053,17 +10685,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", - "user_agent", - "operation_type", - "user", - "created_at", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7071,16 +10716,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7088,15 +10747,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7104,18 +10778,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7124,18 +10810,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7144,18 +10842,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7164,15 +10874,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7180,16 +10905,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -7198,18 +10936,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7218,15 +10968,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -7235,16 +11000,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", - "user", - "user_id", - "operation_type", - "user_agent", "action", - "request_id", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7252,19 +11030,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7273,18 +11063,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7292,15 +11094,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7310,20 +11125,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7331,18 +11157,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7350,18 +11188,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7370,17 +11220,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7389,81 +11252,128 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", - "actor", - "actor_id", "action", - "programmatic_access_type" - ] - }, - { - "action": "user.create_integration_secret", - "description": "A user secret for Codespaces was created.", - "docs_reference_links": "N/A", - "fields": [ "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "visibility", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", + "user_agent", + "email", "operation_type", - "request_access_security_header" + "created_at" ] }, { - "action": "user.creation_rate_limit_exceeded", - "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", + "action": "user.create_integration_secret", + "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", - "request_id", - "user_id", - "@timestamp", - "token_scopes", - "programmatic_access_type" - ] + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] }, { - "action": "user.delete", - "description": "A user account was destroyed by an asynchronous job.", + "action": "user.creation_rate_limit_exceeded", + "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "user.delete", + "description": "A user account was destroyed by an asynchronous job.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7472,19 +11382,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7492,18 +11413,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7511,18 +11444,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7530,18 +11475,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -7550,17 +11507,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7568,17 +11537,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7586,17 +11568,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7604,17 +11599,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7622,21 +11630,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7644,21 +11662,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -7667,17 +11695,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7685,17 +11726,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7703,17 +11757,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7721,18 +11788,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7740,17 +11819,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -7759,17 +11852,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7777,18 +11883,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7797,19 +11915,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", "operation_type", - "_document_id", - "request_id", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -7817,18 +11947,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7836,18 +11978,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7855,21 +12009,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7877,16 +12041,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -7895,20 +12072,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -7916,20 +12104,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7937,20 +12137,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -7958,18 +12169,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7977,16 +12200,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7997,16 +12233,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8015,18 +12263,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8034,18 +12294,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8053,22 +12325,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8076,23 +12359,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8101,21 +12394,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8123,18 +12426,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8142,18 +12457,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8163,16 +12490,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8180,18 +12519,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", "user_agent", - "request_id", - "user", - "action", - "actor", - "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8199,18 +12550,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8218,17 +12581,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8236,18 +12612,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8255,17 +12643,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8274,19 +12675,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8294,21 +12707,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8316,21 +12739,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8338,46 +12773,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8386,23 +12839,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8410,23 +12873,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8436,23 +12907,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8461,22 +12944,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8484,21 +12978,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -8506,25 +13011,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8532,24 +13045,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8558,25 +13080,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json index 5e1d9b8c8ae8..7b3d5fe69cc2 100644 --- a/src/audit-logs/data/ghes-3.17/enterprise.json +++ b/src/audit-logs/data/ghes-3.17/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,17 +413,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -299,19 +445,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -320,18 +478,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -339,18 +510,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -358,15 +541,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -376,22 +572,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -400,22 +605,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -423,20 +638,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -445,17 +670,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -466,21 +702,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -489,17 +735,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -510,17 +767,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -531,21 +799,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -554,20 +832,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -576,20 +866,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -597,17 +899,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -619,21 +932,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -642,18 +965,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -662,17 +998,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -682,19 +1031,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -703,21 +1065,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -725,21 +1099,33 @@ "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" }, @@ -748,18 +1134,30 @@ "description": "The policy for Code Security enablement was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -771,19 +1169,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -791,17 +1201,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -811,17 +1232,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -831,17 +1263,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -851,18 +1296,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -870,17 +1327,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -891,18 +1359,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "name" ] }, { @@ -910,15 +1391,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -928,17 +1422,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -949,18 +1454,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -968,20 +1486,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -989,20 +1518,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1010,20 +1550,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -1031,20 +1582,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1053,20 +1615,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1074,18 +1647,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1093,20 +1679,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1114,17 +1711,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1135,17 +1743,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1156,20 +1775,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1178,17 +1807,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1198,20 +1838,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1219,17 +1869,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1240,20 +1901,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1262,17 +1933,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1282,17 +1964,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1303,17 +1996,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1324,17 +2028,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1345,17 +2060,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1366,17 +2092,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1388,17 +2125,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1410,17 +2158,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1431,17 +2190,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1452,17 +2222,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1473,17 +2254,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1494,17 +2286,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1515,17 +2318,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1536,17 +2350,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1557,20 +2382,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1578,26 +2415,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1605,24 +2452,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1630,26 +2487,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1657,20 +2524,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1681,17 +2559,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1702,20 +2593,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1724,40 +2627,65 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" - }, - { - "action": "business.set_default_workflow_permissions", - "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", - "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", - "fields": [ - "actor", - "actor_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1766,20 +2694,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1788,19 +2728,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1809,20 +2761,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -1830,18 +2794,31 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "updated_github_owned_allowed", "updated_verified_allowed", "updated_patterns", @@ -1856,20 +2833,33 @@ "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1878,19 +2868,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1900,19 +2903,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1921,20 +2937,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -1943,20 +2970,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -1967,17 +3005,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1985,224 +3035,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "commit_oid", - "ref", - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" + "user_agent", + "alert_number", + "alert_numbers" ], - "docs_reference_titles": "/search-github/github-code-search" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2212,25 +3406,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2241,22 +3444,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2268,22 +3482,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -2292,15 +3517,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -2311,17 +3551,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2331,27 +3584,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", "org", - "owner", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2359,19 +3621,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -2379,18 +3654,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2399,23 +3686,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2423,16 +3717,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2441,24 +3749,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2466,15 +3780,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2484,20 +3811,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2505,19 +3842,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2525,43 +3874,63 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" - ] - }, - { - "action": "copilot.user_access_reinstated", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "org_id", - "owner_type", - "actor_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "owner", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.user_access_reinstated", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2569,21 +3938,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "user_id", - "owner", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2591,21 +3971,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2615,19 +4004,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2637,21 +4035,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2661,18 +4068,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2685,18 +4105,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2710,14 +4143,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -2730,8 +4178,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2740,27 +4187,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "definition_id", - "property_name", - "value", - "repo", - "repo_id", - "public_repo", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "public_repo", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2769,19 +4224,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2790,16 +4257,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -2811,19 +4291,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2832,19 +4323,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2853,19 +4355,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2874,19 +4387,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2895,17 +4419,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2913,19 +4450,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2934,39 +4482,61 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates_new_repos.disable", - "description": " Dependabot security updates were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2975,19 +4545,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2995,19 +4576,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3016,19 +4608,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3036,19 +4639,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3057,128 +4671,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3189,16 +4870,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3209,18 +4904,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3231,23 +4940,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -3256,19 +4973,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3277,18 +5008,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3297,18 +5043,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3317,18 +5078,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3337,18 +5113,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -3357,20 +5145,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -3379,18 +5177,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3400,18 +5211,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3420,20 +5244,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3442,19 +5279,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3463,19 +5312,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -3484,24 +5346,36 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3510,14 +5384,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3526,14 +5418,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3542,18 +5452,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3562,22 +5490,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3585,21 +5523,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3607,17 +5557,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3628,17 +5591,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3648,17 +5624,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3669,22 +5658,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3692,18 +5691,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3714,22 +5726,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3738,22 +5759,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3761,28 +5792,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3791,27 +5828,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -3820,25 +5865,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3847,26 +5900,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3875,21 +5935,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3898,22 +5970,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3922,25 +6004,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3949,22 +6040,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3973,21 +6076,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -3998,27 +6111,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4026,19 +6145,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -4047,22 +6178,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4070,21 +6212,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -4092,26 +6244,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4119,15 +6277,29 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4135,15 +6307,9 @@ "url_path", "scim_group_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4152,30 +6318,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4184,18 +6358,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -4204,22 +6391,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -4227,25 +6424,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "hashed_token", - "programmatic_access_type", - "actor", - "actor_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4253,20 +6458,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -4274,17 +6490,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4292,15 +6522,29 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4308,15 +6552,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4325,30 +6563,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4357,18 +6603,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4376,21 +6635,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4398,20 +6668,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4419,21 +6701,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4441,19 +6734,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4462,20 +6766,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4484,19 +6798,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4505,22 +6830,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4529,23 +6865,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4554,23 +6901,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4578,18 +6934,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4600,20 +6966,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4623,18 +6999,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -4642,18 +7030,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "action", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4661,25 +7061,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4687,25 +7097,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -4713,26 +7132,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -4741,25 +7169,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -4767,26 +7204,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -4794,21 +7240,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -4817,19 +7274,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -4837,21 +7307,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -4860,19 +7341,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -4883,20 +7378,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4906,24 +7413,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4934,23 +7452,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4961,21 +7491,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -4986,20 +7528,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -5009,20 +7563,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -5032,19 +7599,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -5053,20 +7634,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -5076,20 +7670,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "action", - "_document_id", "name", - "org_id", "manager", "operation_type", - "actor", - "integration", - "org", - "@timestamp", - "actor_id", - "request_id", - "user_agent" + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -5098,20 +7705,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -5120,20 +7740,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -5141,19 +7773,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5162,19 +7807,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5183,17 +7841,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5206,21 +7877,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -5234,17 +7918,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5256,19 +7953,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5276,19 +7984,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5296,17 +8015,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5316,20 +8046,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -5338,19 +8077,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5358,17 +8108,28 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5378,24 +8139,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -5403,24 +8172,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -5428,19 +8205,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5448,18 +8238,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5467,21 +8269,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5489,21 +8304,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5511,22 +8339,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5534,19 +8375,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -5557,21 +8411,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -5579,22 +8448,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -5602,21 +8486,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -5625,21 +8524,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -5648,22 +8562,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -5671,22 +8598,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", - "oauth_application", - "oauth_application_id", - "user", - "user_id", - "action", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5694,19 +8634,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5714,21 +8666,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5738,16 +8699,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5757,18 +8731,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5778,14 +8765,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -5793,19 +8796,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5813,18 +8827,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5832,23 +8858,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -5856,20 +8890,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -5880,19 +8924,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", "operation_type", - "_document_id", - "actor", "created_at", - "user", - "user_id", - "request_id", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -5902,19 +8957,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -5923,16 +8989,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -5942,18 +9020,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -5961,20 +9051,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -5983,20 +9085,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6005,20 +9119,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6027,20 +9153,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6049,19 +9187,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6070,20 +9221,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6092,20 +9255,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6115,18 +9290,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -6134,19 +9322,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6155,15 +9356,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6172,24 +9390,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6199,20 +9424,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -6223,20 +9459,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6246,17 +9493,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6267,20 +9525,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -6289,21 +9557,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -6312,24 +9590,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6337,21 +9625,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6359,20 +9657,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6380,22 +9688,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6403,20 +9719,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6424,22 +9750,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6447,21 +9781,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6471,19 +9815,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6492,19 +9847,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6514,16 +9880,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6532,16 +9911,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6550,18 +9942,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -6570,19 +9975,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -6592,22 +10008,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -6615,19 +10042,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6635,23 +10073,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6659,21 +10105,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6681,23 +10137,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6705,23 +10169,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6729,62 +10201,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -6794,17 +10297,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6813,17 +10329,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6833,16 +10362,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6851,17 +10393,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6870,17 +10425,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6889,22 +10457,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -6912,18 +10488,29 @@ "action": "org.confirm_business_invitation", "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6934,18 +10521,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -6954,18 +10553,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6973,20 +10584,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6995,19 +10616,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7016,14 +10648,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -7032,17 +10681,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7050,19 +10712,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7070,19 +10743,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -7090,19 +10774,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -7111,19 +10806,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7132,19 +10838,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -7153,17 +10872,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -7172,17 +10904,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -7191,18 +10936,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7210,23 +10968,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -7235,17 +11002,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7255,19 +11033,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7275,19 +11064,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7296,16 +11096,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -7313,17 +11126,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7331,19 +11157,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -7352,18 +11190,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -7373,21 +11222,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7395,21 +11253,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7417,21 +11284,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -7439,18 +11316,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -7459,19 +11348,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -7479,20 +11380,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -7501,21 +11412,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7525,21 +11448,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7548,23 +11481,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7573,23 +11516,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7598,19 +11549,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7619,25 +11583,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7646,21 +11621,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7670,21 +11654,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7694,20 +11687,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7716,22 +11719,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7740,21 +11751,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7763,21 +11783,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7786,22 +11815,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7810,21 +11847,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7833,21 +11879,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7857,21 +11912,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7881,19 +11945,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7903,21 +11978,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7927,21 +12011,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7951,19 +12044,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7973,22 +12077,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7997,22 +12109,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8021,22 +12141,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8045,21 +12173,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8068,21 +12205,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8091,22 +12237,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8115,22 +12269,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8139,26 +12301,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -8167,26 +12338,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8194,28 +12373,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8223,26 +12410,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8250,15 +12445,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8267,15 +12479,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8284,7 +12513,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -8299,20 +12549,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -8321,16 +12582,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -8341,18 +12615,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -8361,17 +12648,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8379,18 +12679,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8399,18 +12711,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8419,18 +12744,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8439,22 +12776,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8462,19 +12809,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -8483,19 +12842,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -8504,23 +12876,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8529,20 +12912,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8551,20 +12946,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8572,17 +12978,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8592,20 +13011,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8614,19 +13044,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8634,18 +13077,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8654,20 +13109,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8676,16 +13144,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8694,14 +13177,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8712,16 +13210,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8730,20 +13243,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8753,23 +13277,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8778,21 +13313,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8803,21 +13349,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8826,20 +13385,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8848,17 +13421,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8869,20 +13457,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8891,19 +13493,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8911,19 +13525,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8931,18 +13557,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8950,16 +13588,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8967,18 +13619,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8986,18 +13650,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9008,22 +13685,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9031,22 +13717,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9054,18 +13749,28 @@ "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9076,18 +13781,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9098,18 +13816,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9120,18 +13848,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9142,18 +13880,28 @@ "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9164,17 +13912,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9184,32 +13945,61 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.credential_revoked", + "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", + "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "user_programmatic_access_name", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ] - }, - { - "action": "personal_access_token.credential_revoked", - "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", - "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", - "fields": [ + "user_agent", "user_programmatic_access_name", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9220,20 +14010,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9241,23 +14043,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9265,21 +14078,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9287,17 +14111,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9308,18 +14145,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9331,17 +14181,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9353,17 +14216,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9374,15 +14250,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9392,17 +14283,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9412,15 +14314,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9430,17 +14347,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9450,17 +14378,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9470,17 +14409,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9490,17 +14440,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9510,17 +14471,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9530,17 +14504,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9548,20 +14535,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9571,25 +14569,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9597,20 +14607,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9618,25 +14640,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9644,17 +14678,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9662,17 +14709,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9680,18 +14740,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9700,18 +14772,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9720,19 +14804,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9740,17 +14835,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9762,22 +14870,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9785,19 +14902,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9805,17 +14933,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id", - "actor_id", - "action", - "org_id", - "user_agent" + "created_at" ] }, { @@ -9823,18 +14964,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9842,20 +14996,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9863,18 +15027,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9883,18 +15059,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9903,16 +15091,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9924,21 +15125,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9946,22 +15159,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9970,29 +15193,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10000,24 +15228,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", "user_agent", - "repo", + "operation_type", "name", - "org_id", - "user", - "_document_id", - "request_id", - "actor", - "actor_id", - "org", - "action", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10028,21 +15264,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10053,22 +15299,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -10076,24 +15332,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -10101,30 +15367,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10134,28 +15407,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10166,23 +15447,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10190,22 +15480,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10213,23 +15513,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", - "org", - "action", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "repo_id", - "token_scopes", - "programmatic_access_type" + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -10237,24 +15546,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10263,22 +15581,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10286,24 +15614,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10312,27 +15649,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10341,18 +15685,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10363,24 +15720,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10388,25 +15754,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10414,22 +15787,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10437,22 +15820,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10461,22 +15855,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10484,25 +15888,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10510,22 +15921,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10533,22 +15954,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10556,23 +15987,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10581,24 +16023,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10607,20 +16060,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10629,21 +16096,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10653,22 +16133,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10677,25 +16169,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10704,23 +16206,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10729,18 +16242,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10750,21 +16277,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10773,19 +16311,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10796,23 +16347,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10822,17 +16385,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10840,19 +16417,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10860,19 +16450,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10882,21 +16485,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10905,27 +16519,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10933,23 +16554,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10958,18 +16591,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10977,19 +16624,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10999,20 +16658,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11020,18 +16690,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -11039,21 +16722,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11061,20 +16756,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11083,19 +16791,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11105,22 +16827,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11129,21 +16861,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11152,25 +16893,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11179,23 +16927,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11204,24 +16960,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11230,23 +16993,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11256,43 +17027,65 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "visibility", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.change_merge_setting", + "description": "Pull request merge options were changed for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ], - "docs_reference_titles": "/repositories/archiving-a-github-repository" - }, - { - "action": "repo.change_merge_setting", - "description": "Pull request merge options were changed for a repository.", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "oauth_application_id", + "user", + "user_id", "user_agent", - "request_id", + "oauth_application_id", "created_at", - "@timestamp", - "_document_id", - "actor_id", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11301,24 +17094,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11327,24 +17130,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11352,24 +17163,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11377,24 +17196,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11402,24 +17229,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11427,23 +17262,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11454,17 +17298,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11474,17 +17330,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11494,103 +17362,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor", - "actor_id", - "token_id", - "token_scopes", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11598,17 +17500,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11617,15 +17532,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11636,16 +17564,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11655,17 +17596,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11675,19 +17629,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11696,17 +17661,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "action", - "actor_id", - "repo", - "repo_id", - "@timestamp", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11715,26 +17693,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11743,30 +17727,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11776,20 +17765,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11798,25 +17798,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11825,23 +17833,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11849,25 +17868,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11877,17 +17905,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -11896,23 +17937,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11922,20 +17972,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "visibility", - "repo_id", - "created_at", - "actor", - "action", - "@timestamp", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -11943,20 +18004,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", - "actor_id", - "created_at", - "user", - "operation_type", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -11965,19 +18037,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11985,20 +18068,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -12006,23 +18100,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12030,21 +18134,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12052,21 +18166,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12074,22 +18198,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12097,42 +18230,63 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { "action": "repo.pages_private", "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12140,22 +18294,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -12163,18 +18326,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12182,22 +18359,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12205,21 +18392,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12227,18 +18424,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12247,22 +18456,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12271,24 +18489,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12297,23 +18523,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "key", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12321,26 +18557,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12349,21 +18590,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12372,25 +18622,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12398,22 +18654,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12422,20 +18688,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12443,19 +18720,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12463,17 +18751,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12482,17 +18785,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12501,7 +18819,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12516,23 +18855,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12542,20 +18890,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12566,21 +18925,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12589,22 +18959,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12613,21 +18993,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12636,22 +19027,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12662,16 +19063,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12680,22 +19092,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -12705,22 +19126,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12729,23 +19161,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12755,19 +19197,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12775,21 +19227,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12798,24 +19260,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12823,25 +19294,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12850,24 +19328,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12876,25 +19364,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12903,22 +19399,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12927,26 +19432,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "visibility", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" ] }, { @@ -12954,31 +19467,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12987,24 +19507,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13013,24 +19539,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13039,21 +19571,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13061,21 +19603,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13083,21 +19635,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13105,20 +19668,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13126,21 +19701,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13148,19 +19734,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "invitee", - "action", - "@timestamp", - "request_id", - "actor_id", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13168,31 +19767,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13201,19 +19808,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13221,8 +19839,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13231,23 +19848,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13272,26 +19898,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13300,26 +19932,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13328,23 +19966,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13354,23 +19999,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13380,24 +20032,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13407,24 +20066,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13433,24 +20099,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13460,23 +20133,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13486,23 +20166,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13511,22 +20199,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13534,24 +20230,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13560,24 +20264,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13586,19 +20298,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13607,24 +20331,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13633,24 +20365,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13659,19 +20399,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13680,26 +20432,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13708,26 +20465,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13736,28 +20498,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13765,27 +20535,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13793,28 +20571,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13822,28 +20608,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13851,29 +20645,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", - "owner", - "org", - "org_id", - "_document_id", - "@timestamp", + "owner", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13882,29 +20684,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13913,44 +20723,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -13961,21 +20793,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -13984,26 +20828,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14011,21 +20863,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14033,21 +20896,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14056,20 +20933,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14078,24 +20965,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14103,26 +20997,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14130,23 +21030,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14154,23 +21061,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14179,18 +21093,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14199,19 +21126,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14220,43 +21159,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -14265,28 +21228,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -14294,25 +21266,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14320,14 +21299,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -14337,26 +21330,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14365,19 +21369,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14386,20 +21401,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14408,19 +21433,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14429,14 +21465,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14454,25 +21504,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14481,25 +21539,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -14509,49 +21575,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -14565,10 +21652,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14583,15 +21688,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14600,7 +21698,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14608,22 +21707,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14632,22 +21742,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14656,10 +21777,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14674,15 +21813,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14690,7 +21822,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14698,15 +21831,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14716,10 +21864,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14734,15 +21900,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14751,7 +21910,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14759,18 +21919,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -14778,18 +21950,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14797,16 +21981,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14816,18 +22013,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -14836,16 +22046,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14856,15 +22079,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -14874,15 +22110,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -14891,17 +22142,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14910,17 +22174,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -14929,16 +22207,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -14948,14 +22239,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -14965,17 +22271,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -14984,17 +22303,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15003,18 +22335,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15023,15 +22368,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -15041,16 +22400,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15058,15 +22430,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15077,16 +22462,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -15096,17 +22494,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -15115,17 +22526,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15136,17 +22560,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15157,18 +22594,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15178,16 +22626,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15197,17 +22658,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15216,16 +22690,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15237,17 +22724,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15256,19 +22756,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15277,21 +22790,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15300,19 +22822,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15321,20 +22854,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15342,18 +22889,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -15361,16 +22923,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15378,23 +22955,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15402,23 +22989,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15426,23 +23023,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15450,23 +23057,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15474,15 +23091,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15491,15 +23123,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15508,15 +23155,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15525,15 +23187,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15542,15 +23219,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15558,15 +23250,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15575,21 +23282,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -15599,22 +23316,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -15623,20 +23349,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -15645,18 +23382,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -15666,21 +23416,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -15689,21 +23450,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -15712,80 +23483,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org", - "created_at", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15794,22 +23609,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15818,22 +23642,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -15843,21 +23676,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -15865,21 +23708,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -15888,17 +23742,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15907,19 +23774,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -15928,28 +23806,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -15957,17 +23844,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15975,17 +23875,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15993,14 +23906,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -16009,15 +23937,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -16025,13 +23968,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16039,17 +23999,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -16057,17 +24030,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -16075,16 +24061,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16092,15 +24092,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16108,38 +24123,62 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" + }, + { + "action": "two_factor_authentication.disabled", + "description": "Two-factor authentication was disabled for a user account.", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" - }, - { - "action": "two_factor_authentication.disabled", - "description": "Two-factor authentication was disabled for a user account.", - "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", - "fields": [ - "actor", - "action", - "_document_id", "user_agent", - "user", - "user_id", - "actor_id", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -16148,18 +24187,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -16168,15 +24219,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16184,16 +24250,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -16202,18 +24281,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -16222,15 +24313,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -16239,16 +24345,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -16256,19 +24375,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -16277,18 +24408,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -16296,15 +24439,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -16314,20 +24470,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ - "action", - "actor", - "user_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -16335,18 +24502,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16354,18 +24533,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -16374,17 +24565,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -16393,16 +24597,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16410,16 +24628,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16427,16 +24659,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16444,19 +24690,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -16464,21 +24722,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16486,20 +24756,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", - "request_id", - "user_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -16507,18 +24788,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16527,19 +24820,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -16547,18 +24851,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16566,18 +24882,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16585,18 +24913,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -16605,17 +24945,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16623,17 +24975,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16641,17 +25006,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16659,17 +25037,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16677,21 +25068,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16699,21 +25100,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -16722,17 +25133,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16740,17 +25164,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16758,17 +25195,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16776,18 +25226,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16795,16 +25257,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -16813,17 +25288,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -16832,17 +25321,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16850,18 +25352,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -16870,19 +25384,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", "operation_type", - "_document_id", - "request_id", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -16890,18 +25416,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16909,19 +25447,30 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", - "user", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16929,18 +25478,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16948,14 +25509,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16963,21 +25540,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16985,16 +25572,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -17003,20 +25603,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -17024,20 +25635,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17045,17 +25668,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17063,20 +25699,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -17084,17 +25731,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -17103,18 +25762,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -17123,18 +25794,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17142,16 +25825,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -17162,16 +25858,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -17180,18 +25888,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -17199,18 +25919,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17218,18 +25950,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17237,46 +25981,67 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", + "limited_availability", + "emoji", + "operation_type" + ] + }, + { + "action": "user_status.update", + "description": "Triggered when you set or change the status on your profile.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "limited_availability", - "action", - "emoji", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "user_status.update", - "description": "Triggered when you set or change the status on your profile.", - "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", - "fields": [ "limited_availability", - "user", - "action", - "actor_id", "message", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", - "user_agent", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -17285,21 +26050,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -17307,18 +26082,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17326,18 +26113,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17347,16 +26146,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -17364,18 +26175,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17383,18 +26206,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -17402,17 +26237,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17420,18 +26268,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", - "actor", - "user_id", - "action", - "created_at", - "user", - "operation_type", "@timestamp", - "request_id", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17439,17 +26299,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -17458,19 +26331,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -17479,15 +26364,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -17496,21 +26394,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -17518,21 +26426,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17540,18 +26460,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17559,16 +26491,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17578,16 +26524,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17597,18 +26557,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17618,21 +26591,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17640,21 +26625,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17662,21 +26658,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17684,16 +26691,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17703,27 +26724,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17732,23 +26759,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17756,10 +26793,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17770,20 +26825,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17792,23 +26836,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17818,10 +26870,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17833,19 +26903,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17856,10 +26916,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17868,21 +26946,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17892,23 +26959,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -17917,22 +26996,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17940,21 +27030,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -17962,25 +27063,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17988,23 +27097,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -18018,24 +27140,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -18044,10 +27175,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -18057,21 +27206,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -18081,25 +27220,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.17/organization.json b/src/audit-logs/data/ghes-3.17/organization.json index 06dcc83c724b..579c2327cfb1 100644 --- a/src/audit-logs/data/ghes-3.17/organization.json +++ b/src/audit-logs/data/ghes-3.17/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,39 +301,62 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.change_billing_type", "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -244,19 +365,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -265,18 +398,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -284,18 +430,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -303,20 +461,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -325,20 +494,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -349,17 +529,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,207 +559,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_numbers", - "commit_oid", - "ref", - "request_id", - "org_id", - "org", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "business" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_numbers", + "commit_oid", + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -577,28 +930,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -606,17 +965,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -627,25 +999,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -656,22 +1037,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -683,22 +1075,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -707,15 +1110,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -726,15 +1144,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -744,20 +1175,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -765,19 +1206,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -785,17 +1237,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -805,27 +1270,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "org", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -833,19 +1307,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -853,18 +1340,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -873,20 +1372,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -894,21 +1403,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -916,21 +1434,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -938,13 +1468,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -954,23 +1499,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -978,16 +1530,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -996,40 +1562,59 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_assignment_reused", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1039,20 +1624,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1060,19 +1655,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1080,21 +1687,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1102,21 +1718,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1124,21 +1752,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1146,14 +1785,28 @@ "description": "Copilot custom instructions were created for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1164,14 +1817,28 @@ "description": "Copilot custom instructions were updated for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1179,92 +1846,129 @@ }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1276,20 +1980,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1300,21 +2015,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "user_id", - "owner", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1322,21 +2048,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "user_id", - "owner", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1344,21 +2081,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1368,19 +2114,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1390,42 +2145,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "custom_property_definition.create", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_property_definition.create", "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1438,18 +2215,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1463,14 +2253,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1483,8 +2288,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1493,27 +2297,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1522,19 +2334,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1543,16 +2367,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1564,19 +2401,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1585,19 +2433,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1606,40 +2465,62 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" - }, - { - "action": "dependabot_alerts_new_repos.enable", - "description": "Dependabot alerts were enabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "user", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_alerts_new_repos.enable", + "description": "Dependabot alerts were enabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1648,17 +2529,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1666,19 +2560,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1687,19 +2592,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1707,19 +2623,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1728,19 +2655,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1748,19 +2686,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1769,19 +2718,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1789,41 +2749,62 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" - }, - { - "action": "dependency_graph_new_repos.enable", - "description": "The dependency graph was enabled for all new repositories.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "operation_type", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1831,21 +2812,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1853,20 +2843,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1874,130 +2874,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2008,16 +3074,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2028,18 +3108,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2050,17 +3144,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2069,17 +3176,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2088,22 +3208,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2112,22 +3241,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2135,28 +3274,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2165,27 +3310,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2194,25 +3347,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2221,26 +3382,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2249,21 +3417,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2272,22 +3452,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2296,25 +3486,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2323,22 +3522,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2347,21 +3558,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2372,19 +3593,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2393,20 +3625,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2415,19 +3657,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2436,23 +3689,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2460,18 +3722,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2482,20 +3754,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2505,25 +3787,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2531,25 +3823,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2557,26 +3858,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2585,25 +3895,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2611,26 +3930,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2638,21 +3966,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2661,19 +4000,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2681,21 +4033,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2704,19 +4067,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2727,20 +4104,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2750,24 +4139,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2778,23 +4178,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2805,21 +4217,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2830,20 +4254,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2853,20 +4289,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2876,19 +4325,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2897,20 +4360,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2920,20 +4396,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2942,20 +4431,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2964,20 +4466,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2985,19 +4499,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3006,19 +4533,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3027,17 +4567,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3050,21 +4603,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -3078,17 +4644,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3100,19 +4679,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3120,19 +4710,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3140,20 +4741,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "business", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -3162,19 +4772,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3182,24 +4803,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -3207,24 +4836,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -3232,19 +4869,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -3252,45 +4902,130 @@ "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.update", - "description": "A comment on an issue (other than the initial one) changed.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", + "@timestamp", + "_document_id", "action", - "repo_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.update", + "description": "A comment on an issue (other than the initial one) changed.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3298,21 +5033,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "operation_type", "user_agent", - "repo", - "token_scopes", - "programmatic_access_type" + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3321,23 +5066,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3346,22 +5101,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3370,24 +5135,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3396,19 +5170,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3417,18 +5202,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3438,19 +5234,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3459,18 +5266,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3478,21 +5297,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3500,21 +5332,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", "marketplace_listing", - "@timestamp", "integration", - "org_id", - "action", - "org", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3522,22 +5367,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3545,19 +5403,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3567,22 +5438,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3590,22 +5474,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3613,20 +5510,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3635,20 +5542,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3657,21 +5574,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3680,22 +5606,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3704,21 +5638,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3727,22 +5670,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3751,19 +5702,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3772,18 +5734,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3793,21 +5766,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3818,16 +5800,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -3836,21 +5829,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3859,19 +5861,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3880,19 +5893,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3900,21 +5925,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", - "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", "operation_type" ] @@ -3924,16 +5958,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3943,18 +5990,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3964,14 +6024,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -3979,19 +6055,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -3999,18 +6086,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4018,23 +6117,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -4042,16 +6149,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4059,24 +6180,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4084,22 +6213,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4108,15 +6252,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -4129,21 +6286,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4152,20 +6324,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4174,20 +6358,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4196,20 +6392,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4218,20 +6426,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4240,19 +6460,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4261,20 +6494,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4283,20 +6528,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4305,19 +6562,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4326,17 +6596,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4347,20 +6628,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4369,21 +6660,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4392,24 +6693,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4417,21 +6728,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4439,20 +6760,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4460,22 +6791,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4483,20 +6822,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4504,22 +6853,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4527,21 +6884,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4551,19 +6918,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4572,19 +6950,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4594,53 +6983,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4650,17 +7078,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -4669,21 +7110,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -4692,16 +7144,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4710,18 +7175,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -4730,19 +7208,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -4752,22 +7241,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -4775,19 +7275,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4795,23 +7306,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4819,21 +7338,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4841,23 +7370,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4865,23 +7402,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4889,66 +7434,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -4957,21 +7531,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -4980,16 +7564,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4999,16 +7596,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5018,19 +7628,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5039,17 +7660,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5058,21 +7692,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5080,21 +7723,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5102,16 +7754,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -5121,17 +7786,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5140,17 +7818,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5160,16 +7851,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5178,17 +7882,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5197,17 +7914,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5216,22 +7946,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5240,17 +7978,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5261,15 +8010,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5280,18 +8042,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5300,20 +8074,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5322,20 +8107,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5344,21 +8141,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "visibility", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5366,21 +8175,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5396,24 +8214,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5427,21 +8253,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5456,18 +8293,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5475,20 +8324,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5497,16 +8356,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5516,19 +8388,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5537,14 +8420,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5553,21 +8453,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5576,17 +8485,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5594,19 +8516,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5614,19 +8547,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -5634,19 +8578,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5655,17 +8610,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -5674,19 +8642,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5695,19 +8674,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -5716,21 +8708,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5739,17 +8740,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -5758,17 +8772,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -5777,18 +8804,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5796,23 +8836,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -5821,17 +8870,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5841,19 +8901,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5861,19 +8932,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5881,19 +8963,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -5903,20 +8997,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5925,18 +9030,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -5946,19 +9064,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -5967,20 +9097,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "url", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -5990,16 +9131,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6007,20 +9161,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6029,20 +9194,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6051,19 +9226,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6072,19 +9258,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6093,19 +9290,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6114,19 +9322,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6135,19 +9354,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6156,20 +9387,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6178,21 +9420,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6201,18 +9453,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6222,22 +9485,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6245,21 +9518,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6267,21 +9549,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6289,21 +9580,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6311,18 +9612,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6331,19 +9644,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6351,14 +9676,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6369,14 +9708,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6387,14 +9740,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6405,20 +9772,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6427,18 +9804,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6448,19 +9836,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6469,21 +9868,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6493,21 +9904,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6516,20 +9937,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6538,23 +9970,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -6563,23 +10005,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6588,19 +10038,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -6609,25 +10072,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6636,21 +10110,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -6659,21 +10144,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6683,21 +10177,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6707,20 +10210,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6729,22 +10242,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6753,21 +10274,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6776,21 +10306,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6799,22 +10338,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6823,21 +10370,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6846,22 +10402,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6869,22 +10433,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -6892,21 +10464,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6916,21 +10497,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -6940,19 +10530,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6962,21 +10563,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -6986,21 +10596,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7010,19 +10629,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7032,22 +10662,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7056,22 +10694,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7080,22 +10726,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7104,21 +10758,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7127,21 +10790,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7150,22 +10822,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7174,22 +10854,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7198,26 +10886,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7226,26 +10923,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7253,28 +10958,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7282,26 +10995,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7309,15 +11030,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7326,15 +11064,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7343,7 +11098,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7358,20 +11134,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7380,16 +11167,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7400,18 +11200,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7420,17 +11233,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7438,18 +11264,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7458,18 +11296,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "policy", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7478,18 +11329,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7498,22 +11361,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7521,21 +11394,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -7544,19 +11428,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7567,15 +11462,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7585,19 +11493,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7606,20 +11527,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -7628,23 +11561,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7653,20 +11597,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -7675,20 +11631,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7696,22 +11664,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7720,20 +11699,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7741,17 +11731,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7761,20 +11764,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7783,17 +11797,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -7802,17 +11829,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7823,19 +11863,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -7843,18 +11896,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -7863,18 +11928,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -7883,17 +11960,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -7902,17 +11992,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -7921,20 +12024,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -7943,16 +12059,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7961,14 +12092,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -7979,16 +12125,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -7997,16 +12158,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8016,17 +12190,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8036,16 +12221,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8055,20 +12253,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8076,19 +12284,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8097,19 +12316,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8118,18 +12348,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -8139,23 +12380,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -8164,25 +12415,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8194,25 +12452,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8223,19 +12488,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8246,26 +12522,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8278,22 +12561,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8301,20 +12595,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8324,23 +12629,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8349,21 +12665,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8374,21 +12701,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8397,20 +12737,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8419,17 +12773,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8440,20 +12809,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8462,18 +12845,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8481,16 +12876,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8498,18 +12907,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8517,18 +12938,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8539,22 +12973,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8562,22 +13005,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8585,18 +13037,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8607,18 +13072,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8629,18 +13104,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8651,23 +13136,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8675,21 +13171,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8697,17 +13204,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8718,18 +13238,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "user_programmatic_access_id", "user_programmatic_access_name", - "user", - "user_id", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8741,17 +13274,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8763,20 +13309,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8788,20 +13343,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8813,20 +13377,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8838,20 +13411,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8863,15 +13445,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8881,17 +13478,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8901,15 +13509,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8919,19 +13542,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8939,23 +13573,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", - "programmatic_access_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8963,23 +13604,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8987,17 +13635,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9007,17 +13666,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9027,17 +13697,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9047,17 +13728,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9067,17 +13759,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9087,17 +13792,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9105,25 +13823,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9131,20 +13860,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9154,25 +13894,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "collaborator_type", - "org", - "org_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9180,20 +13932,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9201,25 +13965,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9227,17 +14003,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9245,17 +14034,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9263,18 +14065,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9283,18 +14097,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9303,19 +14129,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9323,17 +14160,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9345,22 +14195,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9368,19 +14227,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9388,17 +14258,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9406,18 +14289,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9425,20 +14321,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9446,18 +14352,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9466,18 +14384,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9486,16 +14416,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9507,21 +14450,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9529,22 +14484,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9553,29 +14518,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", - "actor", - "actor_id", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9583,24 +14553,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9611,21 +14589,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9636,22 +14624,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9659,24 +14657,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9684,30 +14692,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9717,28 +14732,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9749,23 +14772,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9773,22 +14805,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "operation_type", - "request_id", - "repo", - "@timestamp", - "org_id", - "org", - "action", "allow_deletions_enforcement_level", - "_document_id", - "created_at", - "actor_id", - "user_agent", - "actor", - "repo_id", - "request_access_security_header" + "created_at" ] }, { @@ -9796,23 +14838,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -9820,24 +14871,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -9846,22 +14906,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -9869,24 +14939,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9895,27 +14974,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -9924,18 +15010,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9946,24 +15045,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9971,25 +15079,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -9997,22 +15112,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10020,22 +15145,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10044,22 +15180,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10067,25 +15213,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10093,22 +15246,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10116,22 +15279,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10139,23 +15312,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10164,24 +15348,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10190,20 +15385,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10212,21 +15421,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10236,22 +15458,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10260,25 +15494,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10287,23 +15531,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10312,18 +15567,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10333,21 +15602,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10356,19 +15636,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10379,23 +15672,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10405,17 +15710,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10423,19 +15742,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10443,19 +15775,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10465,21 +15810,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10488,27 +15844,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10516,23 +15879,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10541,18 +15916,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10560,19 +15949,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10582,20 +15983,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10603,18 +16015,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", - "created_at", - "actor", - "_document_id", - "@timestamp", - "comment_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10622,21 +16047,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10644,20 +16081,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10666,19 +16116,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10688,22 +16152,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10712,21 +16186,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10735,25 +16218,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10762,23 +16252,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10787,24 +16285,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -10813,23 +16318,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -10839,22 +16352,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -10863,19 +16385,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -10884,24 +16419,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -10910,24 +16455,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10935,24 +16488,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10960,24 +16521,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -10985,24 +16554,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11010,23 +16587,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11037,17 +16623,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type" ] @@ -11057,17 +16655,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11077,102 +16687,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11181,19 +16825,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11201,17 +16856,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11220,15 +16888,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11239,16 +16920,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11258,17 +16952,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo_id", - "repo", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11278,19 +16985,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11299,17 +17017,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11318,26 +17049,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11346,30 +17083,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11379,20 +17121,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11401,25 +17154,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11428,23 +17189,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11452,25 +17224,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11480,23 +17261,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11506,23 +17296,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11530,21 +17330,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11552,21 +17362,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11574,22 +17394,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11597,21 +17426,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11619,20 +17458,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11640,22 +17490,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11663,18 +17522,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11682,22 +17555,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11705,21 +17588,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11727,18 +17620,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11747,22 +17652,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11771,24 +17685,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11797,23 +17719,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -11821,26 +17753,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -11849,21 +17786,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -11872,25 +17818,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -11898,22 +17850,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -11922,25 +17884,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -11950,19 +17921,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -11970,17 +17952,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -11989,17 +17986,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12008,7 +18020,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12023,23 +18056,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12049,20 +18091,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12073,21 +18126,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12096,22 +18160,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12120,21 +18194,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12143,22 +18228,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12169,16 +18264,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12188,22 +18294,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12212,23 +18329,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12238,19 +18365,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12258,21 +18395,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12281,50 +18428,66 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { "action": "repo.update_actions_secret", "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12333,24 +18496,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12359,25 +18532,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12386,22 +18567,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12410,26 +18600,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12437,31 +18635,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12470,42 +18675,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -12514,17 +18738,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -12533,21 +18770,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12555,18 +18801,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12574,21 +18832,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12596,17 +18863,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -12615,21 +18895,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12637,24 +18926,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12663,24 +18958,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12689,19 +18990,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12710,21 +19022,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12733,23 +19054,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", - "_document_id", - "actor", - "user", - "action", "@timestamp", - "org_id", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12758,24 +19086,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12784,21 +19119,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -12806,21 +19151,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -12828,21 +19183,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -12850,20 +19216,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -12871,21 +19249,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -12893,19 +19282,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -12913,17 +19315,31 @@ "description": "An organization has reached their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12934,17 +19350,31 @@ "description": "An organization is approaching their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12955,19 +19385,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -12976,20 +19417,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -12998,20 +19449,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -13019,31 +19479,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13052,19 +19520,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13072,8 +19551,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13082,23 +19560,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13123,26 +19610,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13151,26 +19644,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13179,23 +19678,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13205,23 +19711,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13231,24 +19744,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13258,24 +19778,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13284,24 +19811,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13311,23 +19845,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13337,23 +19878,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13362,22 +19911,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13385,24 +19942,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13410,22 +19975,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13434,24 +20008,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13460,24 +20042,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13486,19 +20076,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13507,24 +20109,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13533,24 +20143,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13559,19 +20177,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13580,26 +20210,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13608,26 +20243,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13636,28 +20276,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13665,27 +20313,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13693,28 +20349,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13722,28 +20386,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13751,20 +20423,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -13773,20 +20455,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13794,19 +20486,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13814,29 +20517,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13845,29 +20556,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13876,44 +20595,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -13924,21 +20665,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -13947,26 +20700,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -13974,21 +20735,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -13996,21 +20768,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14019,20 +20805,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14041,24 +20837,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14066,26 +20869,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14093,23 +20902,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14117,23 +20933,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14142,24 +20965,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14168,21 +20998,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14191,18 +21031,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14211,19 +21064,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14232,22 +21097,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -14258,23 +21134,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -14283,23 +21170,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -14310,35 +21208,63 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -14346,29 +21272,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -14377,14 +21313,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -14392,35 +21342,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -14428,25 +21387,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14454,14 +21420,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -14471,33 +21451,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14506,25 +21494,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -14534,27 +21530,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -14564,26 +21568,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14592,19 +21604,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14613,19 +21636,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14634,20 +21668,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14656,19 +21700,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14677,14 +21732,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14702,25 +21771,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14729,25 +21806,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -14757,49 +21842,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -14813,10 +21919,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14831,15 +21955,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14848,7 +21965,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14856,22 +21974,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14880,22 +22009,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14904,10 +22044,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14922,15 +22080,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14938,7 +22089,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14946,15 +22098,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14964,10 +22131,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14982,15 +22167,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14999,7 +22177,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15007,16 +22186,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15026,18 +22218,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15046,16 +22251,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15065,15 +22283,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -15085,15 +22316,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -15103,15 +22347,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -15120,17 +22379,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15139,17 +22411,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15158,16 +22444,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -15177,14 +22476,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -15194,17 +22508,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15213,17 +22540,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15232,18 +22572,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15252,15 +22605,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -15270,16 +22637,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15287,15 +22667,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15306,16 +22699,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -15325,17 +22731,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15346,17 +22765,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15367,18 +22799,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15388,16 +22831,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15407,16 +22863,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15428,17 +22897,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15447,19 +22929,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15468,21 +22963,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15491,36 +22995,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -15531,20 +23059,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15552,18 +23094,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -15571,16 +23128,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15588,23 +23160,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15612,23 +23194,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15636,23 +23228,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15660,23 +23262,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15684,21 +23296,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -15708,22 +23330,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -15732,20 +23363,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -15754,18 +23396,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -15775,21 +23430,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -15798,21 +23464,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "user_agent", + "team", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -15821,80 +23497,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15903,19 +23623,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -15923,19 +23655,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -15943,22 +23687,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -15966,22 +23719,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15990,22 +23752,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16013,23 +23784,33 @@ { "action": "team.remove_repository", "description": "A repository was removed from a team's control.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -16037,21 +23818,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -16060,17 +23852,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16079,19 +23884,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16100,19 +23916,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -16120,28 +23947,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -16149,16 +23985,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16168,16 +24018,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16187,18 +24051,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16208,21 +24085,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16230,21 +24119,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -16252,21 +24152,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -16274,16 +24185,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16293,27 +24218,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16322,23 +24253,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16346,10 +24287,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16360,20 +24319,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -16382,23 +24330,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16408,10 +24364,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16423,19 +24397,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -16446,10 +24410,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16458,21 +24440,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -16482,23 +24453,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -16507,22 +24490,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16530,21 +24524,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16552,25 +24557,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16578,23 +24591,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -16608,24 +24634,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16634,10 +24669,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16647,21 +24700,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -16671,25 +24714,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.17/user.json b/src/audit-logs/data/ghes-3.17/user.json index 1b7dfef9655a..35b1e5e0f5d6 100644 --- a/src/audit-logs/data/ghes-3.17/user.json +++ b/src/audit-logs/data/ghes-3.17/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,17 +227,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -167,19 +259,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -188,18 +292,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -207,18 +324,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -226,15 +355,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -244,26 +386,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -271,24 +423,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -296,26 +458,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -323,20 +495,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -347,17 +530,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -368,20 +564,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -390,19 +598,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -411,19 +632,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -432,20 +665,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -454,19 +699,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -475,20 +732,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -497,20 +765,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -521,17 +800,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -539,14 +830,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -556,25 +862,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -585,22 +900,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -612,22 +938,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -636,36 +973,64 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "owner", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo" - ] - }, + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, { "action": "codespaces.restore", "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -675,27 +1040,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -703,19 +1077,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -723,18 +1110,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -743,23 +1142,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -767,16 +1173,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -785,24 +1205,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -810,15 +1236,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -828,40 +1267,62 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_cancelled", - "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -869,21 +1330,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -891,21 +1361,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "user_id", - "owner", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -913,21 +1394,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "user_id", - "owner", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "owner_type", + "owner", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -935,21 +1427,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -959,19 +1460,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -981,21 +1491,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1005,19 +1524,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1026,19 +1556,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1047,19 +1588,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1068,19 +1620,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1089,17 +1652,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1107,19 +1683,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1128,19 +1715,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1148,19 +1746,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1169,19 +1778,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1189,19 +1809,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1210,39 +1841,61 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependency_graph_new_repos.disable", - "description": "The dependency graph was disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", - "fields": [ - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1251,20 +1904,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1272,22 +1935,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1296,22 +1968,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1319,28 +2001,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1349,27 +2037,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1378,25 +2074,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1405,49 +2109,68 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" - ], - "docs_reference_titles": "Managing environments for deployment" - }, - { - "action": "environment.remove_actions_variable", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_variable", "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1456,22 +2179,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1480,25 +2213,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1507,22 +2249,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1531,21 +2285,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1556,21 +2320,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1578,20 +2353,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1599,21 +2386,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1621,22 +2419,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1645,23 +2454,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1670,23 +2490,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1694,18 +2523,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1716,20 +2555,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1739,18 +2588,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1758,18 +2619,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1777,25 +2650,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1803,25 +2686,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -1829,26 +2721,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -1857,25 +2758,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -1883,26 +2793,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -1910,21 +2829,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -1933,19 +2863,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -1953,21 +2896,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -1976,19 +2930,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -1999,20 +2967,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2022,24 +3002,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2050,23 +3041,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2077,20 +3080,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2100,19 +3116,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2121,20 +3151,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2144,20 +3187,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2166,20 +3222,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2188,20 +3257,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2209,19 +3290,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2230,38 +3324,64 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "name", - "integration", - "user", - "user_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "application_client_id" - ] - }, - { - "action": "integration.suspend", - "description": "A GitHub App was suspended.", - "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", - "fields": [ + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2274,21 +3394,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2302,17 +3435,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2324,18 +3470,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2343,21 +3501,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2365,21 +3536,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2387,22 +3571,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2410,19 +3607,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2433,21 +3643,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", - "operation_type", - "marketplace_listing", - "has_free_trial", - "user_agent", - "request_id", + "actor", "actor_id", - "yearly_price_in_cents", - "description", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "marketplace_listing", + "has_free_trial", + "yearly_price_in_cents", + "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2455,22 +3680,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2478,21 +3718,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2501,21 +3756,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2524,22 +3794,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2547,22 +3830,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2570,19 +3866,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2590,21 +3898,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2614,16 +3931,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2633,18 +3963,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "max_entries_to_build", - "min_entries_to_merge", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "_document_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "max_entries_to_build", + "min_entries_to_merge", + "public_repo", "created_at", "operation_type" ] @@ -2654,14 +3997,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2669,19 +4028,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2689,18 +4059,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2708,23 +4090,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -2732,20 +4122,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -2756,19 +4156,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -2778,19 +4189,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -2799,16 +4221,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -2818,39 +4252,63 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", - "user", - "user_agent", - "request_access_security_header" - ] - }, - { - "action": "oauth_application.create", - "description": "An OAuth application was created.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", - "fields": [ - "org", - "created_at", - "oauth_application_id", - "operation_type", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "actor", - "oauth_application", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "oauth_application.create", + "description": "An OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2859,20 +4317,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2881,20 +4351,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2903,20 +4385,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2925,19 +4419,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2946,20 +4453,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2968,20 +4487,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2990,19 +4521,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3011,24 +4555,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3038,20 +4589,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -3062,20 +4624,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3085,21 +4658,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3108,24 +4691,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3133,20 +4726,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3154,22 +4757,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3177,20 +4788,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3198,22 +4819,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3221,48 +4850,66 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" - ] + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] }, { "action": "org.security_center_export_code_scanning_metrics", "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3271,26 +4918,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3298,28 +4953,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3327,26 +4990,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3354,20 +5025,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3376,16 +5058,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3396,18 +5091,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3416,18 +5124,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3436,18 +5156,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3456,18 +5189,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3477,20 +5222,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3498,17 +5254,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3518,20 +5287,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3540,20 +5320,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3562,17 +5356,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3583,20 +5392,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3605,19 +5428,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3625,19 +5460,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3645,35 +5492,61 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" - ] - }, - { - "action": "payment_method.remove", - "description": "A payment method was removed.", - "docs_reference_links": "N/A", - "fields": [ - "user", - "created_at", - "actor_id", - "@timestamp", - "user_id", - "action", - "operation_type", - "actor", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "payment_method.remove", + "description": "A payment method was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3681,18 +5554,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3700,18 +5585,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3722,18 +5620,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3744,17 +5655,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3764,19 +5688,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3784,12 +5720,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -3800,20 +5753,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3821,17 +5786,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3842,18 +5820,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3865,17 +5856,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3887,17 +5891,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3908,15 +5925,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3926,17 +5958,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -3946,15 +5989,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3964,17 +6022,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3984,17 +6053,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4004,17 +6084,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4024,17 +6115,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4044,19 +6146,32 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", - "request_id", - "user_agent", + "action", "actor", - "operation_type" - ], + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", + "operation_type" + ], "docs_reference_titles": "Personalize your profile" }, { @@ -4064,17 +6179,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4082,20 +6210,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4105,25 +6244,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4131,20 +6282,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4152,25 +6315,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4178,17 +6353,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4196,17 +6384,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4214,18 +6415,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4234,39 +6447,62 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" - }, - { - "action": "project.link", - "description": "A repository was linked to a project board.", - "docs_reference_links": "N/A", - "fields": [ + "programmatic_access_type", + "repo", "repo_id", - "action", - "actor_id", - "org_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" + }, + { + "action": "project.link", + "description": "A repository was linked to a project board.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", - "created_at", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "repo" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4274,17 +6510,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4296,22 +6545,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4319,19 +6577,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4339,17 +6608,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4357,18 +6639,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4376,20 +6671,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4397,18 +6702,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4417,36 +6734,61 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" - }, - { - "action": "project.visibility_private", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project.visibility_private", "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4458,21 +6800,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4480,18 +6834,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4502,23 +6869,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4527,24 +6905,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4553,20 +6942,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4575,21 +6978,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4599,22 +7015,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4623,25 +7051,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", - "actor", - "key", - "fingerprint", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4650,23 +7088,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4675,22 +7124,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -4699,21 +7158,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -4722,25 +7190,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -4749,23 +7224,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -4774,24 +7257,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -4800,23 +7290,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -4826,22 +7324,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -4850,19 +7357,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -4871,24 +7391,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -4897,23 +7427,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4924,17 +7463,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4943,15 +7495,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -4962,16 +7527,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -4981,17 +7559,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5001,19 +7592,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5022,17 +7624,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5041,26 +7656,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5069,30 +7690,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5102,20 +7728,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5124,25 +7761,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5151,23 +7796,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5175,25 +7831,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5203,23 +7868,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5227,21 +7902,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5249,21 +7934,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5271,22 +7966,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5294,21 +7998,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5316,20 +8030,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5337,22 +8062,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5360,18 +8094,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5379,22 +8127,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5402,21 +8160,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5424,18 +8192,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5444,48 +8224,65 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" - ], - "docs_reference_titles": "Using secrets in GitHub Actions" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, { "action": "repo.remove_actions_variable", "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5494,23 +8291,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5518,26 +8325,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5546,21 +8358,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5569,25 +8390,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5595,22 +8422,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5619,19 +8456,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5639,23 +8487,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -5665,20 +8522,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5689,21 +8557,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -5712,22 +8591,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -5736,21 +8625,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -5759,22 +8659,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -5785,16 +8695,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5803,22 +8724,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -5828,22 +8758,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -5852,23 +8793,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5878,41 +8829,61 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" - ] - }, - { - "action": "repo.unarchived", - "description": "A repository was unarchived.", - "docs_reference_links": "/repositories/archiving-a-github-repository", - "fields": [ - "actor", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "repo", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5921,24 +8892,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5946,25 +8926,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5973,24 +8960,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5999,25 +8996,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6026,22 +9031,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6050,26 +9064,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6077,31 +9099,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6110,21 +9139,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6132,21 +9171,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6154,21 +9203,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6176,20 +9236,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -6197,21 +9269,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -6219,19 +9302,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6239,31 +9335,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6272,19 +9376,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6292,8 +9407,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6302,23 +9416,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6343,18 +9466,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6362,18 +9497,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6381,16 +9528,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6400,18 +9560,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6420,16 +9593,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6440,15 +9626,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6458,15 +9657,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6475,17 +9689,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6494,17 +9721,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6513,33 +9754,61 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", - "request_id", - "user_id", - "created_at", - "user", "_document_id", - "user_agent", - "actor", - "operation_type" - ], - "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" - }, - { - "action": "sponsors.sponsor_sponsorship_tier_change", - "description": "A sponsorship was upgraded or downgraded.", - "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", - "fields": [ - "user_id", + "action", "actor", "actor_id", - "action", - "user", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_tier_change", + "description": "A sponsorship was upgraded or downgraded.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6549,17 +9818,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6568,17 +9850,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6587,18 +9882,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6607,15 +9915,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -6625,16 +9947,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6642,15 +9977,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -6661,16 +10009,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -6680,17 +10041,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -6699,17 +10073,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6720,17 +10107,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6741,18 +10141,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6762,16 +10173,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6781,17 +10205,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6800,16 +10237,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6819,23 +10269,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6843,23 +10303,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6867,23 +10337,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6891,39 +10371,64 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "actor_is_bot", - "request_access_security_header" - ] - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, { "action": "successor_invitation.accept", "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6932,15 +10437,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6949,15 +10469,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6966,15 +10501,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6983,15 +10533,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6999,15 +10564,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7016,17 +10596,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7034,17 +10627,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7052,14 +10658,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7068,29 +10689,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", - "user_agent", - "action" - ] - }, - { - "action": "two_factor_account_recovery.ignore", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.ignore", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7098,17 +10751,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -7116,17 +10782,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7134,16 +10813,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7151,15 +10844,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7167,18 +10875,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7187,18 +10907,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7207,18 +10939,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7227,52 +10971,92 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", - "_document_id", - "user_agent" - ] - }, - { - "action": "two_factor_authentication.recovery_codes_regenerated", - "description": "Two factor recovery codes were regenerated for a user account.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "actor", - "operation_type", "_document_id", - "user_id", "action", - "user", - "user_agent", + "actor", "actor_id", - "@timestamp", - "created_at" - ] + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.recovery_codes_regenerated", + "description": "Two factor recovery codes were regenerated for a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] }, { "action": "two_factor_authentication.remove_factor", "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7281,15 +11065,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -7298,16 +11097,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7315,19 +11127,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7336,18 +11160,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7355,15 +11191,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7373,20 +11222,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7394,18 +11254,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7413,18 +11285,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7433,17 +11317,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7452,19 +11349,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7472,21 +11381,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7494,20 +11415,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7515,18 +11447,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7535,19 +11479,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7555,18 +11510,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7574,18 +11541,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7593,37 +11572,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user_id", - "actor", - "operation_type", - "created_at", - "_document_id", "@timestamp", - "user", - "actor_id", + "_document_id", "action", - "request_access_security_header" - ] - }, - { + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { "action": "user.device_verification_success", "description": "N/A", "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7631,17 +11634,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7649,17 +11665,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7667,17 +11696,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7685,21 +11727,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7707,21 +11759,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -7730,17 +11792,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7748,17 +11823,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7766,17 +11854,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7784,36 +11885,62 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" - ] - }, - { - "action": "user.forgot_password", - "description": "A user requested a password reset.", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.forgot_password", + "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -7822,17 +11949,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7840,18 +11980,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7860,19 +12012,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -7880,18 +12044,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7899,18 +12075,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7918,21 +12106,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7940,16 +12138,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -7958,20 +12169,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -7979,20 +12201,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8000,20 +12234,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -8021,18 +12266,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8040,16 +12297,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -8060,16 +12330,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8078,18 +12360,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8097,18 +12391,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8116,22 +12422,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8139,23 +12456,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8164,21 +12491,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8186,18 +12523,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8205,18 +12554,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8226,16 +12587,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8243,18 +12616,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8262,18 +12647,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8281,17 +12678,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8299,18 +12709,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8318,17 +12740,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8337,19 +12772,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8357,21 +12804,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8379,21 +12836,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8401,46 +12870,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8449,23 +12936,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8473,23 +12970,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8499,23 +13004,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8524,22 +13041,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8547,21 +13075,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -8569,25 +13108,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8595,24 +13142,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8621,25 +13177,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.18/enterprise.json b/src/audit-logs/data/ghes-3.18/enterprise.json index 5aafa7eeb824..c6071acd7121 100644 --- a/src/audit-logs/data/ghes-3.18/enterprise.json +++ b/src/audit-logs/data/ghes-3.18/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,17 +413,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -299,19 +445,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -320,18 +478,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -339,18 +510,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -358,15 +541,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -376,22 +572,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -400,22 +605,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -423,20 +638,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -445,17 +670,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -466,21 +702,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -489,17 +735,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -510,17 +767,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -531,21 +799,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -554,20 +832,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -576,20 +866,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -597,17 +899,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -619,21 +932,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -642,18 +965,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -662,17 +998,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -682,19 +1031,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -703,21 +1065,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -725,21 +1099,33 @@ "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" }, @@ -748,18 +1134,30 @@ "description": "The policy for Code Security enablement was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -771,19 +1169,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -791,17 +1201,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -811,17 +1232,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -831,17 +1263,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -851,18 +1296,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -870,17 +1327,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -891,18 +1359,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "name" ] }, { @@ -910,15 +1391,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -928,17 +1422,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -949,18 +1454,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -968,20 +1486,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -989,20 +1518,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1010,20 +1550,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -1031,20 +1582,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1053,20 +1615,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1074,18 +1647,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1093,20 +1679,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1114,17 +1711,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1135,17 +1743,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1156,20 +1775,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1178,17 +1807,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1198,20 +1838,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1219,17 +1869,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1240,20 +1901,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1262,17 +1933,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1282,17 +1964,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1303,17 +1996,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1324,17 +2028,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1345,17 +2060,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1366,17 +2092,28 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1388,17 +2125,28 @@ "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1410,17 +2158,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1431,17 +2190,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1452,17 +2222,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1473,17 +2254,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1494,17 +2286,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -1515,17 +2318,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1536,17 +2350,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1557,20 +2382,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1578,26 +2415,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1605,24 +2452,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1630,26 +2487,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1657,20 +2524,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1681,17 +2559,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1702,20 +2593,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1724,40 +2627,65 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" - }, - { - "action": "business.set_default_workflow_permissions", - "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", - "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", - "fields": [ - "actor", - "actor_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1766,20 +2694,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1788,19 +2728,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1809,20 +2761,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -1830,18 +2794,31 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "updated_github_owned_allowed", "updated_verified_allowed", "updated_patterns", @@ -1856,20 +2833,33 @@ "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1878,19 +2868,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -1900,19 +2903,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -1921,20 +2937,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -1943,20 +2970,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -1967,17 +3005,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1985,224 +3035,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "commit_oid", - "ref", - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" + "user_agent", + "alert_number", + "alert_numbers" ], - "docs_reference_titles": "/search-github/github-code-search" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2212,25 +3406,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2241,22 +3444,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2268,22 +3482,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -2292,15 +3517,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -2311,17 +3551,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2331,27 +3584,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", "org", - "owner", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2359,19 +3621,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -2379,18 +3654,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2399,23 +3686,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2423,16 +3717,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2441,24 +3749,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2466,15 +3780,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2484,20 +3811,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2505,19 +3842,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2525,44 +3874,64 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" - ] - }, - { - "action": "copilot.swe_agent_repo_disabled", - "description": "Specific repositories were disabled from using Copilot coding agent.", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "org_id", - "owner_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_disabled", + "description": "Specific repositories were disabled from using Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2570,21 +3939,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2594,20 +3973,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2617,21 +4008,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2641,19 +4041,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2663,21 +4072,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2687,18 +4105,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2711,18 +4142,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2736,16 +4180,31 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "property_name", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", "value_type", "required", "default_value", @@ -2756,8 +4215,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2766,27 +4224,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2795,19 +4261,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2816,16 +4294,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -2837,19 +4328,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2858,19 +4360,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -2879,19 +4392,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2900,19 +4424,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -2921,21 +4456,31 @@ "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "access_level", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -2944,17 +4489,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2962,19 +4520,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2983,19 +4552,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3003,19 +4583,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3024,19 +4615,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3044,19 +4646,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3065,19 +4678,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3085,19 +4709,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3106,128 +4741,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" - }, - { - "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", - "fields": [ - "actor_id", - "action", + "team", + "created_at", + "number", + "title", + "operation_type" + ] + }, + { + "action": "discussion_post_reply.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3238,16 +4940,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3258,18 +4974,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3280,23 +5010,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -3305,19 +5043,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3326,38 +5078,68 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "owner_type", - "domain_name", - "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "Verifying or approving a domain for your enterprise" - }, - { - "action": "enterprise_domain.destroy", - "description": "A domain was removed from an enterprise.", - "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", - "fields": [ - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner_type", + "domain_name", + "owner", + "operation_type" + ], + "docs_reference_titles": "Verifying or approving a domain for your enterprise" + }, + { + "action": "enterprise_domain.destroy", + "description": "A domain was removed from an enterprise.", + "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3366,18 +5148,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3386,18 +5183,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -3406,20 +5215,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -3428,18 +5247,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3449,18 +5281,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3469,20 +5314,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3491,19 +5349,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3512,45 +5382,70 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" - }, - { - "action": "enterprise.runner_group_updated", - "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", - "fields": [ - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" + }, + { + "action": "enterprise.runner_group_updated", + "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3559,14 +5454,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3575,14 +5488,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3591,18 +5522,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3611,22 +5560,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3634,21 +5593,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3656,17 +5627,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3677,17 +5661,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3697,17 +5694,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3718,22 +5728,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3741,18 +5761,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3763,22 +5796,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3787,22 +5829,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3810,28 +5862,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3840,27 +5898,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -3869,25 +5935,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3896,26 +5970,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3924,21 +6005,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "environment_name", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -3947,22 +6040,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3971,25 +6074,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -3998,22 +6110,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4022,21 +6146,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -4047,27 +6181,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4075,19 +6215,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -4096,22 +6248,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4119,21 +6282,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -4141,26 +6314,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4168,15 +6347,29 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4184,15 +6377,9 @@ "url_path", "scim_group_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4201,30 +6388,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4233,18 +6428,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -4253,22 +6461,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -4276,25 +6494,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4302,20 +6528,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -4323,17 +6560,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4341,15 +6592,29 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4357,15 +6622,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4374,30 +6633,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4406,18 +6673,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4425,21 +6705,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4447,20 +6738,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4468,21 +6771,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4490,19 +6804,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4511,20 +6836,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4533,19 +6868,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4554,22 +6900,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4578,23 +6935,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4603,23 +6971,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4627,18 +7004,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4649,20 +7036,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4672,18 +7069,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -4691,18 +7100,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4710,25 +7131,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4736,25 +7167,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -4762,26 +7202,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -4790,25 +7239,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ - "actor", - "events", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -4816,26 +7274,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -4843,21 +7310,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -4866,19 +7344,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -4886,21 +7377,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -4909,19 +7411,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -4932,20 +7448,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -4955,24 +7483,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -4983,24 +7522,36 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ - "user", - "operation_type", - "user_agent", - "actor", - "repository_selection", - "repositories_removed", - "integration", - "user_id", - "created_at", - "_document_id", - "request_id", "@timestamp", - "name", + "_document_id", "action", + "actor", "actor_id", - "repositories_removed_names", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "repository_selection", + "repositories_removed", + "integration", + "created_at", + "name", + "repositories_removed_names", + "actor_is_bot", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" @@ -5010,21 +7561,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -5035,20 +7598,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -5058,20 +7633,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -5081,19 +7669,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -5102,20 +7704,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -5125,20 +7740,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -5147,20 +7775,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -5169,20 +7810,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -5190,19 +7843,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5211,19 +7877,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5232,17 +7911,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5255,21 +7947,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -5283,17 +7988,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5305,19 +8023,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5325,19 +8054,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5345,17 +8085,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5365,20 +8116,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -5387,37 +8147,59 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "ip_allow_list.enable_user_level_enforcement", - "description": "IP allow list user level enforcement was enabled.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable_user_level_enforcement", + "description": "IP allow list user level enforcement was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5427,24 +8209,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -5452,24 +8242,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -5477,19 +8275,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5497,18 +8308,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5516,21 +8339,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5538,21 +8374,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5560,22 +8409,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5583,19 +8445,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -5606,21 +8481,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -5628,22 +8518,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -5651,21 +8556,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -5674,21 +8594,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -5697,22 +8632,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -5720,22 +8668,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5743,19 +8704,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5763,21 +8736,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5787,16 +8769,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "_document_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type" ] @@ -5806,18 +8801,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5827,14 +8835,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -5842,19 +8866,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5862,18 +8897,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5881,23 +8928,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -5905,20 +8960,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -5929,19 +8994,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -5951,19 +9027,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -5972,16 +9059,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -5991,18 +9090,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -6010,20 +9121,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6032,20 +9155,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6054,20 +9189,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6076,20 +9223,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6098,19 +9257,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6119,20 +9291,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6141,20 +9325,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6164,18 +9360,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -6183,20 +9392,33 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", - "request_id", - "user", - "action" - ], + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" + ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, { @@ -6204,15 +9426,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6221,24 +9460,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6248,20 +9494,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -6272,20 +9529,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6295,17 +9563,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6316,20 +9595,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -6338,21 +9627,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -6361,24 +9660,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6386,42 +9695,62 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", - "org", - "team", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "programmatic_access_type" - ] + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] }, { "action": "org.advanced_security_disabled_for_new_repos", "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6429,22 +9758,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6452,20 +9789,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6473,22 +9820,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6496,21 +9851,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6520,19 +9885,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6541,19 +9917,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6563,16 +9950,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6581,16 +9981,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6599,18 +10012,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -6619,19 +10045,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -6641,22 +10078,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -6664,19 +10112,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6684,23 +10143,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6708,21 +10175,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6730,23 +10207,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6754,23 +10239,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6778,62 +10271,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -6843,17 +10367,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6862,17 +10399,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6882,16 +10432,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6900,17 +10463,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6919,17 +10495,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -6938,22 +10527,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -6962,17 +10559,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6983,18 +10591,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -7003,39 +10623,61 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" - ] + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] }, { "action": "org.disable_member_team_creation_permission", "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -7044,19 +10686,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7065,14 +10718,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -7081,17 +10751,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7099,19 +10782,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7119,19 +10813,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -7139,19 +10844,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -7160,19 +10876,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7181,19 +10908,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -7202,36 +10942,62 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "created_at", - "request_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" + }, { "action": "org.integration_manager_added", "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -7240,18 +11006,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7259,23 +11038,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -7284,17 +11072,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7304,19 +11103,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7324,19 +11134,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7345,16 +11166,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -7362,17 +11196,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7380,19 +11227,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -7401,18 +11260,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -7422,21 +11292,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7444,21 +11323,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7466,21 +11354,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -7488,18 +11386,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -7508,19 +11418,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -7528,20 +11450,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -7550,21 +11482,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7574,21 +11518,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7597,23 +11551,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", - "runner_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "runner_id", + "operation_type", + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7622,23 +11586,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7647,19 +11619,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7668,25 +11653,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7695,21 +11691,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7719,21 +11724,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7743,20 +11757,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7765,22 +11789,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7789,21 +11821,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7812,21 +11853,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7835,22 +11885,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7859,21 +11917,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7882,21 +11949,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7906,21 +11982,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7930,19 +12015,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7952,21 +12048,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7976,21 +12081,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8000,19 +12114,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8022,22 +12147,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8046,22 +12179,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8070,22 +12211,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8094,21 +12243,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8117,21 +12275,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8140,22 +12307,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8164,22 +12339,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8188,26 +12371,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -8216,26 +12408,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8243,28 +12443,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8272,26 +12480,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8299,15 +12515,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8316,15 +12549,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8333,7 +12583,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -8348,20 +12619,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -8370,16 +12652,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -8390,18 +12685,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -8410,17 +12718,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8428,18 +12749,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8448,18 +12781,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8468,42 +12814,64 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ - "actor", - "actor_id", - "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" - }, - { - "action": "org.sso_response", - "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "N/A", - "fields": [ + "_document_id", "action", - "user_agent", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "org.sso_response", + "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8511,19 +12879,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -8532,19 +12912,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -8553,23 +12946,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8578,20 +12982,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8600,20 +13016,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8621,17 +13048,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8641,20 +13081,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8663,38 +13114,63 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "request_id", - "action" - ] + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" + ] }, { "action": "org.update_terms_of_service", "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8703,20 +13179,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8725,16 +13214,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8743,14 +13247,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8761,16 +13280,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8779,20 +13313,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8802,23 +13347,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8827,21 +13383,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8852,21 +13419,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8875,20 +13455,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", - "owner_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8897,17 +13491,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8918,20 +13527,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8940,19 +13563,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8960,19 +13595,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8980,18 +13627,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8999,16 +13658,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9016,18 +13689,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -9035,18 +13720,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9057,22 +13755,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9080,22 +13787,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9103,18 +13819,28 @@ "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9125,18 +13851,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9147,18 +13886,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9169,18 +13918,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9191,18 +13950,28 @@ "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9213,17 +13982,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9233,19 +14015,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9253,12 +14047,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -9269,20 +14080,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9290,23 +14113,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9314,21 +14148,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9336,17 +14181,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9357,18 +14215,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9380,17 +14251,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9402,17 +14286,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9423,15 +14320,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9441,17 +14353,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9461,15 +14384,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9479,17 +14417,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9499,17 +14448,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9519,17 +14479,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9539,17 +14510,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9559,17 +14541,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9579,17 +14574,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9597,20 +14605,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9620,25 +14639,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9646,20 +14677,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9667,25 +14710,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9693,17 +14748,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9711,17 +14779,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9729,18 +14810,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9749,18 +14842,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9769,19 +14874,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9789,17 +14905,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9811,22 +14940,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9834,19 +14972,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9854,17 +15003,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9872,18 +15034,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9891,20 +15066,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9912,18 +15097,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9932,18 +15129,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9952,16 +15161,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9973,21 +15195,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9995,22 +15229,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -10019,29 +15263,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10049,24 +15298,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10077,21 +15334,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10102,22 +15369,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", - "actor_id", - "repo_id", - "operation_type", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", + "operation_type", + "name" ] }, { @@ -10125,24 +15402,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -10150,30 +15437,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10183,28 +15477,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10215,23 +15517,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10239,22 +15550,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10262,23 +15583,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -10286,24 +15616,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10312,22 +15651,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", - "repo", - "request_id", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", + "name", + "created_at" ] }, { @@ -10335,24 +15684,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10361,27 +15719,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10390,18 +15755,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10412,24 +15790,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10437,25 +15824,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10463,22 +15857,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10486,22 +15890,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10510,22 +15925,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10533,25 +15958,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10559,22 +15991,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10582,22 +16024,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10605,23 +16057,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10630,24 +16093,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10656,20 +16130,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10678,21 +16166,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10702,22 +16203,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10726,25 +16239,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", - "actor", - "key", - "fingerprint", "@timestamp", - "request_id", - "actor_id", - "oauth_application_id", - "title", + "_document_id", "action", - "user_agent", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "read_only", - "operation_type", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "programmatic_access_type" + "user_agent", + "key", + "fingerprint", + "oauth_application_id", + "title", + "created_at", + "read_only", + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10753,23 +16276,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10778,18 +16312,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10799,21 +16347,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10822,19 +16381,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10845,23 +16417,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10871,17 +16455,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10889,19 +16487,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10909,19 +16520,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10931,50 +16555,68 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "pull_request_url", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" - ], - "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" - }, - { - "action": "pull_request.rebase", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" + }, + { + "action": "pull_request.rebase", "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10982,23 +16624,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -11007,18 +16661,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11026,19 +16694,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11048,20 +16728,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11069,18 +16760,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -11088,21 +16792,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11110,20 +16826,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11132,19 +16861,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "pull_request_id", - "review_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "pull_request_url", - "programmatic_access_type", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11154,22 +16897,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11178,21 +16931,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11201,25 +16963,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11228,23 +16997,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11253,24 +17030,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11279,23 +17063,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11305,22 +17097,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11329,19 +17130,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11350,24 +17164,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11376,24 +17200,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11401,24 +17233,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11426,24 +17266,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11451,24 +17299,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11476,23 +17332,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11503,17 +17368,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11523,17 +17400,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11543,103 +17432,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11647,17 +17570,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11666,15 +17602,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11685,16 +17634,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11704,17 +17666,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11724,19 +17699,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11745,17 +17731,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11764,26 +17763,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11792,30 +17797,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11825,20 +17835,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11847,25 +17868,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11874,23 +17903,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11898,25 +17938,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11926,17 +17975,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -11945,23 +18007,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11971,20 +18042,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "visibility", - "repo_id", - "created_at", - "actor", - "action", - "@timestamp", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -11992,20 +18074,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "user", - "operation_type", - "actor", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -12014,19 +18107,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12034,20 +18138,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -12055,23 +18170,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12079,21 +18204,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12101,21 +18236,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12123,22 +18268,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12146,21 +18300,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12168,20 +18332,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12189,22 +18364,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -12212,18 +18396,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12231,22 +18429,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12254,21 +18462,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12276,18 +18494,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12296,22 +18526,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12320,24 +18559,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12346,23 +18593,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12370,26 +18627,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12398,21 +18660,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12421,25 +18692,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12447,22 +18724,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12471,20 +18758,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12492,19 +18790,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12512,17 +18821,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12531,17 +18855,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12550,7 +18889,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12565,23 +18925,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12591,20 +18960,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12615,21 +18995,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12638,22 +19029,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12662,21 +19063,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12685,22 +19097,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12711,16 +19133,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12729,22 +19162,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -12754,22 +19196,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12778,23 +19231,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12804,41 +19267,61 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" - ] - }, - { - "action": "repo.unarchived", - "description": "A repository was unarchived.", - "docs_reference_links": "/repositories/archiving-a-github-repository", - "fields": [ - "actor", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "repo", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12847,24 +19330,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12872,25 +19364,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12899,24 +19398,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12925,25 +19434,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12952,22 +19469,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12976,26 +19502,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -13003,31 +19537,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13036,24 +19577,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13062,24 +19609,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13088,25 +19641,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13115,25 +19674,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13142,21 +19707,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13164,21 +19739,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13186,21 +19771,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13208,20 +19804,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13229,41 +19837,65 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" + ] + }, { "action": "repository_invitation.reject", "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13271,31 +19903,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13304,19 +19944,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13324,8 +19975,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13334,23 +19984,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13375,26 +20034,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13403,26 +20068,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13431,23 +20102,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13457,23 +20135,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13483,24 +20168,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13510,24 +20202,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13536,24 +20235,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13563,23 +20269,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13589,23 +20302,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13614,22 +20335,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13637,24 +20366,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13663,24 +20400,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13689,19 +20434,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13710,50 +20467,66 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", - "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "About push protection" - }, + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, { "action": "repository_secret_scanning_push_protection_bypass_list.enable", "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13762,19 +20535,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13783,26 +20568,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13811,26 +20601,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13839,28 +20634,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13868,27 +20671,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13896,28 +20707,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13925,28 +20744,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13954,29 +20781,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -13985,29 +20820,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14016,44 +20859,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14064,21 +20929,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14087,26 +20964,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14114,21 +20999,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14136,21 +21032,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14159,20 +21069,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14181,24 +21101,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14206,26 +21133,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14233,23 +21166,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14257,23 +21197,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14282,18 +21229,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14302,19 +21262,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14323,43 +21295,67 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -14368,28 +21364,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", - "repo", - "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", + "public_repo", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -14397,25 +21402,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14423,14 +21435,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -14440,26 +21466,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14468,19 +21505,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14489,20 +21537,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14511,19 +21569,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14532,14 +21601,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14557,25 +21640,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14584,25 +21675,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", - "repository", - "repository_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -14612,49 +21711,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -14668,10 +21788,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14686,15 +21824,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14703,7 +21834,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14711,22 +21843,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14735,22 +21878,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14759,10 +21913,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14777,15 +21949,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14793,7 +21958,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14801,15 +21967,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14819,10 +22000,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -14837,15 +22036,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -14854,7 +22046,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -14862,37 +22055,61 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" - ] - }, - { - "action": "security_key.remove", - "description": "A security key was removed from an account.", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "security_key.remove", + "description": "A security key was removed from an account.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14900,16 +22117,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14919,18 +22149,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -14939,16 +22182,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -14959,15 +22215,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -14977,15 +22246,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -14994,17 +22278,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15013,17 +22310,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15032,16 +22343,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -15051,15 +22375,30 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", - "actor", - "actor_id", - "action", - "user", - "operation_type", "@timestamp", "_document_id", - "created_at" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" }, @@ -15068,17 +22407,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15087,17 +22439,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15106,18 +22471,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15126,15 +22504,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -15144,16 +22536,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15161,15 +22566,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15180,16 +22598,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -15199,17 +22630,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -15218,17 +22662,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15239,17 +22696,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15260,18 +22730,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15281,16 +22762,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15300,17 +22794,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15319,16 +22826,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15340,17 +22860,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15359,19 +22892,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15380,21 +22926,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15403,19 +22958,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15424,20 +22990,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15445,18 +23025,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -15464,16 +23059,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15481,23 +23091,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15505,23 +23125,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15529,23 +23159,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15553,23 +23193,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15577,15 +23227,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15594,15 +23259,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15611,15 +23291,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15628,15 +23323,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15645,15 +23355,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15661,15 +23386,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -15678,21 +23418,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -15702,22 +23452,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -15726,20 +23485,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -15748,18 +23518,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -15769,21 +23552,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -15792,21 +23586,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -15815,80 +23619,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "team", - "org_id", - "actor_id", - "actor", - "action", "@timestamp", - "user_agent", - "request_id", - "operation_type", "_document_id", - "programmatic_access_type", - "team_type" - ] - }, + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type", + "team_type" + ] + }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -15897,22 +23745,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -15921,22 +23778,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -15946,21 +23812,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -15968,21 +23844,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -15991,17 +23878,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16010,20 +23910,31 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", - "actor_id", - "org", - "request_id", + "_document_id", "action", - "_document_id" - ], + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, { @@ -16031,28 +23942,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -16060,17 +23980,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16078,17 +24011,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16096,14 +24042,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -16112,15 +24073,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -16128,13 +24104,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16142,17 +24135,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -16160,17 +24166,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -16178,16 +24197,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16195,15 +24228,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16211,18 +24259,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -16231,18 +24291,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -16251,18 +24323,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -16271,15 +24355,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16287,16 +24386,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -16305,18 +24417,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -16325,15 +24449,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -16342,16 +24481,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -16359,19 +24511,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -16380,18 +24544,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -16399,15 +24575,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -16417,20 +24606,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -16438,18 +24638,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16457,18 +24669,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -16477,17 +24701,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -16496,16 +24733,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16513,16 +24764,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16530,16 +24795,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16547,41 +24826,65 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", - "actor", - "actor_id", "action", - "programmatic_access_type" - ] - }, - { - "action": "user.create_integration_secret", - "description": "A user secret for Codespaces was created.", - "docs_reference_links": "N/A", - "fields": [ "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "visibility", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", + "user_agent", + "email", + "operation_type", + "created_at" + ] + }, + { + "action": "user.create_integration_secret", + "description": "A user secret for Codespaces was created.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16589,20 +24892,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -16610,18 +24924,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16630,19 +24956,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -16650,18 +24987,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16669,18 +25018,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16688,18 +25049,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -16708,17 +25081,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16726,17 +25111,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16744,17 +25142,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16762,17 +25173,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16780,21 +25204,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16802,21 +25236,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -16825,17 +25269,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16843,17 +25300,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16861,17 +25331,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16879,18 +25362,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -16898,16 +25393,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -16916,17 +25424,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -16935,36 +25457,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", - "operation_type", - "request_id" - ] + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] }, { "action": "user.hide_private_contributions_count", "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -16973,19 +25520,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -16993,18 +25552,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17012,19 +25583,30 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", - "user", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17032,18 +25614,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17051,14 +25645,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17066,21 +25676,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17088,16 +25708,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -17106,20 +25739,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -17127,20 +25771,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17148,17 +25804,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17166,20 +25835,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -17187,17 +25867,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -17206,18 +25898,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -17226,18 +25930,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17245,16 +25961,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -17265,16 +25994,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -17283,18 +26024,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -17302,18 +26055,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17321,18 +26086,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17340,22 +26117,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -17363,23 +26151,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -17388,21 +26186,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -17410,18 +26218,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17429,18 +26249,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17450,16 +26282,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -17467,18 +26311,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17486,18 +26342,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -17505,17 +26373,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17523,18 +26404,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", - "actor", - "user_id", - "action", - "created_at", - "user", - "operation_type", "@timestamp", - "request_id", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17542,17 +26435,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -17561,19 +26467,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -17582,15 +26500,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -17599,21 +26530,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -17621,21 +26562,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17643,18 +26596,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17662,16 +26627,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17681,16 +26660,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17700,18 +26693,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17721,21 +26727,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17743,21 +26761,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17765,21 +26794,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17787,16 +26827,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17806,27 +26860,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17835,23 +26895,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17859,10 +26929,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17873,20 +26961,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17895,23 +26972,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17921,10 +27006,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17936,19 +27039,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17959,10 +27052,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17971,21 +27082,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17995,23 +27095,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -18020,22 +27132,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -18043,21 +27166,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -18065,25 +27199,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -18091,23 +27233,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -18121,24 +27276,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -18147,10 +27311,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -18160,21 +27342,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -18184,25 +27356,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.18/organization.json b/src/audit-logs/data/ghes-3.18/organization.json index d6e73a065cf3..3d8cd114ddae 100644 --- a/src/audit-logs/data/ghes-3.18/organization.json +++ b/src/audit-logs/data/ghes-3.18/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,39 +301,62 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.change_billing_type", "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -244,19 +365,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -265,18 +398,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -284,18 +430,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -303,20 +461,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -325,20 +494,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -349,17 +529,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -367,207 +559,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_numbers", - "commit_oid", - "ref", - "request_id", - "org_id", - "org", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "business" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_numbers", + "commit_oid", + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -577,28 +930,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -606,17 +965,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -627,25 +999,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -656,22 +1037,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -683,22 +1075,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -707,15 +1110,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -726,15 +1144,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -744,20 +1175,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -765,19 +1206,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -785,17 +1237,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -805,27 +1270,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "org", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -833,19 +1307,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -853,18 +1340,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -873,20 +1372,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -894,21 +1403,30 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -916,21 +1434,33 @@ "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -938,13 +1468,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -954,23 +1499,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -978,16 +1530,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -996,40 +1562,59 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_assignment_reused", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1039,20 +1624,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1060,19 +1655,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1080,21 +1687,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1102,21 +1718,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_value", "new_value", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1124,21 +1752,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1146,14 +1785,28 @@ "description": "Copilot custom instructions were created for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1164,14 +1817,28 @@ "description": "Copilot custom instructions were updated for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1179,92 +1846,129 @@ }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1276,20 +1980,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1300,22 +2015,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1323,21 +2049,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1347,20 +2083,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1370,67 +2118,94 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "custom_hosted_runner.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] }, { - "action": "custom_hosted_runner.update", + "action": "custom_hosted_runner.destroy", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1440,18 +2215,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1464,18 +2252,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1489,14 +2290,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -1509,8 +2325,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1519,27 +2334,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1548,19 +2371,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1569,16 +2404,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1590,19 +2438,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1611,40 +2470,62 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" - }, - { - "action": "dependabot_alerts_new_repos.disable", - "description": "Dependabot alerts were disabled for all new repositories.", - "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1653,19 +2534,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1674,21 +2566,31 @@ "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "access_level", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -1697,17 +2599,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1715,19 +2630,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1736,19 +2662,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1756,19 +2693,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1777,19 +2725,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1797,40 +2756,62 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" - }, - { - "action": "dependency_graph.enable", - "description": "The dependency graph was enabled for all existing repositories.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1838,19 +2819,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1859,20 +2851,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1880,21 +2882,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1902,20 +2913,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -1923,130 +2944,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2057,16 +3144,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2077,18 +3178,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2099,17 +3214,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2118,17 +3246,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2137,22 +3278,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2161,22 +3311,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2184,28 +3344,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2214,27 +3380,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2243,25 +3417,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2270,26 +3452,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2298,21 +3487,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2321,22 +3522,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2345,25 +3556,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2372,22 +3592,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2396,21 +3628,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2421,19 +3663,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2442,20 +3695,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2464,19 +3727,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2485,23 +3759,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2509,18 +3792,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2531,20 +3824,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2554,25 +3857,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2580,25 +3893,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", + "operation_type", + "name", "hook_id", - "repo", - "repo_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2606,26 +3928,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2634,25 +3965,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2660,26 +4000,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2687,21 +4036,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2710,19 +4070,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2730,21 +4103,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2753,19 +4137,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2776,20 +4174,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2799,24 +4209,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2827,23 +4248,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2854,21 +4287,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2879,20 +4324,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -2902,20 +4359,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2925,19 +4395,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2946,20 +4430,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2969,20 +4466,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2991,20 +4501,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -3013,20 +4536,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -3034,19 +4569,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3055,19 +4603,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3076,17 +4637,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3099,21 +4673,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -3127,17 +4714,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3149,19 +4749,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3169,19 +4780,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3189,20 +4811,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -3211,19 +4842,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "created_at", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3231,24 +4873,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -3256,24 +4906,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -3281,19 +4939,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -3301,45 +4972,130 @@ "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { - "action": "issue_comment.update", - "description": "A comment on an issue (other than the initial one) changed.", + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", + "@timestamp", + "_document_id", "action", - "repo_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.update", + "description": "A comment on an issue (other than the initial one) changed.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3347,21 +5103,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3370,23 +5136,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", "created_at", - "action", - "actor", "operation_type", "owner_type", - "@timestamp", - "repo_id", - "request_id", "number", - "repo", - "event", - "user", - "user_id", - "request_access_security_header" + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3395,22 +5171,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3419,20 +5205,32 @@ "description": "An issue type was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3443,20 +5241,32 @@ "description": "An issue type was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3467,11 +5277,28 @@ "description": "An issue type was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", @@ -3480,11 +5307,6 @@ "old_description", "old_color", "old_enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3495,24 +5317,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3521,19 +5352,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3542,18 +5384,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3563,19 +5416,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3584,18 +5448,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3603,21 +5479,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3625,21 +5514,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3647,22 +5549,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3670,19 +5585,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3692,22 +5620,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3715,22 +5656,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3738,20 +5692,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3760,20 +5724,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3782,21 +5756,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3805,22 +5788,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3829,21 +5820,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3852,22 +5852,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3876,19 +5884,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3897,18 +5916,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3918,21 +5948,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3943,16 +5982,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -3961,21 +6011,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -3984,19 +6043,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4005,19 +6075,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4025,21 +6107,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4049,16 +6140,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4068,18 +6172,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4089,14 +6206,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -4104,19 +6237,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4124,18 +6268,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4143,23 +6299,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -4167,16 +6331,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4184,24 +6362,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "org_id", - "request_id", - "oauth_application_id", - "repo_id", - "operation_type", "@timestamp", - "user_agent", - "created_at", - "org", - "action", "_document_id", - "repo", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "actor_is_bot" ] }, { @@ -4209,22 +6395,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4233,15 +6434,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", @@ -4254,21 +6468,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4277,20 +6506,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4299,20 +6540,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4321,20 +6574,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4343,20 +6608,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4365,19 +6642,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4386,42 +6676,66 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, { "action": "oauth_application.revoke_tokens", "description": "Token(s) for an OAuth application were revoked.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", - "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4430,19 +6744,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4451,17 +6778,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4472,20 +6810,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4494,19 +6842,29 @@ "description": "An organization prevented access to resources by users with the given two-factor method.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -4517,21 +6875,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4540,24 +6908,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4565,21 +6943,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4587,20 +6975,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4608,22 +7006,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4631,20 +7037,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4652,22 +7068,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4675,21 +7099,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4699,19 +7133,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4720,19 +7165,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4742,53 +7198,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4798,17 +7293,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -4817,21 +7325,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -4840,16 +7359,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4858,18 +7390,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -4878,19 +7423,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -4900,22 +7456,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -4923,19 +7490,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4943,16 +7521,28 @@ "description": "Cleared two-factor authentication restrictions for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4963,23 +7553,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4987,21 +7585,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5009,23 +7617,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "actor_is_bot" ] }, { @@ -5033,23 +7649,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5057,66 +7681,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -5125,21 +7778,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -5148,16 +7811,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5167,16 +7843,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5186,19 +7875,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5207,17 +7907,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5226,21 +7939,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5248,21 +7970,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5270,16 +8001,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -5289,17 +8033,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5308,17 +8065,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5328,16 +8098,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5346,17 +8129,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5365,17 +8161,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5384,22 +8193,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5408,17 +8225,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5429,15 +8257,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5448,18 +8289,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5468,20 +8321,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5490,20 +8354,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5512,21 +8388,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5534,21 +8422,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5564,24 +8461,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5595,21 +8500,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5624,18 +8540,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5643,20 +8571,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5665,16 +8603,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5684,19 +8635,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5705,14 +8667,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5721,21 +8700,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5744,17 +8732,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5762,19 +8763,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5782,19 +8794,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -5802,19 +8825,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5823,17 +8857,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -5842,19 +8889,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5863,19 +8921,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -5884,21 +8955,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -5907,17 +8987,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -5926,17 +9019,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -5945,18 +9051,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5964,23 +9083,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -5989,17 +9117,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6009,19 +9148,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6029,19 +9179,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6049,19 +9210,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -6071,20 +9244,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6093,18 +9277,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -6114,19 +9311,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -6135,20 +9344,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6158,16 +9378,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6175,20 +9408,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6197,20 +9441,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6219,19 +9473,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6240,19 +9505,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6261,19 +9537,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6282,19 +9569,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6303,19 +9601,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6324,20 +9634,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6346,21 +9667,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6369,18 +9700,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6390,19 +9732,29 @@ "description": "Removed a two-factor authentication method restriction for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -6413,22 +9765,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6436,21 +9798,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6458,21 +9829,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "programmatic_access_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6480,21 +9860,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6502,18 +9892,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6522,19 +9924,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6542,14 +9956,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6560,14 +9988,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6578,14 +10020,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6596,20 +10052,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6618,18 +10084,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6639,19 +10116,30 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ - "actor_id", - "created_at", - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" }, @@ -6660,21 +10148,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6684,21 +10184,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6707,20 +10217,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6729,23 +10250,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -6754,23 +10285,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6779,19 +10318,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -6800,25 +10352,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6827,21 +10390,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -6850,21 +10424,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6874,21 +10457,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -6898,20 +10490,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6920,22 +10522,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6944,21 +10554,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6967,21 +10586,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -6990,22 +10618,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7014,21 +10650,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7037,22 +10682,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7060,22 +10713,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7083,21 +10744,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7107,21 +10777,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7131,19 +10810,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7153,21 +10843,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7177,21 +10876,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7201,19 +10909,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7223,22 +10942,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7247,22 +10974,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7271,22 +11006,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7295,21 +11038,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7318,21 +11070,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7341,22 +11102,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7365,22 +11134,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7389,26 +11166,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7417,26 +11203,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7444,28 +11238,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7473,26 +11275,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7500,15 +11310,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7517,15 +11344,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7534,7 +11378,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7549,20 +11414,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7571,16 +11447,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7591,18 +11480,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7611,17 +11513,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7629,18 +11544,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -7649,18 +11576,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -7669,18 +11609,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -7689,22 +11641,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7712,21 +11674,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -7735,19 +11708,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7758,15 +11742,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "user_agent", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7776,19 +11773,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -7797,20 +11807,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -7819,23 +11841,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -7844,20 +11877,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -7866,20 +11911,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -7887,22 +11944,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7911,20 +11979,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -7932,17 +12011,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -7952,20 +12044,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -7974,17 +12077,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -7993,17 +12109,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8014,19 +12143,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8034,18 +12176,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8054,18 +12208,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -8074,17 +12240,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -8093,17 +12272,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -8112,20 +12304,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8134,16 +12339,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8152,14 +12372,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8170,16 +12405,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8188,16 +12438,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8207,17 +12470,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8227,16 +12501,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8246,20 +12533,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8267,19 +12564,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8288,19 +12596,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8309,18 +12628,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -8330,50 +12660,67 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, { "action": "organization_role.create", - "description": "A custom organization role was created in an organization.", - "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", - "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "description": "A custom organization role was created in an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8385,25 +12732,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8414,19 +12768,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8437,26 +12802,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8469,22 +12841,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8492,20 +12875,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8515,23 +12909,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8540,21 +12945,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -8565,21 +12981,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8588,20 +13017,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8610,17 +13053,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8631,20 +13089,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -8653,18 +13125,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8672,16 +13156,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8689,18 +13187,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8708,18 +13218,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8730,22 +13253,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8753,22 +13285,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8776,18 +13317,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8798,18 +13352,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8820,18 +13384,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8842,23 +13416,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8866,21 +13451,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8888,17 +13484,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8909,18 +13518,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8932,17 +13554,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -8954,20 +13589,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -8979,20 +13623,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9004,20 +13657,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9029,20 +13691,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "branch", - "repository", - "repository_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9054,15 +13725,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9072,17 +13758,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9092,15 +13789,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9110,19 +13822,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9130,23 +13853,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9154,23 +13884,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9178,17 +13915,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9198,17 +13946,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9218,17 +13977,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9238,17 +14008,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9258,17 +14039,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9278,17 +14072,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9296,25 +14103,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9322,20 +14140,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9345,25 +14174,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9371,20 +14212,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9392,25 +14245,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9418,17 +14283,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9436,17 +14314,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", - "actor_id", - "operation_type", - "actor", - "user_id", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9454,18 +14345,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9474,18 +14377,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9494,19 +14409,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9514,17 +14440,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9536,22 +14475,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9559,19 +14507,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -9579,17 +14538,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9597,18 +14569,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -9616,20 +14601,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9637,18 +14632,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9657,18 +14664,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -9677,16 +14696,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -9698,21 +14730,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -9720,22 +14764,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -9744,29 +14798,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -9774,24 +14833,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9802,21 +14869,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -9827,22 +14904,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -9850,24 +14937,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -9875,30 +14972,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -9908,28 +15012,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -9940,23 +15052,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -9964,22 +15085,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -9987,23 +15118,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -10011,24 +15151,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10037,22 +15186,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10060,24 +15219,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10086,27 +15254,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10115,18 +15290,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10137,24 +15325,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10162,25 +15359,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10188,22 +15392,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10211,22 +15425,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10235,22 +15460,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10258,25 +15493,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10284,22 +15526,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -10307,22 +15559,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10330,23 +15592,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10355,24 +15628,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10381,20 +15665,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10403,21 +15701,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10427,22 +15738,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10451,25 +15774,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10478,23 +15811,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "action", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10503,18 +15847,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10524,21 +15882,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10547,19 +15916,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -10570,23 +15952,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10596,17 +15990,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -10614,19 +16022,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10634,19 +16055,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -10656,21 +16090,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -10679,27 +16124,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10707,23 +16159,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -10732,18 +16196,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -10751,19 +16229,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -10773,20 +16263,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -10794,18 +16295,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -10813,21 +16327,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -10835,20 +16361,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -10857,19 +16396,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -10879,22 +16432,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -10903,21 +16466,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -10926,25 +16498,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -10953,23 +16532,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -10978,24 +16565,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11004,23 +16598,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11030,22 +16632,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11054,19 +16665,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11075,24 +16699,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11101,24 +16735,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "actor_is_bot" ] }, { @@ -11126,24 +16768,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11151,24 +16801,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11176,24 +16834,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11201,23 +16867,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11228,17 +16903,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11248,17 +16935,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11268,102 +16967,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11372,19 +17105,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11392,17 +17136,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11411,15 +17168,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11430,16 +17200,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11449,17 +17232,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11469,19 +17265,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11490,17 +17297,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11509,26 +17329,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11537,30 +17363,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "visibility", - "repo_id", - "user", - "request_id", - "actor_id", - "action", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -11570,20 +17401,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11592,25 +17434,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11619,23 +17469,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11643,25 +17504,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -11671,23 +17541,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -11697,23 +17576,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -11721,21 +17610,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -11743,21 +17642,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -11765,22 +17674,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -11788,21 +17706,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -11810,20 +17738,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11831,22 +17770,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -11854,18 +17802,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11873,22 +17835,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11896,21 +17868,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -11918,18 +17900,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -11938,22 +17932,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -11962,24 +17965,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -11988,23 +17999,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12012,26 +18033,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12040,21 +18066,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12063,25 +18098,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12089,22 +18130,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12113,25 +18164,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -12141,19 +18201,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12161,17 +18232,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12180,17 +18266,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12199,7 +18300,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12214,23 +18336,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12240,20 +18371,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12264,21 +18406,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12287,22 +18440,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12311,21 +18474,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12334,22 +18508,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12360,16 +18544,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12379,22 +18574,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12403,23 +18609,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12429,19 +18645,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12449,21 +18675,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -12472,24 +18708,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12497,25 +18742,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12524,24 +18776,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12550,25 +18812,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12577,22 +18847,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12601,26 +18880,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12628,31 +18915,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -12661,42 +18955,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -12705,17 +19018,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -12724,21 +19050,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -12746,18 +19081,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12765,21 +19112,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -12787,17 +19143,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -12806,21 +19175,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "repo_id", - "org_id", - "business", - "actor", - "user_agent", - "created_at", + "@timestamp", "_document_id", - "business_id", - "repo", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -12828,24 +19206,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12854,24 +19238,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -12880,25 +19270,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12907,25 +19303,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12934,19 +19336,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12955,21 +19368,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -12978,23 +19400,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13003,24 +19432,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13029,21 +19465,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13051,21 +19497,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13073,21 +19529,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13095,20 +19562,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13116,21 +19595,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13138,19 +19628,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13158,17 +19661,31 @@ "description": "An organization has reached their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13179,17 +19696,31 @@ "description": "An organization is approaching their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13200,19 +19731,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -13221,20 +19763,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -13243,20 +19795,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -13264,31 +19825,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13297,19 +19866,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13317,8 +19897,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13327,23 +19906,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13368,26 +19956,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13396,26 +19990,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13424,23 +20024,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13450,23 +20057,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13476,24 +20090,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13503,24 +20124,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -13529,24 +20157,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13556,23 +20191,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13582,23 +20224,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -13607,22 +20257,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13630,24 +20288,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13655,22 +20321,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13679,24 +20354,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13705,24 +20388,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -13731,19 +20422,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13752,24 +20455,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13778,24 +20489,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -13804,19 +20523,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -13825,26 +20556,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13853,26 +20589,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -13881,28 +20622,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13910,27 +20659,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13938,28 +20695,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13967,28 +20732,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -13996,20 +20769,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -14018,20 +20801,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14039,19 +20832,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14059,29 +20863,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14090,29 +20902,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14121,44 +20941,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14169,21 +21011,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14192,26 +21046,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14219,21 +21081,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14241,21 +21114,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14264,20 +21151,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14286,24 +21183,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14311,26 +21215,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14338,23 +21248,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14362,23 +21279,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "repo", - "org", - "org_id", - "actor_id", - "_document_id", "user_id", + "user_agent", + "created_at", "operation_type", - "request_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -14387,24 +21311,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14413,21 +21344,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14436,18 +21377,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14456,19 +21410,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14477,22 +21443,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -14503,23 +21480,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -14528,23 +21516,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -14555,35 +21554,63 @@ "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -14591,29 +21618,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -14622,14 +21659,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -14637,35 +21688,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -14673,25 +21733,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14699,14 +21766,28 @@ "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -14716,33 +21797,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14751,25 +21840,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -14779,27 +21876,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -14809,26 +21914,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14837,19 +21950,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14858,19 +21982,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14879,20 +22014,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -14901,19 +22046,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -14922,14 +22078,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -14947,25 +22117,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14974,79 +22152,103 @@ "description": "A user canceled a request to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.complete", "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.deny", "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -15056,49 +22258,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -15112,10 +22335,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15130,15 +22371,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15147,7 +22381,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15155,22 +22390,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15179,22 +22425,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15203,10 +22460,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15221,15 +22496,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15237,7 +22505,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15245,15 +22514,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15263,10 +22547,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15281,15 +22583,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15298,7 +22593,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15306,16 +22602,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15325,18 +22634,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15345,16 +22667,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15364,15 +22699,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -15384,15 +22732,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -15402,15 +22763,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -15419,17 +22795,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15438,17 +22827,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15457,16 +22860,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -15476,14 +22892,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -15493,17 +22924,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15512,17 +22956,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15531,18 +22988,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15551,15 +23021,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -15569,16 +23053,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -15586,15 +23083,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15605,16 +23115,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -15624,17 +23147,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15645,17 +23181,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -15666,18 +23215,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15687,16 +23247,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15706,16 +23279,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15727,17 +23313,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15746,19 +23345,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15767,21 +23379,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -15790,36 +23411,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -15830,20 +23475,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15851,18 +23510,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -15870,16 +23544,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15887,23 +23576,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15911,23 +23610,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15935,23 +23644,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15959,23 +23678,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -15983,21 +23712,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -16007,22 +23746,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -16031,20 +23779,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -16053,18 +23812,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -16074,21 +23846,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -16097,21 +23880,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "user_agent", + "team", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -16120,80 +23913,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -16202,19 +24039,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -16222,19 +24071,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -16242,22 +24103,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -16265,22 +24135,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -16289,22 +24168,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16312,23 +24200,33 @@ { "action": "team.remove_repository", "description": "A repository was removed from a team's control.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -16336,21 +24234,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -16359,17 +24268,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16378,19 +24300,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16399,19 +24332,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -16419,28 +24363,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -16448,16 +24401,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16467,16 +24434,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16486,18 +24467,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16507,21 +24501,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16529,21 +24535,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -16551,21 +24568,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -16573,16 +24601,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16592,27 +24634,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16621,23 +24669,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -16645,10 +24703,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16659,20 +24735,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -16681,23 +24746,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16707,10 +24780,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16722,19 +24813,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -16745,10 +24826,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16757,21 +24856,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -16781,23 +24869,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -16806,22 +24906,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16829,21 +24940,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -16851,25 +24973,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16877,23 +25007,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -16907,24 +25050,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -16933,10 +25085,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -16946,21 +25116,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -16970,25 +25130,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.18/user.json b/src/audit-logs/data/ghes-3.18/user.json index 9e80d3b859c4..759542980e5f 100644 --- a/src/audit-logs/data/ghes-3.18/user.json +++ b/src/audit-logs/data/ghes-3.18/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,17 +227,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -167,19 +259,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -188,18 +292,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -207,18 +324,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -226,15 +355,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -244,26 +386,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -271,24 +423,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -296,26 +458,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -323,20 +495,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -347,17 +530,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -368,20 +564,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -390,19 +598,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -411,19 +632,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -432,20 +665,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -454,19 +699,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -475,20 +732,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -497,20 +765,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -521,17 +800,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -539,14 +830,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -556,25 +862,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -585,22 +900,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -612,22 +938,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -636,36 +973,64 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "owner", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo" - ] - }, + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, { "action": "codespaces.restore", "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -675,27 +1040,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -703,19 +1077,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -723,18 +1110,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -743,23 +1142,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -767,16 +1173,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -785,24 +1205,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -810,15 +1236,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -828,40 +1267,62 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "request_access_security_header" - ] - }, - { - "action": "copilot.cfb_seat_cancelled", - "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -869,21 +1330,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -891,22 +1361,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -914,21 +1395,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -938,20 +1429,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -961,21 +1464,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -985,19 +1497,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1007,21 +1528,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1031,19 +1561,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1052,19 +1593,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1073,19 +1625,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1094,19 +1657,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1115,17 +1689,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1133,19 +1720,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1154,19 +1752,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1174,19 +1783,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1195,19 +1815,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1215,40 +1846,62 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" - }, - { - "action": "dependency_graph.enable", - "description": "The dependency graph was enabled for all existing repositories.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1256,19 +1909,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1277,20 +1941,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1298,22 +1972,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1322,22 +2005,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1345,28 +2038,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1375,27 +2074,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1404,25 +2111,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1431,26 +2146,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1459,21 +2181,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1482,22 +2216,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1506,25 +2250,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1533,22 +2286,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1557,21 +2322,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1582,21 +2357,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1604,20 +2390,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1625,21 +2423,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1647,22 +2456,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1671,23 +2491,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1696,23 +2527,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1720,18 +2560,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1742,20 +2592,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1765,18 +2625,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1784,18 +2656,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1803,25 +2687,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1829,52 +2723,70 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "created_at", - "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" - ] - }, + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" + ] + }, { "action": "hook.create", "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -1883,25 +2795,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -1909,26 +2830,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -1936,21 +2866,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -1959,19 +2900,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -1979,21 +2933,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2002,19 +2967,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2025,20 +3004,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2048,24 +3039,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ - "user_id", - "repository_selection", - "name", - "user", - "request_id", - "integration", - "operation_type", - "actor_id", - "action", - "repositories_added", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "repository_selection", + "name", + "integration", + "operation_type", + "repositories_added", + "created_at", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2076,23 +3078,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2103,20 +3117,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2126,19 +3153,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2147,20 +3188,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2170,20 +3224,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2192,20 +3259,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2214,20 +3294,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2235,40 +3327,66 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "name", - "integration", - "user", - "user_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "application_client_id" - ] - }, - { - "action": "integration.revoke_tokens", - "description": "Token(s) for a GitHub App were revoked.", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.revoke_tokens", + "description": "Token(s) for a GitHub App were revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2277,17 +3395,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2300,21 +3431,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2328,17 +3472,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2350,18 +3507,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2369,21 +3538,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2391,21 +3573,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2413,22 +3608,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2436,19 +3644,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2459,21 +3680,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -2481,22 +3717,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2504,21 +3755,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2527,21 +3793,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2550,22 +3831,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2573,22 +3867,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2596,19 +3903,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2616,21 +3935,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2640,16 +3968,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo_id", - "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", "created_at", "operation_type" ] @@ -2659,18 +4000,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2680,14 +4034,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2695,19 +4065,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2715,18 +4096,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2734,23 +4127,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -2758,20 +4159,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -2782,19 +4193,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -2804,19 +4226,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -2825,16 +4258,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -2844,18 +4289,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -2863,20 +4320,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2885,20 +4354,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2907,20 +4388,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2929,20 +4422,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2951,19 +4456,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2972,20 +4490,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -2994,20 +4524,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3016,19 +4558,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3037,24 +4592,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3064,20 +4626,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -3088,20 +4661,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3111,21 +4695,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3134,24 +4728,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3159,20 +4763,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3180,22 +4794,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3203,20 +4825,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3224,22 +4856,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3247,21 +4887,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3269,26 +4918,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3297,26 +4955,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3324,28 +4990,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3353,26 +5027,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3380,20 +5062,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3402,16 +5095,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3422,18 +5128,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3442,18 +5161,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3462,18 +5193,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3482,18 +5226,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3503,20 +5259,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3524,17 +5291,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3544,20 +5324,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3566,20 +5357,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3588,17 +5393,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3609,20 +5429,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3631,19 +5465,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3651,19 +5497,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3671,35 +5529,61 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" - ] - }, - { - "action": "payment_method.remove", - "description": "A payment method was removed.", - "docs_reference_links": "N/A", - "fields": [ - "user", - "created_at", - "actor_id", - "@timestamp", - "user_id", - "action", - "operation_type", - "actor", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "payment_method.remove", + "description": "A payment method was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3707,18 +5591,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -3726,18 +5622,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3748,18 +5657,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3770,17 +5692,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3790,19 +5725,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3810,12 +5757,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -3826,20 +5790,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3847,17 +5823,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3868,18 +5857,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3891,17 +5893,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -3913,17 +5928,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3934,15 +5962,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3952,17 +5995,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -3972,15 +6026,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3990,17 +6059,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4010,17 +6090,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4030,17 +6121,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4050,17 +6152,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4070,19 +6183,32 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", - "request_id", - "user_agent", + "action", "actor", - "operation_type" - ], + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", + "operation_type" + ], "docs_reference_titles": "Personalize your profile" }, { @@ -4090,17 +6216,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4108,20 +6247,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4131,25 +6281,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4157,20 +6319,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4178,25 +6352,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4204,17 +6390,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4222,17 +6421,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4240,18 +6452,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4260,39 +6484,62 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" - }, - { - "action": "project.link", - "description": "A repository was linked to a project board.", - "docs_reference_links": "N/A", - "fields": [ + "programmatic_access_type", + "repo", "repo_id", - "action", - "actor_id", - "org_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" + }, + { + "action": "project.link", + "description": "A repository was linked to a project board.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", "_document_id", - "created_at", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "repo" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4300,17 +6547,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4322,22 +6582,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4345,19 +6614,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4365,17 +6645,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4383,18 +6676,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4402,20 +6708,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4423,18 +6739,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4443,36 +6771,61 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" - }, - { - "action": "project.visibility_private", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project.visibility_private", "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4484,21 +6837,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4506,18 +6871,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4528,23 +6906,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4553,24 +6942,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4579,20 +6979,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4601,21 +7015,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4625,22 +7052,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4649,25 +7088,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", - "actor", - "key", - "fingerprint", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4676,23 +7125,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4701,22 +7161,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -4725,21 +7195,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -4748,25 +7227,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -4775,23 +7261,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -4800,24 +7294,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -4826,23 +7327,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -4852,22 +7361,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -4876,19 +7394,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -4897,24 +7428,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -4923,23 +7464,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4950,17 +7500,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -4969,15 +7532,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -4988,16 +7564,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5007,17 +7596,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5027,19 +7629,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5048,17 +7661,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5067,26 +7693,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5095,30 +7727,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5128,20 +7765,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5150,25 +7798,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5177,23 +7833,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5201,25 +7868,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5229,23 +7905,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5253,21 +7939,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5275,21 +7971,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5297,22 +8003,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5320,21 +8035,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5342,20 +8067,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5363,22 +8099,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5386,18 +8131,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5405,22 +8164,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5428,21 +8197,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5450,18 +8229,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -5470,48 +8261,65 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" - ], - "docs_reference_titles": "Using secrets in GitHub Actions" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, { "action": "repo.remove_actions_variable", "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5520,23 +8328,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5544,26 +8362,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5572,21 +8395,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5595,25 +8427,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5621,22 +8459,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5645,19 +8493,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -5665,23 +8524,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -5691,20 +8559,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5715,21 +8594,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -5738,22 +8628,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -5762,21 +8662,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -5785,22 +8696,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -5811,16 +8732,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5829,22 +8761,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -5854,22 +8795,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -5878,23 +8830,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5904,41 +8866,61 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" - ] - }, - { - "action": "repo.unarchived", - "description": "A repository was unarchived.", - "docs_reference_links": "/repositories/archiving-a-github-repository", - "fields": [ - "actor", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "repo", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5947,24 +8929,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5972,25 +8963,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5999,24 +8997,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6025,25 +9033,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6052,22 +9068,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6076,26 +9101,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6103,31 +9136,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6136,21 +9176,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6158,21 +9208,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6180,21 +9240,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6202,20 +9273,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -6223,21 +9306,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -6245,19 +9339,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -6265,31 +9372,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6298,19 +9413,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6318,8 +9444,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6328,23 +9453,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6369,18 +9503,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6388,18 +9534,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6407,16 +9565,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6426,18 +9597,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6446,16 +9630,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6466,15 +9663,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6484,15 +9694,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6501,17 +9726,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6520,17 +9758,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6539,33 +9791,61 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", - "request_id", - "user_id", - "created_at", - "user", "_document_id", - "user_agent", - "actor", - "operation_type" - ], - "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" - }, - { - "action": "sponsors.sponsor_sponsorship_tier_change", - "description": "A sponsorship was upgraded or downgraded.", - "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", - "fields": [ - "user_id", + "action", "actor", "actor_id", - "action", - "user", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_tier_change", + "description": "A sponsorship was upgraded or downgraded.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6575,17 +9855,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6594,17 +9887,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6613,18 +9919,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6633,15 +9952,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -6651,16 +9984,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6668,15 +10014,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -6687,16 +10046,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -6706,17 +10078,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -6725,17 +10110,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ - "actor", - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6746,17 +10144,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -6767,18 +10178,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6788,16 +10210,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6807,17 +10242,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -6826,16 +10274,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6845,23 +10306,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6869,23 +10340,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6893,23 +10374,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -6917,39 +10408,64 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "actor_is_bot", - "request_access_security_header" - ] - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, { "action": "successor_invitation.accept", "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6958,15 +10474,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6975,15 +10506,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -6992,15 +10538,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7009,15 +10570,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7025,15 +10601,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7042,17 +10633,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7060,17 +10664,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7078,14 +10695,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7094,29 +10726,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", - "user_agent", - "action" - ] - }, - { - "action": "two_factor_account_recovery.ignore", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.ignore", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7124,17 +10788,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -7142,17 +10819,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7160,16 +10850,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7177,15 +10881,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7193,18 +10912,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7213,18 +10944,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7233,18 +10976,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7253,52 +11008,92 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", - "_document_id", - "user_agent" - ] - }, - { - "action": "two_factor_authentication.recovery_codes_regenerated", - "description": "Two factor recovery codes were regenerated for a user account.", - "docs_reference_links": "N/A", - "fields": [ - "request_id", - "actor", - "operation_type", "_document_id", - "user_id", "action", - "user", - "user_agent", + "actor", "actor_id", - "@timestamp", - "created_at" - ] + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.recovery_codes_regenerated", + "description": "Two factor recovery codes were regenerated for a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] }, { "action": "two_factor_authentication.remove_factor", "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7307,15 +11102,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -7324,16 +11134,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7341,19 +11164,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7362,18 +11197,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7381,15 +11228,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7399,20 +11259,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7420,18 +11291,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7439,18 +11322,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7459,17 +11354,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7478,19 +11386,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7498,21 +11418,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7520,20 +11452,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -7541,18 +11484,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7561,19 +11516,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7581,18 +11547,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7600,18 +11578,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7619,37 +11609,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user_id", - "actor", - "operation_type", - "created_at", - "_document_id", "@timestamp", - "user", - "actor_id", + "_document_id", "action", - "request_access_security_header" - ] - }, - { + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { "action": "user.device_verification_success", "description": "N/A", "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7657,17 +11671,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7675,17 +11702,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7693,17 +11733,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7711,21 +11764,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7733,21 +11796,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -7756,17 +11829,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7774,17 +11860,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7792,17 +11891,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7810,36 +11922,62 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" - ] - }, - { - "action": "user.forgot_password", - "description": "A user requested a password reset.", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.forgot_password", + "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -7848,17 +11986,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7866,18 +12017,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -7886,19 +12049,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -7906,18 +12081,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7925,18 +12112,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7944,21 +12143,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7966,16 +12175,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -7984,20 +12206,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -8005,20 +12238,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8026,20 +12271,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -8047,18 +12303,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8066,16 +12334,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -8086,16 +12367,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8104,18 +12397,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8123,18 +12428,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8142,22 +12459,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8165,23 +12493,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8190,21 +12528,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8212,18 +12560,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8231,18 +12591,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8252,16 +12624,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8269,18 +12653,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8288,18 +12684,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8307,17 +12715,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8325,18 +12746,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8344,17 +12777,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8363,19 +12809,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8383,21 +12841,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8405,21 +12873,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8427,46 +12907,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8475,23 +12973,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8499,23 +13007,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8525,23 +13041,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8550,22 +13078,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8573,21 +13112,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -8595,25 +13145,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8621,24 +13179,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8647,25 +13214,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.19/enterprise.json b/src/audit-logs/data/ghes-3.19/enterprise.json index 856ebaa16650..956618cc9302 100644 --- a/src/audit-logs/data/ghes-3.19/enterprise.json +++ b/src/audit-logs/data/ghes-3.19/enterprise.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,31 +196,34 @@ "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", "fields": [ - "user_agent", - "request_id", - "request_method", - "query_string", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", - "request_body", - "status_code", - "url_path", "business", "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", "created_at", "operation_type", "route", @@ -167,18 +237,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -186,20 +268,32 @@ "description": "A manual check of the endpoint configured for audit log streaming was performed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_result", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", "created_at", "operation_type", - "audit_log_stream_sink_details", - "request_access_security_header" + "audit_log_stream_sink_details" ] }, { @@ -207,18 +301,31 @@ "description": "An endpoint was added for audit log streaming.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", "audit_log_stream_id" ] }, @@ -227,15 +334,28 @@ "description": "An audit log streaming endpoint was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "business_id", "business", - "action", - "_document_id", - "@timestamp", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "audit_log_stream_id", @@ -247,17 +367,30 @@ "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "audit_log_stream_enabled", - "business_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", "audit_log_stream_sink", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "new_s3_bucket", @@ -280,28 +413,42 @@ "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -309,22 +456,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -332,25 +491,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -364,17 +535,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -383,19 +567,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -404,15 +600,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -422,15 +631,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -440,18 +662,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", - "user", - "user_id", - "user_agent", - "created_at", - "action" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -459,18 +694,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -478,15 +725,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -496,22 +756,31 @@ "description": "An enterprise owner was added to an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ - "name", - "business", - "user", - "user_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "request_id", + "business", "business_id", - "_document_id", - "user_agent", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -520,22 +789,32 @@ "description": "An organization was added to an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "operation_type", "name", "created_at", - "request_id", - "_document_id", - "business", - "organization_upgrade", - "request_access_security_header" + "organization_upgrade" ] }, { @@ -543,20 +822,30 @@ "description": "GitHub Advanced Security was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -565,17 +854,28 @@ "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -586,21 +886,31 @@ "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -609,17 +919,28 @@ "description": "GitHub Advanced Security was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -630,17 +951,28 @@ "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -651,21 +983,31 @@ "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -674,20 +1016,32 @@ "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "new_policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -696,20 +1050,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -717,17 +1083,28 @@ "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -739,21 +1116,31 @@ "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" }, @@ -762,18 +1149,31 @@ "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -782,17 +1182,30 @@ "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "name", - "operation_type", - "business_id", - "user_agent", - "actor_id", - "request_id", - "actor", + "@timestamp", "_document_id", - "business", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -802,19 +1215,32 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", "business_id", - "action", - "_document_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business", "visibility", "created_at", - "actor", - "operation_type", - "@timestamp" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -823,21 +1249,33 @@ "description": "The policy for Code scanning autofix was updated for an enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -845,21 +1283,33 @@ "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" }, @@ -868,18 +1318,30 @@ "description": "The policy for Code Security enablement was updated for an enterprise.", "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -891,19 +1353,31 @@ "description": "An enterprise was created.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", "_document_id", "action", - "@timestamp", - "request_id", - "name", + "actor", + "actor_id", "business", "business_id", - "operation_type", - "actor", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "name", + "operation_type", + "created_at" ] }, { @@ -911,17 +1385,28 @@ "description": "Dependabot alerts were disabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -931,17 +1416,28 @@ "description": "Dependabot alerts were enabled for new repositories in your enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -951,17 +1447,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "new_policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -971,18 +1480,30 @@ "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -990,17 +1511,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was disabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1011,18 +1543,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A", "fields": [ - "action", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "business_id", - "actor_id", - "name", - "_document_id", - "request_id" + "name" ] }, { @@ -1030,15 +1575,28 @@ "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1048,17 +1606,28 @@ "description": "Display of IP addresses within audit log events for the enterprise was enabled.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1069,18 +1638,31 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "operation_type", - "created_at", + "actor_id", "business", "business_id", - "name", - "_document_id", - "request_id", - "@timestamp" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" ] }, { @@ -1088,20 +1670,31 @@ "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", "actor_id", - "@timestamp", - "request_id", "business", - "name", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "business_id", - "_document_id" + "created_at", + "name", + "operation_type" ] }, { @@ -1109,20 +1702,31 @@ "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1130,20 +1734,31 @@ "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "name", - "actor", - "operation_type", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "business", - "actor_id", - "created_at", - "action", + "user_id", "user_agent", - "request_id", - "user_id" + "name", + "operation_type", + "created_at" ] }, { @@ -1151,20 +1766,31 @@ "description": "An enterprise owner was removed from an enterprise.", "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", - "user_agent", + "actor_id", "business", "business_id", - "@timestamp", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "name", - "actor_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "user" + "user_agent", + "operation_type", + "created_at", + "name" ], "docs_reference_titles": "Inviting people to manage your enterprise" }, @@ -1173,20 +1799,31 @@ "description": "An organization was removed from an enterprise.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "business", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business_id", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "name", - "org" + "name" ] }, { @@ -1194,18 +1831,31 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "name", - "business_id", - "user_agent", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", - "@timestamp", - "created_at", + "actor_id", "business", - "_document_id" + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ] }, { @@ -1213,20 +1863,31 @@ "description": "The SAML single sign-on session for a member in an enterprise was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", - "user_agent", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "actor", - "_document_id", - "actor_id", "name", - "@timestamp", - "user_id", - "action", - "created_at", - "business" + "created_at" ] }, { @@ -1234,17 +1895,28 @@ "description": "Automatic partner validation checks have been disabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1255,17 +1927,28 @@ "description": "Automatic partner validation checks have been enabled at the business level", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1276,20 +1959,30 @@ "description": "An enterprise-level custom pattern was created for secret scanning.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ - "user_agent", - "request_id", - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1298,17 +1991,28 @@ "description": "An enterprise-level custom pattern was removed from secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1318,20 +2022,30 @@ "description": "An enterprise-level custom pattern was published for secret scanning.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1339,17 +2053,28 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1360,20 +2085,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -1382,17 +2117,28 @@ "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1402,17 +2148,28 @@ "description": "Secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1423,17 +2180,28 @@ "description": "Secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1444,17 +2212,28 @@ "description": "Secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1465,17 +2244,28 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1486,39 +2276,61 @@ "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "actor_is_bot" - ], - "docs_reference_titles": "Supported secret scanning patterns" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" }, { "action": "business_secret_scanning_non_provider_patterns.enabled", "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1530,17 +2342,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1551,17 +2374,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1572,17 +2406,28 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1593,17 +2438,28 @@ "description": "Push protection for secret scanning was disabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1614,17 +2470,28 @@ "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1635,17 +2502,28 @@ "description": "Push protection for secret scanning was enabled for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1656,17 +2534,28 @@ "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ], @@ -1677,10 +2566,28 @@ "description": "The push protection setting was updated for a secret type for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -1693,10 +2600,28 @@ "description": "The push protection pattern configuration was updated for your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" @@ -1706,20 +2631,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "new_policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type" ] }, { @@ -1727,26 +2664,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1754,24 +2701,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1779,26 +2736,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1806,20 +2773,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1830,17 +2808,29 @@ "description": "The cache retention policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1852,17 +2842,29 @@ "description": "The cache storage policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -1874,17 +2876,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -1895,20 +2910,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1917,19 +2944,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1938,41 +2978,65 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, { "action": "business.set_fork_pr_workflows_policy", "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -1981,19 +3045,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -2002,20 +3078,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "issuer", - "name", - "user_agent", - "action", "@timestamp", "_document_id", + "action", "actor", + "actor_id", "business", "business_id", - "actor_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" ] }, { @@ -2023,18 +3111,31 @@ "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "updated_github_owned_allowed", "updated_verified_allowed", "updated_patterns", @@ -2049,20 +3150,33 @@ "description": "The base repository permission setting was updated for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", "fields": [ - "business_id", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "permission", - "action", "created_at", - "@timestamp", - "request_id", "name", - "_document_id", - "old_permission", - "business" + "old_permission" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -2071,19 +3185,32 @@ "description": "The repository creation setting was updated for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", - "name", - "business_id", + "action", "actor", "actor_id", - "@timestamp", - "operation_type", - "permission", - "action", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "name", + "operation_type", + "permission", "visibility" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -2093,19 +3220,32 @@ "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", "fields": [ - "business_id", - "created_at", - "action", - "operation_type", "@timestamp", - "request_id", - "permission", + "_document_id", + "action", "actor", "actor_id", - "name", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "business" + "created_at", + "operation_type", + "permission", + "name" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -2114,20 +3254,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -2136,20 +3287,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", - "user", - "user_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -2160,17 +3322,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2178,224 +3352,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", - "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", - "actor", - "org_id", - "org", - "business_id", - "business", - "alert_numbers" - ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" - }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", "fields": [ "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", "business_id", - "query", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", - "search_string" + "user_agent", + "alert_number", + "alert_numbers" ], - "docs_reference_titles": "/search-github/github-code-search" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2405,25 +3723,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2434,22 +3761,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -2461,22 +3799,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -2485,15 +3834,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -2504,17 +3868,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2524,27 +3901,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2552,19 +3938,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "owner", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", - "public_repo", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at", + "public_repo" ] }, { @@ -2572,18 +3971,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -2592,23 +4003,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2616,16 +4034,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -2634,24 +4066,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2659,15 +4097,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2677,20 +4128,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -2698,19 +4159,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -2718,21 +4191,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -2740,22 +4222,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", - "org", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "business", - "business_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" ] }, { @@ -2763,21 +4256,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2787,20 +4290,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2810,21 +4325,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2834,19 +4358,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -2856,21 +4389,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2880,18 +4422,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2904,18 +4459,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -2929,14 +4497,29 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "value_type", @@ -2949,8 +4532,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2959,27 +4541,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -2988,19 +4578,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -3009,16 +4611,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -3030,19 +4645,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -3051,19 +4677,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -3072,19 +4709,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -3093,19 +4741,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -3114,21 +4773,31 @@ "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "access_level", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3137,17 +4806,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3155,19 +4837,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3176,39 +4869,61 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" - ] - }, - { - "action": "dependabot_security_updates_new_repos.disable", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3217,19 +4932,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3237,19 +4963,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3258,19 +4995,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3278,19 +5026,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -3299,128 +5058,195 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3431,16 +5257,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3451,18 +5291,32 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", "old_message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3473,23 +5327,31 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" }, @@ -3498,19 +5360,33 @@ "description": "A domain was approved for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3519,18 +5395,33 @@ "description": "A domain was added to an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3539,18 +5430,33 @@ "description": "A domain was removed from an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3559,18 +5465,33 @@ "description": "A domain was verified for an enterprise.", "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Verifying or approving a domain for your enterprise" }, @@ -3579,18 +5500,30 @@ "description": "A new GitHub Actions self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -3599,20 +5532,30 @@ "description": "A GitHub Actions self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -3621,20 +5564,30 @@ "description": "An enterprise role was assigned to a user or enterprise team.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "enterprise_role_id", - "enterprise_role_name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", "created_at", "operation_type", "actor_is_bot" @@ -3646,20 +5599,32 @@ "description": "A custom enterprise role was created in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3671,20 +5636,32 @@ "description": "A custom enterprise role was deleted in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3696,20 +5673,30 @@ "description": "A user or enterprise team was unassigned an enterprise role.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "enterprise_role_id", - "enterprise_role_name", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", "created_at", "operation_type", "actor_is_bot" @@ -3721,21 +5708,33 @@ "description": "A custom enterprise role was edited in an enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3747,18 +5746,31 @@ "description": "A GitHub Actions self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows" ], "docs_reference_titles": "Removing self-hosted runners" @@ -3768,18 +5780,31 @@ "description": "A GitHub Actions self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3788,20 +5813,33 @@ "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -3810,19 +5848,31 @@ "description": "A GitHub Actions self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3831,19 +5881,32 @@ "description": "A GitHub Actions runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -3852,24 +5915,36 @@ "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -3878,14 +5953,32 @@ "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3894,14 +5987,32 @@ "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -3910,18 +6021,36 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", "target_version", "runner_group_id", "runner_group_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Self-hosted runners" }, @@ -3930,22 +6059,32 @@ "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3953,21 +6092,33 @@ "description": "A license for GitHub Copilot was assigned to an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3975,17 +6126,30 @@ "description": "A license for GitHub Copilot was unassigned from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3996,17 +6160,30 @@ "description": "A new enterprise team was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4016,17 +6193,30 @@ "description": "An enterprise team was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -4037,22 +6227,32 @@ "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business_id", + "user_agent", "enterprise_team_id", "enterprise_team", - "user", - "business", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4060,18 +6260,31 @@ "description": "The name of an enterprise team was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "business_id", "enterprise_team_id", - "enterprise_team", - "business", - "action", - "_document_id", - "@timestamp", + "enterprise_team", "created_at", "operation_type", "actor_is_bot" @@ -4082,22 +6295,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4106,22 +6328,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4129,28 +6361,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4159,27 +6397,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -4188,25 +6434,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4215,26 +6469,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4243,21 +6504,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4266,22 +6539,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4290,25 +6573,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -4317,22 +6609,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -4341,21 +6645,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -4366,27 +6680,33 @@ "description": "A user was added to an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4394,19 +6714,31 @@ "description": "An external group was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", "scim_group_id" ] }, @@ -4415,22 +6747,33 @@ "description": "An external group was linked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group", - "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4438,21 +6781,31 @@ "description": "An external group was created.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -4460,26 +6813,32 @@ "description": "A user was removed from an external group.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "external_group", - "external_group_id", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "external_group", + "external_group_id", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -4487,31 +6846,39 @@ "description": "Failed external group SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", - "scim_group_id", - "message", - "action", - "_document_id", - "@timestamp", + "scim_group_id", + "message", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4520,30 +6887,38 @@ "description": "Successful external group SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4552,18 +6927,31 @@ "description": "An external group was unlinked to a GitHub team.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "external_group" ] }, @@ -4572,22 +6960,32 @@ "description": "An external group was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "scim_group_id", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" ] }, { @@ -4595,25 +6993,33 @@ "description": "An external group's display name was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "external_group_id", "external_group", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "scim_group_id", - "request_access_security_header" + "scim_group_id" ] }, { @@ -4621,20 +7027,31 @@ "description": "An external identity was deprovisioned, suspending the linked GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -4642,17 +7059,31 @@ "description": "An external identity was created and linked to a GitHub user.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4660,15 +7091,29 @@ "description": "Failed external identity SCIM API request.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", @@ -4676,15 +7121,9 @@ "url_path", "scim_user_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4693,30 +7132,38 @@ "description": "Successful external identity SCIM API request. Excludes GET API requests.", "docs_reference_links": "/rest/scim/scim", "fields": [ - "user_agent", - "request_id", - "request_method", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", "query_string", "api_request_body", "route", "status_code", "url_path", "scim_user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "REST API endpoints for SCIM" }, @@ -4725,18 +7172,31 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "scim_user_id", - "request_access_security_header" + "scim_user_id" ] }, { @@ -4744,21 +7204,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -4766,20 +7237,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -4787,21 +7270,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -4809,19 +7303,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4830,20 +7335,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4852,19 +7367,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -4873,22 +7399,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -4897,48 +7434,68 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "github_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "request_access_security_header" - ], - "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" - }, - { - "action": "github_hosted_runner.create", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "actor", - "actor_id", + "user", + "user_id", "user_agent", - "request_id", "name", "runner_group_id", - "business", - "user", - "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4946,18 +7503,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -4968,20 +7535,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -4991,18 +7568,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -5010,18 +7599,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -5029,25 +7630,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5055,25 +7666,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -5081,26 +7701,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -5109,25 +7738,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", - "repo", - "created_at", - "org", - "name", - "request_id", "actor_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", + "operation_type", + "oauth_application_id", + "hook_id" ] }, { @@ -5135,26 +7773,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -5162,21 +7809,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -5185,19 +7843,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -5205,21 +7876,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -5228,19 +7910,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -5251,20 +7947,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -5274,24 +7982,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -5302,23 +8021,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -5329,21 +8060,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "url", - "actor", - "actor_id", "created_at", - "request_id", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -5354,20 +8097,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -5377,20 +8132,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -5400,19 +8168,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -5421,20 +8203,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -5444,20 +8239,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -5466,20 +8274,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -5488,20 +8309,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -5509,19 +8342,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5530,19 +8376,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -5551,17 +8410,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5574,21 +8446,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -5602,17 +8487,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -5624,19 +8522,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5644,19 +8553,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5664,17 +8584,28 @@ "description": "IP allow list user level enforcement was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5684,20 +8615,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -5706,19 +8646,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5726,17 +8677,28 @@ "description": "IP allow list user level enforcement was enabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5745,25 +8707,33 @@ "action": "ip_allow_list_entry.create", "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", - "fields": [ - "active", - "org", - "ip_allow_list_entry", + "fields": [ "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -5771,24 +8741,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -5796,19 +8774,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -5816,20 +8807,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5840,19 +8841,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5862,20 +8874,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5886,20 +8908,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5910,18 +8942,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -5929,21 +8973,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -5951,21 +9008,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", "marketplace_listing", - "@timestamp", "integration", - "org_id", - "action", - "org", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -5973,22 +9043,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -5996,19 +9079,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -6019,21 +9115,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", "marketplace_listing", "has_free_trial", - "user_agent", - "request_id", - "actor_id", "yearly_price_in_cents", "description", "bullets", "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "marketplace_listing_plan" ] }, { @@ -6041,22 +9152,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -6064,21 +9190,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -6087,21 +9228,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -6110,22 +9266,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -6133,22 +9302,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6156,19 +9338,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6176,21 +9370,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6200,16 +9403,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6219,18 +9435,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6240,14 +9469,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6255,19 +9500,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -6275,18 +9531,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6294,23 +9562,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -6318,20 +9594,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -6342,19 +9628,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", - "user", - "user_id", - "request_id", - "explanation", - "hashed_token", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -6364,19 +9661,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -6385,16 +9693,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -6404,18 +9724,30 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -6423,20 +9755,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6445,20 +9789,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6467,20 +9823,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6489,20 +9857,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6511,19 +9891,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6532,20 +9925,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6554,20 +9959,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6577,18 +9994,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", - "org_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "oauth_application_id", - "action", "created_at", - "actor", - "actor_id", - "oauth_application", - "_document_id", - "request_id" + "oauth_application" ] }, { @@ -6596,19 +10026,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6617,15 +10060,32 @@ "description": "An OAuth application was unsuspended for a user or organization account.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "operation_type", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "oauth_application_id", "oauth_application", - "org", - "created_at", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -6634,24 +10094,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6661,20 +10128,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -6685,20 +10163,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -6708,17 +10197,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6729,20 +10229,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -6751,21 +10261,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -6774,24 +10294,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -6799,21 +10329,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6821,20 +10361,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6842,22 +10392,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6865,20 +10423,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6886,22 +10454,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -6909,21 +10485,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6933,19 +10519,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -6954,19 +10551,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -6976,16 +10584,29 @@ "description": "A user initiated a background job to delete an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ] }, @@ -6994,16 +10615,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -7012,18 +10646,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -7032,19 +10679,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -7054,22 +10712,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -7077,19 +10746,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -7097,23 +10777,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7121,21 +10809,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7143,23 +10841,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7167,23 +10873,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7191,62 +10905,93 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.config.disable_collaborators_only", "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -7256,17 +11001,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -7275,17 +11033,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -7295,16 +11066,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -7313,17 +11097,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -7332,17 +11129,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -7351,22 +11161,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -7375,17 +11193,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -7396,18 +11225,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ - "request_id", - "org", - "actor_id", - "actor", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -7416,18 +11257,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7435,20 +11288,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -7457,19 +11320,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7478,14 +11352,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -7494,17 +11385,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7512,19 +11416,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7532,19 +11447,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -7552,19 +11478,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -7573,19 +11510,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -7594,19 +11542,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", - "sso_url", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "@timestamp", - "issuer", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "sso_url", + "created_at", + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -7615,17 +11576,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -7634,17 +11608,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -7653,18 +11640,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7672,23 +11672,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -7697,17 +11706,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7717,19 +11737,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7737,19 +11768,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7758,16 +11800,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -7775,17 +11830,30 @@ "description": "An organization was restored.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7793,19 +11861,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -7814,18 +11894,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -7835,21 +11926,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7857,21 +11957,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7879,21 +11988,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -7901,18 +12020,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -7921,19 +12052,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -7941,20 +12084,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -7963,21 +12116,33 @@ "description": "A self-hosted runner group was created.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -7987,21 +12152,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -8010,23 +12185,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -8035,23 +12220,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -8060,19 +12253,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -8081,25 +12287,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -8108,21 +12325,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -8132,21 +12358,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -8156,20 +12391,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8178,22 +12423,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8202,21 +12455,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8225,21 +12487,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8248,22 +12519,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8272,21 +12551,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -8295,21 +12583,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -8319,21 +12616,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -8343,19 +12649,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8365,21 +12682,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8389,21 +12715,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8413,19 +12748,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -8435,22 +12781,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8459,22 +12813,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8483,22 +12845,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8507,21 +12877,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8530,21 +12909,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8553,22 +12941,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8577,22 +12973,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -8601,12 +13005,28 @@ "description": "The push protection setting was updated for a secret type for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -8619,12 +13039,28 @@ "description": "The push protection pattern configuration was updated for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "About push protection" @@ -8634,26 +13070,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -8662,26 +13107,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8689,28 +13142,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8718,26 +13179,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8745,15 +13214,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8762,15 +13248,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -8779,7 +13282,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -8794,18 +13318,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8817,18 +13351,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -8840,20 +13384,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -8862,16 +13417,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -8882,18 +13450,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -8902,17 +13483,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8920,18 +13514,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8940,18 +13546,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8960,18 +13579,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8980,22 +13611,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9003,19 +13644,31 @@ "description": "A user account was converted into an organization.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", "fields": [ - "actor", + "@timestamp", "_document_id", - "request_id", - "operation_type", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "@timestamp", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "owner", - "request_access_security_header" + "operation_type", + "created_at", + "owner" ], "docs_reference_titles": "Converting a user into an organization" }, @@ -9024,19 +13677,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -9045,23 +13711,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -9070,20 +13747,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -9092,20 +13781,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -9113,17 +13813,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -9133,20 +13846,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -9155,19 +13879,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -9175,18 +13912,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -9195,11 +13944,28 @@ "description": "A new organization custom property definition was created.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "description", @@ -9207,11 +13973,6 @@ "required", "allowed_values", "default_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -9223,11 +13984,28 @@ "description": "An organization custom property definition was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "description", @@ -9235,11 +14013,6 @@ "required", "allowed_values", "default_value", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -9251,20 +14024,32 @@ "description": "An organization custom property definition was updated.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "old_values_editable_by", "values_editable_by", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -9279,21 +14064,31 @@ "description": "An organization's custom property value was manually set for the first time.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -9305,21 +14100,31 @@ "description": "An organization's custom property value was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -9331,20 +14136,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -9353,16 +14171,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -9371,14 +14204,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -9389,16 +14237,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "operation_type", - "domain_name", "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", "_document_id", - "actor_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -9407,20 +14270,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -9430,23 +14304,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9455,21 +14340,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -9480,21 +14376,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9503,20 +14412,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9525,17 +14448,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9546,20 +14484,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9568,19 +14520,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9588,19 +14552,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9608,18 +14584,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9627,16 +14615,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9644,18 +14646,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -9663,18 +14677,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9685,22 +14712,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9708,22 +14744,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9731,18 +14776,28 @@ "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9753,18 +14808,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9775,18 +14843,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9797,18 +14875,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9819,18 +14907,28 @@ "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9841,17 +14939,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9861,19 +14972,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9881,12 +15004,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -9897,20 +15037,32 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "explanation", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9918,23 +15070,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9942,21 +15105,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9964,17 +15138,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9985,18 +15172,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -10008,17 +15208,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -10030,17 +15243,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10051,15 +15277,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -10069,17 +15310,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -10089,15 +15341,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -10107,17 +15374,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -10127,17 +15405,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -10147,17 +15436,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -10167,17 +15467,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -10187,17 +15498,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -10207,17 +15531,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10225,20 +15562,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -10248,25 +15596,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -10274,20 +15634,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10295,25 +15667,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -10321,17 +15705,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -10339,17 +15736,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "actor_id", - "operation_type", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -10357,18 +15767,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -10377,18 +15799,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -10397,19 +15831,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -10417,17 +15862,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -10439,22 +15897,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -10462,19 +15929,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -10482,17 +15960,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10500,18 +15991,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -10519,20 +16023,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor", - "created_at", - "org", - "_document_id", - "org_id", - "action", - "programmatic_access_type" + "operation_type", + "created_at" ] }, { @@ -10540,18 +16054,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10560,18 +16086,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10580,16 +16118,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -10601,21 +16152,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -10623,22 +16186,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -10647,29 +16220,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10677,24 +16255,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10705,47 +16291,67 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", + "required_deployments_enforcement_level", + "merge_queue_enforcement_level", + "create_protected" + ] + }, + { + "action": "protected_branch.dismiss_stale_reviews", + "description": "Enforcement of dismissing stale pull requests was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "required_deployments_enforcement_level", - "merge_queue_enforcement_level", - "create_protected" - ] - }, - { - "action": "protected_branch.dismiss_stale_reviews", - "description": "Enforcement of dismissing stale pull requests was updated on a branch.", - "docs_reference_links": "N/A", - "fields": [ + "user", + "user_id", "user_agent", "dismiss_stale_reviews_on_push", - "org_id", - "action", "created_at", - "request_id", - "_document_id", - "@timestamp", - "actor_id", - "repo_id", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -10753,24 +16359,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", "created_at", - "user_agent", "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -10778,30 +16394,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10811,28 +16434,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10843,23 +16474,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10867,22 +16507,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10890,23 +16540,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -10914,24 +16573,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10940,22 +16608,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "actor", "linear_history_requirement_enforcement_level", - "repo", - "request_id", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10963,24 +16641,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10989,27 +16676,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -11018,18 +16712,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11040,24 +16747,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -11065,25 +16781,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -11091,22 +16814,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -11114,22 +16847,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -11138,22 +16882,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", - "repo", - "request_id", - "repo_id", - "created_at", - "actor", - "operation_type", - "user_agent", - "name", - "org_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", + "created_at", + "operation_type", + "name" ] }, { @@ -11161,25 +16915,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -11187,22 +16948,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "name", "@timestamp", - "created_at", "_document_id", - "request_id", - "repo_id", - "org", - "org_id", "action", "actor", "actor_id", - "signature_requirement_enforcement_level", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "programmatic_access_type" + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" ] }, { @@ -11210,22 +16981,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -11233,23 +17014,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -11258,24 +17050,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -11284,20 +17087,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -11306,21 +17123,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -11330,22 +17160,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -11354,25 +17196,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -11381,23 +17233,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -11406,18 +17269,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -11427,21 +17304,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -11450,19 +17338,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -11473,23 +17374,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11499,17 +17412,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11517,19 +17444,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11537,19 +17477,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -11559,21 +17512,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -11582,27 +17546,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11610,23 +17581,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -11635,18 +17618,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11654,19 +17651,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11676,20 +17685,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11697,18 +17717,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -11716,21 +17749,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11738,20 +17783,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11760,19 +17818,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11782,22 +17854,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11806,21 +17888,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11829,25 +17920,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11856,23 +17954,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11881,24 +17987,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11907,23 +18020,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11933,22 +18054,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11957,19 +18087,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11978,24 +18121,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -12004,24 +18157,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12029,24 +18190,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12054,24 +18223,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12079,24 +18256,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -12104,23 +18289,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12131,17 +18325,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -12151,17 +18357,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -12171,103 +18389,137 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.collaborators_only", "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "visibility", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12275,17 +18527,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -12294,15 +18559,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -12313,16 +18591,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -12332,17 +18623,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -12352,19 +18656,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -12373,17 +18688,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -12392,26 +18720,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -12420,30 +18754,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -12453,20 +18792,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12475,25 +18825,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12502,23 +18860,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12526,25 +18895,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -12554,17 +18932,30 @@ "description": "A repository was archived on disk.", "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", "fields": [ - "actor_id", - "repo", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", - "repo_id", - "actor", "action", - "user_agent" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" }, @@ -12573,23 +18964,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -12599,20 +18999,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "visibility", - "repo_id", - "created_at", - "actor", - "action", - "@timestamp", "org_id", - "request_id", + "programmatic_access_type", "repo", - "_document_id" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" ] }, { @@ -12620,20 +19031,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "visibility", - "repo_id", - "request_id", - "action", - "_document_id", "@timestamp", - "actor_id", - "created_at", - "user", - "operation_type", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", "public_repo" ] }, @@ -12642,19 +19064,30 @@ "description": "The repository was unlocked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12662,20 +19095,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "action", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "operation_type", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "visibility", - "actor", - "user_id" + "visibility" ] }, { @@ -12683,23 +19127,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12707,21 +19161,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12729,21 +19193,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12751,22 +19225,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12774,21 +19257,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12796,20 +19289,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12817,22 +19321,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -12840,18 +19353,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12859,22 +19386,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12882,21 +19419,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12904,18 +19451,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12924,22 +19483,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12948,24 +19516,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12974,23 +19550,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12998,26 +19584,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -13026,21 +19617,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -13049,25 +19649,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -13075,22 +19681,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -13099,20 +19715,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "visibility", - "operation_type", - "repo", + "@timestamp", "_document_id", - "user", - "user_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "@timestamp", - "request_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -13120,19 +19747,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -13140,17 +19778,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -13159,17 +19812,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -13178,7 +19846,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -13193,22 +19882,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -13220,22 +19917,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "request_access_security_header", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -13247,23 +19952,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -13273,20 +19987,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13297,21 +20022,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -13320,22 +20056,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -13344,21 +20090,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -13367,22 +20124,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -13393,16 +20160,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -13411,22 +20189,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -13436,22 +20223,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -13460,23 +20258,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -13486,19 +20294,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -13506,21 +20324,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -13529,24 +20357,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13554,25 +20391,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -13581,24 +20425,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13607,25 +20461,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -13634,22 +20496,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13658,26 +20529,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "visibility", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" ] }, { @@ -13685,31 +20564,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13718,24 +20604,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13744,24 +20636,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13770,25 +20668,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13797,25 +20701,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13824,21 +20734,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13846,21 +20766,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13868,21 +20798,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13890,20 +20831,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13911,21 +20864,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13933,19 +20897,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13953,31 +20930,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13986,19 +20971,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -14006,8 +21002,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -14016,23 +21011,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -14057,26 +21061,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -14085,26 +21095,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -14113,23 +21129,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14139,23 +21162,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14165,24 +21195,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14192,24 +21229,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -14218,24 +21262,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14245,23 +21296,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14271,23 +21329,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -14296,22 +21362,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14319,24 +21393,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14345,24 +21427,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14371,19 +21461,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "repo_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14392,24 +21494,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14418,24 +21528,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14444,19 +21562,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14465,26 +21595,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14493,26 +21628,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14521,28 +21661,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14550,27 +21698,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14578,28 +21734,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14607,28 +21771,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14636,29 +21808,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14667,29 +21847,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14698,44 +21886,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14746,21 +21956,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14769,26 +21991,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14796,21 +22026,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14818,21 +22059,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14841,20 +22096,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14863,24 +22128,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14888,26 +22160,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14915,23 +22193,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14939,23 +22224,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14964,18 +22256,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -14984,19 +22289,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15005,14 +22322,28 @@ "description": "A user was assigned to a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15020,50 +22351,74 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.create", "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -15072,28 +22427,37 @@ "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -15101,25 +22465,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15127,14 +22498,28 @@ "description": "A user was unassigned from a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15142,21 +22527,35 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.validate", "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -15166,26 +22565,37 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning.disable", "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15194,19 +22604,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15215,20 +22636,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15237,19 +22668,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15258,14 +22700,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -15283,25 +22739,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -15310,25 +22774,33 @@ "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -15338,49 +22810,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -15394,10 +22887,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15412,15 +22923,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15429,7 +22933,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15437,22 +22942,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15461,22 +22977,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15485,10 +23012,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15503,15 +23048,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15519,7 +23057,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15527,15 +23066,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15545,10 +23099,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15563,15 +23135,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15580,7 +23145,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15588,18 +23154,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -15607,18 +23185,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -15626,14 +23216,28 @@ "description": "A user linked a social identity to their account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "request_access_security_header", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -15643,14 +23247,28 @@ "description": "A user unlinked a social identity from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -15660,15 +23278,28 @@ "description": "A user unlinked all social identities from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -15678,16 +23309,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15697,18 +23341,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15717,16 +23374,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15737,15 +23407,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -15755,15 +23438,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -15772,17 +23470,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15791,17 +23502,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -15810,16 +23535,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -15829,14 +23567,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -15846,17 +23599,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15865,17 +23631,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -15884,18 +23663,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -15904,15 +23696,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -15922,16 +23728,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id", - "actor", - "actor_id", - "user_id" + "created_at", + "operation_type" ] }, { @@ -15939,15 +23758,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -15958,16 +23790,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -15977,17 +23822,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -15996,17 +23854,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16017,17 +23888,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16038,18 +23922,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16059,16 +23954,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16078,17 +23986,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "actor_id", - "action", "operation_type", - "created_at", - "user", - "@timestamp", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16097,38 +24018,64 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "ssh_certificate_authority.create", + "description": "An SSH certificate authority for an organization or enterprise was created.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ] - }, - { - "action": "ssh_certificate_authority.create", - "description": "An SSH certificate authority for an organization or enterprise was created.", - "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", - "fields": [ - "@timestamp", - "_document_id", + "user_agent", "fingerprint", "operation_type", "openssh_public_key", - "org_id", - "actor", - "created_at", - "org", - "action", - "user_agent", - "actor_id", - "request_id" + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16137,19 +24084,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16158,21 +24118,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", - "org", - "org_id", - "created_at", - "actor", "action", - "user_id", + "actor", + "actor_id", "business", "business_id", - "@timestamp", - "actor_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16181,19 +24150,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16202,20 +24182,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16223,18 +24217,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -16242,16 +24251,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16259,23 +24283,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16283,23 +24317,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16307,23 +24351,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16331,23 +24385,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16355,15 +24419,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -16372,15 +24451,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -16389,15 +24483,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -16406,15 +24515,30 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -16423,15 +24547,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16439,15 +24578,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -16456,21 +24610,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -16480,22 +24644,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", "operation_type", - "request_id", "created_at", - "@timestamp", - "org", - "repo", - "actor_id", - "_document_id", - "repo_id", - "user_agent", - "org_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -16504,20 +24677,30 @@ "description": "A team was added to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16528,20 +24711,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -16550,18 +24744,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -16571,21 +24778,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -16594,21 +24812,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -16617,80 +24845,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -16699,22 +24971,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -16723,20 +25004,30 @@ "description": "A team was removed from an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16747,22 +25038,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16772,21 +25072,31 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -16794,21 +25104,32 @@ "description": "A team's name was changed.", "docs_reference_links": "N/A", "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -16817,17 +25138,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16836,19 +25170,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -16857,28 +25202,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -16886,17 +25240,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16904,17 +25271,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16922,14 +25302,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -16938,15 +25333,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -16954,13 +25364,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -16968,17 +25395,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -16986,17 +25426,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -17004,16 +25457,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17021,15 +25488,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17037,18 +25519,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -17057,38 +25551,62 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, { "action": "two_factor_authentication.enabled", "description": "Two-factor authentication was enabled for a user account.", - "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", - "fields": [ - "actor", - "operation_type", - "user_agent", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -17097,15 +25615,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17113,16 +25646,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -17131,18 +25677,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -17151,15 +25709,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -17168,16 +25741,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -17185,19 +25771,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -17206,18 +25804,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -17225,15 +25835,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -17243,20 +25866,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -17264,18 +25898,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17283,18 +25929,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -17303,17 +25961,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -17322,23 +25993,38 @@ "description": "Triggered when a user content edit is deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_content_id", "user_content_type", "created_at", - "user_agent", "deleted_by", "editor_id", - "_document_id", "deleted_at", - "action", - "actor_id", "editor", "deleted_by_id", "deleted_content", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -17346,16 +26032,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "created_at", - "user", "action", - "operation_type", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17363,16 +26063,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "_document_id", "@timestamp", - "created_at", - "user_agent", - "operation_type", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17380,16 +26094,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "created_at", - "_document_id", - "user_agent", - "user_id", "@timestamp", - "user", + "_document_id", "action", - "request_access_security_header" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17397,19 +26125,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -17417,21 +26157,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17439,20 +26191,31 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", - "request_id", - "user_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -17460,18 +26223,30 @@ "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17480,19 +26255,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -17500,18 +26286,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17519,18 +26317,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17538,18 +26348,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -17558,17 +26380,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17576,17 +26410,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17594,17 +26441,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17612,17 +26472,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17630,21 +26503,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17652,21 +26535,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -17675,17 +26568,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17693,17 +26599,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17711,17 +26630,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -17729,18 +26661,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17748,16 +26692,29 @@ "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", "user_agent", + "operation_type", "created_at" ] }, @@ -17766,17 +26723,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -17785,17 +26756,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17803,18 +26787,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -17823,19 +26819,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", "operation_type", - "_document_id", - "request_id", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -17843,18 +26851,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17862,19 +26882,30 @@ "description": "A comment made by a user was minimized.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", - "actor_id", "@timestamp", - "created_at", - "operation_type", "_document_id", - "user", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -17882,18 +26913,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17901,14 +26944,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -17916,21 +26975,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17938,16 +27007,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -17956,20 +27038,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -17977,20 +27070,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17998,17 +27103,30 @@ "description": "A user account was no longer flagged as a large scale contributor.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -18016,20 +27134,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -18037,17 +27166,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "user_agent", - "request_id", - "action", "@timestamp", - "created_at", - "org_id", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -18056,18 +27197,30 @@ "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "action", "created_at", - "actor", - "operation_type", - "actor_id", - "user_id", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" }, @@ -18076,18 +27229,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -18095,16 +27260,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -18115,16 +27293,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -18133,18 +27323,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -18152,18 +27354,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -18171,18 +27385,30 @@ "description": "A user signed in from an unrecognized location.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "action", - "operation_type", - "user_agent", - "user", + "@timestamp", "_document_id", + "action", "actor", - "created_at", "actor_id", - "@timestamp", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18190,46 +27416,67 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", + "limited_availability", + "emoji", + "operation_type" + ] + }, + { + "action": "user_status.update", + "description": "Triggered when you set or change the status on your profile.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "limited_availability", - "action", - "emoji", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "user_status.update", - "description": "Triggered when you set or change the status on your profile.", - "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", - "fields": [ "limited_availability", - "user", - "action", - "actor_id", "message", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", - "user_agent", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -18238,21 +27485,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -18260,18 +27517,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18279,18 +27548,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18300,16 +27581,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -18317,18 +27610,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18336,18 +27641,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -18355,17 +27672,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -18373,18 +27703,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", - "actor", - "user_id", - "action", - "created_at", - "user", - "operation_type", "@timestamp", - "request_id", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -18392,17 +27734,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -18411,19 +27766,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -18432,15 +27799,28 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user_agent", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "request_id", - "actor", - "action", "created_at" ] }, @@ -18449,21 +27829,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -18471,21 +27861,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -18493,18 +27895,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -18512,16 +27926,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -18531,16 +27959,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -18550,18 +27992,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -18571,21 +28026,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -18593,21 +28060,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -18615,21 +28093,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -18637,16 +28126,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -18656,27 +28159,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -18685,23 +28194,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -18709,10 +28228,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -18723,20 +28260,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -18745,23 +28271,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -18771,10 +28305,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -18786,19 +28338,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -18809,10 +28351,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -18821,21 +28381,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -18845,23 +28394,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -18870,22 +28431,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -18893,21 +28465,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -18915,25 +28498,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -18941,23 +28532,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -18971,24 +28575,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -18997,10 +28610,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -19010,21 +28641,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -19034,25 +28655,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.19/organization.json b/src/audit-logs/data/ghes-3.19/organization.json index 6b39e1438f9d..76c4dd8d3706 100644 --- a/src/audit-logs/data/ghes-3.19/organization.json +++ b/src/audit-logs/data/ghes-3.19/organization.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,29 +67,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -72,44 +103,66 @@ "description": "Credit was accepted for a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory" + "docs_reference_titles": "Editing a repository security advisory" }, { "action": "advisory_credit.create", "description": "Someone was added to the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -117,21 +170,32 @@ "description": "Credit was declined for a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -140,21 +204,32 @@ "description": "Someone was removed from the credit section of a security advisory.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "ghsa_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", "recipient", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -163,18 +238,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -182,17 +269,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -203,50 +301,74 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, { "action": "billing.budget_create", "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -254,22 +376,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -277,25 +411,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -309,17 +455,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -328,19 +487,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -349,15 +520,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -367,15 +551,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -385,18 +582,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -404,18 +614,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -423,20 +645,31 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, @@ -445,20 +678,31 @@ "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -469,17 +713,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -487,207 +743,368 @@ "description": "Existing code scanning alerts appeared in a branch.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_fixed", "description": "Code scanning alerts were fixed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_became_outdated", "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_numbers", "commit_oid", - "ref", - "request_id", - "org_id", - "org", - "business_id", - "business" + "ref" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closed_by_user", "description": "Code scanning alerts were manually dismissed.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers", "dismissal_approver_id" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_approved", "description": "Dismissal of code scanning alerts was approved.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_denied", "description": "Dismissal of code scanning alerts was denied.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_closure_requested", "description": "Dismissal of code scanning alerts was requested.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "dismissal_request_id", "alert_number", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_created", "description": "Code scanning alerts were seen for the first time.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "commit_oid", - "ref", - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reappeared", "description": "Code scanning alerts that were previously fixed reappeared.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_number", "commit_oid", "ref", - "request_id", - "org_id", - "org", - "business_id", - "business", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "code_scanning.alert_reopened_by_user", "description": "Code scanning alerts that were previously dismissed were reopened.", "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", "fields": [ - "repo_id", - "alert_number", - "actor_id", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", - "business_id", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", "alert_numbers" ], - "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + "docs_reference_titles": "About code scanning" }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -697,28 +1114,34 @@ "description": "An attempt to create a codespace from a prebuild was made.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "owner", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "user_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", "created_at", "operation_type", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -726,17 +1149,30 @@ "description": "Enterprise setting for Codespaces ownership was updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enablement", "organization_names", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -747,25 +1183,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -776,22 +1221,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -803,22 +1259,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -827,15 +1294,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "owner", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", "created_at", "operation_type", "public_repo" @@ -846,15 +1328,28 @@ "description": "Policies were applied to codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -864,20 +1359,30 @@ "description": "Policies were removed from codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -885,19 +1390,30 @@ "description": "Policies were updated for codespaces in an organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -905,17 +1421,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -925,27 +1454,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -953,19 +1491,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -973,18 +1524,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -993,20 +1556,30 @@ "description": "A commit comment was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "repo", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "@timestamp", - "operation_type", + "programmatic_access_type", + "repo", "repo_id", - "actor_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -1014,43 +1587,64 @@ "description": "A commit comment was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "repo_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_id", - "action", - "@timestamp", - "repo", "org_id", - "actor_id", - "created_at", - "user_agent", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { - "action": "copilot.access_revoked", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.access_revoked", "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "reason", "plan", - "org_id", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1058,13 +1652,28 @@ "description": "Copilot feature settings were changed at the organization level.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1074,23 +1683,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1098,16 +1714,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -1116,24 +1746,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1141,15 +1777,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1159,20 +1808,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1180,19 +1839,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1200,21 +1871,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1222,21 +1902,33 @@ "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_value", - "new_value", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_value", + "new_value", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -1244,21 +1936,32 @@ "description": "The excluded paths for GitHub Copilot were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "excluded_paths", "owner_type", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1266,14 +1969,28 @@ "description": "Copilot custom instructions were created for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1284,14 +2001,28 @@ "description": "Copilot custom instructions were updated for the organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "custom_instructions" @@ -1299,92 +2030,129 @@ }, { "action": "copilot.knowledge_base_created", - "description": "A knowledge base was created in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_deleted", - "description": "A knowledge base was deleted from the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.knowledge_base_updated", - "description": "A knowledge base was updated in the organization.", - "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "knowledge_base_name", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" - ], - "docs_reference_titles": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" + "actor_is_bot" + ] }, { "action": "copilot.plan_changed", "description": "The plan for GitHub Copilot was updated.", "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_plan", "plan", - "business_id", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -1396,20 +2164,31 @@ "description": "The plan for GitHub Copilot was scheduled to be downgraded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "current_plan", "scheduled_plan" @@ -1420,18 +2199,30 @@ "description": "MCP Configuration for Copilot coding agent was updated for a specific repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_config", - "repo", - "repo_id", - "public_repo", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_config", + "public_repo", "created_at", "operation_type" ] @@ -1441,22 +2232,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1464,21 +2266,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1488,20 +2300,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1511,21 +2335,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1535,19 +2368,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1557,21 +2399,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1581,18 +2432,31 @@ "description": "A new custom property definition was created.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1605,18 +2469,31 @@ "description": "A custom property definition was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "property_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "value_type", "required", "default_value", @@ -1630,18 +2507,33 @@ "description": "A custom property definition was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "property_name", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "value_type", - "required", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", "default_value", "old_allowed_values", "allowed_values", @@ -1650,8 +2542,7 @@ "old_default_value", "old_value_type", "old_values_editable_by", - "values_editable_by", - "request_access_security_header" + "values_editable_by" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1660,27 +2551,35 @@ "description": "A repository's custom property value was manually set for the first time.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1689,19 +2588,31 @@ "description": "A repository's custom property value was deleted.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" }, @@ -1710,16 +2621,29 @@ "description": "A repository's custom property value was updated.", "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "definition_id" @@ -1731,19 +2655,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1752,19 +2687,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1773,19 +2719,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1794,19 +2751,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1815,21 +2783,31 @@ "description": "The default repository access for Dependabot was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "access_level", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -1838,17 +2816,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1856,19 +2847,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1877,19 +2879,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1897,19 +2910,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1918,19 +2942,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1938,19 +2973,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1959,19 +3005,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1979,19 +3036,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -2000,20 +3068,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2021,21 +3099,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "repo_id", - "request_id", + "@timestamp", + "_document_id", "action", "actor", - "org_id", - "_document_id", "actor_id", - "operation_type", - "@timestamp", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2043,20 +3130,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", "@timestamp", - "actor", - "user_agent", - "request_id", - "org", "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "repo", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2064,130 +3161,196 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "user_agent", - "actor_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "title", - "_document_id", - "created_at", - "repo", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { "action": "discussion_post.destroy", - "description": "Triggered when a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "request_id", - "team", - "created_at", - "user_id", "@timestamp", - "number", - "org", - "title", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "team", + "created_at", + "number", + "title", + "operation_type" + ] }, { "action": "discussion_post_reply.destroy", - "description": "Triggered when a reply to a team discussion post is deleted.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user_id", - "actor", "number", - "user", - "created_at", - "request_id", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment" + "created_at" + ] }, { "action": "discussion_post_reply.update", - "description": "Triggered when a reply to a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "action", - "_document_id", - "request_id", - "org", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org_id", "user_agent", - "actor", + "operation_type", "number", "team", "created_at" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "discussion_post.update", - "description": "Triggered when a team discussion post is edited.", - "docs_reference_links": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "created_at", - "_document_id", - "title", - "user", - "user_agent", - "org", - "operation_type", - "actor_id", "@timestamp", - "actor", - "team", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", "number" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment" + ] }, { "action": "enterprise_announcement.create", "description": "A global announcement banner was created for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", "message", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2198,16 +3361,30 @@ "description": "A global announcement banner was removed from the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -2218,39 +3395,66 @@ "description": "A global announcement banner was updated for the enterprise.", "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner", - "owner_type", + "business", "business_id", - "message", - "old_message", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type" - ], - "docs_reference_titles": "Customizing user messages for your enterprise" - }, + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "message", + "old_message", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, { "action": "enterprise_installation.create", "description": "The GitHub App associated with a GitHub Connect connection was created.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", - "operation_type", "@timestamp", "_document_id", - "org_id", "action", - "request_id", - "org", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2259,17 +3463,30 @@ "description": "The GitHub App associated with a GitHub Connect connection was deleted.", "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", "fields": [ - "created_at", + "@timestamp", "_document_id", "action", - "@timestamp", - "actor_id", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" }, @@ -2278,22 +3495,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2302,22 +3528,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2325,28 +3561,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2355,27 +3597,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -2384,25 +3634,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2411,26 +3669,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2439,21 +3704,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2462,22 +3739,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2486,25 +3773,34 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -2513,22 +3809,34 @@ "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -2537,21 +3845,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -2562,19 +3880,30 @@ "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2583,20 +3912,30 @@ "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2605,19 +3944,30 @@ "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ - "transport_protocol", - "request_id", - "repository", - "repository_id", - "repository_public", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "transport_protocol", + "repository_public", "transport_protocol_name" ] }, @@ -2626,23 +3976,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2650,18 +4009,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -2672,20 +4041,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -2695,25 +4074,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -2721,25 +4110,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2747,26 +4145,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2775,25 +4182,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2801,26 +4217,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2828,21 +4253,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2851,19 +4287,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2871,21 +4320,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2894,19 +4354,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2917,20 +4391,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2940,24 +4426,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2968,23 +4465,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2995,21 +4504,33 @@ "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", "operation_type", - "@timestamp", "integration", - "action", - "user_agent", "reason", - "_document_id", - "org", - "org_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3020,20 +4541,32 @@ "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", "fields": [ "@timestamp", - "actor_id", - "org", "_document_id", - "requester", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "requester", "created_at", "url", - "org_id", - "request_id", "operation_type", - "actor", "integration", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" @@ -3043,20 +4576,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -3066,19 +4612,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -3087,20 +4647,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -3110,20 +4683,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -3132,20 +4718,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -3154,20 +4753,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -3175,19 +4786,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3196,19 +4820,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -3217,17 +4854,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3240,21 +4890,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -3268,17 +4931,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -3290,19 +4966,30 @@ "description": "An IP allow list was disabled.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "actor", - "request_id", - "org", - "user_agent", + "@timestamp", "_document_id", - "user_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "@timestamp", - "user" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3310,19 +4997,30 @@ "description": "An IP allow list was disabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3330,20 +5028,29 @@ "description": "An IP allow list was enabled.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "user_id", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "business_id", - "_document_id", - "action", - "@timestamp", + "user_id", "user_agent", - "actor_id", "operation_type", - "org", "created_at" ] }, @@ -3352,19 +5059,30 @@ "description": "An IP allow list was enabled for installed GitHub Apps.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3372,24 +5090,32 @@ "description": "An IP address was added to an IP allow list.", "docs_reference_links": "N/A", "fields": [ - "active", - "org", - "ip_allow_list_entry", "@timestamp", "_document_id", - "operation_type", - "created_at", - "user_agent", "action", - "request_id", + "actor", "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "business", - "actor", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" ] }, { @@ -3397,24 +5123,32 @@ "description": "An IP address was deleted from an IP allow list.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "ip_allow_list_entry", - "org", - "operation_type", - "created_at", - "active", "action", - "@timestamp", + "actor", + "actor_id", "business", "business_id", - "user_agent", + "hashed_token", + "org", "org_id", - "actor", - "actor_id", - "token_scopes", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" ] }, { @@ -3422,19 +5156,32 @@ "description": "An IP address or its description was changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at", - "user_agent", - "actor_id", "ip_allow_list_entry", - "active", - "org_id", - "@timestamp" + "active" ] }, { @@ -3442,22 +5189,98 @@ "description": "A comment on an issue was deleted from the repository.", "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", "_document_id", "action", - "operation_type", - "user_agent", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "oauth_application_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3465,22 +5288,31 @@ "description": "A comment on an issue (other than the initial one) changed.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", - "action", - "repo_id", - "org_id", - "created_at", - "operation_type", "@timestamp", - "user_agent", - "request_id", "_document_id", - "actor_id", + "action", "actor", - "oauth_application_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" ] }, { @@ -3488,20 +5320,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3512,19 +5354,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -3534,20 +5387,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3558,20 +5421,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3582,21 +5455,31 @@ "description": "An issue was deleted from the repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", "fields": [ - "user", - "actor_id", - "created_at", - "title", "@timestamp", "_document_id", - "request_id", - "actor", - "user_id", "action", - "operation_type", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" ], "docs_reference_titles": "Deleting an issue" }, @@ -3605,23 +5488,33 @@ "description": "An issue was pinned to a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ + "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", "action", "actor", - "operation_type", - "owner_type", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "number", - "repo", - "event", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3630,22 +5523,32 @@ "description": "An issue was transferred to another repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "owner_type", - "actor_id", "number", - "repo", "operation_type", - "_document_id", - "repo_id", - "action", - "request_id", - "created_at", - "actor", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Transferring an issue to another repository" }, @@ -3654,20 +5557,32 @@ "description": "An issue type was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "user_agent", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3678,20 +5593,32 @@ "description": "An issue type was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", "enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3702,11 +5629,28 @@ "description": "An issue type was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issue_type_name", "description", "color", @@ -3715,11 +5659,6 @@ "old_description", "old_color", "old_enabled", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -3730,24 +5669,33 @@ "description": "An issue was unpinned from a repository.", "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", "fields": [ - "event", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", - "action", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "operation_type", - "_document_id", - "number", - "owner_type", - "@timestamp", + "token_id", + "token_scopes", "user", "user_id", - "token_scopes", - "request_access_security_header" + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" ], "docs_reference_titles": "Pinning an issue to your repository" }, @@ -3756,19 +5704,30 @@ "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user_agent", - "action", "@timestamp", - "operation_type", - "request_id", - "actor_id", - "user_id", - "created_at", "_document_id", + "action", "actor", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "org_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3777,18 +5736,29 @@ "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -3798,19 +5768,30 @@ "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", "fields": [ - "user", - "request_id", - "actor", - "business_id", - "action", - "operation_type", - "user_agent", - "created_at", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -3819,18 +5800,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3838,21 +5831,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -3860,21 +5866,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", "marketplace_listing", - "@timestamp", "integration", - "org_id", - "action", - "org", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -3882,22 +5901,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -3905,19 +5937,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -3927,22 +5972,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -3950,22 +6008,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -3973,20 +6044,30 @@ "description": "The ability for members to publish GitHub Pages sites was disabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -3995,20 +6076,30 @@ "description": "The ability for members to publish GitHub Pages sites was enabled.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4017,21 +6108,30 @@ "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4040,22 +6140,30 @@ "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4064,21 +6172,30 @@ "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4087,22 +6204,30 @@ "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" }, @@ -4111,19 +6236,30 @@ "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "operation_type", "user_agent", - "actor", - "actor_id", - "business_id", - "@timestamp", - "created_at", - "action" + "operation_type", + "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4132,18 +6268,29 @@ "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "request_id", - "org", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "actor", "operation_type", - "org_id", - "action", - "@timestamp", "created_at" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" @@ -4153,21 +6300,30 @@ "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", "fields": [ - "action", - "org_id", - "user_id", - "business", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business_id", + "user_id", + "user_agent", "created_at", - "actor", - "org", - "operation_type", - "user_agent" + "operation_type" ], "docs_reference_titles": "Enforcing repository management policies in your enterprise" }, @@ -4178,16 +6334,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "created_at", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -4196,21 +6363,30 @@ "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", - "created_at", - "user_id", "business_id", - "user", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "org_id", - "@timestamp" + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4219,19 +6395,30 @@ "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", "fields": [ - "request_id", - "created_at", - "_document_id", - "user_agent", - "user", - "user_id", - "business", - "business_id", - "operation_type", "@timestamp", + "_document_id", "action", "actor", - "actor_id" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4240,19 +6427,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4260,21 +6459,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", - "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", "created_at", "operation_type" ] @@ -4284,16 +6492,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4303,18 +6524,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "max_entries_to_build", "min_entries_to_merge", - "repo_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4324,14 +6558,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -4339,19 +6589,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -4359,18 +6620,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4378,23 +6651,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -4402,16 +6683,30 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "org_id", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4419,24 +6714,32 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", - "repo_id", "operation_type", - "@timestamp", - "user_agent", "created_at", - "org", - "action", - "_document_id", - "repo", - "actor", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -4444,22 +6747,37 @@ "description": "A network configuration for a hosted compute service was created.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", "previous_settings_ids", - "network_configuration_id" + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4468,15 +6786,28 @@ "description": "A network configuration for a hosted compute service was deleted.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -4489,21 +6820,36 @@ "description": "A network configuration for a hosted compute service was updated.", "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot", "selected_service", "network_settings_ids", - "previous_settings_ids" + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" ], "docs_reference_titles": "About networking for hosted compute products in your enterprise" }, @@ -4512,20 +6858,32 @@ "description": "An OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", "operation_type", - "user_agent", - "actor_id", - "org_id", - "action", - "actor", - "oauth_application", - "@timestamp", - "_document_id", - "request_id", - "request_access_security_header" + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4534,20 +6892,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4556,20 +6926,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4578,20 +6960,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4600,19 +6994,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4621,20 +7028,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4643,20 +7062,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4665,19 +7096,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -4686,17 +7130,28 @@ "description": "An invitation sent to an organization to join an enterprise was accepted.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -4707,20 +7162,30 @@ "description": "A billing manager was added to an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "org", - "user_id", "action", - "created_at", - "org_id", - "user", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" }, @@ -4729,19 +7194,29 @@ "description": "An organization prevented access to resources by users with the given two-factor method.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -4752,21 +7227,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -4775,24 +7260,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4800,21 +7295,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -4822,20 +7327,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4843,22 +7358,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4866,20 +7389,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -4887,22 +7420,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "business", - "business_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -4910,21 +7451,31 @@ "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "new_policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4934,19 +7485,30 @@ "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" }, @@ -4955,19 +7517,30 @@ "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" @@ -4977,53 +7550,92 @@ "description": "Third-party application access for outside collaborators was disabled for the organization.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" }, { "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", "description": "Third-party application access for outside collaborators was enabled for the organization.", - "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], - "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests" + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" }, { "action": "org.archive", "description": "The organization was archived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5033,17 +7645,30 @@ "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", "fields": [ - "org_id", - "operation_type", "@timestamp", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" }, @@ -5052,21 +7677,32 @@ "description": "An export of the organization's Git events was created.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "start", "end", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" }, @@ -5075,16 +7711,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_agent", - "action", "@timestamp", - "actor_id", - "org_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -5093,18 +7742,31 @@ "description": "An organization owner blocked a user from accessing the organization's repositories.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", "fields": [ - "actor", - "user_agent", - "org_id", - "created_at", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" }, @@ -5113,19 +7775,30 @@ "description": "An invitation for an organization to join an enterprise was revoked", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "initiated_from" ], "docs_reference_titles": "Adding organizations to your enterprise" @@ -5135,22 +7808,33 @@ "description": "An invitation sent to a user to join an organization was revoked.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "email", - "@timestamp", - "actor", - "action", "operation_type", - "user_agent", - "org", "invitation_id", - "_document_id", "created_at", - "invitee_email", - "token_scopes", - "programmatic_access_type" + "invitee_email" ] }, { @@ -5158,19 +7842,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -5178,16 +7873,28 @@ "description": "Cleared two-factor authentication restrictions for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -5198,23 +7905,31 @@ "description": "Autofix for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5222,21 +7937,31 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5244,23 +7969,31 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5268,23 +8001,31 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -5292,10 +8033,28 @@ "description": "Enablement for Code Security features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5305,10 +8064,28 @@ "description": "Enablement for Code Security features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -5318,66 +8095,95 @@ "description": "Code scanning using the default setup was disabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codeql_enabled", "description": "Code scanning using the default setup was enabled for an organization.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale" + "docs_reference_titles": "Configuring default setup for code scanning at scale" }, { "action": "org.codespaces_access_updated", "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "enablement", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" }, @@ -5386,21 +8192,31 @@ "description": "Ownership and payment for codespaces was updated for an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "owner_type", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" }, @@ -5409,16 +8225,29 @@ "description": "A team has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5428,16 +8257,29 @@ "description": "A team has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -5447,19 +8289,30 @@ "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5468,17 +8321,30 @@ "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -5487,21 +8353,30 @@ "description": "A user has been allowed to use Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5509,21 +8384,30 @@ "description": "A user has been prevented from using Codespaces for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "actor_id", - "user_agent", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -5531,16 +8415,29 @@ "description": "The interaction limit for collaborators only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "request_id", - "org", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" @@ -5550,17 +8447,30 @@ "description": "The interaction limit for prior contributors only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "operation_type", "@timestamp", - "created_at", - "user_agent", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", - "actor", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5569,17 +8479,30 @@ "description": "The interaction limit for existing users only for an organization was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", "_document_id", - "operation_type", - "actor_id", - "org_id", "action", - "created_at", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5589,16 +8512,29 @@ "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ "@timestamp", - "created_at", "_document_id", - "actor_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "action", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5607,17 +8543,30 @@ "description": "The interaction limit for prior contributors only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "operation_type", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5626,17 +8575,30 @@ "description": "The interaction limit for existing users only for an organization was enabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", "fields": [ - "actor_id", - "request_id", + "@timestamp", + "_document_id", "action", - "created_at", - "user_agent", "actor", - "_document_id", - "org_id", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" }, @@ -5645,22 +8607,30 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" }, @@ -5669,17 +8639,28 @@ "description": "An invitation for an organization to join an enterprise was confirmed.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5690,15 +8671,28 @@ "description": "Server statistics were exported for the organization.", "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -5709,18 +8703,30 @@ "description": "An organization was created.", "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "org", - "actor_id", - "actor", - "action", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "org_id", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" }, @@ -5729,20 +8735,31 @@ "description": "A GitHub Actions secret was created for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5751,20 +8768,32 @@ "description": "A GitHub Actions variable was created for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5773,21 +8802,33 @@ "description": "A Codespaces or Dependabot secret was created for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -5795,21 +8836,30 @@ "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor_id", - "org_id", - "business", - "action", "@timestamp", - "org", "_document_id", - "business_id", + "action", "actor", - "token_scopes", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "actor_is_bot", "oauth_credential_type", "managed_oauth_access_id", @@ -5825,24 +8875,32 @@ "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", "fields": [ - "user_agent", - "actor", "@timestamp", - "created_at", - "org_id", - "business_id", - "operation_type", - "request_id", "_document_id", "action", + "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", - "token_scopes", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot", "oauth_credential_type", - "request_access_security_header", "managed_oauth_access_id", "managed_token_id", "managed_oauth_scopes", @@ -5856,21 +8914,32 @@ "description": "An owner revoked authorized credentials.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "oauth_application_id", - "org_id", "operation_type", - "action", - "business", - "request_id", "created_at", - "business_id", - "actor_id", - "_document_id", - "user_agent", "oauth_credential_type", "managed_oauth_access_id", "managed_token_id", @@ -5885,18 +8954,30 @@ "description": "An organization was deleted by a user or staff.", "docs_reference_links": "N/A", "fields": [ - "user_agent", "@timestamp", "_document_id", - "created_at", - "actor", - "org_id", - "org", "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -5904,20 +8985,30 @@ "description": "Team creation was limited to owners.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "actor", "@timestamp", "_document_id", - "user", - "user_id", "action", - "created_at", + "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -5926,16 +9017,29 @@ "description": "Third-party application access restrictions for an organization were disabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "org_id", - "action", - "_document_id", - "request_id", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" @@ -5945,19 +9049,30 @@ "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -5966,14 +9081,31 @@ "description": "SAML single sign-on was disabled for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sso_url", "issuer", - "action", - "@timestamp", - "_document_id", "created_at", - "org", "operation_type" ] }, @@ -5982,21 +9114,30 @@ "description": "Display of IP addresses within audit log events for the organization was disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6005,17 +9146,30 @@ "description": "A two-factor authentication requirement was disabled for the organization.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org", - "org_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "_document_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6023,19 +9177,30 @@ "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "user", - "action", - "operation_type", "@timestamp", "_document_id", - "created_at", - "user_agent", - "org", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "request_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6043,19 +9208,30 @@ "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "user", - "action", - "actor_id", - "org_id" + "created_at" ] }, { @@ -6063,19 +9239,30 @@ "description": "Team creation by members was allowed.", "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", "fields": [ - "org_id", - "user", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" }, @@ -6084,17 +9271,30 @@ "description": "Third-party application access restrictions for an organization were enabled.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", "fields": [ - "actor_id", - "operation_type", - "org", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" }, @@ -6103,19 +9303,30 @@ "description": "An organization owner allowed users with read access to create discussions in an organization", "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" }, @@ -6124,19 +9335,32 @@ "description": "SAML single sign-on was enabled for the organization.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "actor", "sso_url", - "org", "created_at", - "@timestamp", - "issuer", - "org_id", - "_document_id", - "user_agent", - "request_id" + "issuer" ], "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" }, @@ -6145,21 +9369,30 @@ "description": "Display of IP addresses within audit log events for the organization was enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" }, @@ -6168,17 +9401,30 @@ "description": "Two-factor authentication is now required for the organization.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "actor_id", - "action", - "_document_id", - "org", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" }, @@ -6187,17 +9433,30 @@ "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "org_id", - "manager", "@timestamp", - "request_id", - "actor", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", "created_at" ] }, @@ -6206,18 +9465,31 @@ "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", "docs_reference_links": "N/A", "fields": [ - "org_id", "@timestamp", - "org", - "user_agent", - "request_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "manager", "operation_type", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6225,23 +9497,32 @@ "description": "A new user was invited to join an organization.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", "fields": [ - "org", - "user_id", - "invitation_id", - "org_id", - "user", - "action", - "operation_type", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", - "created_at", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "invitee_email", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" }, @@ -6250,17 +9531,28 @@ "description": "An organization was invited to join an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6270,19 +9562,30 @@ "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -6290,19 +9593,30 @@ "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", "docs_reference_links": "N/A", "fields": [ - "org", - "org_id", - "user_agent", - "actor_id", - "user_id", - "operation_type", "@timestamp", - "created_at", - "request_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6310,19 +9624,31 @@ "description": "Access to an organization was granted for an OAuth App.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", "fields": [ - "url", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "request_id", "actor_id", - "operation_type", - "org_id", - "_document_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" @@ -6332,20 +9658,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6354,18 +9691,31 @@ "description": "Access was disabled for an OAuth App that was previously approved.", "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", "fields": [ - "request_id", - "url", - "created_at", - "org_id", - "action", "@timestamp", "_document_id", - "user_agent", - "org", - "operation_type", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", "oauth_application_name" ], "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" @@ -6375,19 +9725,31 @@ "description": "An organization member requested that an owner grant an OAuth App access to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", + "@timestamp", "_document_id", - "request_id", - "url", - "org_id", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", "oauth_application_name" ] }, @@ -6396,20 +9758,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "url", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", "created_at", "operation_type", - "business", - "business_id", "oauth_application_name" ] }, @@ -6419,16 +9792,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "org_id", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "operation_type", - "_document_id", - "org" + "created_at", + "operation_type" ] }, { @@ -6436,20 +9822,31 @@ "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "reason", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6458,20 +9855,30 @@ "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" }, @@ -6480,19 +9887,30 @@ "description": "An organization owner downloaded the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6501,19 +9919,30 @@ "description": "An organization owner generated the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6522,19 +9951,30 @@ "description": "An organization owner printed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6543,19 +9983,30 @@ "description": "An organization owner viewed the organization's SSO recovery codes.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" }, @@ -6564,19 +10015,31 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", "fields": [ - "actor", - "operation_type", "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "actor_is_bot", - "request_access_security_header" + "operation_type", + "created_at", + "actor_is_bot" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -6585,20 +10048,31 @@ "description": "A GitHub Actions secret was removed from an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6607,21 +10081,31 @@ "description": "A GitHub Actions variable was removed from an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6630,18 +10114,29 @@ "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", "fields": [ - "user_id", - "user_agent", - "org_id", - "user", - "action", - "_document_id", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" @@ -6651,19 +10146,29 @@ "description": "Removed a two-factor authentication method restriction for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "two_factor_method", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "two_factor_method", "created_at", "operation_type", "actor_is_bot" @@ -6674,22 +10179,32 @@ "description": "A Codespaces or Dependabot secret was removed from an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -6697,21 +10212,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6719,21 +10243,30 @@ "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ - "org", - "user", - "org_id", - "created_at", - "request_id", "@timestamp", - "action", - "operation_type", - "user_agent", "_document_id", + "action", "actor", "actor_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -6741,21 +10274,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -6763,18 +10306,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", "fields": [ - "operation_type", - "org_id", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "actor", - "action", - "programmatic_access_type" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -6783,19 +10338,31 @@ "description": "An organization was renamed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "_document_id", "@timestamp", - "org", + "_document_id", "action", "actor", - "old_login", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -6803,14 +10370,28 @@ "description": "Triggered when a required workflow is created.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6821,14 +10402,28 @@ "description": "Triggered when a required workflow is deleted.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6839,14 +10434,28 @@ "description": "Triggered when a required workflow is updated.", "docs_reference_links": "/actions/using-workflows/required-workflows", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -6857,20 +10466,30 @@ "description": "An organization member was restored.", "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", "fields": [ - "user", - "actor", - "user_id", + "@timestamp", "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "actor_id", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" }, @@ -6879,18 +10498,29 @@ "description": "A member's linked identity was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", "user_id", - "@timestamp", - "action", - "actor_id", "user_agent", - "_document_id", - "request_id", + "operation_type", "created_at" ], "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" @@ -6900,42 +10530,65 @@ "description": "A member's SAML session was revoked.", "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "operation_type", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" + }, + { + "action": "org.runner_group_created", + "description": "A self-hosted runner group was created.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", + "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" - ], - "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" - }, - { - "action": "org.runner_group_created", - "description": "A self-hosted runner group was created.", - "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "runner_group_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" @@ -6945,21 +10598,31 @@ "description": "A self-hosted runner group was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6968,20 +10631,31 @@ "description": "A self-hosted runner group was renamed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -6990,23 +10664,33 @@ "description": "The REST API was used to remove a self-hosted runner from a group.", "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "runner_group_id", "runner_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" }, @@ -7015,23 +10699,31 @@ "description": "A self-hosted runner was added to a group.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "runner_group_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7040,19 +10732,32 @@ "description": "A runner group's list of members was updated.", "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "runner_group_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" }, @@ -7061,25 +10766,36 @@ "description": "The configuration of a self-hosted runner group was changed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_group_id", "runner_group_name", "runner_group_allow_public", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "runner_group_restricted_to_workflows", "runner_group_selected_workflow_refs", - "programmatic_access_type", - "network_configuration_id", - "request_access_security_header" + "network_configuration_id" ], "docs_reference_titles": "Managing access to self-hosted runners using groups" }, @@ -7088,21 +10804,32 @@ "description": "The visibility of a self-hosted runner group was updated via the REST API.", "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "runner_group_id", - "visibility", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ], "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" }, @@ -7111,10 +10838,28 @@ "description": "Enablement for Secret Protection features on new repositories has been locked for this organization.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "action", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7124,10 +10869,28 @@ "description": "Enablement for Secret Protection features on new repositories has been unlocked for this organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -7137,21 +10900,30 @@ "description": "Automatic partner validation checks have been disabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7161,21 +10933,30 @@ "description": "Automatic partner validation checks have been enabled at the organization level", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" @@ -7185,20 +10966,30 @@ "description": "A custom pattern was created for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7207,22 +10998,30 @@ "description": "A custom pattern was removed from secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7231,21 +11030,30 @@ "description": "A custom pattern was published for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7254,21 +11062,30 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7277,22 +11094,30 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7301,21 +11126,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -7324,22 +11158,30 @@ "description": "Generic secrets have been disabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7347,22 +11189,30 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -7370,21 +11220,30 @@ "description": "Secret scanning for non-provider patterns was disabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7394,21 +11253,30 @@ "description": "Secret scanning for non-provider patterns was enabled at the organization level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" @@ -7418,19 +11286,30 @@ "description": "A role or team was added to the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7440,21 +11319,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7464,21 +11352,30 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7488,19 +11385,30 @@ "description": "A role or team was removed from the push protection bypass list at the organization level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "About push protection" @@ -7510,22 +11418,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7534,22 +11450,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7558,22 +11482,30 @@ "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7582,21 +11514,30 @@ "description": "Push protection for secret scanning was disabled.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7605,21 +11546,30 @@ "description": "Push protection for secret scanning was enabled.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7628,22 +11578,30 @@ "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7652,22 +11610,30 @@ "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "token_scopes" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -7676,12 +11642,28 @@ "description": "The push protection setting was updated for a secret type for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "push_protection_setting", "secret_type", "secret_type_display_name", @@ -7694,12 +11676,28 @@ "description": "The push protection pattern configuration was updated for your organization.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at" ], "docs_reference_titles": "About push protection" @@ -7709,26 +11707,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -7737,26 +11744,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7764,28 +11779,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7793,26 +11816,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7820,15 +11851,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7837,15 +11885,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -7854,7 +11919,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -7869,18 +11955,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7892,18 +11988,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -7915,20 +12021,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -7937,16 +12054,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -7957,18 +12087,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -7977,17 +12120,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", "_document_id", - "org_id", - "operation_type", + "action", "actor", "actor_id", - "@timestamp", - "request_id", - "created_at", + "business", + "business_id", + "hashed_token", "org", - "action" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7995,18 +12151,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -8015,18 +12183,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -8035,18 +12216,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -8055,22 +12248,32 @@ "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", "actor_id", - "org_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "issuer", - "business", "operation_type", "created_at", - "request_id", - "business_id", - "_document_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8078,21 +12281,32 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Adding organizations to your enterprise" }, @@ -8101,19 +12315,30 @@ "description": "An organization was transferred between enterprise accounts.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", - "org_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "from_business", "to_business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8124,15 +12349,28 @@ "description": "The organization was unarchived.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8142,19 +12380,32 @@ "description": "A user was unblocked from an organization.", "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", "fields": [ - "oauth_application_id", + "@timestamp", "_document_id", - "blocked_user", "action", - "operation_type", - "@timestamp", - "request_id", - "created_at", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" }, @@ -8163,20 +12414,32 @@ "description": "A GitHub Actions secret was updated for an organization.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "created_at", "key", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -8185,23 +12448,34 @@ "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "updated_allowed_types", "old_policy", - "updated_access_policy", - "programmatic_access_type", - "request_access_security_header" + "updated_access_policy" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" }, @@ -8210,20 +12484,32 @@ "description": "A GitHub Actions variable was updated for an organization.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -8232,20 +12518,32 @@ "description": "The default repository permission level for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", + "@timestamp", + "_document_id", "action", - "operation_type", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", + "created_at", "permission", - "actor_id", - "old_permission", - "_document_id", - "programmatic_access_type" + "old_permission" ] }, { @@ -8253,18 +12551,30 @@ "description": "The settings policy for immutable releases was updated for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_policy", "new_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8275,22 +12585,33 @@ "description": "A Codespaces or Dependabot secret was updated for an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -8299,20 +12620,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -8320,17 +12652,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -8340,20 +12685,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -8362,17 +12718,30 @@ "description": "The name of the default branch was changed for new repositories in the organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" }, @@ -8381,17 +12750,30 @@ "description": "The repository self-hosted runners policy was updated", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_repo_runners_policy", "new_repo_runners_policy", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8402,19 +12784,32 @@ "description": "An organization's SAML provider settings were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "sso_url", - "actor_id", - "operation_type", "@timestamp", - "issuer", - "org", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" ] }, { @@ -8422,18 +12817,30 @@ "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", "fields": [ - "request_id", - "org_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "_document_id", - "org", - "action", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" }, @@ -8442,21 +12849,31 @@ "description": "An organization's custom property value was manually set for the first time.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8468,21 +12885,31 @@ "description": "An organization's custom property value was deleted.", "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "definition_id", "property_name", "value", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8494,18 +12921,30 @@ "description": "A default label was created for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", "fields": [ - "request_id", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "operation_type", - "_document_id", - "action", - "created_at", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" }, @@ -8514,17 +12953,30 @@ "description": "A default label was deleted for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", "fields": [ - "operation_type", - "request_id", - "actor", "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" }, @@ -8533,17 +12985,30 @@ "description": "A default label was edited for repositories in an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", "fields": [ - "org", - "created_at", "@timestamp", - "actor", + "_document_id", "action", - "user_agent", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" }, @@ -8552,20 +13017,33 @@ "description": "A domain was approved for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "org_id", - "business_id", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" }, @@ -8574,16 +13052,31 @@ "description": "A domain was added to an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ - "created_at", + "@timestamp", "_document_id", - "domain_name", "action", - "request_id", + "actor", "actor_id", - "operation_type", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "domain_name", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8592,14 +13085,29 @@ "description": "A domain was removed from an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", "fields": [ - "action", - "domain_name", "@timestamp", "_document_id", - "user_agent", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", "operation_type", "created_at" ], @@ -8610,16 +13118,31 @@ "description": "A domain was verified for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "domain_name", - "@timestamp", - "user_agent", - "request_id", - "actor", - "action", - "created_at", - "_document_id", - "actor_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" }, @@ -8628,16 +13151,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8647,17 +13183,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -8667,16 +13214,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", "created_at", "operation_type" ] @@ -8686,20 +13246,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -8707,19 +13277,30 @@ "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor", - "business_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", "user_agent", - "_document_id", "created_at", - "operation_type", - "request_id", - "business" + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8728,19 +13309,30 @@ "description": "Organization projects were disabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "operation_type", - "@timestamp", - "actor", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -8749,18 +13341,29 @@ "description": "Organization projects were enabled for all organizations in an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", "fields": [ - "actor_id", - "org_id", - "created_at", - "user_id", - "org", "@timestamp", "_document_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", + "user_agent", + "created_at", "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" @@ -8770,23 +13373,33 @@ "description": "An organization role was assigned to a user or team.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About custom organization roles" }, @@ -8795,25 +13408,32 @@ "description": "A custom organization role was created in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -8825,25 +13445,32 @@ "description": "A custom organization role was deleted in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor", - "actor_id", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -8854,19 +13481,30 @@ "description": "A user or team was unassigned an organization role.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "organization_role_id", - "organization_role_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "organization_role_id", + "organization_role_name", "created_at", "operation_type" ], @@ -8877,26 +13515,33 @@ "description": "A custom organization role was edited in an organization.", "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", "old_role_permissions", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", @@ -8909,22 +13554,33 @@ "description": "An organization's default project base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_project_base_role", - "new_project_base_role", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8932,20 +13588,31 @@ "description": "An entire package was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" @@ -8955,23 +13622,34 @@ "description": "A package was published or republished to an organization.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "ecosystem", "version_count", "is_republished", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -8980,21 +13658,32 @@ "description": "A specific package version was deleted.", "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "package", "version", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "ecosystem", "actor_is_bot" ], @@ -9005,21 +13694,34 @@ "description": "A specific package version was published or republished to a package.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "ecosystem", "package", "version", - "actor_id", - "user_agent", "is_republished", - "actor", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", "actor_is_bot" ] }, @@ -9028,20 +13730,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9050,17 +13766,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9071,20 +13802,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -9093,18 +13838,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9112,16 +13869,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9129,18 +13900,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -9148,18 +13931,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9170,22 +13966,31 @@ "description": "The configured restriction for access to resources via personal access tokens was disabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9193,22 +13998,31 @@ "description": "The configured restriction for access to resources via personal access tokens was enabled.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9216,18 +14030,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -9238,18 +14065,28 @@ "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9260,18 +14097,28 @@ "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -9282,23 +14129,34 @@ "description": "A personal access token expiration limit was set.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "token_expiration", "old_token_expiration", "exempt_administrators", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9306,21 +14164,32 @@ "description": "A personal access token expiration limit was unset.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "programmatic_access_type", - "old_token_expiration", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9328,17 +14197,30 @@ "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9349,18 +14231,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9372,17 +14267,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -9394,20 +14302,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was created.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9419,20 +14336,29 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9444,20 +14370,29 @@ "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", - "repository", - "repository_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "branch", "created_at", "operation_type", "public_repo" @@ -9469,40 +14404,64 @@ "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "branch", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" + }, + { + "action": "premium_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "public_repo" - ], - "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" - }, - { - "action": "premium_runner.create", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9512,17 +14471,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -9532,15 +14502,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -9550,19 +14535,30 @@ "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "action", - "operation_type", "@timestamp", - "business_id", + "_document_id", + "action", + "actor", "actor_id", - "user", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "created_at", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9570,23 +14566,30 @@ "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "created_at", - "actor_id", + "@timestamp", "_document_id", - "actor", - "user", - "repo", "action", - "user_agent", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "request_id", - "user_id", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -9594,23 +14597,30 @@ "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_id", - "operation_type", + "@timestamp", "_document_id", "action", - "@timestamp", - "repo", - "org", - "business", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org_id", - "created_at", - "business_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9618,17 +14628,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9638,17 +14659,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9658,17 +14690,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9678,17 +14721,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -9698,17 +14752,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", + "user_agent", "created_at", "owner", - "action", - "_document_id", - "request_id", - "user_agent", - "actor", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -9718,17 +14785,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -9736,25 +14816,36 @@ "description": "A project's base role was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "old_project_base_role", "new_project_base_role", "project_number", "public_project", - "business", "project_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9762,20 +14853,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -9785,25 +14887,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -9811,20 +14925,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9832,25 +14958,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -9858,17 +14996,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -9876,17 +15027,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -9894,18 +15058,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -9914,18 +15090,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -9934,19 +15122,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -9954,17 +15153,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -9976,22 +15188,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -9999,19 +15220,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -10019,17 +15251,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10037,18 +15282,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -10056,20 +15314,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -10077,18 +15345,30 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10097,18 +15377,30 @@ "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -10117,16 +15409,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -10138,21 +15443,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -10160,22 +15477,32 @@ "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", "fields": [ - "repo", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "name", "created_at", - "_document_id", "operation_type", - "actor", - "repo_id", - "org", - "request_id", - "actor_id", - "oauth_application_id", - "@timestamp", - "programmatic_access_type" + "oauth_application_id" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" }, @@ -10184,29 +15511,34 @@ "description": "A protected branch allowance was given to a specific user, team or integration.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "authorized_actors", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -10214,24 +15546,32 @@ "description": "Branch protection was enabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "repo_id", - "user_id", "@timestamp", - "user_agent", - "repo", - "name", - "org_id", - "user", "_document_id", - "request_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", "created_at", "authorized_actor_names", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10242,21 +15582,31 @@ "description": "Branch protection was disabled on a branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "repo", "@timestamp", + "_document_id", + "action", "actor", - "org", "actor_id", - "request_id", - "repo_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "name", + "operation_type", "created_at", - "_document_id", - "token_scopes", "required_deployments_enforcement_level", "merge_queue_enforcement_level", "create_protected" @@ -10267,22 +15617,32 @@ "description": "Enforcement of dismissing stale pull requests was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "dismiss_stale_reviews_on_push", - "org_id", - "action", - "created_at", - "request_id", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", "operation_type", - "actor", - "repo", - "org", - "name", - "programmatic_access_type" + "name" ] }, { @@ -10290,24 +15650,34 @@ "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "authorized_actors_only", "authorized_actors", - "created_at", - "user_agent", - "name", - "_document_id", - "org_id", - "request_id", - "@timestamp", - "actor_id", - "org", - "action", - "operation_type", - "programmatic_access_type" + "created_at", + "name", + "operation_type" ] }, { @@ -10315,30 +15685,37 @@ "description": "A branch protection requirement was overridden by a repository administrator.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "actor", "reasons", - "@timestamp", "before", "after", - "actor_id", - "repo", "operation_type", - "user_agent", "branch", "overridden_codes", - "org", - "org_id", - "action", - "_document_id", - "request_id", "referrer", - "business", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "rule_suite_id" ] @@ -10348,28 +15725,36 @@ "description": "A branch update attempt was rejected.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", "org_id", - "operation_type", - "request_id", + "programmatic_access_type", + "repo", "repo_id", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "branch", "before", "overridden_codes", "after", - "action", "reasons", - "actor_id", - "business_id", "deploy_key_fingerprint", - "token_scopes", - "programmatic_access_type", "compliant_pull_request_ids", "actor_is_bot", "rule_suite_id" @@ -10380,23 +15765,32 @@ "description": "Branch protection was enforced for repository administrators.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "admin_enforced", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "name", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "action", "repo_id", - "org_id", - "_document_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" ] }, { @@ -10404,22 +15798,32 @@ "description": "Branch deletion was enabled or disabled for a protected branch.", "docs_reference_links": "N/A", "fields": [ - "name", - "operation_type", - "request_id", - "repo", "@timestamp", - "org_id", - "org", - "action", - "allow_deletions_enforcement_level", "_document_id", - "created_at", - "actor_id", - "user_agent", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" ] }, { @@ -10427,23 +15831,32 @@ "description": "Force pushes were enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "actor_id", - "name", + "@timestamp", "_document_id", + "action", "actor", - "repo", - "operation_type", - "request_id", - "allow_force_pushes_enforcement_level", - "@timestamp", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "created_at", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" ] }, { @@ -10451,24 +15864,33 @@ "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "ignore_approvals_from_contributors", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -10477,22 +15899,32 @@ "description": "Required linear commit history was enabled or disabled for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "operation_type", "actor", - "linear_history_requirement_enforcement_level", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", "name", - "org_id", - "repo_id", - "org", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ] }, { @@ -10500,24 +15932,33 @@ "description": "Fork syncing was enabled or disabled for a read-only branch", "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "lock_allows_fetch_and_merge", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10526,27 +15967,34 @@ "description": "The enforcement of a branch lock was updated.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "enforcement_level", "lock_branch_enforcement_level", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" }, @@ -10555,18 +16003,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -10577,24 +16038,33 @@ "description": "A branch name pattern was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "old_name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -10602,25 +16072,32 @@ "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", "docs_reference_links": "N/A", "fields": [ - "name", - "org_id", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", - "@timestamp", + "business", "business_id", - "request_id", - "pull_request_reviews_enforcement_level", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "business", - "user_agent", - "created_at", "repo_id", - "operation_type", - "actor", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" ] }, { @@ -10628,22 +16105,32 @@ "description": "Enforcement of required code owner review was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "org_id", - "created_at", - "require_code_owner_review", - "operation_type", - "name", - "user_agent", - "action", "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "request_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "programmatic_access_type" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" ] }, { @@ -10651,22 +16138,33 @@ "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "require_last_push_approval", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" }, @@ -10675,22 +16173,32 @@ "description": "Enforcement of the required number of approvals before merging was updated on a branch.", "docs_reference_links": "N/A", "fields": [ - "required_approving_review_count", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", "created_at", - "actor", "operation_type", - "user_agent", - "name", - "org_id", - "action", - "actor_id", - "_document_id", - "org", - "@timestamp", - "programmatic_access_type" + "name" ] }, { @@ -10698,25 +16206,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org_id", - "user_agent", "@timestamp", "_document_id", - "name", - "repo", "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "business", - "actor_id", - "operation_type", - "created_at", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "required_status_checks_enforcement_level", - "org", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" ] }, { @@ -10724,22 +16239,32 @@ "description": "Enforcement of required commit signing was updated for a branch.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "name", - "@timestamp", "created_at", - "_document_id", - "request_id", - "repo_id", - "org", - "org_id", - "action", - "actor", - "actor_id", - "signature_requirement_enforcement_level", - "repo", - "user_agent", - "programmatic_access_type" + "signature_requirement_enforcement_level" ] }, { @@ -10747,22 +16272,32 @@ "description": "Enforcement of required status checks was updated for a branch.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "@timestamp", - "created_at", - "repo_id", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", "name", - "actor", - "repo", "operation_type", - "action", - "strict_required_status_checks_policy", - "programmatic_access_type" + "strict_required_status_checks_policy" ] }, { @@ -10770,23 +16305,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -10795,24 +16341,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -10821,20 +16378,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10843,21 +16414,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -10867,22 +16451,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "key", "fingerprint", "read_only", - "repo_id", "operation_type", "created_at", - "actor_id", - "repo", - "action", - "_document_id", - "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10891,25 +16487,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10918,23 +16524,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", - "created_at", - "key", - "fingerprint", - "actor_id", "actor", - "title", - "user_agent", - "user_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "read_only", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "key", + "fingerprint", + "title", + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -10943,18 +16560,32 @@ "description": "A pull request was closed without being merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" @@ -10964,21 +16595,32 @@ "description": "A pull request was converted to a draft.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" }, @@ -10987,19 +16629,32 @@ "description": "A pull request was created.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -11010,23 +16665,35 @@ "description": "A review was requested on a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11036,17 +16703,31 @@ "description": "A pull request was marked as in progress.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11054,19 +16735,32 @@ "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11074,19 +16768,32 @@ "description": "A pull request was merged.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" @@ -11096,21 +16803,32 @@ "description": "A pull request was marked as ready for review.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" }, @@ -11119,27 +16837,34 @@ "description": "A pull request was rebased.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "pull_request_url", "pull_request_title", - "user", - "user_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -11147,23 +16872,35 @@ "description": "A review request was removed from a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "reviewer_type", "reviewer", "reviewer_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" }, @@ -11172,18 +16909,32 @@ "description": "A pull request was reopened after previously being closed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ] }, { @@ -11191,19 +16942,31 @@ "description": "A review comment was added to a pull request.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "comment_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" @@ -11213,20 +16976,31 @@ "description": "A review comment on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "actor", "@timestamp", "_document_id", - "repo", - "created_at", - "request_id", - "comment_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" ] }, { @@ -11234,18 +17008,31 @@ "description": "A review comment on a pull request was changed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "request_id", - "actor_id", + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "_document_id", - "@timestamp", - "comment_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" ] }, { @@ -11253,21 +17040,33 @@ "description": "A review on a pull request was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "pull_request_url" ] }, { @@ -11275,20 +17074,33 @@ "description": "A review on a pull request was dismissed.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "pull_request_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "pull_request_url", - "programmatic_access_type" + "pull_request_url" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" }, @@ -11297,19 +17109,33 @@ "description": "A review on a pull request was submitted.", "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "review_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "pull_request_url", - "programmatic_access_type", "actor_is_agent" ], "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" @@ -11319,22 +17145,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -11343,21 +17179,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -11366,25 +17211,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -11393,23 +17245,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -11418,24 +17278,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -11444,23 +17311,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -11470,22 +17345,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -11494,19 +17378,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -11515,24 +17412,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -11541,24 +17448,32 @@ "description": "Autofix for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11566,24 +17481,32 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11591,24 +17514,32 @@ "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11616,24 +17547,32 @@ "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -11641,23 +17580,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -11668,17 +17616,29 @@ "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11688,17 +17648,29 @@ "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -11708,102 +17680,136 @@ "description": "Code scanning using the default setup was disabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_enabled", "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "query_suite", "threat_model", - "languages", - "request_access_security_header" + "languages" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codeql_updated", "description": "Code scanning using the default setup was updated for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "query_suite", "threat_model", "languages", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + "docs_reference_titles": "Configuring default setup for code scanning" }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -11812,19 +17818,30 @@ "description": "GitHub Codespaces trusted repository access to this repository was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -11832,17 +17849,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11851,15 +17881,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -11870,16 +17913,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11889,17 +17945,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -11909,19 +17978,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11930,17 +18010,30 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -11949,26 +18042,32 @@ "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -11977,30 +18076,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -12010,20 +18114,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12032,25 +18147,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12059,23 +18182,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -12083,25 +18217,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -12111,23 +18254,32 @@ "description": "A source code archive of a repository was downloaded as a ZIP file.", "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "created_at", "operation_type", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" @@ -12137,24 +18289,32 @@ "description": "The setting for immutable releases was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -12163,20 +18323,30 @@ "description": "The setting for immutable releases was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12187,23 +18357,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -12211,21 +18391,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -12233,21 +18423,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -12255,22 +18455,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -12278,21 +18487,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -12300,20 +18519,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -12321,22 +18551,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -12344,18 +18583,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12363,22 +18616,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -12386,21 +18649,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -12408,18 +18681,30 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "request_access_security_header" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Adding self-hosted runners" }, @@ -12428,22 +18713,31 @@ "description": "A GitHub Actions secret was deleted for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -12452,24 +18746,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -12478,23 +18780,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12502,26 +18814,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -12530,21 +18847,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -12553,25 +18879,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -12579,22 +18911,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -12603,25 +18945,34 @@ "description": "A branch was renamed.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "old_branch", - "new_branch", - "default_branch", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "old_branch", + "new_branch", + "default_branch", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" @@ -12631,19 +18982,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" + "operation_type", + "created_at" ] }, { @@ -12651,17 +19013,32 @@ "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12670,17 +19047,32 @@ "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", "fields": [ - "repo_id", - "repo", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", - "action", - "_document_id", "operation_type", - "created_at", - "@timestamp" + "created_at" ], "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" }, @@ -12689,7 +19081,28 @@ "description": "The runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "runner_id", "runner_name", "source_version", @@ -12704,22 +19117,30 @@ "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12731,22 +19152,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -12758,23 +19187,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -12784,20 +19222,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -12808,21 +19257,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -12831,22 +19291,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -12855,21 +19325,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -12878,22 +19359,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -12904,16 +19395,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -12923,22 +19425,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -12947,23 +19460,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -12973,19 +19496,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -12993,21 +19526,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -13016,24 +19559,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13041,25 +19593,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -13068,24 +19627,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13094,25 +19663,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -13121,22 +19698,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13145,26 +19731,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -13172,31 +19766,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13205,42 +19806,61 @@ "description": "Someone closed a security advisory.", "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", "fields": [ - "actor", - "repo", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", - "user_agent", - "actor_id", - "request_id", - "action", - "operation_type", - "created_at", - "repo_id", - "_document_id", + "hashed_token", "org", "org_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], - "docs_reference_titles": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories" + "docs_reference_titles": "About repository security advisories" }, { "action": "repository_advisory.cve_request", "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "repo_id", - "repo", - "org_id", - "actor", + "@timestamp", + "_document_id", "action", - "request_id", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "_document_id", + "operation_type", "created_at" ] }, @@ -13249,17 +19869,30 @@ "description": "GitHub made a security advisory public in the GitHub Advisory Database.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ] }, @@ -13268,21 +19901,30 @@ "description": "GitHub withdrew a security advisory that was published in error.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", - "actor", - "actor_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -13290,18 +19932,30 @@ "description": "Someone opened a draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", "repo_id", - "action", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13309,21 +19963,30 @@ "description": "Someone published a security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "actor_id", "@timestamp", - "actor", - "repo_id", "_document_id", - "repo", - "business_id", - "business", - "request_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "org" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -13331,17 +19994,30 @@ "description": "Someone reopened as draft security advisory.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_agent", - "repo", - "action", - "created_at", "@timestamp", - "request_id", - "actor_id", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "public_repo" ] }, @@ -13350,21 +20026,30 @@ "description": "Someone edited a draft or published security advisory.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "repo_id", - "org_id", "business", - "actor", - "user_agent", - "created_at", - "_document_id", "business_id", - "repo", - "action", - "operation_type", + "hashed_token", "org", - "@timestamp", - "request_id" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -13372,24 +20057,30 @@ "description": "Branch protections were disabled for the repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13398,24 +20089,30 @@ "description": "Branch protections were enabled for this repository.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" }, @@ -13424,25 +20121,31 @@ "description": "Code security was disabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13451,25 +20154,31 @@ "description": "Code security was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -13478,19 +20187,30 @@ "description": "Data use settings were disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "repo_id", - "request_id", - "actor_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "_document_id" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13499,21 +20219,30 @@ "description": "Data use settings were enabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "user", - "org", - "user_id", - "repo_id", "@timestamp", - "request_id", - "actor", + "_document_id", "action", - "operation_type", - "created_at", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org_id", - "_document_id" + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13522,23 +20251,30 @@ "description": "The dependency graph was disabled for a private repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", "fields": [ - "repo_id", - "operation_type", - "user_id", - "repo", + "@timestamp", "_document_id", - "actor", - "user", "action", - "@timestamp", - "org_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "user_agent", - "request_id", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" }, @@ -13547,24 +20283,31 @@ "description": "The dependency graph was enabled for a private repository.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor_id", - "repo_id", + "created_at", "operation_type", - "actor", - "@timestamp", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -13573,21 +20316,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -13595,21 +20348,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -13617,21 +20380,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -13639,20 +20413,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -13660,21 +20446,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -13682,19 +20479,32 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", "created_at", - "inviter", - "user_agent", - "repo_id" + "inviter" ] }, { @@ -13702,17 +20512,31 @@ "description": "An organization has reached their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13723,17 +20547,31 @@ "description": "An organization is approaching their repository limit.", "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "limit", "count", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -13744,19 +20582,30 @@ "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", "fields": [ - "request_id", - "created_at", + "@timestamp", "_document_id", "action", - "user_agent", - "user", - "business_id", - "business", - "operation_type", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Enforcing policies for projects in your enterprise" }, @@ -13765,20 +20614,30 @@ "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "created_at", "@timestamp", - "repo", - "action", - "operation_type", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "repo_id", - "actor", - "request_id", - "programmatic_access_type" + "created_at", + "operation_type" ] }, { @@ -13787,20 +20646,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", "created_at", - "org_id", - "action", - "user_id", - "operation_type", - "_document_id", - "actor_id", - "repo" + "operation_type" ] }, { @@ -13808,31 +20676,39 @@ "description": "A repository ruleset was created.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -13841,19 +20717,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -13861,8 +20748,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -13871,23 +20757,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -13912,26 +20807,32 @@ "description": "Automatic partner validation checks have been disabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13940,26 +20841,32 @@ "description": "Automatic partner validation checks have been enabled at the repository level", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" }, @@ -13968,23 +20875,30 @@ "description": "A custom pattern was created for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -13994,23 +20908,30 @@ "description": "A custom pattern was removed from secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14020,24 +20941,31 @@ "description": "A custom pattern was published for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14047,24 +20975,31 @@ "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Defining custom patterns for secret scanning" }, @@ -14073,24 +21008,31 @@ "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14100,23 +21042,30 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "Defining custom patterns for secret scanning" @@ -14126,23 +21075,31 @@ "description": "Secret scanning was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "public_repo", - "programmatic_access_type" + "public_repo" ], "docs_reference_titles": "About secret scanning" }, @@ -14151,22 +21108,30 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14174,24 +21139,32 @@ "description": "Generic secrets have been disabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14199,22 +21172,31 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -14223,24 +21205,32 @@ "description": "Secret scanning for non-provider patterns was disabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14249,24 +21239,32 @@ "description": "Secret scanning for non-provider patterns was enabled at the repository level.", "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Supported secret scanning patterns" }, @@ -14275,19 +21273,31 @@ "description": "A role or team was added to the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14296,24 +21306,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14322,24 +21340,32 @@ "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -14348,19 +21374,31 @@ "description": "A role or team was removed from the push protection bypass list at the repository level.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "About push protection" }, @@ -14369,26 +21407,31 @@ "description": "Secret scanning push protection was disabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14397,26 +21440,31 @@ "description": "Secret scanning push protection was enabled for a repository.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "About push protection" }, @@ -14425,28 +21473,36 @@ "description": "A code security configuration was applied to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14454,27 +21510,35 @@ "description": "A code security configuration failed to attach to the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14482,28 +21546,36 @@ "description": "A code security configuration was removed from a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14511,28 +21583,36 @@ "description": "A code security configuration was removed due to a change in repository or enterprise settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "repository_security_configuration_state", "repository_security_configuration_failure_reason", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14540,20 +21620,30 @@ "description": "The repository visibility change setting was cleared for an organization or enterprise.", "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", "fields": [ - "created_at", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", "business", - "action", - "operation_type", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "business_id", - "@timestamp", "user_agent", - "actor", - "request_access_security_header" + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" }, @@ -14562,20 +21652,30 @@ "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "user", - "org_id", - "created_at", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", - "_document_id", - "@timestamp", - "user_id", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14583,19 +21683,30 @@ "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", "docs_reference_links": "N/A", "fields": [ - "actor", - "operation_type", - "_document_id", "@timestamp", - "user_agent", - "user", - "created_at", - "org", - "org_id", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -14603,29 +21714,37 @@ "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14634,29 +21753,37 @@ "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", - "action", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "vulnerability_alert_rule_id", - "vulnerability_alert_rule_name", - "request_access_security_header" + "vulnerability_alert_rule_name" ], "docs_reference_titles": "About Dependabot auto-triage rules" }, @@ -14665,44 +21792,66 @@ "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", "fields": [ - "operation_type", - "request_id", - "repo_id", "@timestamp", - "user_agent", - "alert_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" ], - "docs_reference_titles": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts" + "docs_reference_titles": "About Dependabot alerts" }, { "action": "repository_vulnerability_alert.dismiss", "description": "A Dependabot alert was manually dismissed.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", - "operation_type", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "operation_type", "alert_id", - "actor", - "repo", "created_at", - "org", - "_document_id", - "action", - "actor_id", "dismiss_reason", - "user", "dismiss_comment", "alert_number", "actor_is_bot" @@ -14713,21 +21862,33 @@ "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "public_repo", "owner", - "_document_id", - "@timestamp", "operation_type", - "token_scopes", "alert_number" ] }, @@ -14736,26 +21897,34 @@ "description": "A Dependabot alert was manually reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "alert_id", - "created_at", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type", - "business", - "business_id", "public_repo", - "alert_number", - "request_access_security_header" + "alert_number" ] }, { @@ -14763,21 +21932,32 @@ "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", "docs_reference_links": "N/A", "fields": [ - "alert_id", - "repo", - "operation_type", - "action", - "repo_id", - "_document_id", - "user_agent", - "request_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "alert_number", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" ] }, { @@ -14785,21 +21965,35 @@ "description": "A Dependabot alert was withdrawn.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "alert_id", "alert_number", "ghsa_id", "created_at", "active", - "action", - "repository_id", - "repo", - "repo_id", "public_repo", "owner", - "org", - "org_id", - "_document_id", - "@timestamp", "operation_type" ] }, @@ -14808,20 +22002,30 @@ "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", "fields": [ - "org", + "@timestamp", "_document_id", - "repo", - "org_id", - "operation_type", - "created_at", - "actor", "action", - "@timestamp", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" }, @@ -14830,24 +22034,31 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -14855,26 +22066,32 @@ "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -14882,23 +22099,30 @@ "description": "Dependabot alerts was disabled.", "docs_reference_links": "N/A", "fields": [ - "repo", - "request_id", - "repo_id", - "action", - "actor_id", "@timestamp", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "org", - "_document_id", "user_id", - "operation_type", - "token_scopes", - "programmatic_access_type" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -14906,23 +22130,30 @@ "description": "Dependabot alerts was enabled.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_agent", - "created_at", "@timestamp", - "repo_id", + "_document_id", "action", - "user", - "repo", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor_id", - "_document_id", - "user_id", - "operation_type", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "actor_is_bot" ] }, @@ -14931,24 +22162,31 @@ "description": "A status check was marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "org", - "actor_id", "@timestamp", - "business", - "request_id", - "context", - "repo_id", - "action", - "repo", "_document_id", - "operation_type", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", "org_id", - "actor", - "created_at", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14957,21 +22195,31 @@ "description": "A status check was no longer marked as required for a protected branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", "fields": [ - "actor_id", - "actor", - "created_at", - "context", - "operation_type", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "repo_id", "org_id", - "action", - "_document_id", + "programmatic_access_type", "repo", - "programmatic_access_type" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" }, @@ -14980,18 +22228,31 @@ "description": "Email notification restrictions for an organization or enterprise were disabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15000,19 +22261,31 @@ "description": "Email notification restrictions for an organization or enterprise were enabled.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "business_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" }, @@ -15021,22 +22294,33 @@ "description": "A new custom repository role was created.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", - "_document_id", "role_permissions", "old_role_permissions" ], @@ -15047,23 +22331,34 @@ "description": "A custom repository role was deleted.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ], "docs_reference_titles": "Managing custom repository roles for an organization" }, @@ -15072,23 +22367,34 @@ "description": "A custom repository role was edited.", "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "owner", "role_permissions", "base_role", - "org", - "org_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "old_role_permissions", "old_base_role" ], @@ -15099,14 +22405,28 @@ "description": "A user was assigned to a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15114,42 +22434,70 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.create", "description": "GitHub detected a secret and created a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.delete", "description": "A secret scanning alert was deleted by GitHub.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15158,21 +22506,35 @@ "created_at", "reason" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.public_leak", "description": "A secret scanning alert was leaked in a public repo.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15180,29 +22542,39 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.reopen", "description": "A secret scanning alert was reopened.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type_display_name" ] }, @@ -15211,14 +22583,28 @@ "description": "A leaked secret was reported to the secret's provider by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "created_at", @@ -15226,35 +22612,44 @@ "secret_type_provider", "report_result" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts" + "docs_reference_titles": "Resolving alerts from secret scanning" }, { "action": "secret_scanning_alert.resolve", "description": "A secret scanning alert was resolved.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "number", - "resolution", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "token_scopes", "secret_type", "secret_type_display_name", "publicly_leaked", - "multi_repo", - "request_access_security_header" + "multi_repo" ] }, { @@ -15262,25 +22657,32 @@ "description": "A secret scanning alert was revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", - "number", + "token_id", + "token_scopes", "user", "user_id", - "repo", - "repo_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -15288,14 +22690,28 @@ "description": "A user was unassigned from a secret scanning alert.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "secret_type", "secret_type_display_name", @@ -15303,21 +22719,35 @@ "multi_repo", "created_at" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_alert.validate", "description": "A secret scanning alert was validated.", "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "previous_validity", @@ -15327,33 +22757,41 @@ "publicly_leaked", "multi_repo" ], - "docs_reference_titles": "/code-security/secret-scanning/managing-alerts-from-secret-scanning" + "docs_reference_titles": "Manage secret scanning alerts" }, { "action": "secret_scanning_closure_request.approve", "description": "A request to close a secret scanning alert was approved by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15362,25 +22800,33 @@ "description": "N/A", "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." @@ -15390,27 +22836,35 @@ "description": "N/A", "docs_reference_links": "A user requested to close a secret scanning alert.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "reason", "comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." @@ -15420,26 +22874,34 @@ "description": "A request to close a secret scanning alert was denied by a user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "alert_number", "request_reviewer_comment", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15448,19 +22910,30 @@ "description": "Secret scanning was disabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15469,19 +22942,30 @@ "description": "Secret scanning was enabled for all existing repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15490,20 +22974,30 @@ "description": "Secret scanning was disabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "actor_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "About secret scanning" }, @@ -15512,19 +23006,30 @@ "description": "Secret scanning was enabled for all new repositories.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "About secret scanning" }, @@ -15533,14 +23038,28 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", "fields": [ - "repo_id", - "repo", - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "org", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "number", "created_at", "push_protection_bypass_reason", @@ -15558,25 +23077,33 @@ "description": "A request to bypass secret scanning push protection was approved by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "About push protection" }, @@ -15585,79 +23112,103 @@ "description": "A user canceled a request to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.complete", "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_push_protection_request.deny", "description": "A request to bypass secret scanning push protection was denied by a user.", "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", - "request_access_security_header", "request_reviewer_comment" ], "docs_reference_titles": "About push protection" @@ -15667,49 +23218,70 @@ "description": "A user requested to bypass secret scanning push protection.", "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], - "docs_reference_titles": "Working with secret scanning and push protection" + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" }, { "action": "secret_scanning_scan.completed", "description": "A secret scanning scan has completed on this repository.", "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", "fields": [ - "repo_id", - "org_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "source", "type", "source_slug", "type_slug", "started_at", "completed_at", - "repo", "public_repo", - "org", - "business", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "secret_types", @@ -15723,10 +23295,28 @@ "description": "A security configuration was created", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15741,15 +23331,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15758,7 +23341,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15766,22 +23350,33 @@ "description": "A default security configuration setting for new repositories was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15790,22 +23385,33 @@ "description": "A default security configuration setting for new repositories was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "default_for_new_private_repos", "default_for_new_public_repos", "security_configuration_name", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -15814,10 +23420,28 @@ "description": "A security configuration was deleted", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15832,15 +23456,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15848,7 +23465,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15856,15 +23474,30 @@ "description": "A security configuration policy was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "enforcement", "security_configuration_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15874,10 +23507,28 @@ "description": "A security configuration was updated", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "security_configuration_id", "security_configuration_name", "security_configuration_description", @@ -15892,15 +23543,8 @@ "security_configuration_secret_scanning", "security_configuration_secret_scanning_push_protection", "security_configuration_secret_scanning_validity_checks", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot", "security_configuration_dependency_graph_autosubmit_action", "security_configuration_secret_scanning_non_provider_patterns", @@ -15909,7 +23553,8 @@ "security_configuration_secret_scanning_delegated_alert_dismissal", "security_configuration_code_scanning_delegated_alert_dismissal", "security_configuration_code_security_sku_enabled", - "security_configuration_secret_protection_sku_enabled" + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" ] }, { @@ -15917,16 +23562,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15936,18 +23594,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -15956,16 +23627,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -15975,15 +23659,28 @@ "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org_id", + "business", + "business_id", + "hashed_token", "org", - "action", - "_document_id", - "@timestamp", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ], @@ -15995,15 +23692,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -16013,15 +23723,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -16030,17 +23755,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16049,17 +23787,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -16068,16 +23820,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -16087,14 +23852,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -16104,17 +23884,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16123,17 +23916,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -16142,18 +23948,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16162,15 +23981,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -16180,16 +24013,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action", + "user_id", "user_agent", - "operation_type", - "_document_id", - "actor", - "actor_id", - "user_id" + "created_at", + "operation_type" ] }, { @@ -16197,15 +24043,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -16216,16 +24075,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -16235,17 +24107,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16256,17 +24141,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -16277,18 +24175,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16298,16 +24207,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16317,16 +24239,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -16338,17 +24273,30 @@ "fields": [ "@timestamp", "_document_id", - "fingerprint", - "operation_type", - "openssh_public_key", - "org_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "request_id" + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16357,19 +24305,32 @@ "description": "An SSH certificate authority for an organization or enterprise was deleted.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "created_at", + "@timestamp", "_document_id", - "fingerprint", - "operation_type", + "action", "actor", - "org_id", - "openssh_public_key", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "action", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", - "request_id" + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16378,21 +24339,30 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "user", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "created_at", - "actor", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "business", - "business_id", - "@timestamp", - "actor_id" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, @@ -16401,36 +24371,60 @@ "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", "fields": [ - "actor_id", - "user_id", - "org", - "operation_type", - "request_id", "@timestamp", "_document_id", - "actor", - "user", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "created_at", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" }, { "action": "staff.dependabot_debug_credentials_generated", - "description": "N/A", + "description": "Dependabot encrypted config was read.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "public_repo" @@ -16441,20 +24435,34 @@ "description": "The verification code expiry time for an organization or enterprise domain was set.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner_type", "domain_name", - "business_id", "token_expires_at", "owner", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16462,18 +24470,33 @@ "description": "An organization or enterprise domain was unverified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "owner_type", "domain_name", "owner", - "action", - "operation_type", - "@timestamp", - "_document_id" + "operation_type" ] }, { @@ -16481,16 +24504,31 @@ "description": "An organization or enterprise domain was verified.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "domain_name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -16498,23 +24536,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16522,23 +24570,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16546,23 +24604,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16570,23 +24638,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -16594,21 +24672,31 @@ "description": "A member of an organization was added to a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", "fields": [ - "user_agent", - "request_id", - "org_id", - "user_id", - "team", - "user", "@timestamp", - "actor_id", - "created_at", - "operation_type", "_document_id", - "org", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" @@ -16618,22 +24706,31 @@ "description": "A team was given access and permissions to a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "team", - "action", - "operation_type", - "request_id", - "created_at", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", - "actor_id", - "_document_id", "repo_id", - "user_agent", - "org_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -16642,20 +24739,30 @@ "description": "A team was added to an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16666,20 +24773,31 @@ "description": "A child team was created or a child team's parent was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", "fields": [ - "org", "@timestamp", - "created_at", "_document_id", - "team", "action", - "operation_type", "actor", - "request_id", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" }, @@ -16688,18 +24806,31 @@ "description": "A team's privacy level was changed.", "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", "fields": [ - "user_agent", - "request_id", - "org", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team", "created_at", "operation_type", - "actor_id", - "org_id", - "@timestamp", - "actor", - "_document_id", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" @@ -16709,21 +24840,32 @@ "description": "A new team is created.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "oauth_application_id", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "oauth_application_id", + "operation_type", "team", - "org", - "actor", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "team_type" ] }, @@ -16732,21 +24874,31 @@ "description": "A user was demoted from a team maintainer to a team member.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" }, @@ -16755,80 +24907,124 @@ "description": "A team was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "team", "org_id", - "actor_id", - "actor", - "action", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", "operation_type", - "_document_id", - "programmatic_access_type", "team_type" ] }, { "action": "team_discussions.clear", - "description": "An organization owner cleared the setting to allow team discussions for an organization or enterprise.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "business_id", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", "actor_id", - "user", "business", - "action", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id" + "user_agent", + "operation_type", + "created_at" ] }, { "action": "team_discussions.disable", - "description": "Team discussions were disabled for an organization.", - "docs_reference_links": "/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization", + "description": "N/A", + "docs_reference_links": "N/A", "fields": [ - "org_id", + "@timestamp", + "_document_id", "action", - "operation_type", - "request_id", "actor", - "org", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", - "_document_id" - ], - "docs_reference_titles": "Organizations and teams documentation" + "operation_type", + "created_at" + ] }, { "action": "team_discussions.enable", - "description": "Team discussions were enabled for an organization.", + "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", "@timestamp", - "action", "_document_id", - "user_agent", - "user_id", + "action", + "actor", + "actor_id", + "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "business", + "user_id", + "user_agent", "operation_type", - "actor", "created_at" ] }, @@ -16837,19 +25033,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "actor", - "action", - "operation_type", - "team", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" ] }, { @@ -16857,19 +25065,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", "@timestamp", - "actor_id", "_document_id", - "team", - "created_at", - "org_id", "action", - "request_id", - "user_agent", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "request_access_security_header" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" ] }, { @@ -16877,22 +25097,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "team", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" ] }, { @@ -16900,22 +25129,31 @@ "description": "A user was promoted from a team member to a team maintainer.", "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "team", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "team", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" }, @@ -16924,20 +25162,30 @@ "description": "A team was removed from an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "team_type", "team", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -16948,22 +25196,31 @@ "description": "An organization member was removed from a team.", "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", "fields": [ - "request_id", - "operation_type", - "created_at", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "team", - "user_id", - "actor", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", + "user_id", "user_agent", - "_document_id", - "token_scopes", - "programmatic_access_type", + "operation_type", + "created_at", + "team", "team_type" ], "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" @@ -16973,43 +25230,64 @@ "description": "A repository was removed from a team's control.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "org_id", - "repo", - "repo_id", - "action", + "@timestamp", "_document_id", + "action", "actor", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "created_at", "team", - "org", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { "action": "team.rename", - "description": "A team's name was changed.", - "docs_reference_links": "N/A", - "fields": [ - "name", - "user_agent", - "created_at", - "team", - "operation_type", - "actor_id", - "org", + "description": "A team's name was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", "action", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "_document_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", "team_type" ] }, @@ -17018,17 +25296,30 @@ "description": "Team synchronization with a tenant was disabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", "actor", - "request_id", - "org_id", "actor_id", - "operation_type", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", "org", - "user_agent" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17037,19 +25328,30 @@ "description": "Team synchronization with a tenant was enabled.", "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", "fields": [ - "org_id", - "business_id", - "actor", - "created_at", - "user_agent", "@timestamp", - "operation_type", - "business", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" }, @@ -17058,19 +25360,30 @@ "description": "The Okta credentials for team synchronization with a tenant were changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -17078,28 +25391,37 @@ "description": "A team's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "team", - "org_id", "@timestamp", - "org", "_document_id", - "old_permission", - "request_id", - "repo", "action", - "repo_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", "operation_type", "created_at", - "user_agent", "permission", "new_repo_permission", "new_repo_base_role", "old_repo_permission", - "old_repo_base_role", - "token_scopes", - "programmatic_access_type" + "old_repo_base_role" ] }, { @@ -17107,23 +25429,38 @@ "description": "Triggered when a user content edit is deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_content_id", "user_content_type", "created_at", - "user_agent", "deleted_by", "editor_id", - "_document_id", "deleted_at", - "action", - "actor_id", "editor", "deleted_by_id", "deleted_content", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -17131,16 +25468,30 @@ "description": "A Dependabot rule was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17150,16 +25501,30 @@ "description": "A Dependabot rule was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17169,18 +25534,31 @@ "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17190,21 +25568,33 @@ "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_id", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17212,21 +25602,32 @@ "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17234,21 +25635,32 @@ "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "org", - "org_id", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -17256,16 +25668,30 @@ "description": "A Dependabot rule's conditions, actions, or metadata changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "vulnerability_alert_rule_id", "vulnerability_alert_rule_name", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17275,27 +25701,33 @@ "description": "A workflow job was approved.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", - "repo", - "repo_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17304,23 +25736,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -17328,10 +25770,28 @@ "description": "A workflow run was cancelled.", "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17342,20 +25802,9 @@ "run_number", "cancelled_at", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Canceling a workflow run" }, @@ -17364,23 +25813,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -17390,10 +25847,28 @@ "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17405,19 +25880,9 @@ "conclusion", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", - "programmatic_access_type", "actor_is_bot", "actor_is_agent" ], @@ -17428,10 +25893,28 @@ "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17440,21 +25923,10 @@ "head_branch", "head_sha", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "public_repo", - "programmatic_access_type", "actor_is_bot", - "request_access_security_header", "actor_is_agent" ], "docs_reference_titles": "Understanding GitHub Actions" @@ -17464,23 +25936,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -17489,22 +25973,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17512,21 +26007,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -17534,25 +26040,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -17560,23 +26074,36 @@ "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", "fields": [ - "repo_id", - "repo", - "org_id", - "org", - "business_id", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "job_name", "runner_labels", "is_hosted_runner", "environment_name", "secrets_passed", - "action", - "_document_id", "operation_type", "created_at", - "@timestamp", "runner_owner_type", "job_workflow_ref", "calling_workflow_refs", @@ -17590,24 +26117,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -17616,10 +26152,28 @@ "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "started_at", "event", @@ -17629,21 +26183,11 @@ "head_sha", "run_number", "workflow_id", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", - "_document_id", - "business", - "business_id", "trigger_id", "run_attempt", "rerun_type", "check_run_id", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "Re-running workflows and jobs" @@ -17653,25 +26197,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.19/user.json b/src/audit-logs/data/ghes-3.19/user.json index 0c592e710078..d05abaa0f734 100644 --- a/src/audit-logs/data/ghes-3.19/user.json +++ b/src/audit-logs/data/ghes-3.19/user.json @@ -4,17 +4,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "org", "@timestamp", - "operation_type", - "user_agent", "_document_id", - "created_at", "action", - "request_id", "actor", "actor_id", - "org_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -22,18 +35,30 @@ "description": "The account's plan changed.", "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", "fields": [ - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_agent", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", "user", - "action", "user_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "How GitHub billing works" }, @@ -42,17 +67,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "request_id", "@timestamp", - "user_agent", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", - "user_id", + "token_scopes", "user", - "actor", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -61,18 +98,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", + "token_scopes", "user", - "request_id", - "_document_id", - "user_agent", - "actor", "user_id", - "actor_id", - "operation_type", - "@timestamp" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -80,18 +129,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", - "actor_id", - "operation_type", - "created_at", + "_document_id", + "action", "actor", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "token_id" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -99,29 +160,35 @@ "description": "A GitHub Actions cache was deleted using the REST API.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "user_id", - "user", - "repo_id", - "repo", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "actions_cache_id", "actions_cache_key", "actions_cache_version", "actions_cache_scope", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -129,18 +196,30 @@ "description": "A workflow run artifact was manually deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", - "operation_type", - "programmatic_access_type" + "operation_type" ] }, { @@ -148,28 +227,42 @@ "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "pricing_target_type", "pricing_target_id", "budget_limit_type", - "alert_recipient_user_ids" + "alert_recipient_user_ids", + "exclude_cost_center_usage" ] }, { @@ -177,22 +270,34 @@ "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "uuid", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -200,25 +305,37 @@ "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "customer_id", "target_amount", "target_type", "target_id", "alert_enabled", "status", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", - "request_access_security_header", "old_target_amount", "old_budget_limit_type", "old_alert_enabled", @@ -232,17 +349,30 @@ "description": "The way the account pays for GitHub was changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", "fields": [ - "actor_id", - "user", "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "created_at", - "operation_type", - "_document_id", "user_agent", - "request_id" + "created_at", + "operation_type" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -251,19 +381,31 @@ "description": "The billing email address changed.", "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "operation_type", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "@timestamp", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "_document_id", - "org", - "email", - "action", - "request_access_security_header" + "email" ], "docs_reference_titles": "Managing your payment and billing information" }, @@ -272,15 +414,28 @@ "description": "Azure subscription has been linked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -290,15 +445,28 @@ "description": "Azure subscription has been unlinked on this account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -308,18 +476,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", "@timestamp", - "actor_id", - "operation_type", "_document_id", - "request_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "created_at", - "action" + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -327,18 +508,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", - "user_agent", - "created_at", "user_id", - "request_id", - "actor", - "action", - "@timestamp", - "_document_id", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -346,15 +539,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -364,26 +570,36 @@ "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -391,24 +607,34 @@ "description": "A CSV export was requested on the \"Coverage\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -416,26 +642,36 @@ "description": "A CSV export was requested on the \"Overview Dashboard\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -443,20 +679,31 @@ "description": "A CSV export was requested on the \"Risk\" page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", "business_id", - "user", - "user_id", - "query", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -467,17 +714,29 @@ "description": "The cache retention policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -489,17 +748,29 @@ "description": "The cache storage policy for GitHub Actions was set for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", "operation_type", "actor_is_bot" @@ -511,17 +782,30 @@ "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "created_at", "operation_type" ], @@ -532,20 +816,32 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "policy", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -554,19 +850,32 @@ "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "limit", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -575,19 +884,31 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -596,20 +917,32 @@ "description": "The policy for fork pull request workflows was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "policy", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -618,19 +951,31 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" }, @@ -639,42 +984,64 @@ "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "visibility", - "user_agent", - "user", "@timestamp", - "repo", - "actor_id", - "user_id", + "_document_id", "action", - "created_at", "actor", - "operation_type", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id" - ], - "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" }, { "action": "checks.auto_trigger_enabled", "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo" ], "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" @@ -685,17 +1052,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", - "created_at", - "_document_id", - "user_agent", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repo", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -703,14 +1082,29 @@ "description": "A codespace using custom permissions from its devcontainer.json file was launched.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "origin_repository", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -720,25 +1114,34 @@ "description": "Credentials for a codespace were refreshed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", - "pull_request_id", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "org_id", + "user_agent", + "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -749,22 +1152,33 @@ "description": "A codespace was created", "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot", "machine_type", "devcontainer_path" @@ -776,22 +1190,33 @@ "description": "A user deleted a codespace.", "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repository_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "pull_request_id", "owner", "name", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Deleting a codespace" }, @@ -800,15 +1225,30 @@ "description": "A codespace was exported to a branch on GitHub.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "owner", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "public_repo" @@ -819,17 +1259,30 @@ "description": "A codespace was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -839,27 +1292,36 @@ "description": "A codespace was started.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", - "org", "owner", "pull_request_id", "machine_type", - "user_id", - "user", "devcontainer_path", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -867,19 +1329,32 @@ "description": "A codespace was stopped.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type" + "public_repo" ] }, { @@ -887,18 +1362,30 @@ "description": "A personal account's access and security setting for Codespaces were updated.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -907,23 +1394,30 @@ "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -931,16 +1425,30 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "_document_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "What is GitHub Copilot?" }, @@ -949,24 +1457,30 @@ "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -974,15 +1488,28 @@ "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -992,20 +1519,30 @@ "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ] }, { @@ -1013,19 +1550,31 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "seat_assignment", - "request_access_security_header" + "seat_assignment" ] }, { @@ -1033,21 +1582,30 @@ "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_id", - "user", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1055,22 +1613,33 @@ "description": "Specific repositories were disabled from using Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "org_id", - "owner_type", "actor_id", - "owner", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -1078,21 +1647,31 @@ "description": "Specific repositories were enabled to use Copilot coding agent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "owner_type", - "owner", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", "public_repo", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1102,20 +1681,32 @@ "description": "Copilot coding agent access was updated for the organization's or user's repositories.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_access", "old_access", - "org_id", "owner_type", "owner", - "org", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -1125,21 +1716,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1149,19 +1749,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -1171,21 +1780,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "runner_group_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1195,19 +1813,30 @@ "description": "Dependabot alerts were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1216,19 +1845,30 @@ "description": "Dependabot alerts were enabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" }, @@ -1237,19 +1877,30 @@ "description": "Dependabot alerts were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1258,19 +1909,30 @@ "description": "Dependabot alerts were enabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" }, @@ -1279,17 +1941,30 @@ "description": "The repositories that Dependabot can access were updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1297,19 +1972,30 @@ "description": "Dependabot security updates were disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1318,19 +2004,30 @@ "description": "Dependabot security updates were enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1338,19 +2035,30 @@ "description": " Dependabot security updates were disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1359,19 +2067,30 @@ "description": "Dependabot security updates were enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -1379,19 +2098,30 @@ "description": "The dependency graph was disabled for all existing repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1400,19 +2130,30 @@ "description": "The dependency graph was enabled for all existing repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1420,19 +2161,30 @@ "description": "The dependency graph was disabled for all new repositories.", "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" }, @@ -1441,20 +2193,30 @@ "description": "The dependency graph was enabled for all new repositories.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -1462,22 +2224,31 @@ "description": "A GitHub Actions deployment protection rule was created via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1486,22 +2257,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "environment_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1509,28 +2290,34 @@ "description": "A secret was created for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "oauth_application_id", "key", "visibility", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1539,27 +2326,35 @@ "description": "A variable was created for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Store information in variables" }, @@ -1568,25 +2363,33 @@ "description": "An environment was deleted.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "token_scopes", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1595,26 +2398,33 @@ "description": "A secret was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", "operation_type", - "@timestamp", "created_at", - "_document_id", - "business", - "business_id", - "public_repo", - "token_scopes", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1623,21 +2433,33 @@ "description": "A variable was deleted for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1646,22 +2468,32 @@ "description": "A GitHub Actions deployment protection rule was deleted via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Managing environments for deployment" }, @@ -1670,49 +2502,70 @@ "description": "A secret was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "key", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", - "public_repo", "programmatic_access_type", - "request_access_security_header" - ], - "docs_reference_titles": "Managing environments for deployment" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" }, { "action": "environment.update_actions_variable", "description": "A variable was updated for a GitHub Actions environment.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "environment_name", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -1721,21 +2574,31 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_value", "approvers_was", "approvers", - "programmatic_access_type", "can_admins_bypass", "prevent_self_review" ], @@ -1746,21 +2609,32 @@ "description": "A gist was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "gist_id", - "@timestamp", "created_at", "operation_type", - "user_agent", - "actor", - "actor_id", - "visibility", - "action", - "_document_id", - "token_scopes", - "programmatic_access_type" + "visibility" ] }, { @@ -1768,20 +2642,32 @@ "description": "A gist was deleted.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "gist_id", - "visibility", - "created_at", + "@timestamp", "_document_id", - "user", - "request_id", - "operation_type", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "@timestamp", - "programmatic_access_type" + "gist_id", + "visibility", + "created_at", + "operation_type" ] }, { @@ -1789,21 +2675,32 @@ "description": "The visibility of a gist was updated.", "docs_reference_links": "N/A", "fields": [ - "action", - "operation_type", "@timestamp", - "user_agent", + "_document_id", + "action", "actor", - "user", - "gist_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "visibility", - "user_id", - "created_at", - "_document_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" ] }, { @@ -1811,22 +2708,33 @@ "description": "An SSH key was added to a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1835,23 +2743,34 @@ "description": "An SSH key was removed from a user account as a Git commit signing key.", "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", - "user_id", "explanation", - "user", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" }, @@ -1860,23 +2779,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -1884,18 +2812,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", "business", - "user", - "user_id", - "org", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -1906,20 +2844,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", - "runner_group_id", "business", - "user", - "user_id", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", "created_at", "operation_type" ] @@ -1929,18 +2877,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "created_at", - "user_id", "@timestamp", - "user", - "operation_type", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -1948,18 +2908,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "created_at", - "_document_id", + "user_id", "user_agent", - "@timestamp", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -1967,25 +2939,35 @@ "description": "A hook's active status was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "name", "events", "active", "active_was", "hook_id", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -1993,25 +2975,34 @@ "description": "A hook's configuration was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "operation_type", "@timestamp", "_document_id", + "action", "actor", - "name", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "user_agent", - "request_id", - "hook_id", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", "created_at", "oauth_application_id", - "action", - "events", - "org_id", - "token_scopes", - "programmatic_access_type" + "events" ] }, { @@ -2019,26 +3010,35 @@ "description": "A new hook was added.", "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", "fields": [ - "oauth_application", + "@timestamp", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", "hook_id", "events", - "repo", - "@timestamp", "operation_type", "name", - "action", - "created_at", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "About webhooks" }, @@ -2047,25 +3047,34 @@ "description": "A hook was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "created_at", - "org", "name", - "request_id", - "actor_id", - "repo_id", - "org_id", - "action", "operation_type", "oauth_application_id", - "user_agent", - "hook_id", - "@timestamp", - "_document_id", - "token_scopes", - "programmatic_access_type" + "hook_id" ] }, { @@ -2073,26 +3082,35 @@ "description": "A hook's configured events were changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "events", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", "operation_type", - "action", - "_document_id", - "actor_id", "name", "events_were", - "@timestamp", "created_at", "hook_id", - "repo_id", - "org_id", - "org", - "user_agent", - "request_id", - "oauth_application_id", - "token_scopes", - "programmatic_access_type" + "oauth_application_id" ] }, { @@ -2100,21 +3118,32 @@ "description": "A GitHub App was created.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", "@timestamp", + "_document_id", + "action", "actor", - "user_agent", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", + "token_id", + "token_scopes", + "user", "user_id", - "_document_id", + "user_agent", + "operation_type", + "name", "integration", "created_at", - "programmatic_access_type", - "request_access_security_header", "application_client_id" ] }, @@ -2123,19 +3152,32 @@ "description": "A GitHub App was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "integration", - "user", - "_document_id", - "action", "operation_type", - "created_at", - "user_agent" + "created_at" ] }, { @@ -2143,21 +3185,32 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", "business", "business_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", "application_client_id" ] }, @@ -2166,19 +3219,33 @@ "description": "A GitHub App was installed.", "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", "fields": [ - "operation_type", "@timestamp", - "name", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "repository_selection", + "token_id", + "token_scopes", + "user", "user_id", - "action", "user_agent", - "user", + "operation_type", + "name", + "repository_selection", "created_at", "integration", - "_document_id", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" @@ -2189,20 +3256,32 @@ "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ "@timestamp", - "request_id", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "_document_id", "repository_selection", "integration", - "user_id", - "user", - "action", "operation_type", "name", - "actor_id", - "user_agent", - "programmatic_access_type", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2212,24 +3291,35 @@ "description": "Repositories were added to a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "repository_selection", "name", - "user", - "request_id", "integration", "operation_type", - "actor_id", - "action", "repositories_added", "created_at", - "_document_id", - "@timestamp", - "actor", - "user_agent", - "token_scopes", "repositories_added_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2240,23 +3330,35 @@ "description": "Repositories were removed from a GitHub App.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor", + "operation_type", "repository_selection", "repositories_removed", "integration", - "user_id", "created_at", - "_document_id", - "request_id", - "@timestamp", "name", - "action", - "actor_id", "repositories_removed_names", - "programmatic_access_type", "actor_is_bot", "application_client_id" ], @@ -2267,20 +3369,33 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "request_access_security_header", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" @@ -2290,19 +3405,33 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "repository_selection", - "actor_id", "integration", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" }, @@ -2311,20 +3440,33 @@ "description": "Permissions for a GitHub App were updated.", "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", "fields": [ - "integration", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "integration", "name", - "user", "operation_type", - "actor_id", - "action", - "_document_id", - "request_id", "created_at", "repository_selection", - "@timestamp", - "actor", "application_client_id" ], "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" @@ -2334,20 +3476,33 @@ "description": "A member of an enterprise or organization was added as a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", "fields": [ - "created_at", - "action", + "@timestamp", "_document_id", - "name", - "org_id", - "manager", - "operation_type", + "action", "actor", - "integration", - "org", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_agent" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" }, @@ -2356,20 +3511,33 @@ "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "integration", - "org_id", - "_document_id", - "action", - "actor", "name", "created_at", - "manager", - "@timestamp" + "manager" ], "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" }, @@ -2378,20 +3546,32 @@ "description": "A client secret for a GitHub App was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ] }, { @@ -2399,19 +3579,32 @@ "description": "All user tokens for a GitHub App were requested to be revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2420,19 +3613,32 @@ "description": "Token(s) for a GitHub App were revoked.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "name", - "integration", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "name", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", "application_client_id" ] }, @@ -2441,17 +3647,30 @@ "description": "A GitHub App was suspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2464,21 +3683,34 @@ "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "name", "transfer_to_id", - "user", "requester", - "action", "requester_id", - "actor_id", "created_at", - "_document_id", - "user_agent", "transfer_to", "operation_type", - "request_id", - "actor", "integration", "transfer_from", "transfer_from_id", @@ -2492,17 +3724,30 @@ "description": "A GitHub App was unsuspended.", "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "name", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "name", + "integration", "created_at", "operation_type", "application_client_id" @@ -2514,20 +3759,30 @@ "description": "An issue was marked as blocked by another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2538,19 +3793,30 @@ "description": "The blocked by relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2560,20 +3826,30 @@ "description": "An issue was marked as blocking another issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2584,20 +3860,30 @@ "description": "The blocking relationship between an issue and another issue was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -2608,18 +3894,30 @@ "description": "The GitHub Marketplace Developer Agreement was signed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "actor_id", "@timestamp", "_document_id", - "user_agent", - "operation_type", - "created_at", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -2627,21 +3925,34 @@ "description": "A listing was approved for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "secondary_category", - "actor", - "primary_category", - "user", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", + "secondary_category", + "primary_category", "operation_type", "created_at", - "request_id", - "actor_id", "marketplace_listing", - "integration", - "action" + "integration" ] }, { @@ -2649,21 +3960,34 @@ "description": "A category for a listing for an app in GitHub Marketplace was changed.", "docs_reference_links": "N/A", "fields": [ - "primary_category", - "user_agent", - "request_id", - "actor", - "marketplace_listing", "@timestamp", - "integration", - "org_id", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", "secondary_category", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -2671,22 +3995,35 @@ "description": "A listing for an app in GitHub Marketplace was created.", "docs_reference_links": "N/A", "fields": [ - "primary_category", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", + "user_id", "user_agent", + "primary_category", + "created_at", "oauth_application", - "action", - "request_id", "marketplace_listing", - "user_id", "secondary_category", "oauth_application_id", - "actor", - "actor_id", - "operation_type", - "@timestamp" + "operation_type" ] }, { @@ -2694,19 +4031,32 @@ "description": "A listing was removed from GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "org", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "secondary_category", "operation_type", "marketplace_listing", - "action", - "@timestamp", - "_document_id", "primary_category", "integration" ] @@ -2717,21 +4067,36 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "actor", + "_document_id", "action", - "operation_type", - "marketplace_listing", - "has_free_trial", - "user_agent", - "request_id", + "actor", "actor_id", - "yearly_price_in_cents", - "description", - "bullets", - "monthly_price_in_cents", - "marketplace_listing_plan", - "_document_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "marketplace_listing", + "has_free_trial", + "yearly_price_in_cents", + "description", + "bullets", + "monthly_price_in_cents", + "marketplace_listing_plan" ] }, { @@ -2739,22 +4104,37 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "marketplace_listing_plan", "marketplace_listing", "description", "bullets", "has_free_trial", "created_at", - "actor_id", "operation_type", - "_document_id", - "action", - "user_agent", - "request_id", - "actor", "monthly_price_in_cents", - "yearly_price_in_cents", - "@timestamp" + "yearly_price_in_cents" ] }, { @@ -2762,21 +4142,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor", - "marketplace_listing_plan", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", "description", "yearly_price_in_cents", - "@timestamp", "created_at", - "actor_id", "bullets", "has_free_trial", "marketplace_listing", - "user_agent", "monthly_price_in_cents", - "action", "operation_type" ] }, @@ -2785,21 +4180,36 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "monthly_price_in_cents", - "marketplace_listing", + "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", "description", "bullets", "yearly_price_in_cents", - "request_id", - "actor_id", "has_free_trial", "marketplace_listing_plan", - "user_agent", - "@timestamp", "operation_type", - "actor", "created_at" ] }, @@ -2808,22 +4218,35 @@ "description": "A listing was sent back to draft state.", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "secondary_category", - "oauth_application_id", "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", "operation_type", "oauth_application", - "actor", "created_at", "marketplace_listing", - "request_id", - "actor_id", - "primary_category", - "user" + "primary_category" ] }, { @@ -2831,22 +4254,35 @@ "description": "A listing was not accepted for inclusion in GitHub Marketplace.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "primary_category", "secondary_category", "marketplace_listing", "oauth_application", "oauth_application_id", - "user", - "user_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -2854,19 +4290,31 @@ "description": "A pull request was removed from a merge queue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -2874,21 +4322,30 @@ "description": "A pull request was moved ahead in a merge queue.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", - "repo_id", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2898,16 +4355,29 @@ "description": "A merge queue was cleared.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -2917,18 +4387,31 @@ "description": "The settings for a merge queue were updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "max_entries_to_build", - "min_entries_to_merge", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "_document_id", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "max_entries_to_build", + "min_entries_to_merge", + "public_repo", "created_at", "operation_type" ] @@ -2938,14 +4421,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -2953,19 +4452,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id" + "created_at" ] }, { @@ -2973,18 +4483,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "operation_type", "org_id", - "@timestamp", - "_document_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -2992,23 +4514,31 @@ "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", "docs_reference_links": "N/A", "fields": [ - "repo", - "org_id", + "@timestamp", "_document_id", - "org", - "repo_id", "action", "actor", - "created_at", - "operation_type", - "@timestamp", - "user_agent", - "request_id", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -3016,20 +4546,30 @@ "description": "An OAuth access token was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", "fields": [ - "_document_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "user", - "user_id", - "created_at", + "_document_id", "action", + "actor", "actor_id", - "request_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" @@ -3040,19 +4580,30 @@ "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", "fields": [ "@timestamp", - "user_agent", - "action", - "operation_type", "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_id", + "user_agent", + "operation_type", + "created_at", "explanation", - "hashed_token", - "actor_id", - "token_scopes", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" @@ -3062,19 +4613,30 @@ "description": "An OAuth access token was regenerated.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "_document_id", - "created_at", "@timestamp", - "operation_type", + "_document_id", "action", - "user_agent", - "request_id", "actor", "actor_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", "oauth_application_name" ] }, @@ -3083,16 +4645,28 @@ "description": "An OAuth access token was revoked.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "request_access_security_header", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", "token_id", "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -3102,39 +4676,63 @@ "description": "An OAuth access token was updated.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", - "created_at", "action", - "@timestamp", - "user", - "user_agent", - "request_access_security_header" - ] - }, - { - "action": "oauth_application.create", - "description": "An OAuth application was created.", - "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", - "fields": [ + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "created_at", - "oauth_application_id", - "operation_type", - "user_agent", - "actor_id", "org_id", - "action", - "actor", - "oauth_application", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "oauth_application.create", + "description": "An OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3143,20 +4741,32 @@ "description": "An OAuth application was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "created_at", - "oauth_application_id", - "user_id", - "operation_type", "@timestamp", - "user_agent", - "oauth_application", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3165,20 +4775,32 @@ "description": "An OAuth application's secret key was generated.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3187,20 +4809,32 @@ "description": "An OAuth application's secret key was deleted.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3209,19 +4843,32 @@ "description": "The secret key for an OAuth application was reset.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "oauth_application", "operation_type", - "request_id", - "actor_id", - "_document_id", "created_at", - "actor", - "oauth_application_id", - "@timestamp", - "user_agent" + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3230,20 +4877,32 @@ "description": "All user tokens for an OAuth application were requested to be revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application", - "oauth_application_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "oauth_application", + "oauth_application_id", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3252,20 +4911,32 @@ "description": "Token(s) for an OAuth application were revoked.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "oauth_application_id", - "oauth_application", - "actor_id", - "user_agent", "@timestamp", - "request_id", - "user_id", - "action", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3274,19 +4945,32 @@ "description": "An OAuth application was transferred from one account to another.", "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "oauth_application", - "actor_id", - "oauth_application_id", "@timestamp", - "user_id", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" ], "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" }, @@ -3295,24 +4979,31 @@ "description": "An authorization for an OAuth application was created.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ - "operation_type", - "user_agent", - "user_id", - "actor", - "org_id", + "@timestamp", "_document_id", - "request_id", "action", - "@timestamp", - "created_at", + "actor", "actor_id", - "user", "business", "business_id", - "token_scopes", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "actor_is_bot", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3322,20 +5013,31 @@ "description": "An authorization for an OAuth application was deleted.", "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", "fields": [ - "user_agent", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "actor", "created_at", "explanation", - "user", - "user_id", - "org_id", - "action", - "actor_id", - "token_scopes", "actor_is_bot", "oauth_application_name" ], @@ -3346,20 +5048,31 @@ "description": "An authorization for an OAuth application was updated.", "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", - "actor_id", "user_agent", - "@timestamp", "operation_type", - "action", - "user", "created_at", - "_document_id", "actor_is_bot", - "request_access_security_header", "oauth_application_name" ], "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" @@ -3369,21 +5082,31 @@ "description": "A user joined an organization.", "docs_reference_links": "N/A", "fields": [ - "permission", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "operation_type", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", - "user_agent", - "org_id", "user_id", - "actor_id", - "action", - "programmatic_access_type", + "user_agent", + "permission", + "operation_type", + "created_at", "actor_is_bot" ] }, @@ -3392,24 +5115,34 @@ "description": "An outside collaborator was added to a repository.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", "public_repo", "permission", "invitee", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3417,20 +5150,30 @@ "description": "GitHub Advanced Security was disabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3438,22 +5181,30 @@ "description": "GitHub Advanced Security was disabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3461,20 +5212,30 @@ "description": "GitHub Advanced Security was enabled for new repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "business", - "business_id", - "token_scopes" + "created_at" ] }, { @@ -3482,22 +5243,30 @@ "description": "GitHub Advanced Security was enabled for all repositories in an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", - "org", - "org_id", "business", "business_id", - "action", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "token_scopes" + "created_at" ] }, { @@ -3505,21 +5274,30 @@ "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", - "request_id", - "actor_id", - "user_agent", - "actor", "action", - "user_id", - "@timestamp", - "created_at", - "user", - "operation_type", - "org_id", - "org", - "token_scopes", - "programmatic_access_type" + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -3527,26 +5305,35 @@ "description": "A CSV export was requested on the CodeQL pull request alerts page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "actor_is_bot" ] }, @@ -3555,26 +5342,34 @@ "description": "A CSV export was requested on the Coverage page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3582,28 +5377,36 @@ "description": "A CSV export was requested on the Overview Dashboard page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", "start_date", "end_date", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3611,26 +5414,34 @@ "description": "A CSV export was requested on the Risk page.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "query", "filename", "requested_at", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -3638,18 +5449,28 @@ "description": "The cache retention policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3661,18 +5482,28 @@ "description": "The cache storage policy for GitHub Actions was set for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "org", - "org_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type", "actor_is_bot" @@ -3684,20 +5515,31 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" }, @@ -3706,16 +5548,29 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "created_at", "operation_type" ], @@ -3726,18 +5581,31 @@ "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "limit", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" }, @@ -3746,18 +5614,30 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" }, @@ -3766,18 +5646,31 @@ "description": "The policy for workflows on private repository forks was changed.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "policy", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" }, @@ -3786,18 +5679,30 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -3807,20 +5712,31 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "org_id", - "created_at", "_document_id", - "user", - "user_id", "action", - "request_id", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "old_permission", "permission", - "actor", - "user_agent", - "operation_type", - "org" + "operation_type" ] }, { @@ -3828,17 +5744,30 @@ "description": "The create repository permission for organization members was changed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "action", "@timestamp", - "request_id", + "_document_id", + "action", + "actor", "actor_id", - "permission", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", "org", "org_id", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", "visibility", "operation_type" ] @@ -3848,20 +5777,31 @@ "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", "fields": [ - "actor_id", - "permission", + "@timestamp", + "_document_id", "action", - "org_id", "actor", - "created_at", - "_document_id", + "actor_id", + "business", "business_id", - "operation_type", + "hashed_token", "org", - "user_agent", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "business", - "@timestamp" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" ], "docs_reference_titles": "Setting permissions for adding outside collaborators" }, @@ -3870,20 +5810,34 @@ "description": "A GitHub Pages verified domain was created for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3892,17 +5846,32 @@ "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -3913,20 +5882,34 @@ "description": "A GitHub Pages domain was verified for an organization or enterprise.", "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "owner", "owner_type", "domain", "state", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" }, @@ -3935,19 +5918,31 @@ "description": "A new passkey was added.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" + "user_agent", + "nickname", + "created_at", + "operation_type" ] }, { @@ -3955,19 +5950,31 @@ "description": "A new passkey was removed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "nickname", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "nickname", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -3975,18 +5982,30 @@ "description": "A new payment method was added, such as a new credit card or PayPal account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "user", - "operation_type", - "user_id", + "@timestamp", "_document_id", "action", "actor", "actor_id", - "@timestamp", - "created_at", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -3994,16 +6013,30 @@ "description": "A payment method was removed.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "actor_id", "@timestamp", - "user_id", + "_document_id", "action", - "operation_type", "actor", - "_document_id", - "request_access_security_header" + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -4011,18 +6044,30 @@ "description": "An existing payment method was updated.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "request_id", - "org_id", - "created_at", - "actor_id", "@timestamp", + "_document_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -4030,18 +6075,31 @@ "description": "A fine-grained personal access token was granted access to resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4052,18 +6110,31 @@ "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "user_programmatic_access_id", "user_programmatic_access_name", "repository_selection", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4074,17 +6145,30 @@ "description": "Triggered when you create a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4094,19 +6178,31 @@ "description": "Triggered when you regenerate a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4114,12 +6210,29 @@ "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", "fields": [ - "user_programmatic_access_name", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "user_programmatic_access_name", "created_at", "operation_type" ], @@ -4130,38 +6243,63 @@ "description": "Triggered when you delete a fine-grained personal access token.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", - "user", - "user_id", - "explanation", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ] - }, + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "explanation", + "created_at", + "operation_type" + ] + }, { "action": "personal_access_token.request_cancelled", "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4172,18 +6310,31 @@ "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4195,17 +6346,30 @@ "description": "A request for a fine-grained personal access token to access organization resources was denied.", "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "user_programmatic_access_request_id" @@ -4217,17 +6381,30 @@ "description": "A fine-grained personal access token was updated.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_programmatic_access_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "user_programmatic_access_name", "repository_selection", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4238,15 +6415,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4256,17 +6448,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user", - "user_id", "business", "business_id", - "action", - "_document_id", - "@timestamp", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4276,15 +6479,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "runner_group_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -4294,17 +6512,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4314,17 +6543,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4334,17 +6574,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -4354,17 +6605,28 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -4374,17 +6636,30 @@ "description": "A profile picture was updated.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", "fields": [ - "user", - "actor_id", - "user_id", "@timestamp", - "created_at", - "owner", - "action", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", + "created_at", + "owner", "operation_type" ], "docs_reference_titles": "Personalize your profile" @@ -4394,17 +6669,30 @@ "description": "A project board visibility was changed.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "operation_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "created_at", "user_id", - "action", - "request_id", - "_document_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4412,20 +6700,31 @@ "description": "A project board was closed.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", "fields": [ - "org_id", - "user_agent", - "request_id", - "operation_type", "@timestamp", - "created_at", - "repo_id", - "org", "_document_id", - "project_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", "project_kind" ], "docs_reference_titles": "Closing a project (classic)" @@ -4435,25 +6734,37 @@ "description": "A collaborator was added to a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "collaborator_type", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot", "public_project", "project_name", "project_role", - "old_project_role", - "request_access_security_header" + "old_project_role" ] }, { @@ -4461,20 +6772,32 @@ "description": "A collaborator was removed from a project.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "collaborator_type", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", + "collaborator_type", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4482,25 +6805,37 @@ "description": "A project collaborator's permission level was changed.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_project", "project_name", "collaborator_type", "project_role", "old_project_role", "project_id", - "user", - "user_id", "collaborator", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -4508,17 +6843,30 @@ "description": "A project board was created.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user", + "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", - "@timestamp", - "actor_id", - "action", - "created_at", - "actor" + "operation_type", + "created_at" ] }, { @@ -4526,17 +6874,30 @@ "description": "A project board was deleted.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", "action", - "actor_id", - "operation_type", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "created_at", - "_document_id", "user_agent", - "user" + "operation_type", + "created_at" ] }, { @@ -4544,18 +6905,30 @@ "description": "A field was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "org", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" }, @@ -4564,18 +6937,30 @@ "description": "A field was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" }, @@ -4584,19 +6969,30 @@ "description": "A repository was linked to a project board.", "docs_reference_links": "N/A", "fields": [ - "repo_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", - "created_at", - "org", - "repo" + "created_at" ] }, { @@ -4604,17 +7000,30 @@ "description": "A project board was reopened.", "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "project_id", - "_document_id", "user_agent", + "project_id", "operation_type", - "user", - "@timestamp", "created_at", "project_kind", "project_name" @@ -4626,22 +7035,31 @@ "description": "A project board was renamed.", "docs_reference_links": "N/A", "fields": [ - "action", - "created_at", - "request_id", - "actor_id", - "old_name", - "operation_type", "@timestamp", - "repo", "_document_id", - "user_agent", - "org_id", - "business_id", + "action", "actor", - "repo_id", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "business" + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" ] }, { @@ -4649,19 +7067,30 @@ "description": "A repository was unlinked from a project board.", "docs_reference_links": "N/A", "fields": [ - "repo", - "repo_id", - "operation_type", - "actor", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "org", - "org_id" + "operation_type", + "created_at" ] }, { @@ -4669,17 +7098,30 @@ "description": "The project's base-level permission for all organization members was changed or removed.", "docs_reference_links": "N/A", "fields": [ - "actor", - "org", "@timestamp", "_document_id", - "operation_type", - "created_at", - "request_id", - "actor_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", "org_id", - "user_agent" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4687,18 +7129,31 @@ "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "org_id", - "operation_type", - "org", - "actor_id", - "_document_id", - "request_id", - "team", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "created_at", + "operation_type", + "team" ] }, { @@ -4706,20 +7161,30 @@ "description": "A user was added to or removed from a project board or had their permission level changed.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user_id", - "operation_type", "@timestamp", - "actor_id", - "user", - "user_agent", + "_document_id", + "action", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", - "_document_id", "org_id", - "action", - "programmatic_access_type" + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -4727,38 +7192,62 @@ "description": "A view was created in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", - "request_access_security_header" - ], - "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" - }, + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, { "action": "project_view.delete", "description": "A view was deleted in a project board.", "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" }, @@ -4767,16 +7256,29 @@ "description": "A project's visibility was changed from public to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", @@ -4788,21 +7290,33 @@ "description": "A project's visibility was changed from private to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "project_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", "created_at", "operation_type", "project_kind", - "project_name", - "request_access_security_header" + "project_name" ] }, { @@ -4810,18 +7324,31 @@ "description": "Enforcement of the merge queue was modified for a branch.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "name", "merge_queue_enforcement_level", - "repo", - "repo_id", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -4832,23 +7359,34 @@ "description": "An SSH key was added to a user account or a deploy key was added to a repository.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", "fields": [ - "read_only", - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", "operation_type", "created_at", - "_document_id", "key", "fingerprint", - "actor", - "action", - "user", - "user_id", - "@timestamp", - "request_id", - "title", - "token_scopes", - "programmatic_access_type" + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" }, @@ -4857,24 +7395,35 @@ "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", "fields": [ - "fingerprint", - "user_agent", - "read_only", - "explanation", - "repo", "@timestamp", - "action", - "key", - "operation_type", "_document_id", + "action", "actor", - "title", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "created_at", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" }, @@ -4883,20 +7432,34 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "title", "key", "fingerprint", "read_only", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "token_scopes" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4905,21 +7468,34 @@ "description": "A user account's SSH key or a repository's deploy key was unverified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "created_at", - "operation_type", + "@timestamp", "_document_id", - "title", - "request_id", - "key", "action", "actor", - "read_only", - "explanation", - "repo_id", - "@timestamp", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", "fingerprint" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" @@ -4929,22 +7505,34 @@ "description": "A user account's SSH key or a repository's deploy key was updated.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "user_agent", - "key", - "fingerprint", - "read_only", - "repo_id", - "operation_type", - "created_at", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "action", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "title", - "@timestamp", - "programmatic_access_type" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "read_only", + "operation_type", + "created_at", + "title" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4953,25 +7541,35 @@ "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "repo_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "fingerprint", - "@timestamp", - "request_id", - "actor_id", "oauth_application_id", "title", - "action", - "user_agent", "created_at", - "repo", "read_only", - "operation_type", - "_document_id", - "user", - "user_id", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -4980,23 +7578,34 @@ "description": "A user account's SSH key or a repository's deploy key was verified.", "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", "fields": [ - "operation_type", - "user", "@timestamp", "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", "key", "fingerprint", - "actor_id", - "actor", "title", - "user_agent", - "user_id", - "request_id", - "read_only", - "token_scopes", - "programmatic_access_type" + "read_only" ], "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" }, @@ -5005,22 +7614,32 @@ "description": "The visibility of a repository changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", "fields": [ - "repo_id", - "user", - "request_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", "user_agent", - "actor", - "action", - "repo", + "operation_type", + "created_at", "visibility", - "_document_id", - "previous_visibility", - "programmatic_access_type" + "previous_visibility" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" }, @@ -5029,21 +7648,30 @@ "description": "GitHub Actions was enabled for a repository.", "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "created_at", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "_document_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" }, @@ -5052,25 +7680,32 @@ "description": "A collaborator was added to a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", "fields": [ - "visibility", - "repo", - "created_at", - "user_agent", - "operation_type", "@timestamp", "_document_id", + "action", "actor", "actor_id", - "repo_id", - "user", - "request_id", - "action", - "user_id", - "oauth_application_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" ], "docs_reference_titles": "Inviting collaborators to a personal repository" }, @@ -5079,23 +7714,31 @@ "description": "A topic was added to a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", "fields": [ + "@timestamp", + "_document_id", "action", - "user_agent", "actor", - "repo", - "repo_id", - "user", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "topic", - "@timestamp", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "topic", "created_at", - "operation_type", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" }, @@ -5104,24 +7747,31 @@ "description": "GitHub Advanced Security was disabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" }, @@ -5130,23 +7780,31 @@ "description": "GitHub Advanced Security was enabled for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "business", - "business_id", - "action", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" @@ -5156,22 +7814,31 @@ "description": "A repository was archived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ - "repo_id", - "user_agent", - "user_id", - "created_at", "@timestamp", - "repo", - "user", - "operation_type", - "visibility", + "_document_id", "action", - "actor_id", "actor", - "_document_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -5180,19 +7847,32 @@ "description": "Pull request merge options were changed for a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", - "oauth_application_id", - "user_agent", - "request_id", - "created_at", "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type", - "action", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -5201,24 +7881,34 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", "tool", - "category", - "request_access_security_header" + "category" ], "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, @@ -5227,23 +7917,32 @@ "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "tool", "branch", "category", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -5254,17 +7953,30 @@ "description": "The interaction limit for collaborators only was disabled.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "repo", - "operation_type", - "@timestamp", - "request_id" + "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5273,15 +7985,28 @@ "description": "The interaction limit for prior contributors only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "repo", "@timestamp", - "request_id", - "actor", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -5292,16 +8017,29 @@ "description": "The interaction limit for existing users only was disabled in a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "_document_id", - "@timestamp", "created_at", - "actor_id", - "repo", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5311,17 +8049,30 @@ "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "oauth_application_id", - "created_at", - "action", - "request_id", - "repo_id", - "repo", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", "operation_type" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" @@ -5331,19 +8082,30 @@ "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "user_agent", - "request_id", - "operation_type", - "created_at", - "actor", - "org", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "org_id", - "@timestamp", - "_document_id" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, @@ -5352,45 +8114,64 @@ "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", "fields": [ - "actor", - "operation_type", - "created_at", - "user_agent", - "request_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "@timestamp", - "_document_id" - ], - "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" }, { "action": "repo.configure_self_hosted_jit_runner", "description": "A new just-in-time GitHub Actions self-hosted runner was configured", "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", "fields": [ - "user_agent", - "request_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "oauth_application_id", - "token_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" }, @@ -5399,30 +8180,35 @@ "description": "A repository was created.", "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "user_id", - "visibility", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "action", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", "request_category", - "@timestamp", "created_at", - "_document_id", - "actor", - "user_agent", - "org", "oauth_application_id", - "org_id", "request_method", - "business", - "business_id", "public_repo", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" @@ -5432,20 +8218,31 @@ "description": "A GitHub Actions secret was created for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5454,25 +8251,33 @@ "description": "A GitHub Actions variable was created for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5481,23 +8286,34 @@ "description": "A Codespaces or Dependabot secret was created for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -5505,25 +8321,34 @@ "description": "A repository was deleted.", "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", "fields": [ - "repo", + "@timestamp", "_document_id", - "user_agent", - "user_id", - "actor", "action", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "request_category", - "actor_id", "visibility", - "request_id", "created_at", - "@timestamp", "request_method", "oauth_application_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" @@ -5533,23 +8358,33 @@ "description": "A GitHub Pages custom domain was modified in a repository.", "docs_reference_links": "N/A", "fields": [ - "actor", "@timestamp", - "visibility", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "user", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor_id", - "cname", - "user_agent", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "visibility", + "cname", "created_at", - "_document_id", - "action", "operation_type", - "old_cname", - "programmatic_access_type" + "old_cname" ] }, { @@ -5557,21 +8392,31 @@ "description": "A GitHub Pages site was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", "user_id", - "visibility", - "action", "user_agent", + "visibility", "operation_type", - "repo_id", - "created_at", - "@timestamp", - "request_id", - "actor", - "repo", - "programmatic_access_type" + "created_at" ] }, { @@ -5579,21 +8424,31 @@ "description": "A GitHub Pages site was deleted.", "docs_reference_links": "N/A", "fields": [ - "created_at", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", - "repo", + "user_id", "user_agent", - "_document_id", - "actor_id", - "@timestamp", - "actor", + "created_at", "visibility", - "operation_type", - "repo_id", - "programmatic_access_type" + "operation_type" ] }, { @@ -5601,22 +8456,31 @@ "description": "HTTPS redirects were disabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "_document_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", "visibility", - "user_id", - "request_id", - "repo", - "@timestamp", "operation_type", - "action", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -5624,21 +8488,31 @@ "description": "HTTPS redirects were enabled for a GitHub Pages site.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "user_id", - "created_at", - "visibility", + "_document_id", + "action", "actor", "actor_id", - "user", - "operation_type", - "repo_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "_document_id", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" ] }, { @@ -5646,20 +8520,31 @@ "description": "A GitHub Pages site visibility was changed to private.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -5667,22 +8552,31 @@ "description": "A GitHub Pages site visibility was changed to public.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" ] }, { @@ -5690,18 +8584,32 @@ "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", "docs_reference_links": "N/A", "fields": [ - "visibility", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5709,22 +8617,32 @@ "description": "A GitHub Pages site that was previously soft-deleted was restored.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -5732,21 +8650,31 @@ "description": "A GitHub Pages source was modified.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor_id", - "operation_type", - "user_agent", - "actor", "@timestamp", - "repo_id", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "visibility", - "repo", - "created_at", - "action", - "programmatic_access_type" + "created_at" ] }, { @@ -5754,42 +8682,63 @@ "description": "A new self-hosted runner was registered.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", "fields": [ - "actor_id", - "repo", - "operation_type", - "action", "@timestamp", - "actor", - "user_agent", - "created_at", "_document_id", - "request_id", - "repo_id", - "request_access_security_header" - ], - "docs_reference_titles": "Adding self-hosted runners" - }, - { - "action": "repo.remove_actions_secret", - "description": "A GitHub Actions secret was deleted for a repository.", - "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", - "fields": [ - "user_agent", - "request_id", + "action", "actor", "actor_id", - "key", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "repo.remove_actions_secret", + "description": "A GitHub Actions secret was deleted for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -5798,24 +8747,32 @@ "description": "A GitHub Actions variable was deleted for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "key", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -5824,23 +8781,33 @@ "description": "A Codespaces or Dependabot secret was deleted for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "key", - "integration", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -5848,26 +8815,31 @@ "description": "A collaborator was removed from a repository.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", "fields": [ - "request_id", - "user", - "business", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "actor", - "created_at", + "programmatic_access_type", + "repo", "repo_id", - "user_agent", - "business_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "created_at", "operation_type", - "@timestamp", - "_document_id", - "visibility", - "repo", - "token_scopes", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "Removing a collaborator from a personal repository" }, @@ -5876,21 +8848,30 @@ "description": "A self-hosted runner was removed.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", "fields": [ - "request_id", - "actor_id", - "repo_id", "@timestamp", "_document_id", - "repo", - "org_id", "action", - "operation_type", - "user_agent", "actor", - "created_at", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Removing self-hosted runners" }, @@ -5899,25 +8880,31 @@ "description": "A topic was removed from a repository.", "docs_reference_links": "N/A", "fields": [ - "user", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "topic", "operation_type", - "user_id", - "org", - "org_id", - "actor", - "business", - "request_id", - "repo", - "@timestamp", - "created_at", - "_document_id", - "actor_id", - "business_id", - "programmatic_access_type" + "created_at" ] }, { @@ -5925,22 +8912,32 @@ "description": "A repository was renamed.", "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", "fields": [ - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", + "action", "actor", - "old_name", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", + "old_name", "created_at", - "user", - "action", "operation_type", - "visibility", - "repo_id", - "_document_id", - "programmatic_access_type" + "visibility" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" }, @@ -5949,42 +8946,61 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "repo", - "action", + "@timestamp", "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "request_id", - "repo_id", - "@timestamp", - "created_at", - "actor", - "user_id" - ] + "operation_type", + "created_at" + ] }, { "action": "repo.set_actions_cache_retention_policy", "description": "The cache retention policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -5996,22 +9012,30 @@ "description": "The cache storage policy for GitHub Actions was set for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "request_access_security_header", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "public_repo", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "actor_is_bot" @@ -6023,23 +9047,32 @@ "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", "created_at", "operation_type", - "business", - "business_id", "public_repo" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" @@ -6049,20 +9082,31 @@ "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ], @@ -6073,21 +9117,32 @@ "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "limit", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "limit", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" }, @@ -6096,22 +9151,32 @@ "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" }, @@ -6120,21 +9185,32 @@ "description": "Triggered when the policy for workflows on private repository forks is changed.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "policy", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", + "policy", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" }, @@ -6143,22 +9219,32 @@ "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "public_repo", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "visibility", + "public_repo", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" }, @@ -6169,16 +9255,27 @@ "fields": [ "@timestamp", "_document_id", - "user_agent", - "actor_id", - "created_at", - "actor", - "repo_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "request_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", "operation_type" ] }, @@ -6187,22 +9284,31 @@ "description": "Temporary access was enabled for a repository.", "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ], "docs_reference_titles": "Accessing user-owned repositories in your enterprise" }, @@ -6212,22 +9318,33 @@ "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", "fields": [ "@timestamp", - "user_id", "_document_id", - "request_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", - "owner", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "owner", "old_user", - "action", "operation_type", "created_at", - "user_agent", - "repo", "visibility", - "repo_was", - "actor" + "repo_was" ], "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" }, @@ -6236,23 +9353,33 @@ "description": "A repository was transferred to another repository network.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "new_nwo", "visibility", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "public_repo", - "request_access_security_header" + "public_repo" ] }, { @@ -6262,19 +9389,29 @@ "fields": [ "@timestamp", "_document_id", - "operation_type", - "user_id", - "request_id", - "user", "action", - "user_agent", - "created_at", "actor", - "visibility", - "repo_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "request_access_security_header" + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" ] }, { @@ -6282,21 +9419,31 @@ "description": "A repository was unarchived.", "docs_reference_links": "/repositories/archiving-a-github-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", - "request_id", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "operation_type", - "created_at", - "_document_id", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "visibility", - "user_agent", "user_id", - "action", - "programmatic_access_type" + "user_agent", + "operation_type", + "created_at", + "visibility" ], "docs_reference_titles": "/repositories/archiving-a-github-repository" }, @@ -6305,24 +9452,33 @@ "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "visibility", "policy", "old_policy", - "repo", - "repo_id", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id" + "operation_type" ] }, { @@ -6330,25 +9486,32 @@ "description": "A GitHub Actions secret was updated for a repository.", "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", "fields": [ - "user_agent", - "request_id", - "actor", - "actor_id", - "oauth_application_id", - "key", - "repo", - "repo_id", - "org", - "org_id", - "action", - "operation_type", "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" ], "docs_reference_titles": "Using secrets in GitHub Actions" }, @@ -6357,24 +9520,34 @@ "description": "A repository administrator changed GitHub Actions policy settings for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", - "repo", - "repo_id", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", "new_policy", "old_policy", "updated_access_policy", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6383,25 +9556,33 @@ "description": "A GitHub Actions variable was updated for a repository.", "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "business", - "business_id", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Store information in variables" }, @@ -6410,22 +9591,31 @@ "description": "The default branch for a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "visibility", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", + "visibility", "operation_type", - "@timestamp", "created_at", - "_document_id", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6434,26 +9624,34 @@ "description": "A Codespaces or Dependabot secret was updated for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "repo", - "repo_id", - "org", - "org_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -6461,31 +9659,38 @@ "description": "A user's permission to a repository was changed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "oauth_application_id", - "user", - "@timestamp", - "repo", "operation_type", - "request_id", - "org_id", - "actor_id", "visibility", "old_permission", - "org", - "user_id", "old_base_role", "old_repo_permission", "old_repo_base_role", "new_repo_base_role", "new_repo_permission", - "token_scopes", - "programmatic_access_type", "actor_is_bot" ] }, @@ -6494,21 +9699,31 @@ "description": "An image to represent a repository was uploaded.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "operation_type", - "created_at", - "actor_id", - "repo_id", + "@timestamp", + "_document_id", "action", - "request_id", "actor", - "content_type", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", - "_document_id", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at", + "content_type" ] }, { @@ -6516,21 +9731,31 @@ "description": "An image to represent a repository was deleted.", "docs_reference_links": "N/A", "fields": [ - "content_type", - "created_at", - "actor_id", - "user_id", - "operation_type", - "request_id", + "@timestamp", "_document_id", + "action", "actor", - "repo_id", - "user_agent", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action", - "@timestamp", - "request_access_security_header" + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" ] }, { @@ -6538,21 +9763,32 @@ "description": "An invitation to join a repository was accepted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "created_at", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "invitee", - "operation_type", - "actor", "repo_id", - "_document_id", - "action", - "user_agent", - "inviter", - "@timestamp", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" ] }, { @@ -6560,20 +9796,32 @@ "description": "An invitation to join a repository was canceled.", "docs_reference_links": "N/A", "fields": [ - "inviter", - "action", - "operation_type", + "@timestamp", "_document_id", - "repo_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "@timestamp", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "inviter", + "operation_type", "invitee", - "created_at", - "request_id", - "actor", - "actor_id", - "request_access_security_header" + "created_at" ] }, { @@ -6581,21 +9829,32 @@ "description": "An invitation to join a repository was sent.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp", - "invitee", - "action", - "request_id", - "inviter", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", - "created_at", - "user_agent", "repo_id", - "operation_type", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", "token_scopes", - "programmatic_access_type" + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" ] }, { @@ -6603,51 +9862,72 @@ "description": "An invitation to join a repository was declined.", "docs_reference_links": "N/A", "fields": [ - "repo", + "@timestamp", "_document_id", - "actor", - "invitee", "action", - "@timestamp", - "request_id", - "actor_id", - "operation_type", - "created_at", - "inviter", - "user_agent", - "repo_id" - ] - }, - { - "action": "repository_ruleset.create", - "description": "A repository ruleset was created.", - "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", - "fields": [ "actor", "actor_id", - "user_agent", - "request_id", - "name", - "repo", - "repo_id", - "public_repo", + "business", + "business_id", + "hashed_token", "org", "org_id", - "action", - "_document_id", - "@timestamp", - "created_at", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", "operation_type", + "created_at", + "inviter" + ] + }, + { + "action": "repository_ruleset.create", + "description": "A repository ruleset was created.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", "business", "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", "ruleset_id", "ruleset_name", "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", "ruleset_conditions", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" }, @@ -6656,19 +9936,30 @@ "description": "A repository ruleset was deleted.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", "ruleset_id", @@ -6676,8 +9967,7 @@ "ruleset_enforcement", "ruleset_source_type", "ruleset_rules", - "ruleset_bypass_actors", - "request_access_security_header" + "ruleset_bypass_actors" ], "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" }, @@ -6686,23 +9976,32 @@ "description": "A repository ruleset was edited.", "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "old_name", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "business", - "business_id", "ruleset_id", "ruleset_name", "ruleset_enforcement", @@ -6727,18 +10026,30 @@ "description": "A security key was registered for an account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "created_at", - "user_id", - "action", - "operation_type", - "request_id", "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -6746,18 +10057,30 @@ "description": "A security key was removed from an account.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "operation_type", - "_document_id", - "user_agent", "@timestamp", - "request_id", - "actor_id", + "_document_id", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -6765,14 +10088,28 @@ "description": "A user linked a social identity to their account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "request_access_security_header", - "user_id", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6782,14 +10119,28 @@ "description": "A user unlinked a social identity from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", - "action", - "_document_id", - "@timestamp", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", "operation_type" ] @@ -6799,15 +10150,28 @@ "description": "A user unlinked all social identities from their account.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type" ] @@ -6817,16 +10181,29 @@ "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6836,18 +10213,31 @@ "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" }, @@ -6856,16 +10246,29 @@ "description": "The fiscal host for a GitHub Sponsors listing was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", "org", "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -6876,15 +10279,28 @@ "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", "fields": [ "@timestamp", - "action", - "created_at", "_document_id", - "request_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", "repository", "repository_id", - "actor", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor_id", + "created_at", "operation_type" ], "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" @@ -6894,15 +10310,30 @@ "description": "A sponsorship was canceled.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "operation_type", + "@timestamp", "_document_id", - "created_at", - "actor", - "user", "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Downgrading a sponsorship" }, @@ -6911,17 +10342,30 @@ "description": "A sponsorship was created, by sponsoring an account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "actor", - "user_id", - "action", "@timestamp", - "user_agent", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6930,17 +10374,31 @@ "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", "fields": [ - "active", - "user", - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" }, @@ -6949,16 +10407,29 @@ "description": "The option to receive email updates from a sponsored account was changed.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", "fields": [ - "actor_id", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "created_at", + "token_id", + "token_scopes", "user", - "_document_id", + "user_id", "user_agent", - "actor", + "created_at", "operation_type" ], "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" @@ -6968,14 +10439,29 @@ "description": "A sponsorship was upgraded or downgraded.", "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", "fields": [ - "user_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "_document_id", "created_at" ], "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" @@ -6985,17 +10471,30 @@ "description": "A GitHub Sponsors account was approved.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "request_id", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "actor_id", - "_document_id" + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7004,17 +10503,30 @@ "description": "A GitHub Sponsors account was created.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_id", - "operation_type", - "request_id", - "actor_id", "@timestamp", "_document_id", - "user", "action", - "created_at", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor" + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7023,18 +10535,31 @@ "description": "A GitHub Sponsors account was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "actor", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7043,15 +10568,29 @@ "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", "fields": [ "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "operation_type", - "created_at", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "actor", - "action", - "_document_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" }, @@ -7061,16 +10600,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", - "request_id", - "user", - "action", - "user_agent", - "operation_type", "_document_id", + "action", "actor", "actor_id", - "user_id" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7078,15 +10630,28 @@ "description": "An application for GitHub Sponsors was submitted for approval.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "user_agent", - "user", "@timestamp", - "actor_id", - "user_id", - "request_id", "_document_id", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", "created_at" ], @@ -7097,16 +10662,29 @@ "description": "The description for a sponsorship tier was changed.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", "fields": [ - "operation_type", - "request_id", - "actor", - "user_id", - "action", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", + "operation_type", "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" @@ -7116,17 +10694,30 @@ "description": "Triggered when you send an email update to your sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", "fields": [ - "request_id", - "actor", - "action", - "user_agent", - "operation_type", + "@timestamp", "_document_id", - "created_at", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" }, @@ -7135,17 +10726,30 @@ "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7156,17 +10760,30 @@ "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "patreon_email", - "patreon_username", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "patreon_email", + "patreon_username", "created_at", "operation_type" ], @@ -7177,18 +10794,29 @@ "description": "A GitHub Sponsors tier changed access for a repository.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "repo", - "repo_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7198,16 +10826,29 @@ "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7217,17 +10858,30 @@ "description": "You join the waitlist to join GitHub Sponsors.", "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", - "user_id", - "user_agent", "actor_id", - "action", - "operation_type", - "created_at", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id" + "user_id", + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" }, @@ -7236,16 +10890,29 @@ "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "sponsors_listing_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -7255,23 +10922,33 @@ "description": "A parent issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7279,23 +10956,33 @@ "description": "A parent issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7303,23 +10990,33 @@ "description": "A sub-issue was added to an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7327,23 +11024,33 @@ "description": "A sub-issue was removed from an issue.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "title", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -7351,15 +11058,30 @@ "description": "Triggered when you accept a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7368,15 +11090,30 @@ "description": "Triggered when you cancel a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7385,15 +11122,30 @@ "description": "Triggered when you create a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7402,32 +11154,62 @@ "description": "Triggered when you decline a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", - "operation_type", - "@timestamp", - "created_at", - "_document_id" - ], - "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" - }, - { - "action": "successor_invitation.destroy", - "description": "N/A", - "docs_reference_links": "N/A", - "fields": [ - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7435,15 +11217,30 @@ "description": "Triggered when you revoke a succession invitation.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "action", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" }, @@ -7452,17 +11249,30 @@ "description": "A new trusted device was added.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7470,17 +11280,30 @@ "description": "A trusted device was removed.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -7488,14 +11311,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "action", - "request_id", - "user_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -7504,15 +11342,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "created_at", - "user_id", - "operation_type", - "user", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action" + "created_at", + "operation_type" ] }, { @@ -7520,13 +11373,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "_document_id", - "created_at", - "user_id", - "operation_type", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "action" + "user_id", + "user_agent", + "created_at", + "operation_type" ] }, { @@ -7534,17 +11404,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", "user_agent", - "operation_type", - "action", - "_document_id" + "created_at", + "operation_type" ] }, { @@ -7552,17 +11435,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_id", - "actor", - "action", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", "operation_type", - "user", - "created_at", - "request_id", - "actor_id", - "_document_id" + "created_at" ] }, { @@ -7570,16 +11466,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user", - "operation_type", "@timestamp", - "user_agent", - "request_id", - "created_at", - "user_id", - "action", "_document_id", - "request_access_security_header" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7587,15 +11497,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "user_id", - "action", "@timestamp", - "created_at", - "user_agent", - "user", "_document_id", - "request_id" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7603,18 +11528,30 @@ "description": "A secondary authentication factor was added to a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7623,18 +11560,30 @@ "description": "Two-factor authentication was disabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", "fields": [ - "actor", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor_id", + "user_agent", "created_at", - "operation_type", - "request_id", - "@timestamp", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Disabling two-factor authentication for your personal account" }, @@ -7643,18 +11592,30 @@ "description": "Two-factor authentication was enabled for a user account.", "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ - "actor", - "operation_type", - "user_agent", + "@timestamp", + "_document_id", "action", - "created_at", + "actor", "actor_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ], "docs_reference_titles": "Configuring two-factor authentication" }, @@ -7663,15 +11624,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user", - "user_id", - "action", "@timestamp", - "request_id", "_document_id", - "user_agent" + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7679,16 +11655,29 @@ "description": "Two factor recovery codes were regenerated for a user account.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "operation_type", + "@timestamp", "_document_id", - "user_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "actor_id", - "@timestamp", + "operation_type", "created_at" ] }, @@ -7697,18 +11686,30 @@ "description": "A secondary authentication factor was removed from a user account.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" }, @@ -7717,15 +11718,30 @@ "description": "A one-time password code was sent to a user account fallback phone number.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "operation_type", - "user_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", - "created_at", - "_document_id", - "action", - "@timestamp" + "operation_type", + "created_at" ] }, { @@ -7734,16 +11750,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "created_at", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "operation_type", "user_agent", - "action", - "request_id", - "actor", - "actor_id" + "created_at", + "operation_type" ] }, { @@ -7751,19 +11780,31 @@ "description": "An email address was added to a user account.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", "fields": [ + "@timestamp", + "_document_id", "action", - "request_id", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", "user_agent", "operation_type", - "_document_id", - "actor_id", - "actor", "email", - "@timestamp", - "created_at", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "Adding an email address to your GitHub account" }, @@ -7772,18 +11813,30 @@ "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", "docs_reference_links": "N/A", "fields": [ - "actor", - "user_id", - "created_at", - "user", "@timestamp", "_document_id", - "request_id", + "action", + "actor", "actor_id", - "operation_type", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "action", - "request_access_security_header" + "created_at", + "operation_type" ] }, { @@ -7791,15 +11844,28 @@ "description": "Audit log entries were exported.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user", - "action", - "request_id", - "actor", "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "operation_type", "created_at" ] @@ -7809,20 +11875,31 @@ "description": "A user was blocked by another user.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", "action", "actor", - "user_id", - "_document_id", "actor_id", - "@timestamp", - "user_agent", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "created_at", - "programmatic_access_type", - "request_access_security_header" + "created_at" ] }, { @@ -7830,18 +11907,30 @@ "description": "A user changed their password.", "docs_reference_links": "N/A", "fields": [ - "request_id", "@timestamp", - "user_agent", - "actor_id", - "operation_type", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "created_at", - "_document_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7849,18 +11938,30 @@ "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id", - "programmatic_access_type" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7869,17 +11970,30 @@ "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ], "docs_reference_titles": "Managing access to other repositories within your codespace" }, @@ -7888,19 +12002,31 @@ "description": "A new user account was created.", "docs_reference_links": "N/A", "fields": [ - "email", - "user_id", - "operation_type", "@timestamp", - "request_id", - "user", - "created_at", "_document_id", - "user_agent", + "action", "actor", "actor_id", - "action", - "programmatic_access_type" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" ] }, { @@ -7908,21 +12034,33 @@ "description": "A user secret for Codespaces was created.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -7930,39 +12068,62 @@ "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", "docs_reference_links": "N/A", "fields": [ - "user", - "created_at", - "user_agent", + "@timestamp", "_document_id", - "operation_type", - "oauth_application_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "user_id", - "@timestamp", + "token_id", "token_scopes", - "programmatic_access_type" - ] - }, - { + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { "action": "user.delete", "description": "A user account was destroyed by an asynchronous job.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "user_agent", + "@timestamp", + "_document_id", "action", - "request_id", - "user_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "_document_id", - "request_access_security_header" + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -7971,19 +12132,30 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "oauth_application_id", + "_document_id", "action", - "user", - "created_at", - "user_agent", - "request_id", "actor", "actor_id", - "operation_type", - "_document_id", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" ] }, { @@ -7991,18 +12163,30 @@ "description": "A user deleted his or her account, triggering user.async_delete.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "_document_id", - "created_at", - "user_agent", "user_id", - "operation_type", - "actor_id", - "action", - "@timestamp", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8010,18 +12194,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "user_agent", "user_id", - "actor_id", - "action", - "operation_type", - "request_access_security_header" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8029,18 +12225,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "operation_type", - "created_at", - "_document_id", - "@timestamp", - "user", - "actor_id", - "action", - "request_access_security_header" + "created_at" ] }, { @@ -8049,17 +12257,29 @@ "docs_reference_links": "N/A", "fields": [ "@timestamp", - "user", "_document_id", "action", - "operation_type", - "user_agent", - "created_at", - "request_id", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8067,17 +12287,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8085,17 +12318,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8103,17 +12349,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8121,21 +12380,31 @@ "description": "An enterprise managed user claimed an email address.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", - "created_at", - "operation_type", "business", "business_id", - "actor_is_bot", - "request_access_security_header" + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" ] }, { @@ -8143,21 +12412,31 @@ "description": "N/A", "docs_reference_links": "An enterprise managed user unclaimed an email address.", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", "operation_type", - "business", - "business_id", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ], "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." }, @@ -8166,17 +12445,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8184,17 +12476,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8202,17 +12507,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", + "user_agent", "operation_type", - "@timestamp", - "created_at", - "_document_id" + "created_at" ] }, { @@ -8220,18 +12538,30 @@ "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "action", - "operation_type", - "request_id", - "created_at", - "_document_id", "@timestamp", - "user", - "org_id", + "_document_id", + "action", "actor", "actor_id", - "user_agent" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8239,17 +12569,31 @@ "description": "A user requested a password reset.", "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", "fields": [ - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "email", - "created_at", - "user_id", - "request_access_security_header" + "created_at" ], "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" }, @@ -8258,17 +12602,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "action", - "created_at", - "user_agent", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "actor", - "operation_type", - "request_id" + "user_agent", + "created_at", + "operation_type" ] }, { @@ -8276,18 +12633,30 @@ "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8296,19 +12665,31 @@ "description": "A user signed in.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user_id", - "actor_id", "@timestamp", - "user", - "action", - "operation_type", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", "created_at", - "actor", - "passkey_nickname", - "request_access_security_header" + "passkey_nickname" ] }, { @@ -8316,18 +12697,30 @@ "description": "A user signed out.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8335,18 +12728,30 @@ "description": "A user signed in from a new device.", "docs_reference_links": "N/A", "fields": [ - "user", - "user_id", - "actor", - "operation_type", - "created_at", - "user_agent", - "actor_id", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8354,21 +12759,31 @@ "description": "An ordinary user account was promoted to a site administrator.", "docs_reference_links": "N/A", "fields": [ - "user_id", + "@timestamp", + "_document_id", "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "@timestamp", - "created_at", + "user_id", "user_agent", + "created_at", "oauth_application_id", - "request_id", - "operation_type", - "_document_id", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8376,16 +12791,29 @@ "description": "A user's account was restored.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "user", - "action", - "actor_id", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "actor", "operation_type" ] }, @@ -8394,20 +12822,31 @@ "description": "An email address was removed from a user account.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "action", "@timestamp", "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "actor", - "actor_id", "created_at", - "email", - "token_scopes", - "programmatic_access_type" + "email" ] }, { @@ -8415,20 +12854,32 @@ "description": "A user secret for Codespaces was deleted.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "key", - "integration", + "token_id", + "token_scopes", "user", "user_id", - "action", - "_document_id", - "@timestamp", + "user_agent", + "key", + "integration", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8436,20 +12887,31 @@ "description": "A username was changed.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "request_id", - "actor_id", - "old_login", - "created_at", + "@timestamp", "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "@timestamp", - "operation_type", "user_agent", - "token_scopes", - "programmatic_access_type" + "old_login", + "created_at", + "operation_type" ] }, { @@ -8457,18 +12919,30 @@ "description": "A user reset their account password.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", - "user", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", "user_id", + "user_agent", "created_at", - "@timestamp", - "_document_id", - "actor", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8476,16 +12950,29 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "created_at", - "request_id", - "user_id", - "action", "@timestamp", "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", + "user_id", "user_agent", + "created_at", "operation_type" ] }, @@ -8496,16 +12983,28 @@ "fields": [ "@timestamp", "_document_id", - "request_id", - "user_id", "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "operation_type", + "user_id", "user_agent", - "actor_id", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ], "docs_reference_titles": "Manage visibility settings for private contributions" }, @@ -8514,18 +13013,30 @@ "description": "A user signed in from an unrecognized device.", "docs_reference_links": "N/A", "fields": [ - "request_id", - "action", + "@timestamp", "_document_id", - "user_agent", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", + "user_agent", "operation_type", - "created_at", - "actor", - "actor_id", - "@timestamp", - "request_access_security_header" + "created_at" ] }, { @@ -8533,18 +13044,30 @@ "description": "A user signed in from an unrecognized device and location.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "@timestamp", "user_agent", "created_at", - "_document_id", - "request_id", - "action", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8552,22 +13075,33 @@ "description": "Triggered when you clear the status on your profile.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "actor", + "user_agent", "message", - "user", - "actor_id", "created_at", - "request_id", "limited_availability", - "action", "emoji", - "operation_type", - "user_agent", - "@timestamp", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8575,23 +13109,33 @@ "description": "Triggered when you set or change the status on your profile.", "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", "fields": [ - "limited_availability", - "user", + "@timestamp", + "_document_id", "action", + "actor", "actor_id", - "message", - "user_id", - "created_at", - "_document_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "@timestamp", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", + "limited_availability", + "message", + "created_at", "emoji", - "org", - "actor", - "operation_type", - "token_scopes", - "programmatic_access_type" + "operation_type" ], "docs_reference_titles": "Personalize your profile" }, @@ -8600,21 +13144,31 @@ "description": "A user account was suspended.", "docs_reference_links": "N/A", "fields": [ - "oauth_application_id", - "operation_type", - "actor_id", - "user", - "user_agent", - "request_id", - "actor", - "created_at", - "_document_id", "@timestamp", - "user_id", + "_document_id", "action", - "token_scopes", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8622,18 +13176,30 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "request_id", - "user", - "actor_id", "@timestamp", - "operation_type", "_document_id", - "user_agent", - "actor", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "created_at", - "request_access_security_header" + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8641,18 +13207,30 @@ "description": "A 2FA challenge issued for a user account failed.", "docs_reference_links": "N/A", "fields": [ - "operation_type", - "created_at", - "_document_id", - "user_agent", - "user", - "actor_id", - "actor", - "user_id", "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "request_access_security_header" + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8662,16 +13240,28 @@ "fields": [ "@timestamp", "_document_id", - "user_id", - "operation_type", + "action", + "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", - "actor", + "user_id", "user_agent", - "request_id", - "action", - "created_at", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8679,18 +13269,30 @@ "description": "A user used their 2FA recovery codes.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", - "user_agent", - "request_id", - "user", + "@timestamp", + "_document_id", "action", "actor", "actor_id", - "created_at", - "@timestamp", - "_document_id", - "request_access_security_header" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8698,18 +13300,30 @@ "description": "A user downloaded 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user_id", - "operation_type", + "@timestamp", + "_document_id", + "action", + "actor", "actor_id", - "user", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "action", - "@timestamp", - "created_at", + "token_id", + "token_scopes", + "user", + "user_id", "user_agent", - "actor", - "_document_id", - "request_access_security_header" + "operation_type", + "created_at" ] }, { @@ -8717,17 +13331,30 @@ "description": "A user printed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "user", - "action", - "operation_type", - "user_agent", - "request_id", - "user_id", - "created_at", + "@timestamp", "_document_id", + "action", "actor", "actor_id", - "@timestamp" + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" ] }, { @@ -8735,18 +13362,30 @@ "description": "A user viewed 2FA recovery codes for their account.", "docs_reference_links": "N/A", "fields": [ - "actor_id", - "user_agent", + "@timestamp", + "_document_id", + "action", "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", "user_id", - "action", + "user_agent", "created_at", - "user", - "operation_type", - "@timestamp", - "request_id", - "_document_id", - "request_access_security_header" + "operation_type" ] }, { @@ -8754,17 +13393,30 @@ "description": "A user was prompted for a two-factor authentication code.", "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", "fields": [ - "user", - "actor_id", + "@timestamp", + "_document_id", "action", - "user_agent", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "created_at", - "_document_id", + "token_id", + "token_scopes", + "user", "user_id", - "operation_type", - "@timestamp", - "actor" + "user_agent", + "created_at", + "operation_type" ], "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" }, @@ -8773,19 +13425,31 @@ "description": "A user was unblocked by another user.", "docs_reference_links": "N/A", "fields": [ - "actor_id", + "@timestamp", + "_document_id", "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", - "_document_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "blocked_user", "operation_type", - "actor", - "@timestamp", - "user_agent", - "user_id", - "user", - "created_at", - "request_access_security_header" + "created_at" ] }, { @@ -8793,21 +13457,31 @@ "description": "A user account was unsuspended.", "docs_reference_links": "N/A", "fields": [ - "request_id", + "@timestamp", "_document_id", - "user", "action", - "user_agent", "actor", - "oauth_application_id", - "operation_type", "actor_id", - "created_at", - "@timestamp", - "user_id", - "token_scopes", + "business", + "business_id", + "hashed_token", + "org", + "org_id", "programmatic_access_type", - "request_access_security_header" + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" ] }, { @@ -8815,21 +13489,33 @@ "description": "A user secret for Codespaces was updated.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "key", "visibility", "integration", - "user", - "user_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8837,46 +13523,64 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", "user", "user_id", - "action", - "operation_type", - "@timestamp", - "_document_id", - "request_access_security_header" - ] - }, - { - "action": "workflows.approve_workflow_job", - "description": "A workflow job was approved.", - "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", - "fields": [ "user_agent", - "request_id", - "actor", - "actor_id", "workflow_run_id", "run_number", - "user", - "user_id", - "repo", - "repo_id", - "business", - "business_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "token_scopes", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -8885,23 +13589,33 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_run_id", "run_number", - "repo", - "repo_id", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", - "operation_type", - "request_access_security_header" + "operation_type" ] }, { @@ -8909,23 +13623,31 @@ "description": "N/A", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", - "token_id", - "hashed_token", - "programmatic_access_type", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "public_repo", - "org", - "org_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type" ] @@ -8935,23 +13657,35 @@ "description": "A workflow run was deleted.", "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "operation_type", - "@timestamp", "created_at", - "_document_id", "workflow_run_id", "started_at", "head_branch", "head_sha", - "trigger_id", - "programmatic_access_type" + "trigger_id" ], "docs_reference_titles": "Deleting a workflow run" }, @@ -8960,22 +13694,33 @@ "description": "A workflow was disabled.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", "public_repo", - "programmatic_access_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -8983,21 +13728,32 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "workflow_id", - "action", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ] }, { @@ -9005,25 +13761,33 @@ "description": "A workflow was pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] }, { @@ -9031,24 +13795,33 @@ "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", "fields": [ - "user_agent", - "request_id", + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "workflow_run_id", - "run_number", - "user", - "user_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", - "action", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", "operation_type", - "@timestamp", "created_at", - "_document_id", - "public_repo", - "programmatic_access_type", - "request_access_security_header" + "public_repo" ], "docs_reference_titles": "Reviewing deployments" }, @@ -9057,25 +13830,33 @@ "description": "A workflow was unpinned after previously being pinned.", "docs_reference_links": "N/A", "fields": [ + "@timestamp", + "_document_id", + "action", "actor", "actor_id", - "user_agent", - "request_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", "repo", "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", "public_repo", "workflow_id", - "org", - "org_id", - "business", - "business_id", - "action", - "_document_id", - "@timestamp", "created_at", "operation_type", - "actor_is_bot", - "request_access_security_header" + "actor_is_bot" ] } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.20/enterprise.json b/src/audit-logs/data/ghes-3.20/enterprise.json new file mode 100644 index 000000000000..1bdd61afc71d --- /dev/null +++ b/src/audit-logs/data/ghes-3.20/enterprise.json @@ -0,0 +1,28720 @@ +[ + { + "action": "account.billing_date_change", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "account.plan_change", + "description": "The account's plan changed.", + "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "How GitHub billing works" + }, + { + "action": "account_recovery_token.confirm", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "account_recovery_token.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "account_recovery_token.recover", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "actions_cache.delete", + "description": "A GitHub Actions cache was deleted using the REST API.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "actions_cache_id", + "actions_cache_key", + "actions_cache_version", + "actions_cache_scope", + "created_at", + "operation_type" + ] + }, + { + "action": "api.request", + "description": "An API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.", + "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#enabling-audit-log-streaming-of-api-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", + "query_string", + "request_body", + "status_code", + "url_path", + "public_repo", + "created_at", + "operation_type", + "route", + "rate_limit_remaining", + "actor_is_bot" + ], + "docs_reference_titles": "Streaming the audit log for your enterprise" + }, + { + "action": "artifact.destroy", + "description": "A workflow run artifact was manually deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "audit_log_streaming.check", + "description": "A manual check of the endpoint configured for audit log streaming was performed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_result", + "created_at", + "operation_type", + "audit_log_stream_sink_details" + ] + }, + { + "action": "audit_log_streaming.create", + "description": "An endpoint was added for audit log streaming.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_sink", + "created_at", + "operation_type", + "audit_log_stream_id" + ] + }, + { + "action": "audit_log_streaming.destroy", + "description": "An audit log streaming endpoint was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "audit_log_stream_id", + "audit_log_stream_sink_details" + ] + }, + { + "action": "audit_log_streaming.update", + "description": "An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "audit_log_stream_enabled", + "audit_log_stream_sink", + "created_at", + "operation_type", + "new_s3_bucket", + "old_s3_bucket", + "secrets_updated", + "new_s3_arn_role", + "old_s3_arn_role", + "new_azure_blob_container", + "old_azure_blob_container", + "new_event_hub_instance", + "old_event_hub_instance", + "new_splunk_domain", + "old_splunk_domain", + "ssl_verify", + "old_gc_bucket" + ] + }, + { + "action": "billing.budget_create", + "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "pricing_target_type", + "pricing_target_id", + "budget_limit_type", + "alert_recipient_user_ids", + "exclude_cost_center_usage" + ] + }, + { + "action": "billing.budget_delete", + "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "uuid", + "status", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "billing.budget_update", + "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "old_target_amount", + "old_budget_limit_type", + "old_alert_enabled", + "old_target_id", + "old_pricing_target_type", + "old_pricing_target_id" + ] + }, + { + "action": "billing.change_billing_type", + "description": "The way the account pays for GitHub was changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing.change_email", + "description": "The billing email address changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "email" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing_customer.azure_subscription_linked", + "description": "Azure subscription has been linked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing_customer.azure_subscription_unlinked", + "description": "Azure subscription has been unlinked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing.lock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "billing.overage_policy_updated", + "description": "The premium request paid usage policy for your GitHub account was changed.", + "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage" + }, + { + "action": "billing.unlock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "billing.update_bill_cycle_day", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business.add_admin", + "description": "An enterprise owner was added to an enterprise.", + "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Inviting people to manage your enterprise" + }, + { + "action": "business.add_organization", + "description": "An organization was added to an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at", + "organization_upgrade" + ] + }, + { + "action": "business_advanced_security.disabled", + "description": "GitHub Advanced Security was disabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.disabled_for_new_repos", + "description": "GitHub Advanced Security was disabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.disabled_for_new_user_namespace_repos", + "description": "GitHub Advanced Security was disabled for new user namespace repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.enabled", + "description": "GitHub Advanced Security was enabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.enabled_for_new_repos", + "description": "GitHub Advanced Security was enabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.enabled_for_new_user_namespace_repos", + "description": "GitHub Advanced Security was enabled for new user namespace repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business.advanced_security_policy_update", + "description": "An enterprise owner created, updated, or removed a policy for GitHub Advanced Security.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "business.advanced_security_repo_admin_enablement_policy_update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "business_advanced_security.user_namespace_repos_disabled", + "description": "GitHub Advanced Security was disabled for user namespace repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_advanced_security.user_namespace_repos_enabled", + "description": "GitHub Advanced Security was enabled for user namespace repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business.clear_actions_settings", + "description": "An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.clear_default_repository_permission", + "description": "An enterprise owner cleared the base repository permission policy setting for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "business.clear_members_can_create_repos", + "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "business.code_scanning_autofix_policy_update", + "description": "The policy for Code scanning autofix was updated for an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.code_scanning_autofix_third_party_tools_policy_update", + "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.", + "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" + }, + { + "action": "business.code_security_enablement_policy_update", + "description": "The policy for Code Security enablement was updated for an enterprise.", + "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/getting-started/github-security-features#available-with-github-code-security" + }, + { + "action": "business.create", + "description": "An enterprise was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business_dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for new repositories in your enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business_dependabot_alerts_new_repos.enable", + "description": "Dependabot alerts were enabled for new repositories in your enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business.dependabot_alerts_repo_admin_enablement_policy_update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "business.disable_open_scim", + "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business.disable_source_ip_disclosure", + "description": "Display of IP addresses within audit log events for the enterprise was disabled.", + "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Displaying IP addresses in the audit log for your enterprise" + }, + { + "action": "business.disable_two_factor_requirement", + "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" + ] + }, + { + "action": "business.enable_open_scim", + "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business.enable_source_ip_disclosure", + "description": "Display of IP addresses within audit log events for the enterprise was enabled.", + "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Displaying IP addresses in the audit log for your enterprise" + }, + { + "action": "business.enable_two_factor_requirement", + "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" + ] + }, + { + "action": "business.members_can_update_protected_branches.clear", + "description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "operation_type" + ] + }, + { + "action": "business.members_can_update_protected_branches.disable", + "description": "The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business.members_can_update_protected_branches.enable", + "description": "The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business.remove_admin", + "description": "An enterprise owner was removed from an enterprise.", + "docs_reference_links": "/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "name" + ], + "docs_reference_titles": "Inviting people to manage your enterprise" + }, + { + "action": "business.remove_organization", + "description": "An organization was removed from an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "name" + ] + }, + { + "action": "business.rename_slug", + "description": "The slug for the enterprise URL was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ] + }, + { + "action": "business.revoke_sso_session", + "description": "The SAML single sign-on session for a member in an enterprise was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at" + ] + }, + { + "action": "business_secret_scanning_automatic_validity_checks.disabled", + "description": "Automatic partner validation checks have been disabled at the business level", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_automatic_validity_checks.enabled", + "description": "Automatic partner validation checks have been enabled at the business level", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_custom_pattern.create", + "description": "An enterprise-level custom pattern was created for secret scanning.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "business_secret_scanning_custom_pattern.delete", + "description": "An enterprise-level custom pattern was removed from secret scanning.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business_secret_scanning_custom_pattern.publish", + "description": "An enterprise-level custom pattern was published for secret scanning.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business_secret_scanning_custom_pattern_push_protection.disabled", + "description": "Push protection for a custom pattern for secret scanning was disabled for your enterprise.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "business_secret_scanning_custom_pattern_push_protection.enabled", + "description": "Push protection for a custom pattern for secret scanning was enabled for your enterprise.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "business_secret_scanning_custom_pattern.update", + "description": "Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business_secret_scanning.disable", + "description": "Secret scanning was disabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning.disabled_for_new_repos", + "description": "Secret scanning was disabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning.enable", + "description": "Secret scanning was enabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning.enabled_for_new_repos", + "description": "Secret scanning was enabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "business_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "business_secret_scanning_push_protection_custom_message.disable", + "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection_custom_message.enable", + "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection_custom_message.update", + "description": "The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection.disable", + "description": "Push protection for secret scanning was disabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection.disabled_for_new_repos", + "description": "Push protection for secret scanning was disabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection.enable", + "description": "Push protection for secret scanning was enabled for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection.enabled_for_new_repos", + "description": "Push protection for secret scanning was enabled for new repositories in your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed", + "description": "The push protection setting was updated for a secret type for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "push_protection_setting", + "secret_type", + "secret_type_display_name", + "created_at" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business_secret_scanning_push_protection_pattern_configuration.updated", + "description": "The push protection pattern configuration was updated for your enterprise.", + "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at" + ], + "docs_reference_titles": "Managing GitHub Advanced Security features for your enterprise" + }, + { + "action": "business.secret_scanning_repo_admin_settings_policy_update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "new_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "business.security_center_export_code_scanning_metrics", + "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_coverage", + "description": "A CSV export was requested on the \"Coverage\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_overview_dashboard", + "description": "A CSV export was requested on the \"Overview Dashboard\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_risk", + "description": "A CSV export was requested on the \"Risk\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_fork_pr_approvals_policy", + "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_fork_pr_workflows_policy", + "description": "The policy for fork pull request workflows was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.sso_response", + "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "name", + "created_at", + "operation_type" + ] + }, + { + "action": "business.update_actions_settings", + "description": "An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "updated_github_owned_allowed", + "updated_verified_allowed", + "updated_patterns", + "new_policy", + "old_policy", + "updated_access_policy" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.update_default_repository_permission", + "description": "The base repository permission setting was updated for all organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-base-repository-permissions", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "permission", + "created_at", + "name", + "old_permission" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "business.update_member_repository_creation_permission", + "description": "The repository creation setting was updated for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "operation_type", + "permission", + "visibility" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "business.update_member_repository_invitation_permission", + "description": "The policy setting for enterprise members inviting outside collaborators to repositories was updated.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-inviting-outside-collaborators-to-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "permission", + "name" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "checks.auto_trigger_disabled", + "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.auto_trigger_enabled", + "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.delete_logs", + "description": "Logs in a check suite were deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "Existing code scanning alerts appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "Code scanning alerts were fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_became_outdated", + "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_numbers", + "commit_oid", + "ref" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "Code scanning alerts were manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "alert_numbers", + "dismissal_approver_id" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_approved", + "description": "Dismissal of code scanning alerts was approved.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_denied", + "description": "Dismissal of code scanning alerts was denied.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_requested", + "description": "Dismissal of code scanning alerts was requested.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "Code scanning alerts were seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "Code scanning alerts that were previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "Code scanning alerts that were previously dismissed were reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "origin_repository", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.connect", + "description": "Credentials for a codespace were refreshed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ] + }, + { + "action": "codespaces.create", + "description": "A codespace was created", + "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ], + "docs_reference_titles": "Creating a codespace for a repository" + }, + { + "action": "codespaces.destroy", + "description": "A user deleted a codespace.", + "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Deleting a codespace" + }, + { + "action": "codespaces.export_environment", + "description": "A codespace was exported to a branch on GitHub.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "codespaces.restore", + "description": "A codespace was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.start_environment", + "description": "A codespace was started.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.suspend_environment", + "description": "A codespace was stopped.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "codespaces.trusted_repositories_access_update", + "description": "A personal account's access and security setting for Codespaces were updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "copilot.cfb_seat_added", + "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_created", + "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", + "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "What is GitHub Copilot?" + }, + { + "action": "copilot.cfb_seat_assignment_refreshed", + "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", + "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_unassigned", + "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "seat_assignment" + ] + }, + { + "action": "copilot.cfb_seat_cancelled_by_staff", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_disabled", + "description": "Specific repositories were disabled from using Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enabled", + "description": "Specific repositories were enabled to use Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enablement_updated", + "description": "Copilot coding agent access was updated for the organization's or user's repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_access", + "old_access", + "owner_type", + "owner", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_property_definition.create", + "description": "A new custom property definition was created.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "definition_id" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_definition.destroy", + "description": "A custom property definition was deleted.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "definition_id", + "allowed_values" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_definition.update", + "description": "A custom property definition was updated.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "old_allowed_values", + "allowed_values", + "definition_id", + "old_required", + "old_default_value", + "old_value_type", + "old_values_editable_by", + "values_editable_by" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.create", + "description": "A repository's custom property value was manually set for the first time.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.destroy", + "description": "A repository's custom property value was deleted.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.update", + "description": "A repository's custom property value was updated.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "definition_id" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "dependabot_alerts.disable", + "description": "Dependabot alerts were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts.enable", + "description": "Dependabot alerts were enabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_alerts_new_repos.enable", + "description": "Dependabot alerts were enabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_repository_access.default_access_level_updated", + "description": "The default repository access for Dependabot was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "access_level", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "discussion_post.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "number", + "title", + "operation_type" + ] + }, + { + "action": "discussion_post_reply.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "number", + "created_at" + ] + }, + { + "action": "discussion_post_reply.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "number", + "team", + "created_at" + ] + }, + { + "action": "discussion_post.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", + "number" + ] + }, + { + "action": "enterprise_announcement.create", + "description": "A global announcement banner was created for the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "message", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise_announcement.destroy", + "description": "A global announcement banner was removed from the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise_announcement.update", + "description": "A global announcement banner was updated for the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "message", + "old_message", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-enterprise" + }, + { + "action": "enterprise_domain.approve", + "description": "A domain was approved for an enterprise.", + "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#approving-a-domain-for-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Verifying or approving a domain for your enterprise" + }, + { + "action": "enterprise_domain.create", + "description": "A domain was added to an enterprise.", + "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner_type", + "domain_name", + "owner", + "operation_type" + ], + "docs_reference_titles": "Verifying or approving a domain for your enterprise" + }, + { + "action": "enterprise_domain.destroy", + "description": "A domain was removed from an enterprise.", + "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#removing-an-approved-or-verified-domain", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner_type", + "domain_name", + "owner", + "operation_type" + ], + "docs_reference_titles": "Verifying or approving a domain for your enterprise" + }, + { + "action": "enterprise_domain.verify", + "description": "A domain was verified for an enterprise.", + "docs_reference_links": "/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#verifying-a-domain-for-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Verifying or approving a domain for your enterprise" + }, + { + "action": "enterprise.register_self_hosted_runner", + "description": "A new GitHub Actions self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "enterprise.remove_self_hosted_runner", + "description": "A GitHub Actions self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "enterprise_role.assign", + "description": "An enterprise role was assigned to a user or enterprise team.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Abilities of roles in an enterprise" + }, + { + "action": "enterprise_role.create", + "description": "A custom enterprise role was created in an enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Abilities of roles in an enterprise" + }, + { + "action": "enterprise_role.destroy", + "description": "A custom enterprise role was deleted in an enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Abilities of roles in an enterprise" + }, + { + "action": "enterprise_role.revoke", + "description": "A user or enterprise team was unassigned an enterprise role.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_role_id", + "enterprise_role_name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Abilities of roles in an enterprise" + }, + { + "action": "enterprise_role.update", + "description": "A custom enterprise role was edited in an enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "old_role_permissions", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Abilities of roles in an enterprise" + }, + { + "action": "enterprise.runner_group_created", + "description": "A GitHub Actions self-hosted runner group was created.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "enterprise.runner_group_removed", + "description": "A GitHub Actions self-hosted runner group was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "enterprise.runner_group_runner_removed", + "description": "The REST API was used to remove a GitHub Actions self-hosted runner from a group.", + "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "runner_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" + }, + { + "action": "enterprise.runner_group_runners_added", + "description": "A GitHub Actions self-hosted runner was added to a group.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "enterprise.runner_group_runners_updated", + "description": "A GitHub Actions runner group's list of members was updated.", + "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" + }, + { + "action": "enterprise.runner_group_updated", + "description": "The configuration of a GitHub Actions self-hosted runner group was changed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "runner_group_name", + "runner_group_allow_public", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "enterprise.self_hosted_runner_offline", + "description": "The GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "enterprise.self_hosted_runner_online", + "description": "The GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "enterprise.self_hosted_runner_updated", + "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "source_version", + "target_version", + "runner_group_id", + "runner_group_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Self-hosted runners" + }, + { + "action": "enterprise_team.add_member", + "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type" + ] + }, + { + "action": "enterprise_team.copilot_assignment", + "description": "A license for GitHub Copilot was assigned to an enterprise team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "enterprise_team.copilot_unassignment", + "description": "A license for GitHub Copilot was unassigned from an enterprise team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "enterprise_team.create", + "description": "A new enterprise team was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type" + ] + }, + { + "action": "enterprise_team.destroy", + "description": "An enterprise team was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "enterprise_team.remove_member", + "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type" + ] + }, + { + "action": "enterprise_team.rename", + "description": "The name of an enterprise team was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "enterprise_team_id", + "enterprise_team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "environment.add_protection_rule", + "description": "A GitHub Actions deployment protection rule was created via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "environment.create_actions_secret", + "description": "A secret was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create_actions_variable", + "description": "A variable was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.delete", + "description": "An environment was deleted.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_secret", + "description": "A secret was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_variable", + "description": "A variable was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.remove_protection_rule", + "description": "A GitHub Actions deployment protection rule was deleted via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_secret", + "description": "A secret was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_variable", + "description": "A variable was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.update_protection_rule", + "description": "A GitHub Actions deployment protection rule was updated via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_value", + "approvers_was", + "approvers", + "can_admins_bypass", + "prevent_self_review" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "external_group.add_member", + "description": "A user was added to an external group.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "external_group", + "external_group_id", + "created_at", + "operation_type", + "scim_group_id" + ] + }, + { + "action": "external_group.delete", + "description": "An external group was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" + ] + }, + { + "action": "external_group.link", + "description": "An external group was linked to a GitHub team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "external_group_id", + "operation_type", + "created_at", + "external_group", + "scim_group_id" + ] + }, + { + "action": "external_group.provision", + "description": "An external group was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "external_group.remove_member", + "description": "A user was removed from an external group.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "external_group", + "external_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "external_group.scim_api_failure", + "description": "Failed external group SCIM API request.", + "docs_reference_links": "/rest/scim/scim", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", + "query_string", + "api_request_body", + "route", + "status_code", + "url_path", + "scim_group_id", + "message", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "REST API endpoints for SCIM" + }, + { + "action": "external_group.scim_api_success", + "description": "Successful external group SCIM API request. Excludes GET API requests.", + "docs_reference_links": "/rest/scim/scim", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", + "query_string", + "api_request_body", + "route", + "status_code", + "url_path", + "scim_group_id", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "REST API endpoints for SCIM" + }, + { + "action": "external_group.unlink", + "description": "An external group was unlinked to a GitHub team.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "external_group_id", + "operation_type", + "created_at", + "external_group" + ] + }, + { + "action": "external_group.update", + "description": "An external group was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "scim_group_id" + ] + }, + { + "action": "external_group.update_display_name", + "description": "An external group's display name was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "external_group_id", + "external_group", + "created_at", + "operation_type", + "scim_group_id" + ] + }, + { + "action": "external_identity.deprovision", + "description": "An external identity was deprovisioned, suspending the linked GitHub user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "external_identity.provision", + "description": "An external identity was created and linked to a GitHub user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "scim_user_id" + ] + }, + { + "action": "external_identity.scim_api_failure", + "description": "Failed external identity SCIM API request.", + "docs_reference_links": "/rest/scim/scim", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", + "query_string", + "api_request_body", + "route", + "status_code", + "url_path", + "scim_user_id", + "message", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "REST API endpoints for SCIM" + }, + { + "action": "external_identity.scim_api_success", + "description": "Successful external identity SCIM API request. Excludes GET API requests.", + "docs_reference_links": "/rest/scim/scim", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "request_method", + "query_string", + "api_request_body", + "route", + "status_code", + "url_path", + "scim_user_id", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "REST API endpoints for SCIM" + }, + { + "action": "external_identity.update", + "description": "An external identity was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "scim_user_id" + ] + }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "gist_id", + "created_at", + "operation_type", + "visibility" + ] + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "gist_id", + "visibility", + "created_at", + "operation_type" + ] + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" + ] + }, + { + "action": "git.clone", + "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "git.fetch", + "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "git.push", + "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "git_signing_ssh_public_key.create", + "description": "An SSH key was added to a user account as a Git commit signing key.", + "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "git_signing_ssh_public_key.delete", + "description": "An SSH key was removed from a user account as a Git commit signing key.", + "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "explanation", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "github_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "github_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "github_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "hook.active_changed", + "description": "A hook's active status was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "events", + "active", + "active_was", + "hook_id", + "operation_type" + ] + }, + { + "action": "hook.config_changed", + "description": "A hook's configuration was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" + ] + }, + { + "action": "hook.create", + "description": "A new hook was added.", + "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "hook_id", + "events", + "operation_type", + "name", + "created_at" + ], + "docs_reference_titles": "About webhooks" + }, + { + "action": "hook.destroy", + "description": "A hook was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", + "operation_type", + "oauth_application_id", + "hook_id" + ] + }, + { + "action": "hook.events_changed", + "description": "A hook's configured events were changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "operation_type", + "name", + "events_were", + "created_at", + "hook_id", + "oauth_application_id" + ] + }, + { + "action": "integration.create", + "description": "A GitHub App was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "integration", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.destroy", + "description": "A GitHub App was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.generate_client_secret", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration_installation.create", + "description": "A GitHub App was installed.", + "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "repository_selection", + "created_at", + "integration", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" + }, + { + "action": "integration_installation.destroy", + "description": "A GitHub App was uninstalled.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "repository_selection", + "integration", + "operation_type", + "name", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.repositories_added", + "description": "Repositories were added to a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "repository_selection", + "name", + "integration", + "operation_type", + "repositories_added", + "created_at", + "repositories_added_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation.repositories_removed", + "description": "Repositories were removed from a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "repository_selection", + "repositories_removed", + "integration", + "created_at", + "name", + "repositories_removed_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation_request.close", + "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", + "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", + "integration", + "reason", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" + }, + { + "action": "integration_installation_request.create", + "description": "A member requested that an owner install a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "requester", + "created_at", + "url", + "operation_type", + "integration", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" + }, + { + "action": "integration_installation.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.version_updated", + "description": "Permissions for a GitHub App were updated.", + "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "integration", + "name", + "operation_type", + "created_at", + "repository_selection", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" + }, + { + "action": "integration.manager_added", + "description": "A member of an enterprise or organization was added as a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" + }, + { + "action": "integration.manager_removed", + "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "integration", + "name", + "created_at", + "manager" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" + }, + { + "action": "integration.remove_client_secret", + "description": "A client secret for a GitHub App was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.revoke_all_tokens", + "description": "All user tokens for a GitHub App were requested to be revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.revoke_tokens", + "description": "Token(s) for a GitHub App were revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "integration.transfer", + "description": "Ownership of a GitHub App was transferred to another user or organization.", + "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "transfer_to_id", + "requester", + "requester_id", + "created_at", + "transfer_to", + "operation_type", + "integration", + "transfer_from", + "transfer_from_id", + "transfer_from_type", + "transfer_to_type" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app" + }, + { + "action": "integration.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "ip_allow_list.disable", + "description": "An IP allow list was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list.disable_for_installed_apps", + "description": "An IP allow list was disabled for installed GitHub Apps.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.disable_user_level_enforcement", + "description": "IP allow list user level enforcement was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable", + "description": "An IP allow list was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list.enable_for_installed_apps", + "description": "An IP allow list was enabled for installed GitHub Apps.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable_user_level_enforcement", + "description": "IP allow list user level enforcement was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" + ] + }, + { + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "ip_allow_list_entry", + "active" + ] + }, + { + "action": "issue_dependencies.blocked_by_add", + "description": "An issue was marked as blocked by another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocked_by_remove", + "description": "The blocked by relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "issue_dependencies.blocking_add", + "description": "An issue was marked as blocking another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocking_remove", + "description": "The blocking relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "marketplace_agreement_signature.create", + "description": "The GitHub Marketplace Developer Agreement was signed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.approve", + "description": "A listing was approved for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "primary_category", + "operation_type", + "created_at", + "marketplace_listing", + "integration" + ] + }, + { + "action": "marketplace_listing.change_category", + "description": "A category for a listing for an app in GitHub Marketplace was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", + "secondary_category", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.create", + "description": "A listing for an app in GitHub Marketplace was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "created_at", + "oauth_application", + "marketplace_listing", + "secondary_category", + "oauth_application_id", + "operation_type" + ] + }, + { + "action": "marketplace_listing.delist", + "description": "A listing was removed from GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "secondary_category", + "operation_type", + "marketplace_listing", + "primary_category", + "integration" + ] + }, + { + "action": "marketplace_listing_plan.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "marketplace_listing", + "has_free_trial", + "yearly_price_in_cents", + "description", + "bullets", + "monthly_price_in_cents", + "marketplace_listing_plan" + ] + }, + { + "action": "marketplace_listing_plan.publish", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", + "marketplace_listing", + "description", + "bullets", + "has_free_trial", + "created_at", + "operation_type", + "monthly_price_in_cents", + "yearly_price_in_cents" + ] + }, + { + "action": "marketplace_listing_plan.retire", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", + "description", + "yearly_price_in_cents", + "created_at", + "bullets", + "has_free_trial", + "marketplace_listing", + "monthly_price_in_cents", + "operation_type" + ] + }, + { + "action": "marketplace_listing_plan.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", + "description", + "bullets", + "yearly_price_in_cents", + "has_free_trial", + "marketplace_listing_plan", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.redraft", + "description": "A listing was sent back to draft state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", + "operation_type", + "oauth_application", + "created_at", + "marketplace_listing", + "primary_category" + ] + }, + { + "action": "marketplace_listing.reject", + "description": "A listing was not accepted for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "secondary_category", + "marketplace_listing", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "merge_queue.pull_request_dequeued", + "description": "A pull request was removed from a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.pull_request_queue_jump", + "description": "A pull request was moved ahead in a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.queue_cleared", + "description": "A merge queue was cleared.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.update_settings", + "description": "The settings for a merge queue were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "max_entries_to_build", + "min_entries_to_merge", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "metered_billing_configuration.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "migration.create", + "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "oauth_access.create", + "description": "An OAuth access token was generated.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" + }, + { + "action": "oauth_access.destroy", + "description": "An OAuth access token was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "oauth_access.regenerate", + "description": "An OAuth access token was regenerated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_name" + ] + }, + { + "action": "oauth_access.revoke", + "description": "An OAuth access token was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "oauth_access.update", + "description": "An OAuth access token was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "oauth_application.create", + "description": "An OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.destroy", + "description": "An OAuth application was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.generate_client_secret", + "description": "An OAuth application's secret key was generated.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.remove_client_secret", + "description": "An OAuth application's secret key was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.reset_secret", + "description": "The secret key for an OAuth application was reset.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "operation_type", + "created_at", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_all_tokens", + "description": "All user tokens for an OAuth application were requested to be revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_tokens", + "description": "Token(s) for an OAuth application were revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.suspend", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "oauth_application_id", + "created_at", + "oauth_application" + ] + }, + { + "action": "oauth_application.transfer", + "description": "An OAuth application was transferred from one account to another.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.unsuspend", + "description": "An OAuth application was unsuspended for a user or organization account.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "oauth_application_id", + "oauth_application", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_authorization.create", + "description": "An authorization for an OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "oauth_authorization.destroy", + "description": "An authorization for an OAuth application was deleted.", + "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "Reviewing and revoking authorization of GitHub Apps" + }, + { + "action": "oauth_authorization.update", + "description": "An authorization for an OAuth application was updated.", + "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "org.accept_business_invitation", + "description": "An invitation sent to an organization to join an enterprise was accepted.", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.add_billing_manager", + "description": "A billing manager was added to an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" + }, + { + "action": "org.add_member", + "description": "A user joined an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "org.add_outside_collaborator", + "description": "An outside collaborator was added to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "public_repo", + "permission", + "invitee", + "created_at", + "operation_type" + ] + }, + { + "action": "org.add_security_manager", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.advanced_security_disabled_for_new_repos", + "description": "GitHub Advanced Security was disabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_disabled_on_all_repos", + "description": "GitHub Advanced Security was disabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_for_new_repos", + "description": "GitHub Advanced Security was enabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_on_all_repos", + "description": "GitHub Advanced Security was enabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_entity_policy_update", + "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.advanced_security_policy_selected_member_disabled", + "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.advanced_security_policy_selected_member_enabled", + "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.async_delete", + "description": "A user initiated a background job to delete an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.billing_signup_error", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.block_user", + "description": "An organization owner blocked a user from accessing the organization's repositories.", + "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" + }, + { + "action": "org.cancel_business_invitation", + "description": "An invitation for an organization to join an enterprise was revoked", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "initiated_from" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.cancel_invitation", + "description": "An invitation sent to a user to join an organization was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "invitation_id", + "created_at", + "invitee_email" + ] + }, + { + "action": "org.clear_custom_invitation_rate_limit", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.codeql_disabled", + "description": "Code scanning using the default setup was disabled for an organization.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning at scale" + }, + { + "action": "org.codeql_enabled", + "description": "Code scanning using the default setup was enabled for an organization.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning at scale" + }, + { + "action": "org.config.disable_collaborators_only", + "description": "The interaction limit for collaborators only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.disable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_collaborators_only", + "description": "The interaction limit for collaborators only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_contributors_only", + "description": "The interaction limit for prior contributors only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" + }, + { + "action": "org.confirm_business_invitation", + "description": "An invitation for an organization to join an enterprise was confirmed.", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.create", + "description": "An organization was created.", + "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" + }, + { + "action": "org.delete", + "description": "An organization was deleted by a user or staff.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.disable_member_team_creation_permission", + "description": "Team creation was limited to owners.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" + }, + { + "action": "org.disable_reader_discussion_creation_permission", + "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" + }, + { + "action": "org.disable_saml", + "description": "SAML single sign-on was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "issuer", + "created_at", + "operation_type" + ] + }, + { + "action": "org.disable_two_factor_requirement", + "description": "A two-factor authentication requirement was disabled for the organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.display_commenter_full_name_disabled", + "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.display_commenter_full_name_enabled", + "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.enable_member_team_creation_permission", + "description": "Team creation by members was allowed.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" + }, + { + "action": "org.enable_reader_discussion_creation_permission", + "description": "An organization owner allowed users with read access to create discussions in an organization", + "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" + }, + { + "action": "org.enable_saml", + "description": "SAML single sign-on was enabled for the organization.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "sso_url", + "created_at", + "issuer" + ], + "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" + }, + { + "action": "org.enable_two_factor_requirement", + "description": "Two-factor authentication is now required for the organization.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" + }, + { + "action": "org.integration_manager_added", + "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", + "created_at" + ] + }, + { + "action": "org.integration_manager_removed", + "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", + "created_at" + ] + }, + { + "action": "org.invite_member", + "description": "A new user was invited to join an organization.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" + ], + "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" + }, + { + "action": "org.invite_to_business", + "description": "An organization was invited to join an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.members_can_update_protected_branches.disable", + "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.members_can_update_protected_branches.enable", + "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.rate_limited_invites", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.recreate", + "description": "An organization was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.register_self_hosted_runner", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "org.remove_billing_manager", + "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" + }, + { + "action": "org.remove_member", + "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_outside_collaborator", + "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_security_manager", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "org.rename", + "description": "An organization was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", + "operation_type", + "created_at" + ] + }, + { + "action": "org.restore_member", + "description": "An organization member was restored.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" + }, + { + "action": "org.runner_group_created", + "description": "A self-hosted runner group was created.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_removed", + "description": "A self-hosted runner group was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_runner_removed", + "description": "The REST API was used to remove a self-hosted runner from a group.", + "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "runner_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" + }, + { + "action": "org.runner_group_runners_added", + "description": "A self-hosted runner was added to a group.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_runners_updated", + "description": "A runner group's list of members was updated.", + "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" + }, + { + "action": "org.runner_group_updated", + "description": "The configuration of a self-hosted runner group was changed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "runner_group_name", + "runner_group_allow_public", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org_secret_scanning_automatic_validity_checks.disabled", + "description": "Automatic partner validation checks have been disabled at the organization level", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" + }, + { + "action": "org_secret_scanning_automatic_validity_checks.enabled", + "description": "Automatic partner validation checks have been enabled at the organization level", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" + }, + { + "action": "org_secret_scanning_custom_pattern.create", + "description": "A custom pattern was created for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.delete", + "description": "A custom pattern was removed from secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.publish", + "description": "A custom pattern was published for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org.secret_scanning_custom_pattern_push_protection_disabled", + "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org.secret_scanning_custom_pattern_push_protection_enabled", + "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.update", + "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "org_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_disabled", + "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_enabled", + "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_updated", + "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_disable", + "description": "Push protection for secret scanning was disabled.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_enable", + "description": "Push protection for secret scanning was enabled.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_new_repos_disable", + "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_new_repos_enable", + "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed", + "description": "The push protection setting was updated for a secret type for your organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "push_protection_setting", + "secret_type", + "secret_type_display_name", + "created_at" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_pattern_configuration.updated", + "description": "The push protection pattern configuration was updated for your organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.security_center_export_code_scanning_metrics", + "description": "A CSV export was requested on the CodeQL pull request alerts page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_coverage", + "description": "A CSV export was requested on the Coverage page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_overview_dashboard", + "description": "A CSV export was requested on the Overview Dashboard page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_risk", + "description": "A CSV export was requested on the Risk page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.self_hosted_runner_offline", + "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "org.self_hosted_runner_online", + "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "org.self_hosted_runner_updated", + "description": "The runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "source_version", + "target_version", + "runner_group_id", + "runner_group_name" + ], + "docs_reference_titles": "Self-hosted runners" + }, + { + "action": "org.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" + }, + { + "action": "org.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" + }, + { + "action": "org.set_custom_invitation_rate_limit", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" + }, + { + "action": "org.set_fork_pr_workflows_policy", + "description": "The policy for workflows on private repository forks was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "org.sso_response", + "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "org.transform", + "description": "A user account was converted into an organization.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "owner" + ], + "docs_reference_titles": "Converting a user into an organization" + }, + { + "action": "org.unblock_user", + "description": "A user was unblocked from an organization.", + "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" + }, + { + "action": "org.update_actions_settings", + "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "new_policy", + "updated_allowed_types", + "old_policy", + "updated_access_policy" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" + }, + { + "action": "org.update_default_repository_permission", + "description": "The default repository permission level for organization members was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "permission", + "old_permission" + ] + }, + { + "action": "org.update_member", + "description": "A person's role was changed from owner to member or member to owner.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_permission", + "permission", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_creation_permission", + "description": "The create repository permission for organization members was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_invitation_permission", + "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Setting permissions for adding outside collaborators" + }, + { + "action": "org.update_saml_provider_settings", + "description": "An organization's SAML provider settings were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" + ] + }, + { + "action": "org.update_terms_of_service", + "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", + "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" + }, + { + "action": "organization_custom_property_definition.create", + "description": "A new organization custom property definition was created.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "description", + "value_type", + "required", + "allowed_values", + "default_value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_custom_property_definition.destroy", + "description": "An organization custom property definition was deleted.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "description", + "value_type", + "required", + "allowed_values", + "default_value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_custom_property_definition.update", + "description": "An organization custom property definition was updated.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "old_values_editable_by", + "values_editable_by", + "created_at", + "operation_type", + "actor_is_bot", + "old_allowed_values", + "old_default_value", + "old_required" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_custom_property_value.create", + "description": "An organization's custom property value was manually set for the first time.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_custom_property_value.destroy", + "description": "An organization's custom property value was deleted.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_domain.approve", + "description": "A domain was approved for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" + }, + { + "action": "organization_domain.create", + "description": "A domain was added to an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "domain_name", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" + }, + { + "action": "organization_domain.destroy", + "description": "A domain was removed from an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain" + }, + { + "action": "organization_domain.verify", + "description": "A domain was verified for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" + }, + { + "action": "packages.package_deleted", + "description": "An entire package was deleted.", + "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" + }, + { + "action": "packages.package_published", + "description": "A package was published or republished to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "ecosystem", + "version_count", + "is_republished", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "packages.package_version_deleted", + "description": "A specific package version was deleted.", + "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "version", + "operation_type", + "created_at", + "ecosystem", + "actor_is_bot" + ], + "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" + }, + { + "action": "packages.package_version_published", + "description": "A specific package version was published or republished to a package.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ecosystem", + "package", + "version", + "is_republished", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "pages_protected_domain.create", + "description": "A GitHub Pages verified domain was created for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.delete", + "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.verify", + "description": "A GitHub Pages domain was verified for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "passkey.register", + "description": "A new passkey was added.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "nickname", + "created_at", + "operation_type" + ] + }, + { + "action": "passkey.remove", + "description": "A new passkey was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "nickname", + "created_at", + "operation_type" + ] + }, + { + "action": "payment_method.create", + "description": "A new payment method was added, such as a new credit card or PayPal account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "payment_method.remove", + "description": "A payment method was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "payment_method.update", + "description": "An existing payment method was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "personal_access_token.access_granted", + "description": "A fine-grained personal access token was granted access to resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.access_restriction_reset", + "description": "The configured restriction for access to resources via personal access tokens was reset and delegated to organizations.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.access_revoked", + "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.auto_approve_grant_requests_reset", + "description": "Triggered when the enterprise delegates to the organizations when to require approval for fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.create", + "description": "Triggered when you create a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.credential_regenerated", + "description": "Triggered when you regenerate a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.credential_revoked", + "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", + "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users" + }, + { + "action": "personal_access_token.destroy", + "description": "Triggered when you delete a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "explanation", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "token_expiration", + "old_token_expiration", + "exempt_administrators", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.request_cancelled", + "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ] + }, + { + "action": "personal_access_token.request_created", + "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.request_denied", + "description": "A request for a fine-grained personal access token to access organization resources was denied.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.update", + "description": "A fine-grained personal access token was updated.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens" + }, + { + "action": "premium_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "profile_picture.update", + "description": "A profile picture was updated.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", + "operation_type" + ], + "docs_reference_titles": "Personalize your profile" + }, + { + "action": "project.access", + "description": "A project board visibility was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.close", + "description": "A project board was closed.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", + "project_kind" + ], + "docs_reference_titles": "Closing a project (classic)" + }, + { + "action": "project_collaborator.add", + "description": "A collaborator was added to a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type", + "actor_is_bot", + "public_project", + "project_name", + "project_role", + "old_project_role" + ] + }, + { + "action": "project_collaborator.remove", + "description": "A collaborator was removed from a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project_collaborator.update", + "description": "A project collaborator's permission level was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_project", + "project_name", + "collaborator_type", + "project_role", + "old_project_role", + "project_id", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project.create", + "description": "A project board was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.delete", + "description": "A project board was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_field.create", + "description": "A field was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" + }, + { + "action": "project_field.delete", + "description": "A field was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" + }, + { + "action": "project.link", + "description": "A repository was linked to a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.open", + "description": "A project board was reopened.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "operation_type", + "created_at", + "project_kind", + "project_name" + ], + "docs_reference_titles": "Reopening a closed project (classic)" + }, + { + "action": "project.rename", + "description": "A project board was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" + ] + }, + { + "action": "project.unlink", + "description": "A repository was unlinked from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_org_permission", + "description": "The project's base-level permission for all organization members was changed or removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_team_permission", + "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" + ] + }, + { + "action": "project.update_user_permission", + "description": "A user was added to or removed from a project board or had their permission level changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_view.create", + "description": "A view was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project_view.delete", + "description": "A view was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project.visibility_private", + "description": "A project's visibility was changed from public to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "project.visibility_public", + "description": "A project's visibility was changed from private to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "protected_branch.authorized_users_teams", + "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "oauth_application_id" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" + }, + { + "action": "protected_branch.branch_allowances", + "description": "A protected branch allowance was given to a specific user, team or integration.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "authorized_actors", + "policy", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "protected_branch.create", + "description": "Branch protection was enabled on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at", + "authorized_actor_names", + "required_deployments_enforcement_level", + "merge_queue_enforcement_level", + "create_protected" + ] + }, + { + "action": "protected_branch.destroy", + "description": "Branch protection was disabled on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_deployments_enforcement_level", + "merge_queue_enforcement_level", + "create_protected" + ] + }, + { + "action": "protected_branch.dismiss_stale_reviews", + "description": "Enforcement of dismissing stale pull requests was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.dismissal_restricted_users_teams", + "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "authorized_actors_only", + "authorized_actors", + "created_at", + "name", + "operation_type" + ] + }, + { + "action": "protected_branch.policy_override", + "description": "A branch protection requirement was overridden by a repository administrator.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "reasons", + "before", + "after", + "operation_type", + "branch", + "overridden_codes", + "referrer", + "deploy_key_fingerprint", + "compliant_pull_request_ids", + "rule_suite_id" + ] + }, + { + "action": "protected_branch.rejected_ref_update", + "description": "A branch update attempt was rejected.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "branch", + "before", + "overridden_codes", + "after", + "reasons", + "deploy_key_fingerprint", + "compliant_pull_request_ids", + "actor_is_bot", + "rule_suite_id" + ] + }, + { + "action": "protected_branch.update_admin_enforced", + "description": "Branch protection was enforced for repository administrators.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" + ] + }, + { + "action": "protected_branch.update_allow_deletions_enforcement_level", + "description": "Branch deletion was enabled or disabled for a protected branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" + ] + }, + { + "action": "protected_branch.update_allow_force_pushes_enforcement_level", + "description": "Force pushes were enabled or disabled for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" + ] + }, + { + "action": "protected_branch.update_ignore_approvals_from_contributors", + "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "ignore_approvals_from_contributors", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "protected_branch.update_linear_history_requirement_enforcement_level", + "description": "Required linear commit history was enabled or disabled for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", + "name", + "created_at" + ] + }, + { + "action": "protected_branch.update_lock_allows_fetch_and_merge", + "description": "Fork syncing was enabled or disabled for a read-only branch", + "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "lock_allows_fetch_and_merge", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" + }, + { + "action": "protected_branch.update_lock_branch_enforcement_level", + "description": "The enforcement of a branch lock was updated.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "enforcement_level", + "lock_branch_enforcement_level", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" + }, + { + "action": "protected_branch.update_merge_queue_enforcement_level", + "description": "Enforcement of the merge queue was modified for a branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "merge_queue_enforcement_level", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue" + }, + { + "action": "protected_branch.update_name", + "description": "A branch name pattern was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "protected_branch.update_pull_request_reviews_enforcement_level", + "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" + ] + }, + { + "action": "protected_branch.update_require_code_owner_review", + "description": "Enforcement of required code owner review was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.update_require_last_push_approval", + "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "require_last_push_approval", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" + }, + { + "action": "protected_branch.update_required_approving_review_count", + "description": "Enforcement of the required number of approvals before merging was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", + "created_at", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.update_required_status_checks_enforcement_level", + "description": "Enforcement of required status checks was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" + ] + }, + { + "action": "protected_branch.update_signature_requirement_enforcement_level", + "description": "Enforcement of required commit signing was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" + ] + }, + { + "action": "protected_branch.update_strict_required_status_checks_policy", + "description": "Enforcement of required status checks was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "operation_type", + "strict_required_status_checks_policy" + ] + }, + { + "action": "public_key.create", + "description": "An SSH key was added to a user account or a deploy key was added to a repository.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", + "operation_type", + "created_at", + "key", + "fingerprint", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" + }, + { + "action": "public_key.delete", + "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" + }, + { + "action": "public_key.unverification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "read_only", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.unverify", + "description": "A user account's SSH key or a repository's deploy key was unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", + "fingerprint" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.update", + "description": "A user account's SSH key or a repository's deploy key was updated.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "read_only", + "operation_type", + "created_at", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "oauth_application_id", + "title", + "created_at", + "read_only", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verify", + "description": "A user account's SSH key or a repository's deploy key was verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "key", + "fingerprint", + "title", + "read_only" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "pull_request.close", + "description": "A pull request was closed without being merged.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" + }, + { + "action": "pull_request.converted_to_draft", + "description": "A pull request was converted to a draft.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" + }, + { + "action": "pull_request.create", + "description": "A pull request was created.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request" + }, + { + "action": "pull_request.create_review_request", + "description": "A review was requested on a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "reviewer_type", + "reviewer", + "reviewer_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request.in_progress", + "description": "A pull request was marked as in progress.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at" + ] + }, + { + "action": "pull_request.indirect_merge", + "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request.merge", + "description": "A pull request was merged.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" + }, + { + "action": "pull_request.ready_for_review", + "description": "A pull request was marked as ready for review.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" + }, + { + "action": "pull_request.rebase", + "description": "A pull request was rebased.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "pull_request_url", + "pull_request_title", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "pull_request.remove_review_request", + "description": "A review request was removed from a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "reviewer_type", + "reviewer", + "reviewer_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request.reopen", + "description": "A pull request was reopened after previously being closed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request_review_comment.create", + "description": "A review comment was added to a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "comment_id", + "operation_type", + "created_at", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request_review_comment.delete", + "description": "A review comment on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" + ] + }, + { + "action": "pull_request_review_comment.update", + "description": "A review comment on a pull request was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" + ] + }, + { + "action": "pull_request_review.delete", + "description": "A review on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request_review.dismiss", + "description": "A review on a pull request was dismissed.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" + }, + { + "action": "pull_request_review.submit", + "description": "A review on a pull request was submitted.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" + }, + { + "action": "repo.access", + "description": "The visibility of a repository changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility", + "previous_visibility" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" + }, + { + "action": "repo.actions_enabled", + "description": "GitHub Actions was enabled for a repository.", + "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" + }, + { + "action": "repo.add_member", + "description": "A collaborator was added to a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" + ], + "docs_reference_titles": "Inviting collaborators to a personal repository" + }, + { + "action": "repo.add_topic", + "description": "A topic was added to a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" + }, + { + "action": "repo.advanced_security_disabled", + "description": "GitHub Advanced Security was disabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.advanced_security_enabled", + "description": "GitHub Advanced Security was enabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.archived", + "description": "A repository was archived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.change_merge_setting", + "description": "Pull request merge options were changed for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_analysis_deleted", + "description": "Code scanning analysis for a repository was deleted.", + "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "public_repo", + "tool", + "category" + ], + "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" + }, + { + "action": "repo.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_configuration_for_branch_deleted", + "description": "A code scanning configuration for a branch of a repository was deleted.", + "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "tool", + "branch", + "category", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Resolving code scanning alerts" + }, + { + "action": "repo.code_scanning_delegated_alert_dismissal_disabled", + "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.code_scanning_delegated_alert_dismissal_enabled", + "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.codeql_disabled", + "description": "Code scanning using the default setup was disabled for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.codeql_enabled", + "description": "Code scanning using the default setup was enabled for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "query_suite", + "threat_model", + "languages" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.codeql_updated", + "description": "Code scanning using the default setup was updated for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query_suite", + "threat_model", + "languages", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.collaborators_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.config.disable_collaborators_only", + "description": "The interaction limit for collaborators only was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_collaborators_only", + "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_contributors_only", + "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_sockpuppet_disallowed", + "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" + }, + { + "action": "repo.create", + "description": "A repository was created.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "request_category", + "created_at", + "oauth_application_id", + "request_method", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" + }, + { + "action": "repo.create_actions_secret", + "description": "A GitHub Actions secret was created for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.create_actions_variable", + "description": "A GitHub Actions variable was created for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.create_integration_secret", + "description": "A Codespaces or Dependabot secret was created for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.destroy", + "description": "A repository was deleted.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "request_category", + "visibility", + "created_at", + "request_method", + "oauth_application_id", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" + }, + { + "action": "repo.disk_archive", + "description": "A repository was archived on disk.", + "docs_reference_links": "/repositories/archiving-a-github-repository/archiving-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository/archiving-repositories" + }, + { + "action": "repo.download_zip", + "description": "A source code archive of a repository was downloaded as a ZIP file.", + "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" + }, + { + "action": "repo.hide_from_discovery", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" + ] + }, + { + "action": "repo.noindex", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "repo.override_unlock", + "description": "The repository was unlocked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_build", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ] + }, + { + "action": "repo.pages_cname", + "description": "A GitHub Pages custom domain was modified in a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "cname", + "created_at", + "operation_type", + "old_cname" + ] + }, + { + "action": "repo.pages_create", + "description": "A GitHub Pages site was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_destroy", + "description": "A GitHub Pages site was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_https_redirect_disabled", + "description": "HTTPS redirects were disabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_https_redirect_enabled", + "description": "HTTPS redirects were enabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_private", + "description": "A GitHub Pages site visibility was changed to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_public", + "description": "A GitHub Pages site visibility was changed to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_soft_delete", + "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_soft_delete_restore", + "description": "A GitHub Pages site that was previously soft-deleted was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_source", + "description": "A GitHub Pages source was modified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" + ] + }, + { + "action": "repo.register_self_hosted_runner", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "repo.remove_actions_secret", + "description": "A GitHub Actions secret was deleted for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.remove_actions_variable", + "description": "A GitHub Actions variable was deleted for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.remove_integration_secret", + "description": "A Codespaces or Dependabot secret was deleted for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.remove_member", + "description": "A collaborator was removed from a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "Removing a collaborator from a personal repository" + }, + { + "action": "repo.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "repo.remove_topic", + "description": "A topic was removed from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.rename", + "description": "A repository was renamed.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" + }, + { + "action": "repo.require_login", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.restore", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.self_hosted_runner_offline", + "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "repo.self_hosted_runner_online", + "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "repo.self_hosted_runner_updated", + "description": "The runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "source_version", + "target_version", + "runner_group_id", + "runner_group_name" + ], + "docs_reference_titles": "Self-hosted runners" + }, + { + "action": "repo.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" + }, + { + "action": "repo.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories" + }, + { + "action": "repo.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" + }, + { + "action": "repo.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" + }, + { + "action": "repo.set_fork_pr_workflows_policy", + "description": "Triggered when the policy for workflows on private repository forks is changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" + }, + { + "action": "repo.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "repo.staff_unlock", + "description": "An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.temporary_access_granted", + "description": "Temporary access was enabled for a repository.", + "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Accessing user-owned repositories in your enterprise" + }, + { + "action": "repo.transfer", + "description": "A user accepted a request to receive a transferred repository.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "old_user", + "operation_type", + "created_at", + "visibility", + "repo_was" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" + }, + { + "action": "repo.transfer_outgoing", + "description": "A repository was transferred to another repository network.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "repo.transfer_start", + "description": "A user sent a request to transfer a repository to another user or organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.update_actions_access_settings", + "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "old_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.update_actions_secret", + "description": "A GitHub Actions secret was updated for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.update_actions_settings", + "description": "A repository administrator changed GitHub Actions policy settings for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "new_policy", + "old_policy", + "updated_access_policy", + "actor_is_bot" + ] + }, + { + "action": "repo.update_actions_variable", + "description": "A GitHub Actions variable was updated for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.update_default_branch", + "description": "The default branch for a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "repo.update_integration_secret", + "description": "A Codespaces or Dependabot secret was updated for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.update_member", + "description": "A user's permission to a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "visibility", + "old_permission", + "old_base_role", + "old_repo_permission", + "old_repo_base_role", + "new_repo_base_role", + "new_repo_permission", + "actor_is_bot" + ] + }, + { + "action": "repository_branch_protection_evaluation.disable", + "description": "Branch protections were disabled for the repository.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "repository_branch_protection_evaluation.enable", + "description": "Branch protections were enabled for this repository.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "repository_code_security.disable", + "description": "Code security was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_code_security.enable", + "description": "Code security was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_image.create", + "description": "An image to represent a repository was uploaded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "content_type" + ] + }, + { + "action": "repository_image.destroy", + "description": "An image to represent a repository was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.accept", + "description": "An invitation to join a repository was accepted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" + ] + }, + { + "action": "repository_invitation.cancel", + "description": "An invitation to join a repository was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "operation_type", + "invitee", + "created_at" + ] + }, + { + "action": "repository_invitation.create", + "description": "An invitation to join a repository was sent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.reject", + "description": "An invitation to join a repository was declined.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "operation_type", + "created_at", + "inviter" + ] + }, + { + "action": "repository_ruleset.create", + "description": "A repository ruleset was created.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_conditions", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" + }, + { + "action": "repository_ruleset.destroy", + "description": "A repository ruleset was deleted.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" + }, + { + "action": "repository_ruleset.update", + "description": "A repository ruleset was edited.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules_updated", + "ruleset_conditions_added", + "ruleset_conditions_deleted", + "ruleset_old_enforcement", + "ruleset_rules_added", + "ruleset_rules_deleted", + "ruleset_old_name", + "ruleset_conditions_updated", + "ruleset_bypass_actors_added", + "ruleset_bypass_actors_deleted", + "ruleset_bypass_actors_updated", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset" + }, + { + "action": "repository_secret_scanning_automatic_validity_checks.disabled", + "description": "Automatic partner validation checks have been disabled at the repository level", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" + }, + { + "action": "repository_secret_scanning_automatic_validity_checks.enabled", + "description": "Automatic partner validation checks have been enabled at the repository level", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" + }, + { + "action": "repository_secret_scanning_custom_pattern.create", + "description": "A custom pattern was created for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.delete", + "description": "A custom pattern was removed from secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.publish", + "description": "A custom pattern was published for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern_push_protection.disabled", + "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern_push_protection.enabled", + "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.update", + "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning.disable", + "description": "Secret scanning was disabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "repository_secret_scanning.enable", + "description": "Secret scanning was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "repository_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection.disable", + "description": "Secret scanning push protection was disabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection.enable", + "description": "Secret scanning push protection was enabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_security_configuration.applied", + "description": "A code security configuration was applied to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.failed", + "description": "A code security configuration failed to attach to the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.removed", + "description": "A code security configuration was removed from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.removed_by_settings_change", + "description": "A code security configuration was removed due to a change in repository or enterprise settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_vulnerability_alert.auto_dismiss", + "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "public_repo", + "owner", + "created_at", + "operation_type", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name" + ], + "docs_reference_titles": "About Dependabot auto-triage rules" + }, + { + "action": "repository_vulnerability_alert.auto_reopen", + "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "public_repo", + "owner", + "created_at", + "operation_type", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name" + ], + "docs_reference_titles": "About Dependabot auto-triage rules" + }, + { + "action": "repository_vulnerability_alert.create", + "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "repository_vulnerability_alert.dismiss", + "description": "A Dependabot alert was manually dismissed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "dismiss_reason", + "dismiss_comment", + "alert_number", + "actor_is_bot" + ] + }, + { + "action": "repository_vulnerability_alert.reintroduce", + "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", + "public_repo", + "owner", + "operation_type", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.reopen", + "description": "A Dependabot alert was manually reopened.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", + "owner", + "operation_type", + "public_repo", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.resolve", + "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.withdraw", + "description": "A Dependabot alert was withdrawn.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "created_at", + "active", + "public_repo", + "owner", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts.authorized_users_teams", + "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" + }, + { + "action": "repository_vulnerability_alerts_auto_dismissal.disable", + "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts_auto_dismissal.enable", + "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_vulnerability_alerts.disable", + "description": "Dependabot alerts was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts.enable", + "description": "Dependabot alerts was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "restrict_notification_delivery.disable", + "description": "Email notification restrictions for an organization or enterprise were disabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" + }, + { + "action": "restrict_notification_delivery.enable", + "description": "Email notification restrictions for an organization or enterprise were enabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" + }, + { + "action": "secret_scanning_alert.assign", + "description": "A user was assigned to a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.create", + "description": "GitHub detected a secret and created a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.reopen", + "description": "A secret scanning alert was reopened.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "secret_type_display_name" + ] + }, + { + "action": "secret_scanning_alert.resolve", + "description": "A secret scanning alert was resolved.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", + "public_repo", + "created_at", + "operation_type", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ] + }, + { + "action": "secret_scanning_alert.revoke", + "description": "A secret scanning alert was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "secret_scanning_alert.unassign", + "description": "A user was unassigned from a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.validate", + "description": "A secret scanning alert was validated.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "created_at", + "previous_validity", + "current_validity", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning.disable", + "description": "Secret scanning was disabled for all existing repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning.enable", + "description": "Secret scanning was enabled for all existing repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_new_repos.disable", + "description": "Secret scanning was disabled for all new repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_new_repos.enable", + "description": "Secret scanning was enabled for all new repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_push_protection.bypass", + "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "created_at", + "push_protection_bypass_reason", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "request_reviewer", + "request_reviewer_id" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.approve", + "description": "A request to bypass secret scanning push protection was approved by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.deny", + "description": "A request to bypass secret scanning push protection was denied by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot", + "request_reviewer_comment" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.request", + "description": "A user requested to bypass secret scanning push protection.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, + { + "action": "secret_scanning_scan.completed", + "description": "A secret scanning scan has completed on this repository.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "source", + "type", + "source_slug", + "type_slug", + "started_at", + "completed_at", + "public_repo", + "created_at", + "operation_type", + "secret_types", + "custom_pattern_name", + "custom_pattern_scope" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "security_configuration.create", + "description": "A security configuration was created", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_generic_secrets", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "security_configuration_default.delete", + "description": "A default security configuration setting for new repositories was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "default_for_new_private_repos", + "default_for_new_public_repos", + "security_configuration_name", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "security_configuration_default.update", + "description": "A default security configuration setting for new repositories was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "default_for_new_private_repos", + "default_for_new_public_repos", + "security_configuration_name", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "security_configuration.delete", + "description": "A security configuration was deleted", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "security_configuration_policy.update", + "description": "A security configuration policy was updated", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enforcement", + "security_configuration_name", + "created_at", + "operation_type" + ] + }, + { + "action": "security_configuration.update", + "description": "A security configuration was updated", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_generic_secrets", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "security_key.register", + "description": "A security key was registered for an account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "security_key.remove", + "description": "A security key was removed from an account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "social_identity.linked", + "description": "A user linked a social identity to their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "social_identity.unlinked", + "description": "A user unlinked a social identity from their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "social_identity.unlinked_all", + "description": "A user unlinked all social identities from their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.agreement_sign", + "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.custom_amount_settings_change", + "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.fiscal_host_change", + "description": "The fiscal host for a GitHub Sponsors listing was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.repo_funding_links_file_action", + "description": "The FUNDING file in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" + }, + { + "action": "sponsors.sponsor_sponsorship_cancel", + "description": "A sponsorship was canceled.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_create", + "description": "A sponsorship was created, by sponsoring an account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_payment_complete", + "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_preference_change", + "description": "The option to receive email updates from a sponsored account was changed.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_tier_change", + "description": "A sponsorship was upgraded or downgraded.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsored_developer_approve", + "description": "A GitHub Sponsors account was approved.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_create", + "description": "A GitHub Sponsors account was created.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_disable", + "description": "A GitHub Sponsors account was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ] + }, + { + "action": "sponsors.sponsored_developer_profile_update", + "description": "The profile for GitHub Sponsors account was edited.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" + }, + { + "action": "sponsors.sponsored_developer_redraft", + "description": "A GitHub Sponsors account was returned to draft state from approved state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.sponsored_developer_request_approval", + "description": "An application for GitHub Sponsors was submitted for approval.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_tier_description_update", + "description": "The description for a sponsorship tier was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.sponsored_developer_update_newsletter_send", + "description": "Triggered when you send an email update to your sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" + }, + { + "action": "sponsors.sponsors_patreon_user_create", + "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account" + }, + { + "action": "sponsors.sponsors_patreon_user_destroy", + "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Unlinking your Patreon account from GitHub" + }, + { + "action": "sponsors.update_tier_repository", + "description": "A GitHub Sponsors tier changed access for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.update_tier_welcome_message", + "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.waitlist_join", + "description": "You join the waitlist to join GitHub Sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.withdraw_agreement_signature", + "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "ssh_certificate_authority.create", + "description": "An SSH certificate authority for an organization or enterprise was created.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_authority.destroy", + "description": "An SSH certificate authority for an organization or enterprise was deleted.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_requirement.disable", + "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_requirement.enable", + "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "staff.set_domain_token_expiration", + "description": "The verification code expiry time for an organization or enterprise domain was set.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "token_expires_at", + "owner", + "operation_type", + "created_at" + ] + }, + { + "action": "staff.unverify_domain", + "description": "An organization or enterprise domain was unverified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner_type", + "domain_name", + "owner", + "operation_type" + ] + }, + { + "action": "staff.verify_domain", + "description": "An organization or enterprise domain was verified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", + "operation_type", + "created_at" + ] + }, + { + "action": "sub_issues.parent_issue_add", + "description": "A parent issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.parent_issue_remove", + "description": "A parent issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_add", + "description": "A sub-issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_remove", + "description": "A sub-issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "successor_invitation.accept", + "description": "Triggered when you accept a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.cancel", + "description": "Triggered when you cancel a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.create", + "description": "Triggered when you create a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.decline", + "description": "Triggered when you decline a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "successor_invitation.revoke", + "description": "Triggered when you revoke a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "team.add_member", + "description": "A member of an organization was added to a team.", + "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" + }, + { + "action": "team.add_repository", + "description": "A team was given access and permissions to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "team.add_to_organization", + "description": "A team was added to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team_type", + "team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "team.change_parent_team", + "description": "A child team was created or a child team's parent was changed.", + "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" + }, + { + "action": "team.change_privacy", + "description": "A team's privacy level was changed.", + "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" + }, + { + "action": "team.create", + "description": "A new team is created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "team", + "created_at", + "team_type" + ] + }, + { + "action": "team.demote_maintainer", + "description": "A user was demoted from a team maintainer to a team member.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" + }, + { + "action": "team.destroy", + "description": "A team was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type", + "team_type" + ] + }, + { + "action": "team_discussions.clear", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team_discussions.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team_discussions.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team.promote_maintainer", + "description": "A user was promoted from a team member to a team maintainer.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" + }, + { + "action": "team.remove_from_organization", + "description": "A team was removed from an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team_type", + "team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "team.remove_member", + "description": "An organization member was removed from a team.", + "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "team", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" + }, + { + "action": "team.remove_repository", + "description": "A repository was removed from a team's control.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" + ] + }, + { + "action": "team.rename", + "description": "A team's name was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", + "team_type" + ] + }, + { + "action": "team_sync_tenant.disabled", + "description": "Team synchronization with a tenant was disabled.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" + }, + { + "action": "team_sync_tenant.enabled", + "description": "Team synchronization with a tenant was enabled.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" + }, + { + "action": "team.update_repository_permission", + "description": "A team's permission to a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", + "operation_type", + "created_at", + "permission", + "new_repo_permission", + "new_repo_base_role", + "old_repo_permission", + "old_repo_base_role" + ] + }, + { + "action": "trusted_device.register", + "description": "A new trusted device was added.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "trusted_device.remove", + "description": "A trusted device was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.abort", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.complete", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.ignore", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_approve", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_decline", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.start", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.two_factor_destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.add_factor", + "description": "A secondary authentication factor was added to a user account.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" + }, + { + "action": "two_factor_authentication.disabled", + "description": "Two-factor authentication was disabled for a user account.", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Disabling two-factor authentication for your personal account" + }, + { + "action": "two_factor_authentication.enabled", + "description": "Two-factor authentication was enabled for a user account.", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Configuring two-factor authentication" + }, + { + "action": "two_factor_authentication.password_reset_fallback_sms", + "description": "A one-time password code was sent to a user account fallback phone number.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.recovery_codes_regenerated", + "description": "Two factor recovery codes were regenerated for a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.remove_factor", + "description": "A secondary authentication factor was removed from a user account.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" + }, + { + "action": "two_factor_authentication.sign_in_fallback_sms", + "description": "A one-time password code was sent to a user account fallback phone number.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.update_fallback", + "description": "The two-factor authentication fallback for a user account was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.add_email", + "description": "An email address was added to a user account.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "email", + "created_at" + ], + "docs_reference_titles": "Adding an email address to your GitHub account" + }, + { + "action": "user.async_delete", + "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.audit_log_export", + "description": "Audit log entries were exported.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.block_user", + "description": "A user was blocked by another user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "blocked_user", + "operation_type", + "created_at" + ] + }, + { + "action": "user.change_password", + "description": "A user changed their password.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.codespaces_trusted_repo_access_granted", + "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "user.codespaces_trusted_repo_access_revoked", + "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "user_content_edit.delete", + "description": "Triggered when a user content edit is deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_content_id", + "user_content_type", + "created_at", + "deleted_by", + "editor_id", + "deleted_at", + "editor", + "deleted_by_id", + "deleted_content", + "operation_type" + ] + }, + { + "action": "user.correct_password_from_unrecognized_device", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.correct_password_from_unrecognized_device_and_location", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.correct_password_from_unrecognized_location", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.create", + "description": "A new user account was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" + ] + }, + { + "action": "user.create_integration_secret", + "description": "A user secret for Codespaces was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.creation_rate_limit_exceeded", + "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "user.delete", + "description": "A user account was destroyed by an asynchronous job.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.demote", + "description": "A site administrator was demoted to an ordinary user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ] + }, + { + "action": "user.destroy", + "description": "A user deleted his or her account, triggering user.async_delete.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.device_verification_failure", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.device_verification_requested", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.device_verification_success", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_collaborators_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_contributors_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_sockpuppet_disallowed", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user_email.confirm_claim", + "description": "An enterprise managed user claimed an email address.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "user_email.mark_as_unclaimed", + "description": "N/A", + "docs_reference_links": "An enterprise managed user unclaimed an email address.", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." + }, + { + "action": "user.enable_collaborators_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.enable_contributors_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.enable_sockpuppet_disallowed", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.failed_login", + "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.flag_as_large_scale_contributor", + "description": "A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.forgot_password", + "description": "A user requested a password reset.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "email", + "created_at" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" + }, + { + "action": "user.grant_github_developer", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.hide_private_contributions_count", + "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Manage visibility settings for private contributions" + }, + { + "action": "user.login", + "description": "A user signed in.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "passkey_nickname" + ] + }, + { + "action": "user.logout", + "description": "A user signed out.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.minimize_comment", + "description": "A comment made by a user was minimized.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.new_device_used", + "description": "A user signed in from a new device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.partial_two_factor_email_followup", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.promote", + "description": "An ordinary user account was promoted to a site administrator.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type" + ] + }, + { + "action": "user.recreate", + "description": "A user's account was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.remove_email", + "description": "An email address was removed from a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "email" + ] + }, + { + "action": "user.remove_integration_secret", + "description": "A user secret for Codespaces was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.remove_large_scale_contributor_flag", + "description": "A user account was no longer flagged as a large scale contributor.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.rename", + "description": "A username was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", + "created_at", + "operation_type" + ] + }, + { + "action": "user.report_abuse", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.report_content", + "description": "Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.", + "docs_reference_links": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam" + }, + { + "action": "user.reset_password", + "description": "A user reset their account password.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user_session.country_change", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.show_private_contributions_count", + "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Manage visibility settings for private contributions" + }, + { + "action": "user.sign_in_from_unrecognized_device", + "description": "A user signed in from an unrecognized device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.sign_in_from_unrecognized_device_and_location", + "description": "A user signed in from an unrecognized device and location.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.sign_in_from_unrecognized_location", + "description": "A user signed in from an unrecognized location.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user_status.destroy", + "description": "Triggered when you clear the status on your profile.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "message", + "created_at", + "limited_availability", + "emoji", + "operation_type" + ] + }, + { + "action": "user_status.update", + "description": "Triggered when you set or change the status on your profile.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limited_availability", + "message", + "created_at", + "emoji", + "operation_type" + ], + "docs_reference_titles": "Personalize your profile" + }, + { + "action": "user.suspend", + "description": "A user account was suspended.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "user.toggle_warn_private_email", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_challenge_failure", + "description": "A 2FA challenge issued for a user account failed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_challenge_success", + "description": "A 2FA challenge issued for a user account succeeded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recover", + "description": "A user used their 2FA recovery codes.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_downloaded", + "description": "A user downloaded 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_printed", + "description": "A user printed 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_viewed", + "description": "A user viewed 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.two_factor_requested", + "description": "A user was prompted for a two-factor authentication code.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" + }, + { + "action": "user.unblock_user", + "description": "A user was unblocked by another user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "blocked_user", + "operation_type", + "created_at" + ] + }, + { + "action": "user.unminimize_comment", + "description": "A comment made by a user was unminimized.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.unsuspend", + "description": "A user account was unsuspended.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "user.update_integration_secret", + "description": "A user secret for Codespaces was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.update_new_repository_default_branch_setting", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.create", + "description": "A Dependabot rule was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.delete", + "description": "A Dependabot rule was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.disable", + "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.enable", + "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.force_disable", + "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.force_enable", + "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.update", + "description": "A Dependabot rule's conditions, actions, or metadata changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.bypass_protection_rules", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.cancel_workflow_run", + "description": "A workflow run was cancelled.", + "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "run_number", + "cancelled_at", + "workflow_id", + "operation_type", + "trigger_id", + "public_repo" + ], + "docs_reference_titles": "Canceling a workflow run" + }, + { + "action": "workflows.comment_workflow_job", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.completed_workflow_run", + "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "completed_at", + "conclusion", + "run_number", + "workflow_id", + "operation_type", + "trigger_id", + "run_attempt", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Viewing workflow run history" + }, + { + "action": "workflows.created_workflow_run", + "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "workflow_id", + "operation_type", + "trigger_id", + "public_repo", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Understanding GitHub Actions" + }, + { + "action": "workflows.delete_workflow_run", + "description": "A workflow run was deleted.", + "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "workflow_run_id", + "started_at", + "head_branch", + "head_sha", + "trigger_id" + ], + "docs_reference_titles": "Deleting a workflow run" + }, + { + "action": "workflows.disable_workflow", + "description": "A workflow was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "workflows.enable_workflow", + "description": "A workflow was enabled, after previously being disabled by disable_workflow.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "workflows.prepared_workflow_job", + "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "job_name", + "runner_labels", + "is_hosted_runner", + "environment_name", + "secrets_passed", + "operation_type", + "created_at", + "runner_owner_type", + "job_workflow_ref", + "calling_workflow_refs", + "calling_workflow_shas", + "imposer_repo" + ], + "docs_reference_titles": "Events that trigger workflows" + }, + { + "action": "workflows.reject_workflow_job", + "description": "A workflow job was rejected.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.rerun_workflow_run", + "description": "A workflow run was re-run.", + "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "run_number", + "workflow_id", + "operation_type", + "trigger_id", + "run_attempt", + "rerun_type", + "check_run_id", + "actor_is_bot" + ], + "docs_reference_titles": "Re-running workflows and jobs" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + } +] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.20/organization.json b/src/audit-logs/data/ghes-3.20/organization.json new file mode 100644 index 000000000000..4c7245c78379 --- /dev/null +++ b/src/audit-logs/data/ghes-3.20/organization.json @@ -0,0 +1,26166 @@ +[ + { + "action": "account.billing_date_change", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "account.plan_change", + "description": "The account's plan changed.", + "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "How GitHub billing works" + }, + { + "action": "actions_cache.delete", + "description": "A GitHub Actions cache was deleted using the REST API.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "actions_cache_id", + "actions_cache_key", + "actions_cache_version", + "actions_cache_scope", + "created_at", + "operation_type" + ] + }, + { + "action": "advisory_credit.accept", + "description": "Credit was accepted for a security advisory.", + "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", + "recipient", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Editing a repository security advisory" + }, + { + "action": "advisory_credit.create", + "description": "Someone was added to the credit section of a security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", + "recipient", + "operation_type", + "created_at" + ] + }, + { + "action": "advisory_credit.decline", + "description": "Credit was declined for a security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", + "recipient", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "advisory_credit.destroy", + "description": "Someone was removed from the credit section of a security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ghsa_id", + "recipient", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "artifact.destroy", + "description": "A workflow run artifact was manually deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "auto_approve_personal_access_token_requests.disable", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, + { + "action": "auto_approve_personal_access_token_requests.enable", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization" + }, + { + "action": "billing.budget_create", + "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "pricing_target_type", + "pricing_target_id", + "budget_limit_type", + "alert_recipient_user_ids", + "exclude_cost_center_usage" + ] + }, + { + "action": "billing.budget_delete", + "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "uuid", + "status", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "billing.budget_update", + "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "old_target_amount", + "old_budget_limit_type", + "old_alert_enabled", + "old_target_id", + "old_pricing_target_type", + "old_pricing_target_id" + ] + }, + { + "action": "billing.change_billing_type", + "description": "The way the account pays for GitHub was changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing.change_email", + "description": "The billing email address changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "email" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing_customer.azure_subscription_linked", + "description": "Azure subscription has been linked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing_customer.azure_subscription_unlinked", + "description": "Azure subscription has been unlinked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing.lock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "billing.overage_policy_updated", + "description": "The premium request paid usage policy for your GitHub account was changed.", + "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage" + }, + { + "action": "billing.unlock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "checks.auto_trigger_disabled", + "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.auto_trigger_enabled", + "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.delete_logs", + "description": "Logs in a check suite were deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "Existing code scanning alerts appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "Code scanning alerts were fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_became_outdated", + "description": "Code scanning alerts were closed as outdated (all configurations they were detected in were deleted).", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_numbers", + "commit_oid", + "ref" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "Code scanning alerts were manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "alert_numbers", + "dismissal_approver_id" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_approved", + "description": "Dismissal of code scanning alerts was approved.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_denied", + "description": "Dismissal of code scanning alerts was denied.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_closure_requested", + "description": "Dismissal of code scanning alerts was requested.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismissal_request_id", + "alert_number", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "Code scanning alerts were seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "Code scanning alerts that were previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "commit_oid", + "ref", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "Code scanning alerts that were previously dismissed were reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_number", + "alert_numbers" + ], + "docs_reference_titles": "About code scanning" + }, + { + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "origin_repository", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.attempted_to_create_from_prebuild", + "description": "An attempt to create a codespace from a prebuild was made.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "codespaces.business_enablement_updated", + "description": "Enterprise setting for Codespaces ownership was updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", + "organization_names", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" + }, + { + "action": "codespaces.connect", + "description": "Credentials for a codespace were refreshed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ] + }, + { + "action": "codespaces.create", + "description": "A codespace was created", + "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ], + "docs_reference_titles": "Creating a codespace for a repository" + }, + { + "action": "codespaces.destroy", + "description": "A user deleted a codespace.", + "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Deleting a codespace" + }, + { + "action": "codespaces.export_environment", + "description": "A codespace was exported to a branch on GitHub.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "codespaces.policy_group_created", + "description": "Policies were applied to codespaces in an organization or enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.policy_group_deleted", + "description": "Policies were removed from codespaces in an organization or enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.policy_group_updated", + "description": "Policies were updated for codespaces in an organization or enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.restore", + "description": "A codespace was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.start_environment", + "description": "A codespace was started.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.suspend_environment", + "description": "A codespace was stopped.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "codespaces.trusted_repositories_access_update", + "description": "A personal account's access and security setting for Codespaces were updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "commit_comment.destroy", + "description": "A commit comment was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "commit_comment.update", + "description": "A commit comment was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.access_revoked", + "description": "Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", + "plan", + "owner", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_org_settings_changed", + "description": "Copilot feature settings were changed at the organization level.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_added", + "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_created", + "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", + "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "What is GitHub Copilot?" + }, + { + "action": "copilot.cfb_seat_assignment_refreshed", + "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", + "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_unassigned", + "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "seat_assignment" + ] + }, + { + "action": "copilot.cfb_seat_cancelled_by_staff", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_management_changed", + "description": "The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_value", + "new_value", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "copilot.content_exclusion_changed", + "description": "The excluded paths for GitHub Copilot were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "excluded_paths", + "owner_type", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.custom_instructions_created", + "description": "Copilot custom instructions were created for the organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "custom_instructions" + ] + }, + { + "action": "copilot.custom_instructions_updated", + "description": "Copilot custom instructions were updated for the organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "custom_instructions" + ] + }, + { + "action": "copilot.plan_changed", + "description": "The plan for GitHub Copilot was updated.", + "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_plan", + "plan", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "GitHub Copilot licenses" + }, + { + "action": "copilot.plan_downgrade_scheduled", + "description": "The plan for GitHub Copilot was scheduled to be downgraded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "created_at", + "operation_type", + "actor_is_bot", + "current_plan", + "scheduled_plan" + ] + }, + { + "action": "copilot.swe_agent_mcp_config_updated", + "description": "MCP Configuration for Copilot coding agent was updated for a specific repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_config", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_disabled", + "description": "Specific repositories were disabled from using Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enabled", + "description": "Specific repositories were enabled to use Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enablement_updated", + "description": "Copilot coding agent access was updated for the organization's or user's repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_access", + "old_access", + "owner_type", + "owner", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_property_definition.create", + "description": "A new custom property definition was created.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "definition_id" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_definition.destroy", + "description": "A custom property definition was deleted.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "definition_id", + "allowed_values" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_definition.update", + "description": "A custom property definition was updated.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "property_name", + "created_at", + "operation_type", + "value_type", + "required", + "default_value", + "old_allowed_values", + "allowed_values", + "definition_id", + "old_required", + "old_default_value", + "old_value_type", + "old_values_editable_by", + "values_editable_by" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.create", + "description": "A repository's custom property value was manually set for the first time.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.destroy", + "description": "A repository's custom property value was deleted.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "custom_property_value.update", + "description": "A repository's custom property value was updated.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "definition_id" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization" + }, + { + "action": "dependabot_alerts.disable", + "description": "Dependabot alerts were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts.enable", + "description": "Dependabot alerts were enabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_alerts_new_repos.enable", + "description": "Dependabot alerts were enabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_repository_access.default_access_level_updated", + "description": "The default repository access for Dependabot was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "access_level", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "discussion_comment.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "discussion_comment.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "discussion.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "title", + "created_at" + ] + }, + { + "action": "discussion_post.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "number", + "title", + "operation_type" + ] + }, + { + "action": "discussion_post_reply.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "number", + "created_at" + ] + }, + { + "action": "discussion_post_reply.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "number", + "team", + "created_at" + ] + }, + { + "action": "discussion_post.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type", + "team", + "number" + ] + }, + { + "action": "enterprise_announcement.create", + "description": "A global announcement banner was created for the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "message", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise_announcement.destroy", + "description": "A global announcement banner was removed from the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise_announcement.update", + "description": "A global announcement banner was updated for the enterprise.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "message", + "old_message", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Customizing user messages for your enterprise" + }, + { + "action": "enterprise_installation.create", + "description": "The GitHub App associated with a GitHub Connect connection was created.", + "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" + }, + { + "action": "enterprise_installation.destroy", + "description": "The GitHub App associated with a GitHub Connect connection was deleted.", + "docs_reference_links": "/admin/configuration/configuring-github-connect/managing-github-connect", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enabling GitHub Connect for GitHub.com" + }, + { + "action": "environment.add_protection_rule", + "description": "A GitHub Actions deployment protection rule was created via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "environment.create_actions_secret", + "description": "A secret was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create_actions_variable", + "description": "A variable was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.delete", + "description": "An environment was deleted.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_secret", + "description": "A secret was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_variable", + "description": "A variable was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.remove_protection_rule", + "description": "A GitHub Actions deployment protection rule was deleted via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_secret", + "description": "A secret was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_variable", + "description": "A variable was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.update_protection_rule", + "description": "A GitHub Actions deployment protection rule was updated via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_value", + "approvers_was", + "approvers", + "can_admins_bypass", + "prevent_self_review" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "git.clone", + "description": "A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "git.fetch", + "description": "Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "git.push", + "description": "Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "transport_protocol", + "repository_public", + "transport_protocol_name" + ] + }, + { + "action": "github_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "github_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "github_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "hook.active_changed", + "description": "A hook's active status was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "events", + "active", + "active_was", + "hook_id", + "operation_type" + ] + }, + { + "action": "hook.config_changed", + "description": "A hook's configuration was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" + ] + }, + { + "action": "hook.create", + "description": "A new hook was added.", + "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "hook_id", + "events", + "operation_type", + "name", + "created_at" + ], + "docs_reference_titles": "About webhooks" + }, + { + "action": "hook.destroy", + "description": "A hook was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", + "operation_type", + "oauth_application_id", + "hook_id" + ] + }, + { + "action": "hook.events_changed", + "description": "A hook's configured events were changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "operation_type", + "name", + "events_were", + "created_at", + "hook_id", + "oauth_application_id" + ] + }, + { + "action": "integration.create", + "description": "A GitHub App was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "integration", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.destroy", + "description": "A GitHub App was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.generate_client_secret", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration_installation.create", + "description": "A GitHub App was installed.", + "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "repository_selection", + "created_at", + "integration", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" + }, + { + "action": "integration_installation.destroy", + "description": "A GitHub App was uninstalled.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "repository_selection", + "integration", + "operation_type", + "name", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.repositories_added", + "description": "Repositories were added to a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "repository_selection", + "name", + "integration", + "operation_type", + "repositories_added", + "created_at", + "repositories_added_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation.repositories_removed", + "description": "Repositories were removed from a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "repository_selection", + "repositories_removed", + "integration", + "created_at", + "name", + "repositories_removed_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation_request.close", + "description": "A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.", + "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", + "integration", + "reason", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" + }, + { + "action": "integration_installation_request.create", + "description": "A member requested that an owner install a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "requester", + "created_at", + "url", + "operation_type", + "integration", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner" + }, + { + "action": "integration_installation.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.version_updated", + "description": "Permissions for a GitHub App were updated.", + "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "integration", + "name", + "operation_type", + "created_at", + "repository_selection", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" + }, + { + "action": "integration.manager_added", + "description": "A member of an enterprise or organization was added as a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" + }, + { + "action": "integration.manager_removed", + "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "integration", + "name", + "created_at", + "manager" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" + }, + { + "action": "integration.remove_client_secret", + "description": "A client secret for a GitHub App was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.revoke_all_tokens", + "description": "All user tokens for a GitHub App were requested to be revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.revoke_tokens", + "description": "Token(s) for a GitHub App were revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "integration.transfer", + "description": "Ownership of a GitHub App was transferred to another user or organization.", + "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "transfer_to_id", + "requester", + "requester_id", + "created_at", + "transfer_to", + "operation_type", + "integration", + "transfer_from", + "transfer_from_id", + "transfer_from_type", + "transfer_to_type" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app" + }, + { + "action": "integration.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "ip_allow_list.disable", + "description": "An IP allow list was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list.disable_for_installed_apps", + "description": "An IP allow list was disabled for installed GitHub Apps.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list.enable", + "description": "An IP allow list was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list.enable_for_installed_apps", + "description": "An IP allow list was enabled for installed GitHub Apps.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "ip_allow_list_entry.create", + "description": "An IP address was added to an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "ip_allow_list_entry", + "operation_type", + "created_at" + ] + }, + { + "action": "ip_allow_list_entry.destroy", + "description": "An IP address was deleted from an IP allow list.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ip_allow_list_entry", + "operation_type", + "created_at", + "active" + ] + }, + { + "action": "ip_allow_list_entry.update", + "description": "An IP address or its description was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "ip_allow_list_entry", + "active" + ] + }, + { + "action": "issue_comment.destroy", + "description": "A comment on an issue was deleted from the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_comment.pinned", + "description": "A comment on an issue was pinned to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.unpinned", + "description": "A comment on an issue was unpinned from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_comment.update", + "description": "A comment on an issue (other than the initial one) changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "issue_dependencies.blocked_by_add", + "description": "An issue was marked as blocked by another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocked_by_remove", + "description": "The blocked by relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "issue_dependencies.blocking_add", + "description": "An issue was marked as blocking another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocking_remove", + "description": "The blocking relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue.destroy", + "description": "An issue was deleted from the repository.", + "docs_reference_links": "/issues/tracking-your-work-with-issues/deleting-an-issue", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "title", + "operation_type" + ], + "docs_reference_titles": "Deleting an issue" + }, + { + "action": "issue.pinned", + "description": "An issue was pinned to a repository.", + "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "owner_type", + "number", + "event" + ], + "docs_reference_titles": "Pinning an issue to your repository" + }, + { + "action": "issue.transfer", + "description": "An issue was transferred to another repository.", + "docs_reference_links": "/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "number", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Transferring an issue to another repository" + }, + { + "action": "issue_type.create", + "description": "An issue type was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issue_type_name", + "description", + "color", + "enabled", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_type.destroy", + "description": "An issue type was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issue_type_name", + "description", + "color", + "enabled", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_type.update", + "description": "An issue type was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issue_type_name", + "description", + "color", + "enabled", + "old_issue_type_name", + "old_description", + "old_color", + "old_enabled", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue.unpinned", + "description": "An issue was unpinned from a repository.", + "docs_reference_links": "/issues/tracking-your-work-with-issues/pinning-an-issue-to-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "event", + "created_at", + "operation_type", + "number", + "owner_type" + ], + "docs_reference_titles": "Pinning an issue to your repository" + }, + { + "action": "issues.deletes_disabled", + "description": "The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "issues.deletes_enabled", + "description": "The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "issues.deletes_policy_cleared", + "description": "An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "marketplace_agreement_signature.create", + "description": "The GitHub Marketplace Developer Agreement was signed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.approve", + "description": "A listing was approved for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "primary_category", + "operation_type", + "created_at", + "marketplace_listing", + "integration" + ] + }, + { + "action": "marketplace_listing.change_category", + "description": "A category for a listing for an app in GitHub Marketplace was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", + "secondary_category", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.create", + "description": "A listing for an app in GitHub Marketplace was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "created_at", + "oauth_application", + "marketplace_listing", + "secondary_category", + "oauth_application_id", + "operation_type" + ] + }, + { + "action": "marketplace_listing.delist", + "description": "A listing was removed from GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "secondary_category", + "operation_type", + "marketplace_listing", + "primary_category", + "integration" + ] + }, + { + "action": "marketplace_listing.redraft", + "description": "A listing was sent back to draft state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", + "operation_type", + "oauth_application", + "created_at", + "marketplace_listing", + "primary_category" + ] + }, + { + "action": "marketplace_listing.reject", + "description": "A listing was not accepted for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "secondary_category", + "marketplace_listing", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "members_can_create_pages.disable", + "description": "The ability for members to publish GitHub Pages sites was disabled.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_create_pages.enable", + "description": "The ability for members to publish GitHub Pages sites was enabled.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_create_private_pages.disable", + "description": "The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_create_private_pages.enable", + "description": "The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_create_public_pages.disable", + "description": "The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_create_public_pages.enable", + "description": "The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization" + }, + { + "action": "members_can_delete_repos.clear", + "description": "An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "members_can_delete_repos.disable", + "description": "The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "members_can_delete_repos.enable", + "description": "The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-deletion-and-transfer", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing repository management policies in your enterprise" + }, + { + "action": "members_can_view_dependency_insights.clear", + "description": "An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "members_can_view_dependency_insights.disable", + "description": "The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "members_can_view_dependency_insights.enable", + "description": "The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-dependency-insights-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "merge_queue.pull_request_dequeued", + "description": "A pull request was removed from a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.pull_request_queue_jump", + "description": "A pull request was moved ahead in a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.queue_cleared", + "description": "A merge queue was cleared.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.update_settings", + "description": "The settings for a merge queue were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "max_entries_to_build", + "min_entries_to_merge", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "metered_billing_configuration.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "migration.create", + "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "migration.destroy_file", + "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "migration.download", + "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "network_configuration.create", + "description": "A network configuration for a hosted compute service was created.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot", + "selected_service", + "network_settings_ids", + "previous_settings_ids", + "network_configuration_id", + "failover_network_settings_ids", + "failover_network_enabled" + ], + "docs_reference_titles": "About networking for hosted compute products in your enterprise" + }, + { + "action": "network_configuration.delete", + "description": "A network configuration for a hosted compute service was deleted.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot", + "network_configuration_id" + ], + "docs_reference_titles": "About networking for hosted compute products in your enterprise" + }, + { + "action": "network_configuration.update", + "description": "A network configuration for a hosted compute service was updated.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot", + "selected_service", + "network_settings_ids", + "previous_settings_ids", + "failover_network_settings_ids", + "failover_network_enabled" + ], + "docs_reference_titles": "About networking for hosted compute products in your enterprise" + }, + { + "action": "oauth_application.create", + "description": "An OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.destroy", + "description": "An OAuth application was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.generate_client_secret", + "description": "An OAuth application's secret key was generated.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.remove_client_secret", + "description": "An OAuth application's secret key was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.reset_secret", + "description": "The secret key for an OAuth application was reset.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "operation_type", + "created_at", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_all_tokens", + "description": "All user tokens for an OAuth application were requested to be revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_tokens", + "description": "Token(s) for an OAuth application were revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.transfer", + "description": "An OAuth application was transferred from one account to another.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "org.accept_business_invitation", + "description": "An invitation sent to an organization to join an enterprise was accepted.", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.add_billing_manager", + "description": "A billing manager was added to an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization" + }, + { + "action": "org.add_disallowed_two_factor_method", + "description": "An organization prevented access to resources by users with the given two-factor method.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "two_factor_method", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.add_member", + "description": "A user joined an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "org.add_outside_collaborator", + "description": "An outside collaborator was added to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "public_repo", + "permission", + "invitee", + "created_at", + "operation_type" + ] + }, + { + "action": "org.add_security_manager", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.advanced_security_disabled_for_new_repos", + "description": "GitHub Advanced Security was disabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_disabled_on_all_repos", + "description": "GitHub Advanced Security was disabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_for_new_repos", + "description": "GitHub Advanced Security was enabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_on_all_repos", + "description": "GitHub Advanced Security was enabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_entity_policy_update", + "description": "An enterprise owner updated the GitHub Advanced Security access policy for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.advanced_security_policy_selected_member_disabled", + "description": "An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.advanced_security_policy_selected_member_enabled", + "description": "An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for code security and analysis for your enterprise" + }, + { + "action": "org.allow_third_party_access_requests_from_outside_collaborators_disabled", + "description": "Third-party application access for outside collaborators was disabled for the organization.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests#enabling-or-disabling-integration-access-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Limiting OAuth app and GitHub App access requests and installations" + }, + { + "action": "org.allow_third_party_access_requests_from_outside_collaborators_enabled", + "description": "Third-party application access for outside collaborators was enabled for the organization.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests" + }, + { + "action": "org.archive", + "description": "The organization was archived.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.audit_log_export", + "description": "An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log" + }, + { + "action": "org.audit_log_git_event_export", + "description": "An export of the organization's Git events was created.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "start", + "end", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization" + }, + { + "action": "org.billing_signup_error", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.block_user", + "description": "An organization owner blocked a user from accessing the organization's repositories.", + "docs_reference_links": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "blocked_user", + "operation_type" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization" + }, + { + "action": "org.cancel_business_invitation", + "description": "An invitation for an organization to join an enterprise was revoked", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "initiated_from" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.cancel_invitation", + "description": "An invitation sent to a user to join an organization was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "invitation_id", + "created_at", + "invitee_email" + ] + }, + { + "action": "org.clear_custom_invitation_rate_limit", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.clear_disallowed_two_factor_methods", + "description": "Cleared two-factor authentication restrictions for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.code_security_metered_usage_lock", + "description": "Enablement for Code Security features on new repositories has been locked for this organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.code_security_metered_usage_unlock", + "description": "Enablement for Code Security features on new repositories has been unlocked for this organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.codeql_disabled", + "description": "Code scanning using the default setup was disabled for an organization.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning at scale" + }, + { + "action": "org.codeql_enabled", + "description": "Code scanning using the default setup was enabled for an organization.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning at scale" + }, + { + "action": "org.codespaces_access_updated", + "description": "Access to use Codespaces on internal and private repositories was updated for an organization.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enablement", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization" + }, + { + "action": "org.codespaces_ownership_updated", + "description": "Ownership and payment for codespaces was updated for an organization.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization" + }, + { + "action": "org.codespaces_team_access_allowed", + "description": "A team has been allowed to use Codespaces for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.codespaces_team_access_revoked", + "description": "A team has been prevented from using Codespaces for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.codespaces_trusted_repo_access_granted", + "description": "GitHub Codespaces was granted trusted repository access to all other repositories in an organization.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "org.codespaces_trusted_repo_access_revoked", + "description": "GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "org.codespaces_user_access_allowed", + "description": "A user has been allowed to use Codespaces for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.codespaces_user_access_revoked", + "description": "A user has been prevented from using Codespaces for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.config.disable_collaborators_only", + "description": "The interaction limit for collaborators only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.disable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only for an organization was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_collaborators_only", + "description": "The interaction limit for collaborators only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_contributors_only", + "description": "The interaction limit for prior contributors only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.config.enable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only for an organization was enabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization" + }, + { + "action": "org.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization" + }, + { + "action": "org.confirm_business_invitation", + "description": "An invitation for an organization to join an enterprise was confirmed.", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#inviting-an-organization-to-join-your-enterprise-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.connect_usage_metrics_export", + "description": "Server statistics were exported for the organization.", + "docs_reference_links": "/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Exporting Server Statistics" + }, + { + "action": "org.create", + "description": "An organization was created.", + "docs_reference_links": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch" + }, + { + "action": "org.create_actions_secret", + "description": "A GitHub Actions secret was created for an organization.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "org.create_actions_variable", + "description": "A GitHub Actions variable was created for an organization.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "org.create_integration_secret", + "description": "A Codespaces or Dependabot secret was created for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "org_credential_authorization.deauthorize", + "description": "A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.", + "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", + "oauth_credential_type", + "managed_oauth_access_id", + "managed_token_id", + "managed_oauth_scopes", + "managed_token_scopes", + "managed_hashed_token" + ], + "docs_reference_titles": "Authorizing a personal access token for use with single sign-on" + }, + { + "action": "org_credential_authorization.grant", + "description": "A member authorized credentials for use with SAML or OIDC single sign-on.", + "docs_reference_links": "/authentication/authenticating-with-saml-single-sign-on", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot", + "oauth_credential_type", + "managed_oauth_access_id", + "managed_token_id", + "managed_oauth_scopes", + "managed_token_scopes", + "managed_hashed_token" + ], + "docs_reference_titles": "Authenticating with single sign-on" + }, + { + "action": "org_credential_authorization.revoke", + "description": "An owner revoked authorized credentials.", + "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "oauth_application_id", + "operation_type", + "created_at", + "oauth_credential_type", + "managed_oauth_access_id", + "managed_token_id", + "managed_oauth_scopes", + "managed_token_scopes", + "managed_hashed_token" + ], + "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" + }, + { + "action": "org.delete", + "description": "An organization was deleted by a user or staff.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.disable_member_team_creation_permission", + "description": "Team creation was limited to owners.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" + }, + { + "action": "org.disable_oauth_app_restrictions", + "description": "Third-party application access restrictions for an organization were disabled.", + "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization" + }, + { + "action": "org.disable_reader_discussion_creation_permission", + "description": "An organization owner limited discussion creation to users with at least triage permission in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" + }, + { + "action": "org.disable_saml", + "description": "SAML single sign-on was disabled for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "issuer", + "created_at", + "operation_type" + ] + }, + { + "action": "org.disable_source_ip_disclosure", + "description": "Display of IP addresses within audit log events for the organization was disabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" + }, + { + "action": "org.disable_two_factor_requirement", + "description": "A two-factor authentication requirement was disabled for the organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.display_commenter_full_name_disabled", + "description": "An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.display_commenter_full_name_enabled", + "description": "An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.enable_member_team_creation_permission", + "description": "Team creation by members was allowed.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization" + }, + { + "action": "org.enable_oauth_app_restrictions", + "description": "Third-party application access restrictions for an organization were enabled.", + "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization" + }, + { + "action": "org.enable_reader_discussion_creation_permission", + "description": "An organization owner allowed users with read access to create discussions in an organization", + "docs_reference_links": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization" + }, + { + "action": "org.enable_saml", + "description": "SAML single sign-on was enabled for the organization.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "sso_url", + "created_at", + "issuer" + ], + "docs_reference_titles": "Enabling and testing SAML single sign-on for your organization" + }, + { + "action": "org.enable_source_ip_disclosure", + "description": "Display of IP addresses within audit log events for the organization was enabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization" + }, + { + "action": "org.enable_two_factor_requirement", + "description": "Two-factor authentication is now required for the organization.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" + }, + { + "action": "org.integration_manager_added", + "description": "An organization owner granted a member access to manage all GitHub Apps owned by an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", + "created_at" + ] + }, + { + "action": "org.integration_manager_removed", + "description": "An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "manager", + "operation_type", + "created_at" + ] + }, + { + "action": "org.invite_member", + "description": "A new user was invited to join an organization.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitation_id", + "operation_type", + "created_at", + "invitee_email" + ], + "docs_reference_titles": "/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization" + }, + { + "action": "org.invite_to_business", + "description": "An organization was invited to join an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.members_can_update_protected_branches.disable", + "description": "The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.members_can_update_protected_branches.enable", + "description": "The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.oauth_app_access_approved", + "description": "Access to an organization was granted for an OAuth App.", + "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "operation_type", + "created_at", + "oauth_application_name" + ], + "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization" + }, + { + "action": "org.oauth_app_access_blocked", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", + "oauth_application_name" + ] + }, + { + "action": "org.oauth_app_access_denied", + "description": "Access was disabled for an OAuth App that was previously approved.", + "docs_reference_links": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", + "oauth_application_name" + ], + "docs_reference_titles": "/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization" + }, + { + "action": "org.oauth_app_access_requested", + "description": "An organization member requested that an owner grant an OAuth App access to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "url", + "oauth_application_name" + ] + }, + { + "action": "org.oauth_app_access_unblocked", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "url", + "created_at", + "operation_type", + "oauth_application_name" + ] + }, + { + "action": "org.rate_limited_invites", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.recovery_code_failed", + "description": "An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "reason", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" + }, + { + "action": "org.recovery_code_used", + "description": "An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Accessing your organization if your identity provider is unavailable" + }, + { + "action": "org.recovery_codes_downloaded", + "description": "An organization owner downloaded the organization's SSO recovery codes.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" + }, + { + "action": "org.recovery_codes_generated", + "description": "An organization owner generated the organization's SSO recovery codes.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" + }, + { + "action": "org.recovery_codes_printed", + "description": "An organization owner printed the organization's SSO recovery codes.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" + }, + { + "action": "org.recovery_codes_viewed", + "description": "An organization owner viewed the organization's SSO recovery codes.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Downloading your organization's SAML single sign-on recovery codes" + }, + { + "action": "org.register_self_hosted_runner", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "org.remove_actions_secret", + "description": "A GitHub Actions secret was removed from an organization.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "org.remove_actions_variable", + "description": "A GitHub Actions variable was removed from an organization.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "org.remove_billing_manager", + "description": "A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization" + }, + { + "action": "org.remove_disallowed_two_factor_method", + "description": "Removed a two-factor authentication method restriction for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "two_factor_method", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.remove_integration_secret", + "description": "A Codespaces or Dependabot secret was removed from an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "org.remove_member", + "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_outside_collaborator", + "description": "An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_security_manager", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "org.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "org.rename", + "description": "An organization was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", + "operation_type", + "created_at" + ] + }, + { + "action": "org.required_workflow_create", + "description": "Triggered when a required workflow is created.", + "docs_reference_links": "/actions/using-workflows/required-workflows", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/actions/using-workflows/required-workflows" + }, + { + "action": "org.required_workflow_delete", + "description": "Triggered when a required workflow is deleted.", + "docs_reference_links": "/actions/using-workflows/required-workflows", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/actions/using-workflows/required-workflows" + }, + { + "action": "org.required_workflow_update", + "description": "Triggered when a required workflow is updated.", + "docs_reference_links": "/actions/using-workflows/required-workflows", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/actions/using-workflows/required-workflows" + }, + { + "action": "org.restore_member", + "description": "An organization member was restored.", + "docs_reference_links": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization" + }, + { + "action": "org.revoke_external_identity", + "description": "A member's linked identity was revoked.", + "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" + }, + { + "action": "org.revoke_sso_session", + "description": "A member's SAML session was revoked.", + "docs_reference_links": "/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Viewing and managing a member's SAML access to your organization" + }, + { + "action": "org.runner_group_created", + "description": "A self-hosted runner group was created.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_removed", + "description": "A self-hosted runner group was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_renamed", + "description": "A self-hosted runner group was renamed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_runner_removed", + "description": "The REST API was used to remove a self-hosted runner from a group.", + "docs_reference_links": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "runner_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization" + }, + { + "action": "org.runner_group_runners_added", + "description": "A self-hosted runner was added to a group.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_runners_updated", + "description": "A runner group's list of members was updated.", + "docs_reference_links": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "runner_group_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization" + }, + { + "action": "org.runner_group_updated", + "description": "The configuration of a self-hosted runner group was changed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "runner_group_name", + "runner_group_allow_public", + "operation_type", + "created_at", + "runner_group_restricted_to_workflows", + "runner_group_selected_workflow_refs", + "network_configuration_id" + ], + "docs_reference_titles": "Managing access to self-hosted runners using groups" + }, + { + "action": "org.runner_group_visiblity_updated", + "description": "The visibility of a self-hosted runner group was updated via the REST API.", + "docs_reference_links": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_group_id", + "visibility", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/rest/actions#update-a-self-hosted-runner-group-for-an-organization" + }, + { + "action": "org.secret_protection_metered_usage_lock", + "description": "Enablement for Secret Protection features on new repositories has been locked for this organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.secret_protection_metered_usage_unlock", + "description": "Enablement for Secret Protection features on new repositories has been unlocked for this organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org_secret_scanning_automatic_validity_checks.disabled", + "description": "Automatic partner validation checks have been disabled at the organization level", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" + }, + { + "action": "org_secret_scanning_automatic_validity_checks.enabled", + "description": "Automatic partner validation checks have been enabled at the organization level", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization" + }, + { + "action": "org_secret_scanning_custom_pattern.create", + "description": "A custom pattern was created for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.delete", + "description": "A custom pattern was removed from secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.publish", + "description": "A custom pattern was published for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org.secret_scanning_custom_pattern_push_protection_disabled", + "description": "Push protection for a custom pattern for secret scanning was disabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org.secret_scanning_custom_pattern_push_protection_enabled", + "description": "Push protection for a custom pattern for secret scanning was enabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_custom_pattern.update", + "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "org_secret_scanning_generic_secrets.disabled", + "description": "Generic secrets have been disabled at the organization level", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org_secret_scanning_generic_secrets.enabled", + "description": "Generic secrets have been enabled at the organization level", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "org_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_disabled", + "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_enabled", + "description": "The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_custom_message_updated", + "description": "The custom message triggered by an attempted push to a push-protected repository was updated for an organization.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_disable", + "description": "Push protection for secret scanning was disabled.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_enable", + "description": "Push protection for secret scanning was enabled.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_new_repos_disable", + "description": "Push protection for secret scanning was disabled for all new repositories in the organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.secret_scanning_push_protection_new_repos_enable", + "description": "Push protection for secret scanning was enabled for all new repositories in the organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_pattern_configuration.push_protection_setting_changed", + "description": "The push protection setting was updated for a secret type for your organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "push_protection_setting", + "secret_type", + "secret_type_display_name", + "created_at" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org_secret_scanning_push_protection_pattern_configuration.updated", + "description": "The push protection pattern configuration was updated for your organization.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "org.security_center_export_code_scanning_metrics", + "description": "A CSV export was requested on the CodeQL pull request alerts page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_coverage", + "description": "A CSV export was requested on the Coverage page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_overview_dashboard", + "description": "A CSV export was requested on the Overview Dashboard page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_risk", + "description": "A CSV export was requested on the Risk page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.self_hosted_runner_offline", + "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "org.self_hosted_runner_online", + "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "org.self_hosted_runner_updated", + "description": "The runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "source_version", + "target_version", + "runner_group_id", + "runner_group_name" + ], + "docs_reference_titles": "Self-hosted runners" + }, + { + "action": "org.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" + }, + { + "action": "org.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" + }, + { + "action": "org.set_custom_invitation_rate_limit", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" + }, + { + "action": "org.set_fork_pr_workflows_policy", + "description": "The policy for workflows on private repository forks was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "org.sso_response", + "description": "A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "issuer", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "org.transfer", + "description": "An organization was transferred between enterprise accounts.", + "docs_reference_links": "/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "from_business", + "to_business", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.transfer_outgoing", + "description": "An organization was transferred between enterprise accounts.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "from_business", + "to_business", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Adding organizations to your enterprise" + }, + { + "action": "org.unarchive", + "description": "The organization was unarchived.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.unblock_user", + "description": "A user was unblocked from an organization.", + "docs_reference_links": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "blocked_user", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization" + }, + { + "action": "org.update_actions_secret", + "description": "A GitHub Actions secret was updated for an organization.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "key", + "operation_type" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "org.update_actions_settings", + "description": "An organization owner or site administrator updated GitHub Actions policy settings for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "new_policy", + "updated_allowed_types", + "old_policy", + "updated_access_policy" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization" + }, + { + "action": "org.update_actions_variable", + "description": "A GitHub Actions variable was updated for an organization.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "org.update_default_repository_permission", + "description": "The default repository permission level for organization members was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "permission", + "old_permission" + ] + }, + { + "action": "org.update_immutable_releases_settings_policy", + "description": "The settings policy for immutable releases was updated for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_policy", + "new_policy", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.update_integration_secret", + "description": "A Codespaces or Dependabot secret was updated for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "org.update_member", + "description": "A person's role was changed from owner to member or member to owner.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_permission", + "permission", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_creation_permission", + "description": "The create repository permission for organization members was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_invitation_permission", + "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Setting permissions for adding outside collaborators" + }, + { + "action": "org.update_new_repository_default_branch_setting", + "description": "The name of the default branch was changed for new repositories in the organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization" + }, + { + "action": "org.update_repo_self_hosted_runners_policy", + "description": "The repository self-hosted runners policy was updated", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_repo_runners_policy", + "new_repo_runners_policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners" + }, + { + "action": "org.update_saml_provider_settings", + "description": "An organization's SAML provider settings were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sso_url", + "operation_type", + "issuer", + "created_at" + ] + }, + { + "action": "org.update_terms_of_service", + "description": "An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.", + "docs_reference_links": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement" + }, + { + "action": "organization_custom_property_value.create", + "description": "An organization's custom property value was manually set for the first time.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_custom_property_value.destroy", + "description": "An organization's custom property value was deleted.", + "docs_reference_links": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "definition_id", + "property_name", + "value", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-custom-properties-for-organization-in-your-enterprise" + }, + { + "action": "organization_default_label.create", + "description": "A default label was created for repositories in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label" + }, + { + "action": "organization_default_label.destroy", + "description": "A default label was deleted for repositories in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label" + }, + { + "action": "organization_default_label.update", + "description": "A default label was edited for repositories in an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label" + }, + { + "action": "organization_domain.approve", + "description": "A domain was approved for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization" + }, + { + "action": "organization_domain.create", + "description": "A domain was added to an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "domain_name", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" + }, + { + "action": "organization_domain.destroy", + "description": "A domain was removed from an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain" + }, + { + "action": "organization_domain.verify", + "description": "A domain was verified for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "domain_name", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization" + }, + { + "action": "organization_moderators.add_team", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "organization_moderators.add_user", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "organization_moderators.remove_team", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type" + ] + }, + { + "action": "organization_moderators.remove_user", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "organization_projects_change.clear", + "description": "An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for projects in your enterprise" + }, + { + "action": "organization_projects_change.disable", + "description": "Organization projects were disabled for all organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for projects in your enterprise" + }, + { + "action": "organization_projects_change.enable", + "description": "Organization projects were enabled for all organizations in an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for projects in your enterprise" + }, + { + "action": "organization_role.assign", + "description": "An organization role was assigned to a user or team.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "organization_role_id", + "organization_role_name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About custom organization roles" + }, + { + "action": "organization_role.create", + "description": "A custom organization role was created in an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About custom organization roles" + }, + { + "action": "organization_role.destroy", + "description": "A custom organization role was deleted in an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About custom organization roles" + }, + { + "action": "organization_role.revoke", + "description": "A user or team was unassigned an organization role.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "organization_role_id", + "organization_role_name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About custom organization roles" + }, + { + "action": "organization_role.update", + "description": "A custom organization role was edited in an organization.", + "docs_reference_links": "/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "old_role_permissions", + "created_at", + "operation_type", + "actor_is_bot", + "old_base_role" + ], + "docs_reference_titles": "About custom organization roles" + }, + { + "action": "organization_wide_project_base_role.update", + "description": "An organization's default project base role was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "packages.package_deleted", + "description": "An entire package was deleted.", + "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" + }, + { + "action": "packages.package_published", + "description": "A package was published or republished to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "ecosystem", + "version_count", + "is_republished", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "packages.package_version_deleted", + "description": "A specific package version was deleted.", + "docs_reference_links": "/packages/learn-github-packages/deleting-and-restoring-a-package", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "package", + "version", + "operation_type", + "created_at", + "ecosystem", + "actor_is_bot" + ], + "docs_reference_titles": "/packages/learn-github-packages/deleting-and-restoring-a-package" + }, + { + "action": "packages.package_version_published", + "description": "A specific package version was published or republished to a package.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "ecosystem", + "package", + "version", + "is_republished", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "pages_protected_domain.create", + "description": "A GitHub Pages verified domain was created for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.delete", + "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.verify", + "description": "A GitHub Pages domain was verified for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "payment_method.create", + "description": "A new payment method was added, such as a new credit card or PayPal account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "payment_method.remove", + "description": "A payment method was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "payment_method.update", + "description": "An existing payment method was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "personal_access_token.access_granted", + "description": "A fine-grained personal access token was granted access to resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.access_restriction_disabled", + "description": "The configured restriction for access to resources via personal access tokens was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.access_restriction_enabled", + "description": "The configured restriction for access to resources via personal access tokens was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.access_revoked", + "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.auto_approve_grant_requests_disabled", + "description": "Triggered when fine-grained personal access tokens can access organization resources without prior approval.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.auto_approve_grant_requests_enabled", + "description": "Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.expiration_limit_set", + "description": "A personal access token expiration limit was set.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "token_expiration", + "old_token_expiration", + "exempt_administrators", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.expiration_limit_unset", + "description": "A personal access token expiration limit was unset.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_token_expiration", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "personal_access_token.request_cancelled", + "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ] + }, + { + "action": "personal_access_token.request_created", + "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.request_denied", + "description": "A request for a fine-grained personal access token to access organization resources was denied.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "prebuild_configuration.create", + "description": "A GitHub Codespaces prebuild configuration for a repository was created.", + "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "branch", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" + }, + { + "action": "prebuild_configuration.destroy", + "description": "A GitHub Codespaces prebuild configuration for a repository was deleted.", + "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "branch", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" + }, + { + "action": "prebuild_configuration.run_triggered", + "description": "A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.", + "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "branch", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" + }, + { + "action": "prebuild_configuration.update", + "description": "A GitHub Codespaces prebuild configuration for a repository was edited.", + "docs_reference_links": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "branch", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds" + }, + { + "action": "premium_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "private_repository_forking.clear", + "description": "An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "private_repository_forking.disable", + "description": "An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_repository_forking.enable", + "description": "An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "private_vulnerability_reporting.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "profile_picture.update", + "description": "A profile picture was updated.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", + "operation_type" + ], + "docs_reference_titles": "Personalize your profile" + }, + { + "action": "project.access", + "description": "A project board visibility was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_base_role.update", + "description": "A project's base role was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_project_base_role", + "new_project_base_role", + "project_number", + "public_project", + "project_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "project.close", + "description": "A project board was closed.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", + "project_kind" + ], + "docs_reference_titles": "Closing a project (classic)" + }, + { + "action": "project_collaborator.add", + "description": "A collaborator was added to a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type", + "actor_is_bot", + "public_project", + "project_name", + "project_role", + "old_project_role" + ] + }, + { + "action": "project_collaborator.remove", + "description": "A collaborator was removed from a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project_collaborator.update", + "description": "A project collaborator's permission level was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_project", + "project_name", + "collaborator_type", + "project_role", + "old_project_role", + "project_id", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project.create", + "description": "A project board was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.delete", + "description": "A project board was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_field.create", + "description": "A field was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" + }, + { + "action": "project_field.delete", + "description": "A field was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" + }, + { + "action": "project.link", + "description": "A repository was linked to a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.open", + "description": "A project board was reopened.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "operation_type", + "created_at", + "project_kind", + "project_name" + ], + "docs_reference_titles": "Reopening a closed project (classic)" + }, + { + "action": "project.rename", + "description": "A project board was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" + ] + }, + { + "action": "project.unlink", + "description": "A repository was unlinked from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_org_permission", + "description": "The project's base-level permission for all organization members was changed or removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_team_permission", + "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" + ] + }, + { + "action": "project.update_user_permission", + "description": "A user was added to or removed from a project board or had their permission level changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_view.create", + "description": "A view was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project_view.delete", + "description": "A view was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project.visibility_private", + "description": "A project's visibility was changed from public to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "project.visibility_public", + "description": "A project's visibility was changed from private to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "protected_branch.authorized_users_teams", + "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "oauth_application_id" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches" + }, + { + "action": "protected_branch.branch_allowances", + "description": "A protected branch allowance was given to a specific user, team or integration.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "authorized_actors", + "policy", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "protected_branch.create", + "description": "Branch protection was enabled on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at", + "authorized_actor_names", + "required_deployments_enforcement_level", + "merge_queue_enforcement_level", + "create_protected" + ] + }, + { + "action": "protected_branch.destroy", + "description": "Branch protection was disabled on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_deployments_enforcement_level", + "merge_queue_enforcement_level", + "create_protected" + ] + }, + { + "action": "protected_branch.dismiss_stale_reviews", + "description": "Enforcement of dismissing stale pull requests was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "dismiss_stale_reviews_on_push", + "created_at", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.dismissal_restricted_users_teams", + "description": "Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "authorized_actors_only", + "authorized_actors", + "created_at", + "name", + "operation_type" + ] + }, + { + "action": "protected_branch.policy_override", + "description": "A branch protection requirement was overridden by a repository administrator.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "reasons", + "before", + "after", + "operation_type", + "branch", + "overridden_codes", + "referrer", + "deploy_key_fingerprint", + "compliant_pull_request_ids", + "rule_suite_id" + ] + }, + { + "action": "protected_branch.rejected_ref_update", + "description": "A branch update attempt was rejected.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "branch", + "before", + "overridden_codes", + "after", + "reasons", + "deploy_key_fingerprint", + "compliant_pull_request_ids", + "actor_is_bot", + "rule_suite_id" + ] + }, + { + "action": "protected_branch.update_admin_enforced", + "description": "Branch protection was enforced for repository administrators.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "admin_enforced", + "operation_type", + "name", + "created_at" + ] + }, + { + "action": "protected_branch.update_allow_deletions_enforcement_level", + "description": "Branch deletion was enabled or disabled for a protected branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_deletions_enforcement_level", + "created_at" + ] + }, + { + "action": "protected_branch.update_allow_force_pushes_enforcement_level", + "description": "Force pushes were enabled or disabled for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "allow_force_pushes_enforcement_level", + "created_at" + ] + }, + { + "action": "protected_branch.update_ignore_approvals_from_contributors", + "description": "Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "ignore_approvals_from_contributors", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "protected_branch.update_linear_history_requirement_enforcement_level", + "description": "Required linear commit history was enabled or disabled for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "linear_history_requirement_enforcement_level", + "name", + "created_at" + ] + }, + { + "action": "protected_branch.update_lock_allows_fetch_and_merge", + "description": "Fork syncing was enabled or disabled for a read-only branch", + "docs_reference_links": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "lock_allows_fetch_and_merge", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" + }, + { + "action": "protected_branch.update_lock_branch_enforcement_level", + "description": "The enforcement of a branch lock was updated.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "enforcement_level", + "lock_branch_enforcement_level", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch" + }, + { + "action": "protected_branch.update_merge_queue_enforcement_level", + "description": "Enforcement of the merge queue was modified for a branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "merge_queue_enforcement_level", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue" + }, + { + "action": "protected_branch.update_name", + "description": "A branch name pattern was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "old_name", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "protected_branch.update_pull_request_reviews_enforcement_level", + "description": "Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "pull_request_reviews_enforcement_level", + "created_at", + "operation_type" + ] + }, + { + "action": "protected_branch.update_require_code_owner_review", + "description": "Enforcement of required code owner review was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "require_code_owner_review", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.update_require_last_push_approval", + "description": "Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "require_last_push_approval", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging" + }, + { + "action": "protected_branch.update_required_approving_review_count", + "description": "Enforcement of the required number of approvals before merging was updated on a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "required_approving_review_count", + "created_at", + "operation_type", + "name" + ] + }, + { + "action": "protected_branch.update_required_status_checks_enforcement_level", + "description": "Enforcement of required status checks was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "required_status_checks_enforcement_level" + ] + }, + { + "action": "protected_branch.update_signature_requirement_enforcement_level", + "description": "Enforcement of required commit signing was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "created_at", + "signature_requirement_enforcement_level" + ] + }, + { + "action": "protected_branch.update_strict_required_status_checks_policy", + "description": "Enforcement of required status checks was updated for a branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "operation_type", + "strict_required_status_checks_policy" + ] + }, + { + "action": "public_key.create", + "description": "An SSH key was added to a user account or a deploy key was added to a repository.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", + "operation_type", + "created_at", + "key", + "fingerprint", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" + }, + { + "action": "public_key.delete", + "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" + }, + { + "action": "public_key.unverification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "read_only", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.unverify", + "description": "A user account's SSH key or a repository's deploy key was unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", + "fingerprint" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.update", + "description": "A user account's SSH key or a repository's deploy key was updated.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "read_only", + "operation_type", + "created_at", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "oauth_application_id", + "title", + "created_at", + "read_only", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verify", + "description": "A user account's SSH key or a repository's deploy key was verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "key", + "fingerprint", + "title", + "read_only" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "pull_request.close", + "description": "A pull request was closed without being merged.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request" + }, + { + "action": "pull_request.converted_to_draft", + "description": "A pull request was converted to a draft.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft" + }, + { + "action": "pull_request.create", + "description": "A pull request was created.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request" + }, + { + "action": "pull_request.create_review_request", + "description": "A review was requested on a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "reviewer_type", + "reviewer", + "reviewer_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request.in_progress", + "description": "A pull request was marked as in progress.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at" + ] + }, + { + "action": "pull_request.indirect_merge", + "description": "A pull request was considered merged because the pull request's commits were merged into the target branch.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request.merge", + "description": "A pull request was merged.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_bot" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request" + }, + { + "action": "pull_request.ready_for_review", + "description": "A pull request was marked as ready for review.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review" + }, + { + "action": "pull_request.rebase", + "description": "A pull request was rebased.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "pull_request_url", + "pull_request_title", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "pull_request.remove_review_request", + "description": "A review request was removed from a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "reviewer_type", + "reviewer", + "reviewer_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request.reopen", + "description": "A pull request was reopened after previously being closed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request_review_comment.create", + "description": "A review comment was added to a pull request.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "comment_id", + "operation_type", + "created_at", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews" + }, + { + "action": "pull_request_review_comment.delete", + "description": "A review comment on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "comment_id", + "operation_type" + ] + }, + { + "action": "pull_request_review_comment.update", + "description": "A review comment on a pull request was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "comment_id" + ] + }, + { + "action": "pull_request_review.delete", + "description": "A review on a pull request was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url" + ] + }, + { + "action": "pull_request_review.dismiss", + "description": "A review on a pull request was dismissed.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review" + }, + { + "action": "pull_request_review.submit", + "description": "A review on a pull request was submitted.", + "docs_reference_links": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "review_id", + "operation_type", + "created_at", + "pull_request_url", + "actor_is_agent" + ], + "docs_reference_titles": "/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review" + }, + { + "action": "repo.access", + "description": "The visibility of a repository changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility", + "previous_visibility" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" + }, + { + "action": "repo.actions_enabled", + "description": "GitHub Actions was enabled for a repository.", + "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" + }, + { + "action": "repo.add_member", + "description": "A collaborator was added to a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" + ], + "docs_reference_titles": "Inviting collaborators to a personal repository" + }, + { + "action": "repo.add_topic", + "description": "A topic was added to a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" + }, + { + "action": "repo.advanced_security_disabled", + "description": "GitHub Advanced Security was disabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.advanced_security_enabled", + "description": "GitHub Advanced Security was enabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.archived", + "description": "A repository was archived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.change_merge_setting", + "description": "Pull request merge options were changed for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_analysis_deleted", + "description": "Code scanning analysis for a repository was deleted.", + "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "public_repo", + "tool", + "category" + ], + "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" + }, + { + "action": "repo.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_configuration_for_branch_deleted", + "description": "A code scanning configuration for a branch of a repository was deleted.", + "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "tool", + "branch", + "category", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Resolving code scanning alerts" + }, + { + "action": "repo.code_scanning_delegated_alert_dismissal_disabled", + "description": "Prevention of direct alert dismissal for code scanning was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.code_scanning_delegated_alert_dismissal_enabled", + "description": "Prevention of direct alert dismissal for code scanning was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.codeql_disabled", + "description": "Code scanning using the default setup was disabled for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.codeql_enabled", + "description": "Code scanning using the default setup was enabled for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "query_suite", + "threat_model", + "languages" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.codeql_updated", + "description": "Code scanning using the default setup was updated for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query_suite", + "threat_model", + "languages", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Configuring default setup for code scanning" + }, + { + "action": "repo.codespaces_trusted_repo_access_granted", + "description": "GitHub Codespaces was granted trusted repository access to this repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.codespaces_trusted_repo_access_revoked", + "description": "GitHub Codespaces trusted repository access to this repository was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.config.disable_collaborators_only", + "description": "The interaction limit for collaborators only was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_collaborators_only", + "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_contributors_only", + "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_sockpuppet_disallowed", + "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" + }, + { + "action": "repo.create", + "description": "A repository was created.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "request_category", + "created_at", + "oauth_application_id", + "request_method", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" + }, + { + "action": "repo.create_actions_secret", + "description": "A GitHub Actions secret was created for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.create_actions_variable", + "description": "A GitHub Actions variable was created for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.create_integration_secret", + "description": "A Codespaces or Dependabot secret was created for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.destroy", + "description": "A repository was deleted.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "request_category", + "visibility", + "created_at", + "request_method", + "oauth_application_id", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" + }, + { + "action": "repo.download_zip", + "description": "A source code archive of a repository was downloaded as a ZIP file.", + "docs_reference_links": "/repositories/working-with-files/using-files/downloading-source-code-archives", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/working-with-files/using-files/downloading-source-code-archives" + }, + { + "action": "repo.immutable_releases_settings_disabled", + "description": "The setting for immutable releases was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.immutable_releases_settings_enabled", + "description": "The setting for immutable releases was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repo.pages_cname", + "description": "A GitHub Pages custom domain was modified in a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "cname", + "created_at", + "operation_type", + "old_cname" + ] + }, + { + "action": "repo.pages_create", + "description": "A GitHub Pages site was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_destroy", + "description": "A GitHub Pages site was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_https_redirect_disabled", + "description": "HTTPS redirects were disabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_https_redirect_enabled", + "description": "HTTPS redirects were enabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_private", + "description": "A GitHub Pages site visibility was changed to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_public", + "description": "A GitHub Pages site visibility was changed to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_soft_delete", + "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_soft_delete_restore", + "description": "A GitHub Pages site that was previously soft-deleted was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_source", + "description": "A GitHub Pages source was modified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" + ] + }, + { + "action": "repo.register_self_hosted_runner", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "repo.remove_actions_secret", + "description": "A GitHub Actions secret was deleted for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.remove_actions_variable", + "description": "A GitHub Actions variable was deleted for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.remove_integration_secret", + "description": "A Codespaces or Dependabot secret was deleted for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.remove_member", + "description": "A collaborator was removed from a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "Removing a collaborator from a personal repository" + }, + { + "action": "repo.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "repo.remove_topic", + "description": "A topic was removed from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.rename", + "description": "A repository was renamed.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" + }, + { + "action": "repo.rename_branch", + "description": "A branch was renamed.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_branch", + "new_branch", + "default_branch", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch" + }, + { + "action": "repo.restore", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.self_hosted_runner_offline", + "description": "The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "repo.self_hosted_runner_online", + "description": "The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Monitoring and troubleshooting self-hosted runners" + }, + { + "action": "repo.self_hosted_runner_updated", + "description": "The runner application was updated. This event is not included in the JSON/CSV export.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "runner_id", + "runner_name", + "source_version", + "target_version", + "runner_group_id", + "runner_group_name" + ], + "docs_reference_titles": "Self-hosted runners" + }, + { + "action": "repo.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" + }, + { + "action": "repo.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories" + }, + { + "action": "repo.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" + }, + { + "action": "repo.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" + }, + { + "action": "repo.set_fork_pr_workflows_policy", + "description": "Triggered when the policy for workflows on private repository forks is changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" + }, + { + "action": "repo.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "repo.staff_unlock", + "description": "An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.transfer", + "description": "A user accepted a request to receive a transferred repository.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "old_user", + "operation_type", + "created_at", + "visibility", + "repo_was" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" + }, + { + "action": "repo.transfer_outgoing", + "description": "A repository was transferred to another repository network.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "repo.transfer_start", + "description": "A user sent a request to transfer a repository to another user or organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.update_actions_access_settings", + "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "old_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.update_actions_secret", + "description": "A GitHub Actions secret was updated for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.update_actions_settings", + "description": "A repository administrator changed GitHub Actions policy settings for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "new_policy", + "old_policy", + "updated_access_policy", + "actor_is_bot" + ] + }, + { + "action": "repo.update_actions_variable", + "description": "A GitHub Actions variable was updated for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.update_default_branch", + "description": "The default branch for a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "repo.update_integration_secret", + "description": "A Codespaces or Dependabot secret was updated for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.update_member", + "description": "A user's permission to a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "visibility", + "old_permission", + "old_base_role", + "old_repo_permission", + "old_repo_base_role", + "new_repo_base_role", + "new_repo_permission", + "actor_is_bot" + ] + }, + { + "action": "repository_advisory.close", + "description": "Someone closed a security advisory.", + "docs_reference_links": "/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "About repository security advisories" + }, + { + "action": "repository_advisory.cve_request", + "description": "Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repository_advisory.github_broadcast", + "description": "GitHub made a security advisory public in the GitHub Advisory Database.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repository_advisory.github_withdraw", + "description": "GitHub withdrew a security advisory that was published in error.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_advisory.open", + "description": "Someone opened a draft security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repository_advisory.publish", + "description": "Someone published a security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repository_advisory.reopen", + "description": "Someone reopened as draft security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repository_advisory.update", + "description": "Someone edited a draft or published security advisory.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_branch_protection_evaluation.disable", + "description": "Branch protections were disabled for the repository.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "repository_branch_protection_evaluation.enable", + "description": "Branch protections were enabled for this repository.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule" + }, + { + "action": "repository_code_security.disable", + "description": "Code security was disabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_code_security.enable", + "description": "Code security was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_content_analysis.disable", + "description": "Data use settings were disabled for a private repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" + }, + { + "action": "repository_content_analysis.enable", + "description": "Data use settings were enabled for a private repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" + }, + { + "action": "repository_dependency_graph.disable", + "description": "The dependency graph was disabled for a private repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories" + }, + { + "action": "repository_dependency_graph.enable", + "description": "The dependency graph was enabled for a private repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repository_image.create", + "description": "An image to represent a repository was uploaded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "content_type" + ] + }, + { + "action": "repository_image.destroy", + "description": "An image to represent a repository was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.accept", + "description": "An invitation to join a repository was accepted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" + ] + }, + { + "action": "repository_invitation.cancel", + "description": "An invitation to join a repository was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "operation_type", + "invitee", + "created_at" + ] + }, + { + "action": "repository_invitation.create", + "description": "An invitation to join a repository was sent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.reject", + "description": "An invitation to join a repository was declined.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "operation_type", + "created_at", + "inviter" + ] + }, + { + "action": "repository_limit.reached", + "description": "An organization has reached their repository limit.", + "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", + "count", + "owner", + "created_at", + "operation_type" + ], + "docs_reference_titles": "repositories/creating-and-managing-repositories/repository-limits" + }, + { + "action": "repository_limit.warning", + "description": "An organization is approaching their repository limit.", + "docs_reference_links": "repositories/creating-and-managing-repositories/repository-limits", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", + "count", + "owner", + "created_at", + "operation_type" + ], + "docs_reference_titles": "repositories/creating-and-managing-repositories/repository-limits" + }, + { + "action": "repository_projects_change.clear", + "description": "The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for projects in your enterprise" + }, + { + "action": "repository_projects_change.disable", + "description": "Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_projects_change.enable", + "description": "Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_ruleset.create", + "description": "A repository ruleset was created.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_conditions", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" + }, + { + "action": "repository_ruleset.destroy", + "description": "A repository ruleset was deleted.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" + }, + { + "action": "repository_ruleset.update", + "description": "A repository ruleset was edited.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules_updated", + "ruleset_conditions_added", + "ruleset_conditions_deleted", + "ruleset_old_enforcement", + "ruleset_rules_added", + "ruleset_rules_deleted", + "ruleset_old_name", + "ruleset_conditions_updated", + "ruleset_bypass_actors_added", + "ruleset_bypass_actors_deleted", + "ruleset_bypass_actors_updated", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset" + }, + { + "action": "repository_secret_scanning_automatic_validity_checks.disabled", + "description": "Automatic partner validation checks have been disabled at the repository level", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" + }, + { + "action": "repository_secret_scanning_automatic_validity_checks.enabled", + "description": "Automatic partner validation checks have been enabled at the repository level", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository" + }, + { + "action": "repository_secret_scanning_custom_pattern.create", + "description": "A custom pattern was created for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.delete", + "description": "A custom pattern was removed from secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.publish", + "description": "A custom pattern was published for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern_push_protection.disabled", + "description": "Push protection for a custom pattern for secret scanning was disabled for your repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern_push_protection.enabled", + "description": "Push protection for a custom pattern for secret scanning was enabled for your repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning_custom_pattern.update", + "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.", + "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "Defining custom patterns for secret scanning" + }, + { + "action": "repository_secret_scanning.disable", + "description": "Secret scanning was disabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "repository_secret_scanning.enable", + "description": "Secret scanning was enabled for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_secret_scanning_generic_secrets.disabled", + "description": "Generic secrets have been disabled at the repository level", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_secret_scanning_generic_secrets.enabled", + "description": "Generic secrets have been enabled at the repository level", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "repository_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Supported secret scanning patterns" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection.disable", + "description": "Secret scanning push protection was disabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_secret_scanning_push_protection.enable", + "description": "Secret scanning push protection was enabled for a repository.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "repository_security_configuration.applied", + "description": "A code security configuration was applied to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.failed", + "description": "A code security configuration failed to attach to the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.removed", + "description": "A code security configuration was removed from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_security_configuration.removed_by_settings_change", + "description": "A code security configuration was removed due to a change in repository or enterprise settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "repository_security_configuration_state", + "repository_security_configuration_failure_reason", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_visibility_change.clear", + "description": "The repository visibility change setting was cleared for an organization or enterprise.", + "docs_reference_links": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-changes-to-repository-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise" + }, + { + "action": "repository_visibility_change.disable", + "description": "The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_visibility_change.enable", + "description": "The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repository_vulnerability_alert.auto_dismiss", + "description": "A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "public_repo", + "owner", + "created_at", + "operation_type", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name" + ], + "docs_reference_titles": "About Dependabot auto-triage rules" + }, + { + "action": "repository_vulnerability_alert.auto_reopen", + "description": "A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "public_repo", + "owner", + "created_at", + "operation_type", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name" + ], + "docs_reference_titles": "About Dependabot auto-triage rules" + }, + { + "action": "repository_vulnerability_alert.create", + "description": "GitHub created a Dependabot alert because the repository uses a vulnerable dependency.", + "docs_reference_links": "/code-security/dependabot/dependabot-alerts/about-dependabot-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "alert_number" + ], + "docs_reference_titles": "About Dependabot alerts" + }, + { + "action": "repository_vulnerability_alert.dismiss", + "description": "A Dependabot alert was manually dismissed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "alert_id", + "created_at", + "dismiss_reason", + "dismiss_comment", + "alert_number", + "actor_is_bot" + ] + }, + { + "action": "repository_vulnerability_alert.reintroduce", + "description": "A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", + "public_repo", + "owner", + "operation_type", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.reopen", + "description": "A Dependabot alert was manually reopened.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "created_at", + "owner", + "operation_type", + "public_repo", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.resolve", + "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "operation_type", + "created_at", + "alert_number" + ] + }, + { + "action": "repository_vulnerability_alert.withdraw", + "description": "A Dependabot alert was withdrawn.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "alert_id", + "alert_number", + "ghsa_id", + "created_at", + "active", + "public_repo", + "owner", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts.authorized_users_teams", + "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts" + }, + { + "action": "repository_vulnerability_alerts_auto_dismissal.disable", + "description": "Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts_auto_dismissal.enable", + "description": "Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "repository_vulnerability_alerts.disable", + "description": "Dependabot alerts was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_vulnerability_alerts.enable", + "description": "Dependabot alerts was enabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "required_status_check.create", + "description": "A status check was marked as required for a protected branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "context", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" + }, + { + "action": "required_status_check.destroy", + "description": "A status check was no longer marked as required for a protected branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "context", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging" + }, + { + "action": "restrict_notification_delivery.disable", + "description": "Email notification restrictions for an organization or enterprise were disabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" + }, + { + "action": "restrict_notification_delivery.enable", + "description": "Email notification restrictions for an organization or enterprise were enabled.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization, /admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Restricting email notifications for your organization, Restricting email notifications for your enterprise" + }, + { + "action": "role.create", + "description": "A new custom repository role was created.", + "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "owner", + "base_role", + "operation_type", + "role_permissions", + "old_role_permissions" + ], + "docs_reference_titles": "Managing custom repository roles for an organization" + }, + { + "action": "role.destroy", + "description": "A custom repository role was deleted.", + "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "owner", + "role_permissions", + "base_role", + "operation_type" + ], + "docs_reference_titles": "Managing custom repository roles for an organization" + }, + { + "action": "role.update", + "description": "A custom repository role was edited.", + "docs_reference_links": "/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "role_permissions", + "base_role", + "operation_type", + "created_at", + "old_role_permissions", + "old_base_role" + ], + "docs_reference_titles": "Managing custom repository roles for an organization" + }, + { + "action": "secret_scanning_alert.assign", + "description": "A user was assigned to a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.create", + "description": "GitHub detected a secret and created a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.delete", + "description": "A secret scanning alert was deleted by GitHub.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at", + "reason" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.public_leak", + "description": "A secret scanning alert was leaked in a public repo.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.reopen", + "description": "A secret scanning alert was reopened.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "secret_type_display_name" + ] + }, + { + "action": "secret_scanning_alert.report", + "description": "A leaked secret was reported to the secret's provider by secret scanning.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "created_at", + "secret_type_display_name", + "secret_type_provider", + "report_result" + ], + "docs_reference_titles": "Resolving alerts from secret scanning" + }, + { + "action": "secret_scanning_alert.resolve", + "description": "A secret scanning alert was resolved.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "resolution", + "public_repo", + "created_at", + "operation_type", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ] + }, + { + "action": "secret_scanning_alert.revoke", + "description": "A secret scanning alert was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "secret_scanning_alert.unassign", + "description": "A user was unassigned from a secret scanning alert.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "created_at" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_alert.validate", + "description": "A secret scanning alert was validated.", + "docs_reference_links": "/code-security/secret-scanning/managing-alerts-from-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "created_at", + "previous_validity", + "current_validity", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo" + ], + "docs_reference_titles": "Manage secret scanning alerts" + }, + { + "action": "secret_scanning_closure_request.approve", + "description": "A request to close a secret scanning alert was approved by a user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "request_reviewer_comment", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "secret_scanning_closure_request.cancel", + "description": "N/A", + "docs_reference_links": "A reqeust to close a secret scanning alert was canceled by a user.", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "A, reqeust, to, close, a, secret, scanning, alert, was, canceled, by, a, user." + }, + { + "action": "secret_scanning_closure_request.create", + "description": "N/A", + "docs_reference_links": "A user requested to close a secret scanning alert.", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "reason", + "comment", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "A, user, requested, to, close, a, secret, scanning, alert." + }, + { + "action": "secret_scanning_closure_request.deny", + "description": "A request to close a secret scanning alert was denied by a user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "alert_number", + "request_reviewer_comment", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "secret_scanning.disable", + "description": "Secret scanning was disabled for all existing repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning.enable", + "description": "Secret scanning was enabled for all existing repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_new_repos.disable", + "description": "Secret scanning was disabled for all new repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_new_repos.enable", + "description": "Secret scanning was enabled for all new repositories.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "secret_scanning_push_protection.bypass", + "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", + "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "created_at", + "push_protection_bypass_reason", + "secret_type", + "secret_type_display_name", + "publicly_leaked", + "multi_repo", + "request_reviewer", + "request_reviewer_id" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.approve", + "description": "A request to bypass secret scanning push protection was approved by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.cancel", + "description": "A user canceled a request to bypass secret scanning push protection.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, + { + "action": "secret_scanning_push_protection_request.complete", + "description": "A user pushed a commit containing a secret for which there is an approved secret scanning push protection bypass request.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, + { + "action": "secret_scanning_push_protection_request.deny", + "description": "A request to bypass secret scanning push protection was denied by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot", + "request_reviewer_comment" + ], + "docs_reference_titles": "About push protection" + }, + { + "action": "secret_scanning_push_protection_request.request", + "description": "A user requested to bypass secret scanning push protection.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "number", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, + { + "action": "secret_scanning_scan.completed", + "description": "A secret scanning scan has completed on this repository.", + "docs_reference_links": "/code-security/secret-scanning/about-secret-scanning", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "source", + "type", + "source_slug", + "type_slug", + "started_at", + "completed_at", + "public_repo", + "created_at", + "operation_type", + "secret_types", + "custom_pattern_name", + "custom_pattern_scope" + ], + "docs_reference_titles": "About secret scanning" + }, + { + "action": "security_configuration.create", + "description": "A security configuration was created", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_generic_secrets", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "security_configuration_default.delete", + "description": "A default security configuration setting for new repositories was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "default_for_new_private_repos", + "default_for_new_public_repos", + "security_configuration_name", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "security_configuration_default.update", + "description": "A default security configuration setting for new repositories was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "default_for_new_private_repos", + "default_for_new_public_repos", + "security_configuration_name", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "security_configuration.delete", + "description": "A security configuration was deleted", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "security_configuration_policy.update", + "description": "A security configuration policy was updated", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "enforcement", + "security_configuration_name", + "created_at", + "operation_type" + ] + }, + { + "action": "security_configuration.update", + "description": "A security configuration was updated", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "security_configuration_id", + "security_configuration_name", + "security_configuration_description", + "security_configuration_created_at", + "security_configuration_updated_at", + "security_configuration_enable_ghas", + "security_configuration_private_vulnerability_reporting", + "security_configuration_dependency_graph", + "security_configuration_dependabot_alerts", + "security_configuration_dependabot_security_updates", + "security_configuration_code_scanning", + "security_configuration_secret_scanning", + "security_configuration_secret_scanning_push_protection", + "security_configuration_secret_scanning_validity_checks", + "created_at", + "operation_type", + "actor_is_bot", + "security_configuration_dependency_graph_autosubmit_action", + "security_configuration_secret_scanning_non_provider_patterns", + "security_configuration_secret_scanning_delegated_bypass", + "security_configuration_secret_scanning_generic_secrets", + "security_configuration_secret_scanning_delegated_alert_dismissal", + "security_configuration_code_scanning_delegated_alert_dismissal", + "security_configuration_code_security_sku_enabled", + "security_configuration_secret_protection_sku_enabled", + "security_configuration_dependabot_delegated_alert_dismissal" + ] + }, + { + "action": "sponsors.agreement_sign", + "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.custom_amount_settings_change", + "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.fiscal_host_change", + "description": "The fiscal host for a GitHub Sponsors listing was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.invoiced_agreement_sign", + "description": "An agreement for invoiced billing for GitHub Sponsors was signed.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/paying-for-github-sponsors-by-invoice" + }, + { + "action": "sponsors.repo_funding_links_file_action", + "description": "The FUNDING file in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" + }, + { + "action": "sponsors.sponsor_sponsorship_cancel", + "description": "A sponsorship was canceled.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_create", + "description": "A sponsorship was created, by sponsoring an account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_payment_complete", + "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_preference_change", + "description": "The option to receive email updates from a sponsored account was changed.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_tier_change", + "description": "A sponsorship was upgraded or downgraded.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsored_developer_approve", + "description": "A GitHub Sponsors account was approved.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_create", + "description": "A GitHub Sponsors account was created.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_disable", + "description": "A GitHub Sponsors account was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ] + }, + { + "action": "sponsors.sponsored_developer_profile_update", + "description": "The profile for GitHub Sponsors account was edited.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" + }, + { + "action": "sponsors.sponsored_developer_redraft", + "description": "A GitHub Sponsors account was returned to draft state from approved state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.sponsored_developer_request_approval", + "description": "An application for GitHub Sponsors was submitted for approval.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_tier_description_update", + "description": "The description for a sponsorship tier was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.sponsors_patreon_user_create", + "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account" + }, + { + "action": "sponsors.sponsors_patreon_user_destroy", + "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Unlinking your Patreon account from GitHub" + }, + { + "action": "sponsors.update_tier_repository", + "description": "A GitHub Sponsors tier changed access for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.update_tier_welcome_message", + "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.withdraw_agreement_signature", + "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "ssh_certificate_authority.create", + "description": "An SSH certificate authority for an organization or enterprise was created.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "fingerprint", + "operation_type", + "openssh_public_key", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_authority.destroy", + "description": "An SSH certificate authority for an organization or enterprise was deleted.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "fingerprint", + "operation_type", + "openssh_public_key" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_requirement.disable", + "description": "The requirement for members to use SSH certificates to access an organization resources was disabled.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "ssh_certificate_requirement.enable", + "description": "The requirement for members to use SSH certificates to access an organization resources was enabled.", + "docs_reference_links": "/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities, /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-ssh-certificate-authorities-for-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise" + }, + { + "action": "staff.dependabot_debug_credentials_generated", + "description": "Dependabot encrypted config was read.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "staff.set_domain_token_expiration", + "description": "The verification code expiry time for an organization or enterprise domain was set.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "domain_name", + "token_expires_at", + "owner", + "operation_type", + "created_at" + ] + }, + { + "action": "staff.unverify_domain", + "description": "An organization or enterprise domain was unverified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner_type", + "domain_name", + "owner", + "operation_type" + ] + }, + { + "action": "staff.verify_domain", + "description": "An organization or enterprise domain was verified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "domain_name", + "operation_type", + "created_at" + ] + }, + { + "action": "sub_issues.parent_issue_add", + "description": "A parent issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.parent_issue_remove", + "description": "A parent issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_add", + "description": "A sub-issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_remove", + "description": "A sub-issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "team.add_member", + "description": "A member of an organization was added to a team.", + "docs_reference_links": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/adding-organization-members-to-a-team" + }, + { + "action": "team.add_repository", + "description": "A team was given access and permissions to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "team.add_to_organization", + "description": "A team was added to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team_type", + "team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "team.change_parent_team", + "description": "A child team was created or a child team's parent was changed.", + "docs_reference_links": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy" + }, + { + "action": "team.change_privacy", + "description": "A team's privacy level was changed.", + "docs_reference_links": "/organizations/organizing-members-into-teams/changing-team-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "created_at", + "operation_type", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/changing-team-visibility" + }, + { + "action": "team.create", + "description": "A new team is created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "team", + "created_at", + "team_type" + ] + }, + { + "action": "team.demote_maintainer", + "description": "A user was demoted from a team maintainer to a team member.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member" + }, + { + "action": "team.destroy", + "description": "A team was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type", + "team_type" + ] + }, + { + "action": "team_discussions.clear", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team_discussions.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team_discussions.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team_group_mapping.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" + ] + }, + { + "action": "team_group_mapping.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "team", + "created_at" + ] + }, + { + "action": "team_group_mapping.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" + ] + }, + { + "action": "team.promote_maintainer", + "description": "A user was promoted from a team member to a team maintainer.", + "docs_reference_links": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer" + }, + { + "action": "team.remove_from_organization", + "description": "A team was removed from an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team_type", + "team", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "team.remove_member", + "description": "An organization member was removed from a team.", + "docs_reference_links": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "team", + "team_type" + ], + "docs_reference_titles": "/organizations/organizing-members-into-teams/removing-organization-members-from-a-team" + }, + { + "action": "team.remove_repository", + "description": "A repository was removed from a team's control.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "team", + "operation_type" + ] + }, + { + "action": "team.rename", + "description": "A team's name was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "team", + "operation_type", + "team_type" + ] + }, + { + "action": "team_sync_tenant.disabled", + "description": "Team synchronization with a tenant was disabled.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" + }, + { + "action": "team_sync_tenant.enabled", + "description": "Team synchronization with a tenant was enabled.", + "docs_reference_links": "/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization, /admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise" + }, + { + "action": "team_sync_tenant.update_okta_credentials", + "description": "The Okta credentials for team synchronization with a tenant were changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "team.update_repository_permission", + "description": "A team's permission to a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "team", + "old_permission", + "operation_type", + "created_at", + "permission", + "new_repo_permission", + "new_repo_base_role", + "old_repo_permission", + "old_repo_base_role" + ] + }, + { + "action": "user_content_edit.delete", + "description": "Triggered when a user content edit is deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_content_id", + "user_content_type", + "created_at", + "deleted_by", + "editor_id", + "deleted_at", + "editor", + "deleted_by_id", + "deleted_content", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.create", + "description": "A Dependabot rule was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.delete", + "description": "A Dependabot rule was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.disable", + "description": "A Dependabot rule was disabled for a single repository or disabled by default for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.enable", + "description": "A Dependabot rule was enabled for a single repository or enabled by default for an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.force_disable", + "description": "A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.force_enable", + "description": "A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "vulnerability_alert_rule.update", + "description": "A Dependabot rule's conditions, actions, or metadata changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "vulnerability_alert_rule_id", + "vulnerability_alert_rule_name", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.bypass_protection_rules", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.cancel_workflow_run", + "description": "A workflow run was cancelled.", + "docs_reference_links": "/actions/managing-workflow-runs/canceling-a-workflow", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "run_number", + "cancelled_at", + "workflow_id", + "operation_type", + "trigger_id", + "public_repo" + ], + "docs_reference_titles": "Canceling a workflow run" + }, + { + "action": "workflows.comment_workflow_job", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.completed_workflow_run", + "description": "A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "completed_at", + "conclusion", + "run_number", + "workflow_id", + "operation_type", + "trigger_id", + "run_attempt", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Viewing workflow run history" + }, + { + "action": "workflows.created_workflow_run", + "description": "A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/learn-github-actions/understanding-github-actions#create-an-example-workflow", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "workflow_id", + "operation_type", + "trigger_id", + "public_repo", + "actor_is_bot", + "actor_is_agent" + ], + "docs_reference_titles": "Understanding GitHub Actions" + }, + { + "action": "workflows.delete_workflow_run", + "description": "A workflow run was deleted.", + "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "workflow_run_id", + "started_at", + "head_branch", + "head_sha", + "trigger_id" + ], + "docs_reference_titles": "Deleting a workflow run" + }, + { + "action": "workflows.disable_workflow", + "description": "A workflow was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "workflows.enable_workflow", + "description": "A workflow was enabled, after previously being disabled by disable_workflow.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "workflows.prepared_workflow_job", + "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/actions/using-workflows/events-that-trigger-workflows", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "job_name", + "runner_labels", + "is_hosted_runner", + "environment_name", + "secrets_passed", + "operation_type", + "created_at", + "runner_owner_type", + "job_workflow_ref", + "calling_workflow_refs", + "calling_workflow_shas", + "imposer_repo" + ], + "docs_reference_titles": "Events that trigger workflows" + }, + { + "action": "workflows.reject_workflow_job", + "description": "A workflow job was rejected.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.rerun_workflow_run", + "description": "A workflow run was re-run.", + "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "started_at", + "event", + "name", + "workflow_run_id", + "head_branch", + "head_sha", + "run_number", + "workflow_id", + "operation_type", + "trigger_id", + "run_attempt", + "rerun_type", + "check_run_id", + "actor_is_bot" + ], + "docs_reference_titles": "Re-running workflows and jobs" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + } +] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.20/user.json b/src/audit-logs/data/ghes-3.20/user.json new file mode 100644 index 000000000000..554d93629caf --- /dev/null +++ b/src/audit-logs/data/ghes-3.20/user.json @@ -0,0 +1,13895 @@ +[ + { + "action": "account.billing_date_change", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "account.plan_change", + "description": "The account's plan changed.", + "docs_reference_links": "/billing/managing-the-plan-for-your-github-account/about-billing-for-plans", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "How GitHub billing works" + }, + { + "action": "account_recovery_token.confirm", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "account_recovery_token.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "account_recovery_token.recover", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "actions_cache.delete", + "description": "A GitHub Actions cache was deleted using the REST API.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "actions_cache_id", + "actions_cache_key", + "actions_cache_version", + "actions_cache_scope", + "created_at", + "operation_type" + ] + }, + { + "action": "artifact.destroy", + "description": "A workflow run artifact was manually deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing.budget_create", + "description": "A billing budget was created for a business or organization. Includes details about the budget limit, alerting preferences, and recipients.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "pricing_target_type", + "pricing_target_id", + "budget_limit_type", + "alert_recipient_user_ids", + "exclude_cost_center_usage" + ] + }, + { + "action": "billing.budget_delete", + "description": "A billing budget was deleted for a business or organization. Includes details about the removed budget and any alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "uuid", + "status", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "billing.budget_update", + "description": "A billing budget was updated for a business or organization. Includes details about the updated limit and alerting settings.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "customer_id", + "target_amount", + "target_type", + "target_id", + "alert_enabled", + "status", + "created_at", + "operation_type", + "actor_is_bot", + "old_target_amount", + "old_budget_limit_type", + "old_alert_enabled", + "old_target_id", + "old_pricing_target_type", + "old_pricing_target_id" + ] + }, + { + "action": "billing.change_billing_type", + "description": "The way the account pays for GitHub was changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing.change_email", + "description": "The billing email address changed.", + "docs_reference_links": "/billing/managing-your-github-billing-settings/setting-your-billing-email", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "email" + ], + "docs_reference_titles": "Managing your payment and billing information" + }, + { + "action": "billing_customer.azure_subscription_linked", + "description": "Azure subscription has been linked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing_customer.azure_subscription_unlinked", + "description": "Azure subscription has been unlinked on this account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "billing.lock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "billing.overage_policy_updated", + "description": "The premium request paid usage policy for your GitHub account was changed.", + "docs_reference_links": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/copilot/how-tos/manage-and-track-spending/manage-request-allowances#setting-a-policy-for-paid-usage" + }, + { + "action": "billing.unlock", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "billing.update_bill_cycle_day", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "business.security_center_export_code_scanning_metrics", + "description": "A CSV export was requested on the \"CodeQL pull request alerts\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_coverage", + "description": "A CSV export was requested on the \"Coverage\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_overview_dashboard", + "description": "A CSV export was requested on the \"Overview Dashboard\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.security_center_export_risk", + "description": "A CSV export was requested on the \"Risk\" page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "business.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_fork_pr_approvals_policy", + "description": "The policy for requiring approvals for workflows from public forks was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_fork_pr_workflows_policy", + "description": "The policy for fork pull request workflows was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "business.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.", + "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Enforcing policies for GitHub Actions in your enterprise" + }, + { + "action": "checks.auto_trigger_disabled", + "description": "Automatic creation of check suites was disabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.auto_trigger_enabled", + "description": "Automatic creation of check suites was enabled on a repository in the organization or enterprise.", + "docs_reference_links": "/rest/checks#update-repository-preferences-for-check-suites", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "/rest/checks#update-repository-preferences-for-check-suites" + }, + { + "action": "checks.delete_logs", + "description": "Logs in a check suite were deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "codespaces.allow_permissions", + "description": "A codespace using custom permissions from its devcontainer.json file was launched.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "origin_repository", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.connect", + "description": "Credentials for a codespace were refreshed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ] + }, + { + "action": "codespaces.create", + "description": "A codespace was created", + "docs_reference_links": "/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at", + "actor_is_bot", + "machine_type", + "devcontainer_path" + ], + "docs_reference_titles": "Creating a codespace for a repository" + }, + { + "action": "codespaces.destroy", + "description": "A user deleted a codespace.", + "docs_reference_links": "/codespaces/developing-in-codespaces/deleting-a-codespace", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "pull_request_id", + "owner", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Deleting a codespace" + }, + { + "action": "codespaces.export_environment", + "description": "A codespace was exported to a branch on GitHub.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "owner", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "codespaces.restore", + "description": "A codespace was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.start_environment", + "description": "A codespace was started.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "owner", + "pull_request_id", + "machine_type", + "devcontainer_path", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "codespaces.suspend_environment", + "description": "A codespace was stopped.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "codespaces.trusted_repositories_access_update", + "description": "A personal account's access and security setting for Codespaces were updated.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "copilot.cfb_seat_added", + "description": "A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_created", + "description": "A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.", + "docs_reference_links": "/copilot/overview-of-github-copilot/about-github-copilot-for-business", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "What is GitHub Copilot?" + }, + { + "action": "copilot.cfb_seat_assignment_refreshed", + "description": "A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_reused", + "description": "A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_assignment_unassigned", + "description": "A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.cfb_seat_cancelled", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "seat_assignment" + ] + }, + { + "action": "copilot.cfb_seat_cancelled_by_staff", + "description": "A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_disabled", + "description": "Specific repositories were disabled from using Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enabled", + "description": "Specific repositories were enabled to use Copilot coding agent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner_type", + "owner", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "copilot.swe_agent_repo_enablement_updated", + "description": "Copilot coding agent access was updated for the organization's or user's repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_access", + "old_access", + "owner_type", + "owner", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "custom_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_alerts.disable", + "description": "Dependabot alerts were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts.enable", + "description": "Dependabot alerts were enabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories" + }, + { + "action": "dependabot_alerts_new_repos.disable", + "description": "Dependabot alerts were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_alerts_new_repos.enable", + "description": "Dependabot alerts were enabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added" + }, + { + "action": "dependabot_repository_access.repositories_updated", + "description": "The repositories that Dependabot can access were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependabot_security_updates.disable", + "description": "Dependabot security updates were disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates.enable", + "description": "Dependabot security updates were enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependabot_security_updates_new_repos.disable", + "description": " Dependabot security updates were disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependabot_security_updates_new_repos.enable", + "description": "Dependabot security updates were enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "dependency_graph.disable", + "description": "The dependency graph was disabled for all existing repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph.enable", + "description": "The dependency graph was enabled for all existing repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "dependency_graph_new_repos.disable", + "description": "The dependency graph was disabled for all new repositories.", + "docs_reference_links": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization" + }, + { + "action": "dependency_graph_new_repos.enable", + "description": "The dependency graph was enabled for all new repositories.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "environment.add_protection_rule", + "description": "A GitHub Actions deployment protection rule was created via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "environment.create_actions_secret", + "description": "A secret was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.create_actions_variable", + "description": "A variable was created for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.delete", + "description": "An environment was deleted.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_secret", + "description": "A secret was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.remove_actions_variable", + "description": "A variable was deleted for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.remove_protection_rule", + "description": "A GitHub Actions deployment protection rule was deleted via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_secret", + "description": "A secret was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "visibility", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "environment.update_actions_variable", + "description": "A variable was updated for a GitHub Actions environment.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "environment_name", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "environment.update_protection_rule", + "description": "A GitHub Actions deployment protection rule was updated via the API.", + "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_value", + "approvers_was", + "approvers", + "can_admins_bypass", + "prevent_self_review" + ], + "docs_reference_titles": "Managing environments for deployment" + }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "gist_id", + "created_at", + "operation_type", + "visibility" + ] + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "gist_id", + "visibility", + "created_at", + "operation_type" + ] + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "gist_id", + "visibility", + "created_at" + ] + }, + { + "action": "git_signing_ssh_public_key.create", + "description": "An SSH key was added to a user account as a Git commit signing key.", + "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "git_signing_ssh_public_key.delete", + "description": "An SSH key was removed from a user account as a Git commit signing key.", + "docs_reference_links": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "explanation", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key" + }, + { + "action": "github_hosted_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "github_hosted_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "github_hosted_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "gpg_key.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "hook.active_changed", + "description": "A hook's active status was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "events", + "active", + "active_was", + "hook_id", + "operation_type" + ] + }, + { + "action": "hook.config_changed", + "description": "A hook's configuration was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "hook_id", + "created_at", + "oauth_application_id", + "events" + ] + }, + { + "action": "hook.create", + "description": "A new hook was added.", + "docs_reference_links": "/get-started/exploring-integrations/about-webhooks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "hook_id", + "events", + "operation_type", + "name", + "created_at" + ], + "docs_reference_titles": "About webhooks" + }, + { + "action": "hook.destroy", + "description": "A hook was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "created_at", + "name", + "operation_type", + "oauth_application_id", + "hook_id" + ] + }, + { + "action": "hook.events_changed", + "description": "A hook's configured events were changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "events", + "operation_type", + "name", + "events_were", + "created_at", + "hook_id", + "oauth_application_id" + ] + }, + { + "action": "integration.create", + "description": "A GitHub App was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "integration", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.destroy", + "description": "A GitHub App was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.generate_client_secret", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration_installation.create", + "description": "A GitHub App was installed.", + "docs_reference_links": "/apps/using-github-apps/authorizing-github-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "name", + "repository_selection", + "created_at", + "integration", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/authorizing-github-apps" + }, + { + "action": "integration_installation.destroy", + "description": "A GitHub App was uninstalled.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "repository_selection", + "integration", + "operation_type", + "name", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.repositories_added", + "description": "Repositories were added to a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "repository_selection", + "name", + "integration", + "operation_type", + "repositories_added", + "created_at", + "repositories_added_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation.repositories_removed", + "description": "Repositories were removed from a GitHub App.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "repository_selection", + "repositories_removed", + "integration", + "created_at", + "name", + "repositories_removed_names", + "actor_is_bot", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access" + }, + { + "action": "integration_installation.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "repository_selection", + "integration", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access" + }, + { + "action": "integration_installation.version_updated", + "description": "Permissions for a GitHub App were updated.", + "docs_reference_links": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "integration", + "name", + "operation_type", + "created_at", + "repository_selection", + "application_client_id" + ], + "docs_reference_titles": "/apps/using-github-apps/approving-updated-permissions-for-a-github-app" + }, + { + "action": "integration.manager_added", + "description": "A member of an enterprise or organization was added as a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "name", + "manager", + "operation_type", + "integration" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization" + }, + { + "action": "integration.manager_removed", + "description": "A member of an enterprise or organization was removed from being a GitHub App manager.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "integration", + "name", + "created_at", + "manager" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization" + }, + { + "action": "integration.remove_client_secret", + "description": "A client secret for a GitHub App was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at" + ] + }, + { + "action": "integration.revoke_all_tokens", + "description": "All user tokens for a GitHub App were requested to be revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.revoke_tokens", + "description": "Token(s) for a GitHub App were revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "operation_type", + "created_at", + "application_client_id" + ] + }, + { + "action": "integration.suspend", + "description": "A GitHub App was suspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "integration.transfer", + "description": "Ownership of a GitHub App was transferred to another user or organization.", + "docs_reference_links": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "transfer_to_id", + "requester", + "requester_id", + "created_at", + "transfer_to", + "operation_type", + "integration", + "transfer_from", + "transfer_from_id", + "transfer_from_type", + "transfer_to_type" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/transferring-ownership-of-a-github-app" + }, + { + "action": "integration.unsuspend", + "description": "A GitHub App was unsuspended.", + "docs_reference_links": "/apps/maintaining-github-apps/suspending-a-github-app-installation", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "integration", + "created_at", + "operation_type", + "application_client_id" + ], + "docs_reference_titles": "/apps/maintaining-github-apps/suspending-a-github-app-installation" + }, + { + "action": "issue_dependencies.blocked_by_add", + "description": "An issue was marked as blocked by another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocked_by_remove", + "description": "The blocked by relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "issue_dependencies.blocking_add", + "description": "An issue was marked as blocking another issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "issue_dependencies.blocking_remove", + "description": "The blocking relationship between an issue and another issue was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "marketplace_agreement_signature.create", + "description": "The GitHub Marketplace Developer Agreement was signed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.approve", + "description": "A listing was approved for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "primary_category", + "operation_type", + "created_at", + "marketplace_listing", + "integration" + ] + }, + { + "action": "marketplace_listing.change_category", + "description": "A category for a listing for an app in GitHub Marketplace was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "marketplace_listing", + "integration", + "secondary_category", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.create", + "description": "A listing for an app in GitHub Marketplace was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "created_at", + "oauth_application", + "marketplace_listing", + "secondary_category", + "oauth_application_id", + "operation_type" + ] + }, + { + "action": "marketplace_listing.delist", + "description": "A listing was removed from GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "secondary_category", + "operation_type", + "marketplace_listing", + "primary_category", + "integration" + ] + }, + { + "action": "marketplace_listing_plan.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "marketplace_listing", + "has_free_trial", + "yearly_price_in_cents", + "description", + "bullets", + "monthly_price_in_cents", + "marketplace_listing_plan" + ] + }, + { + "action": "marketplace_listing_plan.publish", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", + "marketplace_listing", + "description", + "bullets", + "has_free_trial", + "created_at", + "operation_type", + "monthly_price_in_cents", + "yearly_price_in_cents" + ] + }, + { + "action": "marketplace_listing_plan.retire", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "marketplace_listing_plan", + "description", + "yearly_price_in_cents", + "created_at", + "bullets", + "has_free_trial", + "marketplace_listing", + "monthly_price_in_cents", + "operation_type" + ] + }, + { + "action": "marketplace_listing_plan.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "monthly_price_in_cents", + "marketplace_listing", + "description", + "bullets", + "yearly_price_in_cents", + "has_free_trial", + "marketplace_listing_plan", + "operation_type", + "created_at" + ] + }, + { + "action": "marketplace_listing.redraft", + "description": "A listing was sent back to draft state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "secondary_category", + "oauth_application_id", + "operation_type", + "oauth_application", + "created_at", + "marketplace_listing", + "primary_category" + ] + }, + { + "action": "marketplace_listing.reject", + "description": "A listing was not accepted for inclusion in GitHub Marketplace.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "primary_category", + "secondary_category", + "marketplace_listing", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "merge_queue.pull_request_dequeued", + "description": "A pull request was removed from a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.pull_request_queue_jump", + "description": "A pull request was moved ahead in a merge queue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.queue_cleared", + "description": "A merge queue was cleared.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "merge_queue.update_settings", + "description": "The settings for a merge queue were updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "max_entries_to_build", + "min_entries_to_merge", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "metered_billing_configuration.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "metered_billing_configuration.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "migration.create", + "description": "A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "oauth_access.create", + "description": "An OAuth access token was generated.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, /authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps, Managing your personal access tokens" + }, + { + "action": "oauth_access.destroy", + "description": "An OAuth access token was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "oauth_access.regenerate", + "description": "An OAuth access token was regenerated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_name" + ] + }, + { + "action": "oauth_access.revoke", + "description": "An OAuth access token was revoked.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "oauth_access.update", + "description": "An OAuth access token was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "oauth_application.create", + "description": "An OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.destroy", + "description": "An OAuth application was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "oauth_application" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.generate_client_secret", + "description": "An OAuth application's secret key was generated.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.remove_client_secret", + "description": "An OAuth application's secret key was deleted.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.reset_secret", + "description": "The secret key for an OAuth application was reset.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "operation_type", + "created_at", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_all_tokens", + "description": "All user tokens for an OAuth application were requested to be revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application", + "oauth_application_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.revoke_tokens", + "description": "Token(s) for an OAuth application were revoked.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "oauth_application", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_application.transfer", + "description": "An OAuth application was transferred from one account to another.", + "docs_reference_links": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "oauth_application", + "oauth_application_id" + ], + "docs_reference_titles": "/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app" + }, + { + "action": "oauth_authorization.create", + "description": "An authorization for an OAuth application was created.", + "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "oauth_authorization.destroy", + "description": "An authorization for an OAuth application was deleted.", + "docs_reference_links": "/apps/using-github-apps/reviewing-your-authorized-integrations", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "explanation", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "Reviewing and revoking authorization of GitHub Apps" + }, + { + "action": "oauth_authorization.update", + "description": "An authorization for an OAuth application was updated.", + "docs_reference_links": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot", + "oauth_application_name" + ], + "docs_reference_titles": "/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps" + }, + { + "action": "org.add_member", + "description": "A user joined an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "org.add_outside_collaborator", + "description": "An outside collaborator was added to a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "public_repo", + "permission", + "invitee", + "created_at", + "operation_type" + ] + }, + { + "action": "org.advanced_security_disabled_for_new_repos", + "description": "GitHub Advanced Security was disabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_disabled_on_all_repos", + "description": "GitHub Advanced Security was disabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_for_new_repos", + "description": "GitHub Advanced Security was enabled for new repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.advanced_security_enabled_on_all_repos", + "description": "GitHub Advanced Security was enabled for all repositories in an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "org.remove_member", + "description": "A member was removed from an organization, either manually or due to a two-factor authentication requirement.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "org.security_center_export_code_scanning_metrics", + "description": "A CSV export was requested on the CodeQL pull request alerts page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_coverage", + "description": "A CSV export was requested on the Coverage page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_overview_dashboard", + "description": "A CSV export was requested on the Overview Dashboard page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "start_date", + "end_date", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.security_center_export_risk", + "description": "A CSV export was requested on the Risk page.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "query", + "filename", + "requested_at", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "org.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/managing-github-actions-settings-for-your-organization" + }, + { + "action": "org.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks" + }, + { + "action": "org.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in an organization was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization" + }, + { + "action": "org.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization" + }, + { + "action": "org.set_fork_pr_workflows_policy", + "description": "The policy for workflows on private repository forks was changed.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks" + }, + { + "action": "org.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.", + "docs_reference_links": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "org.update_member", + "description": "A person's role was changed from owner to member or member to owner.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_permission", + "permission", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_creation_permission", + "description": "The create repository permission for organization members was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "org.update_member_repository_invitation_permission", + "description": "An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.", + "docs_reference_links": "/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "permission", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Setting permissions for adding outside collaborators" + }, + { + "action": "pages_protected_domain.create", + "description": "A GitHub Pages verified domain was created for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.delete", + "description": "A GitHub Pages verified domain was deleted from an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "pages_protected_domain.verify", + "description": "A GitHub Pages domain was verified for an organization or enterprise.", + "docs_reference_links": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "owner_type", + "domain", + "state", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages" + }, + { + "action": "passkey.register", + "description": "A new passkey was added.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "nickname", + "created_at", + "operation_type" + ] + }, + { + "action": "passkey.remove", + "description": "A new passkey was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "nickname", + "created_at", + "operation_type" + ] + }, + { + "action": "payment_method.create", + "description": "A new payment method was added, such as a new credit card or PayPal account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "payment_method.remove", + "description": "A payment method was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "payment_method.update", + "description": "An existing payment method was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "personal_access_token.access_granted", + "description": "A fine-grained personal access token was granted access to resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.access_revoked", + "description": "A fine-grained personal access token was revoked. The token can still read public organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.create", + "description": "Triggered when you create a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.credential_regenerated", + "description": "Triggered when you regenerate a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.credential_revoked", + "description": "A fine-grained personal access token was revoked by GitHub Advanced Security.", + "docs_reference_links": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/code-security/getting-started/github-security-features#secret-scanning-alerts-for-users" + }, + { + "action": "personal_access_token.destroy", + "description": "Triggered when you delete a fine-grained personal access token.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "explanation", + "created_at", + "operation_type" + ] + }, + { + "action": "personal_access_token.request_cancelled", + "description": "A pending request for a fine-grained personal access token to access organization resources was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ] + }, + { + "action": "personal_access_token.request_created", + "description": "Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_id", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.request_denied", + "description": "A request for a fine-grained personal access token to access organization resources was denied.", + "docs_reference_links": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type", + "user_programmatic_access_request_id" + ], + "docs_reference_titles": "/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization" + }, + { + "action": "personal_access_token.update", + "description": "A fine-grained personal access token was updated.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "user_programmatic_access_name", + "repository_selection", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens" + }, + { + "action": "premium_runner.create", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "premium_runner.update", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "runner_group_id", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.disable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "private_vulnerability_reporting_new_repos.enable", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "profile_picture.update", + "description": "A profile picture was updated.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "owner", + "operation_type" + ], + "docs_reference_titles": "Personalize your profile" + }, + { + "action": "project.access", + "description": "A project board visibility was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.close", + "description": "A project board was closed.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "project_id", + "project_kind" + ], + "docs_reference_titles": "Closing a project (classic)" + }, + { + "action": "project_collaborator.add", + "description": "A collaborator was added to a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type", + "actor_is_bot", + "public_project", + "project_name", + "project_role", + "old_project_role" + ] + }, + { + "action": "project_collaborator.remove", + "description": "A collaborator was removed from a project.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "collaborator_type", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project_collaborator.update", + "description": "A project collaborator's permission level was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_project", + "project_name", + "collaborator_type", + "project_role", + "old_project_role", + "project_id", + "collaborator", + "created_at", + "operation_type" + ] + }, + { + "action": "project.create", + "description": "A project board was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.delete", + "description": "A project board was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_field.create", + "description": "A field was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields" + }, + { + "action": "project_field.delete", + "description": "A field was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields" + }, + { + "action": "project.link", + "description": "A repository was linked to a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.open", + "description": "A project board was reopened.", + "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/reopening-a-closed-project-board", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "operation_type", + "created_at", + "project_kind", + "project_name" + ], + "docs_reference_titles": "Reopening a closed project (classic)" + }, + { + "action": "project.rename", + "description": "A project board was renamed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "old_name", + "operation_type" + ] + }, + { + "action": "project.unlink", + "description": "A repository was unlinked from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_org_permission", + "description": "The project's base-level permission for all organization members was changed or removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project.update_team_permission", + "description": "A team's project board permission level was changed or when a team was added or removed from a project board.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "team" + ] + }, + { + "action": "project.update_user_permission", + "description": "A user was added to or removed from a project board or had their permission level changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "project_view.create", + "description": "A view was created in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project_view.delete", + "description": "A view was deleted in a project board.", + "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views" + }, + { + "action": "project.visibility_private", + "description": "A project's visibility was changed from public to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "project.visibility_public", + "description": "A project's visibility was changed from private to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "project_id", + "created_at", + "operation_type", + "project_kind", + "project_name" + ] + }, + { + "action": "protected_branch.update_merge_queue_enforcement_level", + "description": "Enforcement of the merge queue was modified for a branch.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "merge_queue_enforcement_level", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue" + }, + { + "action": "public_key.create", + "description": "An SSH key was added to a user account or a deploy key was added to a repository.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "read_only", + "operation_type", + "created_at", + "key", + "fingerprint", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account" + }, + { + "action": "public_key.delete", + "description": "An SSH key was removed from a user account or a deploy key was removed from a repository.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "fingerprint", + "read_only", + "explanation", + "key", + "operation_type", + "title", + "created_at" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys" + }, + { + "action": "public_key.unverification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "key", + "fingerprint", + "read_only", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.unverify", + "description": "A user account's SSH key or a repository's deploy key was unverified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "title", + "key", + "read_only", + "explanation", + "fingerprint" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.update", + "description": "A user account's SSH key or a repository's deploy key was updated.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "read_only", + "operation_type", + "created_at", + "title" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verification_failure", + "description": "A user account's SSH key or a repository's deploy key was unable to be verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "fingerprint", + "oauth_application_id", + "title", + "created_at", + "read_only", + "operation_type" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "public_key.verify", + "description": "A user account's SSH key or a repository's deploy key was verified.", + "docs_reference_links": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "key", + "fingerprint", + "title", + "read_only" + ], + "docs_reference_titles": "/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys" + }, + { + "action": "repo.access", + "description": "The visibility of a repository changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility", + "previous_visibility" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility" + }, + { + "action": "repo.actions_enabled", + "description": "GitHub Actions was enabled for a repository.", + "docs_reference_links": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api" + }, + { + "action": "repo.add_member", + "description": "A collaborator was added to a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "created_at", + "operation_type", + "oauth_application_id" + ], + "docs_reference_titles": "Inviting collaborators to a personal repository" + }, + { + "action": "repo.add_topic", + "description": "A topic was added to a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics" + }, + { + "action": "repo.advanced_security_disabled", + "description": "GitHub Advanced Security was disabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.advanced_security_enabled", + "description": "GitHub Advanced Security was enabled for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository" + }, + { + "action": "repo.archived", + "description": "A repository was archived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.change_merge_setting", + "description": "Pull request merge options were changed for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "repo.code_scanning_analysis_deleted", + "description": "Code scanning analysis for a repository was deleted.", + "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at", + "public_repo", + "tool", + "category" + ], + "docs_reference_titles": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" + }, + { + "action": "repo.code_scanning_configuration_for_branch_deleted", + "description": "A code scanning configuration for a branch of a repository was deleted.", + "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "tool", + "branch", + "category", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Resolving code scanning alerts" + }, + { + "action": "repo.config.disable_collaborators_only", + "description": "The interaction limit for collaborators only was disabled.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_contributors_only", + "description": "The interaction limit for prior contributors only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.disable_sockpuppet_disallowed", + "description": "The interaction limit for existing users only was disabled in a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_collaborators_only", + "description": "The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_contributors_only", + "description": "The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.config.enable_sockpuppet_disallowed", + "description": "The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.", + "docs_reference_links": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository" + }, + { + "action": "repo.configure_self_hosted_jit_runner", + "description": "A new just-in-time GitHub Actions self-hosted runner was configured", + "docs_reference_links": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository" + }, + { + "action": "repo.create", + "description": "A repository was created.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/creating-a-new-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "request_category", + "created_at", + "oauth_application_id", + "request_method", + "public_repo", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/creating-a-new-repository" + }, + { + "action": "repo.create_actions_secret", + "description": "A GitHub Actions secret was created for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.create_actions_variable", + "description": "A GitHub Actions variable was created for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.create_integration_secret", + "description": "A Codespaces or Dependabot secret was created for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.destroy", + "description": "A repository was deleted.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/deleting-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "request_category", + "visibility", + "created_at", + "request_method", + "oauth_application_id", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/deleting-a-repository" + }, + { + "action": "repo.pages_cname", + "description": "A GitHub Pages custom domain was modified in a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "cname", + "created_at", + "operation_type", + "old_cname" + ] + }, + { + "action": "repo.pages_create", + "description": "A GitHub Pages site was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_destroy", + "description": "A GitHub Pages site was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_https_redirect_disabled", + "description": "HTTPS redirects were disabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_https_redirect_enabled", + "description": "HTTPS redirects were enabled for a GitHub Pages site.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "visibility", + "operation_type" + ] + }, + { + "action": "repo.pages_private", + "description": "A GitHub Pages site visibility was changed to private.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_public", + "description": "A GitHub Pages site visibility was changed to public.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.pages_soft_delete", + "description": "A GitHub Pages site was soft-deleted because its owner's plan changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_soft_delete_restore", + "description": "A GitHub Pages site that was previously soft-deleted was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.pages_source", + "description": "A GitHub Pages source was modified.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "visibility", + "created_at" + ] + }, + { + "action": "repo.register_self_hosted_runner", + "description": "A new self-hosted runner was registered.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Adding self-hosted runners" + }, + { + "action": "repo.remove_actions_secret", + "description": "A GitHub Actions secret was deleted for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.remove_actions_variable", + "description": "A GitHub Actions variable was deleted for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.remove_integration_secret", + "description": "A Codespaces or Dependabot secret was deleted for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.remove_member", + "description": "A collaborator was removed from a repository.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "Removing a collaborator from a personal repository" + }, + { + "action": "repo.remove_self_hosted_runner", + "description": "A self-hosted runner was removed.", + "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Removing self-hosted runners" + }, + { + "action": "repo.remove_topic", + "description": "A topic was removed from a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "topic", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.rename", + "description": "A repository was renamed.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/renaming-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "created_at", + "operation_type", + "visibility" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/renaming-a-repository" + }, + { + "action": "repo.restore", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "repo.set_actions_cache_retention_policy", + "description": "The cache retention policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_cache_storage_policy", + "description": "The cache storage policy for GitHub Actions was set for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository" + }, + { + "action": "repo.set_actions_fork_pr_approvals_policy", + "description": "The setting for requiring approvals for workflows from public forks was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "created_at", + "operation_type", + "public_repo" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks" + }, + { + "action": "repo.set_actions_private_fork_pr_approvals_policy", + "description": "The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories" + }, + { + "action": "repo.set_actions_retention_limit", + "description": "The retention period for GitHub Actions artifacts and logs in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "limit", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository" + }, + { + "action": "repo.set_default_workflow_permissions", + "description": "The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository" + }, + { + "action": "repo.set_fork_pr_workflows_policy", + "description": "Triggered when the policy for workflows on private repository forks is changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks" + }, + { + "action": "repo.set_workflow_permission_can_approve_pr", + "description": "The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests" + }, + { + "action": "repo.staff_unlock", + "description": "An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.temporary_access_granted", + "description": "Temporary access was enabled for a repository.", + "docs_reference_links": "/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Accessing user-owned repositories in your enterprise" + }, + { + "action": "repo.transfer", + "description": "A user accepted a request to receive a transferred repository.", + "docs_reference_links": "/repositories/creating-and-managing-repositories/transferring-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "owner", + "old_user", + "operation_type", + "created_at", + "visibility", + "repo_was" + ], + "docs_reference_titles": "/repositories/creating-and-managing-repositories/transferring-a-repository" + }, + { + "action": "repo.transfer_outgoing", + "description": "A repository was transferred to another repository network.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "new_nwo", + "visibility", + "created_at", + "operation_type", + "public_repo" + ] + }, + { + "action": "repo.transfer_start", + "description": "A user sent a request to transfer a repository to another user or organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ] + }, + { + "action": "repo.unarchived", + "description": "A repository was unarchived.", + "docs_reference_links": "/repositories/archiving-a-github-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "visibility" + ], + "docs_reference_titles": "/repositories/archiving-a-github-repository" + }, + { + "action": "repo.update_actions_access_settings", + "description": "The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "policy", + "old_policy", + "created_at", + "operation_type" + ] + }, + { + "action": "repo.update_actions_secret", + "description": "A GitHub Actions secret was updated for a repository.", + "docs_reference_links": "/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "key", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Using secrets in GitHub Actions" + }, + { + "action": "repo.update_actions_settings", + "description": "A repository administrator changed GitHub Actions policy settings for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "new_policy", + "old_policy", + "updated_access_policy", + "actor_is_bot" + ] + }, + { + "action": "repo.update_actions_variable", + "description": "A GitHub Actions variable was updated for a repository.", + "docs_reference_links": "/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "public_repo", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Store information in variables" + }, + { + "action": "repo.update_default_branch", + "description": "The default branch for a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "visibility", + "operation_type", + "created_at", + "actor_is_bot" + ] + }, + { + "action": "repo.update_integration_secret", + "description": "A Codespaces or Dependabot secret was updated for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "repo.update_member", + "description": "A user's permission to a repository was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type", + "visibility", + "old_permission", + "old_base_role", + "old_repo_permission", + "old_repo_base_role", + "new_repo_base_role", + "new_repo_permission", + "actor_is_bot" + ] + }, + { + "action": "repository_image.create", + "description": "An image to represent a repository was uploaded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "content_type" + ] + }, + { + "action": "repository_image.destroy", + "description": "An image to represent a repository was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "content_type", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.accept", + "description": "An invitation to join a repository was accepted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "invitee", + "operation_type", + "inviter" + ] + }, + { + "action": "repository_invitation.cancel", + "description": "An invitation to join a repository was canceled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "inviter", + "operation_type", + "invitee", + "created_at" + ] + }, + { + "action": "repository_invitation.create", + "description": "An invitation to join a repository was sent.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "inviter", + "created_at", + "operation_type" + ] + }, + { + "action": "repository_invitation.reject", + "description": "An invitation to join a repository was declined.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "invitee", + "operation_type", + "created_at", + "inviter" + ] + }, + { + "action": "repository_ruleset.create", + "description": "A repository ruleset was created.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_conditions", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository" + }, + { + "action": "repository_ruleset.destroy", + "description": "A repository ruleset was deleted.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules", + "ruleset_bypass_actors" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset" + }, + { + "action": "repository_ruleset.update", + "description": "A repository ruleset was edited.", + "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_name", + "public_repo", + "created_at", + "operation_type", + "ruleset_id", + "ruleset_name", + "ruleset_enforcement", + "ruleset_source_type", + "ruleset_rules_updated", + "ruleset_conditions_added", + "ruleset_conditions_deleted", + "ruleset_old_enforcement", + "ruleset_rules_added", + "ruleset_rules_deleted", + "ruleset_old_name", + "ruleset_conditions_updated", + "ruleset_bypass_actors_added", + "ruleset_bypass_actors_deleted", + "ruleset_bypass_actors_updated", + "actor_is_bot" + ], + "docs_reference_titles": "/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset" + }, + { + "action": "security_key.register", + "description": "A security key was registered for an account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "security_key.remove", + "description": "A security key was removed from an account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "social_identity.linked", + "description": "A user linked a social identity to their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "social_identity.unlinked", + "description": "A user unlinked a social identity from their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "social_identity.unlinked_all", + "description": "A user unlinked all social identities from their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.agreement_sign", + "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.custom_amount_settings_change", + "description": "Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.fiscal_host_change", + "description": "The fiscal host for a GitHub Sponsors listing was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.repo_funding_links_file_action", + "description": "The FUNDING file in a repository was changed.", + "docs_reference_links": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository" + }, + { + "action": "sponsors.sponsor_sponsorship_cancel", + "description": "A sponsorship was canceled.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_create", + "description": "A sponsorship was created, by sponsoring an account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_payment_complete", + "description": "After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "active", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/about-sponsorships-fees-and-taxes" + }, + { + "action": "sponsors.sponsor_sponsorship_preference_change", + "description": "The option to receive email updates from a sponsored account was changed.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship" + }, + { + "action": "sponsors.sponsor_sponsorship_tier_change", + "description": "A sponsorship was upgraded or downgraded.", + "docs_reference_links": "/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship, /billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Upgrading a sponsorship, Downgrading a sponsorship" + }, + { + "action": "sponsors.sponsored_developer_approve", + "description": "A GitHub Sponsors account was approved.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_create", + "description": "A GitHub Sponsors account was created.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_disable", + "description": "A GitHub Sponsors account was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "operation_type", + "created_at" + ] + }, + { + "action": "sponsors.sponsored_developer_profile_update", + "description": "The profile for GitHub Sponsors account was edited.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors" + }, + { + "action": "sponsors.sponsored_developer_redraft", + "description": "A GitHub Sponsors account was returned to draft state from approved state.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.sponsored_developer_request_approval", + "description": "An application for GitHub Sponsors was submitted for approval.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.sponsored_developer_tier_description_update", + "description": "The description for a sponsorship tier was changed.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers" + }, + { + "action": "sponsors.sponsored_developer_update_newsletter_send", + "description": "Triggered when you send an email update to your sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors" + }, + { + "action": "sponsors.sponsors_patreon_user_create", + "description": "A Patreon account was linked to a user account for use with GitHub Sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/enabling-sponsorships-through-patreon#linking-your-patreon-account-to-your-github-account" + }, + { + "action": "sponsors.sponsors_patreon_user_destroy", + "description": "A Patreon account for use with GitHub Sponsors was unlinked from a user account.", + "docs_reference_links": "/sponsors/sponsoring-open-source-contributors/unlinking-your-patreon-account-from-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "patreon_email", + "patreon_username", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Unlinking your Patreon account from GitHub" + }, + { + "action": "sponsors.update_tier_repository", + "description": "A GitHub Sponsors tier changed access for a repository.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.update_tier_welcome_message", + "description": "The welcome message for a GitHub Sponsors tier for an organization was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sponsors.waitlist_join", + "description": "You join the waitlist to join GitHub Sponsors.", + "docs_reference_links": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account" + }, + { + "action": "sponsors.withdraw_agreement_signature", + "description": "A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "sponsors_listing_id", + "created_at", + "operation_type" + ] + }, + { + "action": "sub_issues.parent_issue_add", + "description": "A parent issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.parent_issue_remove", + "description": "A parent issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_add", + "description": "A sub-issue was added to an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "sub_issues.sub_issue_remove", + "description": "A sub-issue was removed from an issue.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "title", + "public_repo", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "successor_invitation.accept", + "description": "Triggered when you accept a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.cancel", + "description": "Triggered when you cancel a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.create", + "description": "Triggered when you create a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.decline", + "description": "Triggered when you decline a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "successor_invitation.destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "successor_invitation.revoke", + "description": "Triggered when you revoke a succession invitation.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Maintaining ownership continuity of your personal account's repositories" + }, + { + "action": "trusted_device.register", + "description": "A new trusted device was added.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "trusted_device.remove", + "description": "A trusted device was removed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.abort", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.complete", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.ignore", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_approve", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "two_factor_account_recovery.staff_decline", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.start", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_account_recovery.two_factor_destroy", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.add_factor", + "description": "A secondary authentication factor was added to a user account.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" + }, + { + "action": "two_factor_authentication.disabled", + "description": "Two-factor authentication was disabled for a user account.", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Disabling two-factor authentication for your personal account" + }, + { + "action": "two_factor_authentication.enabled", + "description": "Two-factor authentication was enabled for a user account.", + "docs_reference_links": "https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Configuring two-factor authentication" + }, + { + "action": "two_factor_authentication.password_reset_fallback_sms", + "description": "A one-time password code was sent to a user account fallback phone number.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.recovery_codes_regenerated", + "description": "Two factor recovery codes were regenerated for a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.remove_factor", + "description": "A secondary authentication factor was removed from a user account.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" + }, + { + "action": "two_factor_authentication.sign_in_fallback_sms", + "description": "A one-time password code was sent to a user account fallback phone number.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "two_factor_authentication.update_fallback", + "description": "The two-factor authentication fallback for a user account was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.add_email", + "description": "An email address was added to a user account.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "email", + "created_at" + ], + "docs_reference_titles": "Adding an email address to your GitHub account" + }, + { + "action": "user.async_delete", + "description": "An asynchronous job was started to destroy a user account, eventually triggering a user.delete event.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.audit_log_export", + "description": "Audit log entries were exported.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.block_user", + "description": "A user was blocked by another user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "blocked_user", + "operation_type", + "created_at" + ] + }, + { + "action": "user.change_password", + "description": "A user changed their password.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.codespaces_trusted_repo_access_granted", + "description": "Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "user.codespaces_trusted_repo_access_revoked", + "description": "Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.", + "docs_reference_links": "/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Managing access to other repositories within your codespace" + }, + { + "action": "user.create", + "description": "A new user account was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "email", + "operation_type", + "created_at" + ] + }, + { + "action": "user.create_integration_secret", + "description": "A user secret for Codespaces was created.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.creation_rate_limit_exceeded", + "description": "The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "oauth_application_id" + ] + }, + { + "action": "user.delete", + "description": "A user account was destroyed by an asynchronous job.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.demote", + "description": "A site administrator was demoted to an ordinary user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "created_at", + "operation_type" + ] + }, + { + "action": "user.destroy", + "description": "A user deleted his or her account, triggering user.async_delete.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.device_verification_failure", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.device_verification_requested", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.device_verification_success", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_collaborators_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_contributors_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.disable_sockpuppet_disallowed", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user_email.confirm_claim", + "description": "An enterprise managed user claimed an email address.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "user_email.mark_as_unclaimed", + "description": "N/A", + "docs_reference_links": "An enterprise managed user unclaimed an email address.", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type", + "actor_is_bot" + ], + "docs_reference_titles": "An, GitHub Help Documentation, managed, user, unclaimed, an, email, address." + }, + { + "action": "user.enable_collaborators_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.enable_contributors_only", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.enable_sockpuppet_disallowed", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.failed_login", + "description": "A user tried to sign in with an incorrect username, password, or two-factor authentication code.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.forgot_password", + "description": "A user requested a password reset.", + "docs_reference_links": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "email", + "created_at" + ], + "docs_reference_titles": "/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials" + }, + { + "action": "user.grant_github_developer", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.hide_private_contributions_count", + "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "Manage visibility settings for private contributions" + }, + { + "action": "user.login", + "description": "A user signed in.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "passkey_nickname" + ] + }, + { + "action": "user.logout", + "description": "A user signed out.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.new_device_used", + "description": "A user signed in from a new device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.promote", + "description": "An ordinary user account was promoted to a site administrator.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "oauth_application_id", + "operation_type" + ] + }, + { + "action": "user.recreate", + "description": "A user's account was restored.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.remove_email", + "description": "An email address was removed from a user account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "email" + ] + }, + { + "action": "user.remove_integration_secret", + "description": "A user secret for Codespaces was deleted.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.rename", + "description": "A username was changed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "old_login", + "created_at", + "operation_type" + ] + }, + { + "action": "user.reset_password", + "description": "A user reset their account password.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user_session.country_change", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.show_private_contributions_count", + "description": "A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ], + "docs_reference_titles": "Manage visibility settings for private contributions" + }, + { + "action": "user.sign_in_from_unrecognized_device", + "description": "A user signed in from an unrecognized device.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.sign_in_from_unrecognized_device_and_location", + "description": "A user signed in from an unrecognized device and location.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user_status.destroy", + "description": "Triggered when you clear the status on your profile.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "message", + "created_at", + "limited_availability", + "emoji", + "operation_type" + ] + }, + { + "action": "user_status.update", + "description": "Triggered when you set or change the status on your profile.", + "docs_reference_links": "/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "limited_availability", + "message", + "created_at", + "emoji", + "operation_type" + ], + "docs_reference_titles": "Personalize your profile" + }, + { + "action": "user.suspend", + "description": "A user account was suspended.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "user.toggle_warn_private_email", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_challenge_failure", + "description": "A 2FA challenge issued for a user account failed.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_challenge_success", + "description": "A 2FA challenge issued for a user account succeeded.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recover", + "description": "A user used their 2FA recovery codes.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_downloaded", + "description": "A user downloaded 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_printed", + "description": "A user printed 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at" + ] + }, + { + "action": "user.two_factor_recovery_codes_viewed", + "description": "A user viewed 2FA recovery codes for their account.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "user.two_factor_requested", + "description": "A user was prompted for a two-factor authentication code.", + "docs_reference_links": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ], + "docs_reference_titles": "/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication" + }, + { + "action": "user.unblock_user", + "description": "A user was unblocked by another user.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "blocked_user", + "operation_type", + "created_at" + ] + }, + { + "action": "user.unsuspend", + "description": "A user account was unsuspended.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "oauth_application_id", + "operation_type", + "created_at" + ] + }, + { + "action": "user.update_integration_secret", + "description": "A user secret for Codespaces was updated.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "key", + "visibility", + "integration", + "created_at", + "operation_type" + ] + }, + { + "action": "user.update_new_repository_default_branch_setting", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.approve_workflow_job", + "description": "A workflow job was approved.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.bypass_protection_rules", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.comment_workflow_job", + "description": "N/A", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "public_repo", + "created_at", + "operation_type" + ] + }, + { + "action": "workflows.delete_workflow_run", + "description": "A workflow run was deleted.", + "docs_reference_links": "/actions/managing-workflow-runs/deleting-a-workflow-run", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "operation_type", + "created_at", + "workflow_run_id", + "started_at", + "head_branch", + "head_sha", + "trigger_id" + ], + "docs_reference_titles": "Deleting a workflow run" + }, + { + "action": "workflows.disable_workflow", + "description": "A workflow was disabled.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo", + "actor_is_bot" + ] + }, + { + "action": "workflows.enable_workflow", + "description": "A workflow was enabled, after previously being disabled by disable_workflow.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_id", + "operation_type", + "created_at", + "public_repo" + ] + }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + }, + { + "action": "workflows.reject_workflow_job", + "description": "A workflow job was rejected.", + "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "workflow_run_id", + "run_number", + "operation_type", + "created_at", + "public_repo" + ], + "docs_reference_titles": "Reviewing deployments" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A", + "fields": [ + "@timestamp", + "_document_id", + "action", + "actor", + "actor_id", + "business", + "business_id", + "hashed_token", + "org", + "org_id", + "programmatic_access_type", + "repo", + "repo_id", + "repository", + "repository_id", + "request_access_security_header", + "request_id", + "token_id", + "token_scopes", + "user", + "user_id", + "user_agent", + "public_repo", + "workflow_id", + "created_at", + "operation_type", + "actor_is_bot" + ] + } +] \ No newline at end of file diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 85618ccea817..1d889e99bd88 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -9,5 +9,5 @@ "git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.", "sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change." }, - "sha": "8efd989592ccb44cd746d9715ae6a69c87a8af8d" + "sha": "6fbd793fd982298d46c7481b7d66f7f3623fb5f0" } \ No newline at end of file diff --git a/src/audit-logs/lib/index.ts b/src/audit-logs/lib/index.ts index b81158f63979..a9f47194ca9a 100644 --- a/src/audit-logs/lib/index.ts +++ b/src/audit-logs/lib/index.ts @@ -31,11 +31,61 @@ export function getCategoryNotes(): CategoryNotes { return auditLogConfig.categoryNotes || {} } -type TitleResolutionContext = Context & { +export type TitleResolutionContext = Context & { pages: Record redirects: Record } +// Resolves docs_reference_links URLs to markdown links +export async function resolveReferenceLinksToMarkdown( + docsReferenceLinks: string, + context: TitleResolutionContext, +): Promise { + if (!docsReferenceLinks || docsReferenceLinks === 'N/A') { + return '' + } + + // Handle multiple comma-separated or space-separated links + const links = docsReferenceLinks + .split(/[,\s]+/) + .map((link) => link.trim()) + .filter((link) => link && link !== 'N/A') + + const markdownLinks = [] + for (const link of links) { + try { + const page = findPage(link, context.pages, context.redirects) + if (page) { + // Create a minimal context for rendering the title + const renderContext = { + currentLanguage: 'en', + currentVersion: 'free-pro-team@latest', + pages: context.pages, + redirects: context.redirects, + } as unknown as Context + const title = await page.renderProp('title', renderContext, { textOnly: true }) + markdownLinks.push(`[${title}](${link})`) + } else { + // If we can't resolve the link, use the original URL + markdownLinks.push(link) + } + } catch (error) { + // If resolution fails, use the original URL + console.warn( + `Failed to resolve title for link: ${link}`, + error instanceof Error + ? error instanceof Error + ? error.message + : String(error) + : String(error), + ) + markdownLinks.push(link) + } + } + + return markdownLinks.join(', ') +} + // Resolves docs_reference_links URLs to page titles async function resolveReferenceLinksToTitles( docsReferenceLinks: string, @@ -159,12 +209,14 @@ export async function filterByAllowlistValues({ currentEvents = [], pipelineConfig, titleContext, + globalFields = [], }: { eventsToCheck: RawAuditLogEventT[] allowListValues: string | string[] currentEvents?: AuditLogEventT[] pipelineConfig: PipelineConfig titleContext?: TitleResolutionContext + globalFields?: string[] }) { if (!Array.isArray(allowListValues)) allowListValues = [allowListValues] if (!currentEvents) currentEvents = [] @@ -180,11 +232,18 @@ export async function filterByAllowlistValues({ if (seen.has(event.action)) continue seen.add(event.action) + // Merge global fields with event-specific fields + const mergedFields = event.fields + ? [...new Set([...globalFields, ...event.fields])] + : globalFields.length > 0 + ? [...globalFields] + : undefined + const minimal: AuditLogEventT = { action: event.action, description: processAndGetEventDescription(event, eventAllowlists, pipelineConfig), docs_reference_links: event.docs_reference_links, - fields: event.fields, + fields: mergedFields, } // Resolve reference link titles if context is provided @@ -240,6 +299,7 @@ export async function filterAndUpdateGhesDataByAllowlistValues({ pipelineConfig, auditLogPage, titleContext, + globalFields = [], }: { eventsToCheck: RawAuditLogEventT[] allowListValue: string @@ -247,6 +307,7 @@ export async function filterAndUpdateGhesDataByAllowlistValues({ pipelineConfig: PipelineConfig auditLogPage: string titleContext?: TitleResolutionContext + globalFields?: string[] }) { if (!currentGhesEvents) currentGhesEvents = {} @@ -266,11 +327,21 @@ export async function filterAndUpdateGhesDataByAllowlistValues({ if (seenByGhesVersion.get(fullGhesVersion)?.has(event.action)) continue if (ghesVersionAllowlists.includes(allowListValue)) { + // Get event-specific fields (prefer GHES version fields, fall back to base fields) + const eventFields = event.ghes[ghesVersion].fields || event.fields + + // Merge global fields with event-specific fields + const mergedFields = eventFields + ? [...new Set([...globalFields, ...eventFields])] + : globalFields.length > 0 + ? [...globalFields] + : undefined + const minimal: AuditLogEventT = { action: event.action, description: processAndGetEventDescription(event, ghesVersionAllowlists, pipelineConfig), docs_reference_links: event.docs_reference_links, - fields: event.ghes[ghesVersion].fields || event.fields, + fields: mergedFields, } // Resolve reference link titles if context is provided diff --git a/src/audit-logs/scripts/sync.ts b/src/audit-logs/scripts/sync.ts index a1ebc977230f..9be6dd6c2358 100755 --- a/src/audit-logs/scripts/sync.ts +++ b/src/audit-logs/scripts/sync.ts @@ -50,6 +50,22 @@ async function main() { const schemaEvents = JSON.parse(await getContents(owner, repo, ref, schemaFilePath)) const mainSha = await getCommitSha(owner, repo, `heads/${ref}`) + // Fetch fields.json to get global fields that should be included in all events + const fieldsFilePath = 'allowlists/fields.json' + const fieldsData = JSON.parse(await getContents(owner, repo, ref, fieldsFilePath)) + + // Extract global fields (excluding those gated by feature flags) + if (!fieldsData.global?.include) { + console.warn('Warning: fieldsData.global.include not found, no global fields will be added') + } + type FieldsIncludeEntry = { fields: string[]; feature_flag?: string } + const globalFields: string[] = + fieldsData.global?.include + ?.filter((entry: FieldsIncludeEntry) => !entry.feature_flag) + ?.flatMap((entry: FieldsIncludeEntry) => entry.fields) || [] + + console.log(`Loaded ${globalFields.length} global fields from fields.json`) + const configFilepath = `src/audit-logs/lib/config.json` const pipelineConfig = JSON.parse(await readFile(configFilepath, 'utf8')) pipelineConfig.sha = mainSha @@ -90,6 +106,7 @@ async function main() { currentEvents, pipelineConfig, titleContext, + globalFields, }) // Wrapper around filterGhesByAllowlistValues() because we always need all the // schema events and pipeline config data. @@ -105,6 +122,7 @@ async function main() { pipelineConfig, auditLogPage, titleContext, + globalFields, }) auditLogData.fpt = {} diff --git a/src/audit-logs/tests/unit/filter-events.ts b/src/audit-logs/tests/unit/filter-events.ts index 84064ac08091..8448289abd53 100644 --- a/src/audit-logs/tests/unit/filter-events.ts +++ b/src/audit-logs/tests/unit/filter-events.ts @@ -81,6 +81,99 @@ describe('audit log event filtering', () => { expect(filteredEvents.length).toBe(0) }) + test('merges global fields with event-specific fields', async () => { + const eventsToProcess: RawAuditLogEventT[] = [ + { + action: 'repo.create', + _allowlists: ['user'], + description: 'repo was created', + docs_reference_links: '', + ghes: {}, + fields: ['repo', 'repo_id'], + }, + ] + + const filteredEvents = await filterByAllowlistValues({ + eventsToCheck: eventsToProcess, + allowListValues: 'user', + currentEvents: [], + pipelineConfig: { sha: '', appendedDescriptions: {} }, + globalFields: ['@timestamp', 'action'], + }) + expect(filteredEvents[0].fields).toEqual( + expect.arrayContaining(['@timestamp', 'action', 'repo', 'repo_id']), + ) + expect(filteredEvents[0].fields?.length).toBe(4) + }) + + test('deduplicates global fields already present in event fields', async () => { + const eventsToProcess: RawAuditLogEventT[] = [ + { + action: 'repo.create', + _allowlists: ['user'], + description: 'repo was created', + docs_reference_links: '', + ghes: {}, + fields: ['action', 'repo'], + }, + ] + + const filteredEvents = await filterByAllowlistValues({ + eventsToCheck: eventsToProcess, + allowListValues: 'user', + currentEvents: [], + pipelineConfig: { sha: '', appendedDescriptions: {} }, + globalFields: ['@timestamp', 'action'], + }) + expect(filteredEvents[0].fields).toEqual( + expect.arrayContaining(['@timestamp', 'action', 'repo']), + ) + expect(filteredEvents[0].fields?.length).toBe(3) + }) + + test('uses only global fields when event has no fields', async () => { + const eventsToProcess: RawAuditLogEventT[] = [ + { + action: 'code_scanning.alert_created', + _allowlists: ['user'], + description: 'alert was created', + docs_reference_links: '', + ghes: {}, + }, + ] + + const filteredEvents = await filterByAllowlistValues({ + eventsToCheck: eventsToProcess, + allowListValues: 'user', + currentEvents: [], + pipelineConfig: { sha: '', appendedDescriptions: {} }, + globalFields: ['@timestamp', 'action'], + }) + expect(filteredEvents[0].fields).toEqual(['@timestamp', 'action']) + }) + + test('handles empty globalFields array', async () => { + const eventsToProcess: RawAuditLogEventT[] = [ + { + action: 'repo.create', + _allowlists: ['user'], + description: 'repo was created', + docs_reference_links: '', + ghes: {}, + fields: ['repo', 'repo_id'], + }, + ] + + const filteredEvents = await filterByAllowlistValues({ + eventsToCheck: eventsToProcess, + allowListValues: 'user', + currentEvents: [], + pipelineConfig: { sha: '', appendedDescriptions: {} }, + globalFields: [], + }) + expect(filteredEvents[0].fields).toEqual(['repo', 'repo_id']) + }) + test('ghes filters and updates multiple ghes versions', async () => { const eventsToProcess: RawAuditLogEventT[] = [ { diff --git a/src/automated-pipelines/README.md b/src/automated-pipelines/README.md index 1021cb35ca4d..c7798de6890c 100644 --- a/src/automated-pipelines/README.md +++ b/src/automated-pipelines/README.md @@ -53,3 +53,150 @@ Slack: `#docs-engineering` Repo: `github/docs-engineering` If you have a question about automation pipelines, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with one of the automation pipelines, you can open an issue in the `github/docs-engineering` repository. + +## Sample Pipeline Template + +### Basic pipeline structure + +``` +src// +├── README.md # Pipeline documentation +├── scripts/ +│ └── sync.ts # Main sync script +├── data/ # Generated structured data (optional) +│ ├── fpt/ +│ ├── ghec/ +│ └── ghes-*/ +├── lib/ # Utilities and helpers +├── components/ # React components (if needed) +├── pages/ # Next.js pages (if needed) +└── tests/ # Pipeline-specific tests +### Minimal sync script example + +```typescript +// scripts/sync.ts +import { Command } from 'commander' + +const program = new Command() + .description('Sync data') + .option('--source-branch ', 'Source repo branch', 'main') + .parse() + +const opts = program.opts() + +async function main() { + // 1. Fetch data from external source + // 2. Transform data + // 3. Write to data/ directory (or generate Markdown) + // 4. Validate output +} + +main() +``` + +### Workflow example + +```yaml +# .github/workflows/sync-.yml +name: Sync + +on: + workflow_dispatch: + inputs: + SOURCE_BRANCH: + description: 'Branch to sync from' + default: 'main' + schedule: + - cron: '16 20 * * *' # Daily + +jobs: + sync: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: npm ci + - run: npm run sync- +``` + +## Ownership Table + +| Pipeline | Owning Team | Source Data Owner | Sync Frequency | +|----------|-------------|-------------------|----------------| +| REST | Docs Engineering | API Platform | Daily | +| GraphQL | Docs Engineering | API Platform | Daily | +| Webhooks | Docs Engineering | API Platform | Daily | +| CodeQL CLI | Docs Engineering | Code Scanning | Per release | +| GitHub Apps | Docs Engineering | Integrations | Daily | +| Audit Logs | Docs Engineering | Enterprise | Daily | +| Secret Scanning | Docs Engineering | Security | Daily | + +## Migration Status + +### Active pipelines (✅ Production) +- REST API - Fully automated, daily sync +- GraphQL API - Fully automated, daily sync +- Webhooks - Fully automated, daily sync +- GitHub Apps - Fully automated, daily sync +- Secret Scanning - Fully automated, daily sync +- Audit Logs - Fully automated, daily sync + +### Manual sync per release +- CodeQL CLI - Manual sync per release + +### Legacy pipelines (📦 To migrate) +- None currently identified + +### Migration patterns + +When migrating manual content to automated pipelines: +1. **Audit existing content** - Document current structure +2. **Source data analysis** - Identify gaps between source and docs +3. **Data enrichment** - Work with source team to add missing fields +4. **Scraping phase** - Temporarily scrape existing content to preserve prose +5. **Gradual migration** - Migrate section by section +6. **Validation** - Compare old vs new output +7. **Deprecate manual** - Remove manual content once automated is stable + +## Shared Components + +Components in `src/automated-pipelines/components/` available for reuse: +- Parameter tables +- Response schemas +- Code example formatting +- Common layout patterns + +## Testing Strategy + +### Automated pipeline tests + +All autogenerated pages tested in `src/automated-pipelines/tests/rendering.ts`: +- Page renders without errors +- Required sections present +- Links are valid +- Schema validation + +### Pipeline-specific tests + +Each pipeline in `src//tests/` should test: +- Data transformation logic +- Schema validation +- Version handling +- Edge cases specific to that pipeline + +### Testing locally + +```bash +# Run all automated pipeline tests +npm run test -- src/automated-pipelines/tests + +# Run specific pipeline tests +npm run test -- src//tests +``` + +We are not expecting significant investment here, but we will add and support pipelines as needed to meet business needs. + +### Developer experience +- Pipeline scaffolding tool +- Validation helpers +- Testing fixtures +- Documentation generator diff --git a/src/automated-pipelines/components/AutomatedPageContext.tsx b/src/automated-pipelines/components/AutomatedPageContext.tsx index 50efe899b9f2..7f567ae55cd0 100644 --- a/src/automated-pipelines/components/AutomatedPageContext.tsx +++ b/src/automated-pipelines/components/AutomatedPageContext.tsx @@ -1,6 +1,8 @@ import { createContext, useContext } from 'react' +import type { IncomingMessage } from 'http' import type { JSX } from 'react' import type { MiniTocItem } from '@/frame/components/context/ArticleContext' +import type { Context } from '@/types' export type AutomatedPageContextT = { title: string @@ -25,15 +27,35 @@ export const useAutomatedPageContext = (): AutomatedPageContextT => { return context } -export const getAutomatedPageContextFromRequest = (req: any): AutomatedPageContextT => { - const page = req.context.page +type AutomatedPageContextRequest = { context?: Partial } | IncomingMessage + +type AutomatedPage = { + title: string + intro: string + product?: string + permissions?: string + rawPermissions?: string +} + +export const getAutomatedPageContextFromRequest = ( + req: AutomatedPageContextRequest, +): AutomatedPageContextT => { + const context = 'context' in req ? ((req.context as Partial | undefined) ?? {}) : {} + const page = context.page as AutomatedPage | undefined + + if (!page) { + throw new Error('"getAutomatedPageContextFromRequest" requires req.context.page') + } + + const renderedPage = context.renderedPage ?? '' + const miniTocItems = context.miniTocItems ?? [] return { title: page.title, intro: page.intro, - renderedPage: req.context.renderedPage || '', - miniTocItems: req.context.miniTocItems || [], - product: page.product || '', - permissions: page.permissions || '', + renderedPage, + miniTocItems, + product: page.product ?? '', + permissions: page.permissions ?? page.rawPermissions ?? '', } } diff --git a/src/changelogs/README.md b/src/changelogs/README.md index e69de29bb2d1..eec5e747b43f 100644 --- a/src/changelogs/README.md +++ b/src/changelogs/README.md @@ -0,0 +1,67 @@ +# Changelogs (`src/changelogs`) + +This directory contains the logic for fetching, parsing, and caching RSS feeds from the GitHub Blog to display changelog items on documentation pages. + +## Purpose & Scope + +The primary purpose is to provide a "What's New" section on specific documentation pages by pulling the latest updates from relevant GitHub Blog RSS feeds. It handles fetching RSS feeds, caching responses to prevent rate limiting, and parsing feed items for display. + +## Architecture & Key Assets + +### Core Logic + +`lib/changelog.ts` is the main module. It uses `rss-parser` to fetch feeds and implements a two-layer caching strategy: + +1. Memory Cache: `globalCache` Map for fast access within the process. +2. Disk Cache: Writes JSON files to `os.tmpdir()` (or a custom path) to persist across server restarts in development/test environments. + +`getChangelogItems` is the public API that returns a list of formatted changelog items. + +### Consumers + +The middleware `src/frame/middleware/context/whats-new-changelog.ts` uses this library to inject changelog data into the page context (`req.context.whatsNewChangelog`) based on page frontmatter. + +Currently, the following product landing pages display a changelog: + +- GitHub Actions (`content/actions/index.md`) +- GitHub Education (`content/education/index.md`) +- GitHub Enterprise (`content/admin/index.md`) +- GitHub Packages (`content/packages/index.md`) + +## Setup & Usage + +### Enabling on a Page + +To display a changelog on a documentation page, add the `changelog` property to the page's frontmatter: + +```yaml +changelog: + label: packages + prefix: "Packages: " +``` + +- `label`: Determines the feed URL (e.g., `packages` -> `https://github.blog/changelog/label/packages`). +- `prefix`: (Optional) A string to strip from the beginning of feed item titles. +- `versions`: (Optional) Specifies which versions of the docs should display the changelog. + +### Environment Variables + +- `CHANGELOG_DISABLED`: Set to `true` to disable fetching (returns undefined). This is often necessary in tests where external network requests are flaky or blocked. +- `CHANGELOG_CACHE_FILE_PATH`: (Optional) Override the default disk cache location. + +## Data & External Dependencies + +- Source: [GitHub Blog](https://github.blog) RSS feeds (e.g., `https://github.blog/changelog/label/packages/feed`). +- Dependencies: `rss-parser` is used to parse the XML RSS feeds. + +## Cross-links & Ownership + +- **Owner**: Docs Engineering owns this code. Marketing Engineering owns the GitHub Blog and its feeds. +- **Related Directories**: + - `src/frame/middleware/context`: Contains the middleware that invokes this logic. + - `src/changelogs/tests`: Contains tests for this module. + +## Current State & Next Steps + +- **Current State**: The system is stable and considered KTLO (Keep the Lights On). It fetches the latest 3 items from the specified feed. +- **Next Steps**: None planned. diff --git a/src/code-scanning/README.md b/src/code-scanning/README.md deleted file mode 100644 index 2dbadbf1306d..000000000000 --- a/src/code-scanning/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# Code scanning query tables - -This nascent pipeline creates autogenerated documentation docs.github.com from the query suites included with the [CodeQL bundle](https://github.com/github/codeql-action/releases). - -The pipeline is used to generate Markdown tables that are stored in reusable files and used in article pages on the docs.github.com site. - -## How does it work - -```mermaid ---- -title: "Process for generating Code scanning query tables" ---- -flowchart TB - -accDescr: A flow chart describing how the automation generates documentation for code scanning queries. - - start([Start]) --> checkout[Checkout the codeql repository] - start --- download[Download the CodeQL CLI] - checkout --- query-suites[fa:fa-file Query suites *.qls] - query-suites ---> generate[Generate tables:src/code-scanning/scripts/generate-code-scanning-query-lists.ts] - download --- codeql-cli[CodeQL CLI: codeql.exe] - codeql-cli --> generate - generate --- markdown[fa:fa-file Reusable files *.md] - markdown --> pr[Generate a PR overwriting:data/reusables/code-scanning/codeql-query-tables/*.md] - pr --> finish([End]) - -%% Define styles - classDef start fill:#1AAC9D, color:white - classDef action fill:#6557F6, color:white - classDef finish fill:#F8C324, color:white - classDef file fill:#ddd - -%% Assign styles - class start start; - class finish finish; - class checkout,download,generate,pr action; - class markdown,query-suites,codeql-cli file; -``` - -A [workflow](.github/workflows/generate-code-scanning-query-lists.yml) is used to trigger the automation of the code scanning query tables documentation. The workflow is manually triggered by a member of the GitHub Docs team approximately every two weeks to align to releases of the CodeQL CLI. The workflow takes an input parameter that specifies the branch to pull the source files from in the semmle-code repo. If the branch input is omitted, the workflow will default to the `main` branch. - -The workflow runs the `npm run generate-code-scanning-query-list` script, which generates Markdown files under `data/reusables/code-scanning/codeql-query-tables`. - -The workflow automatically creates a new pull request with the changes and the label `codeql-query-tables`. - -## Local development - -To run the pipeline locally, see the comments in the [script](scripts/generate-code-scanning-query-list.ts). - -## Content team - -The content writers can use the reusables in any content article. They have no need to make any changes to the script unless additional built-in query suites are added. - -## How to get help - -### For workflow and script problems - -Slack: `#docs-engineering` -Repo: `github/docs-engineering` - -### For CodeQL repository and CLI problems - -Slack: `#code-scanning-internal-dx` -Repo: `github/code-scanning-internal-dx-team` diff --git a/src/code-scanning/scripts/tsconfig.json b/src/code-scanning/scripts/tsconfig.json deleted file mode 100644 index 11ddf7df116a..000000000000 --- a/src/code-scanning/scripts/tsconfig.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "extends": "../../../tsconfig.json", - "include": ["generate-code-scanning-query-list.ts"], - "exclude": ["node_modules"] -} diff --git a/src/codeql-cli/README.md b/src/codeql-cli/README.md index 2129efd84d65..27f61a164e3e 100644 --- a/src/codeql-cli/README.md +++ b/src/codeql-cli/README.md @@ -46,3 +46,79 @@ Slack: `#docs-engineering` Repo: `github/docs-engineering` If you have a question about the CodeQL CLI pipeline, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with the CodeQL CLI pipeline, you can open an issue in the `github/docs-engineering` repository. + +## Dependency Matrix + +### Required dependencies + +| Dependency | Purpose | Installation | Notes | +|------------|---------|--------------|-------| +| **Pandoc** | Convert ReStructuredText to Markdown | `brew install pandoc` (macOS) | Version 2.x+ required | +| **semmle-code repo** | Source ReStructuredText files | Clone at root of docs-internal | Private GitHub repo | +| **Node.js** | Run sync script | Already in project | Version specified in `.nvmrc` | + +### Source data location +- **Repository**: `github/semmle-code` (private) +- **Branch**: Configurable (default: `main`) +- **Source files**: ReStructuredText documentation in semmle-code +- **Output location**: `content/code-security/codeql-cli/codeql-cli-manual/` + +### Version compatibility +- CodeQL CLI releases approximately every 2 weeks +- Pipeline should be run to align with CLI releases +- Multiple CLI versions may be documented simultaneously + +## Escalation Policy + +### Ownership +- **Team**: Docs Engineering +- **Source team**: Code Security (CodeQL team) + +### Escalation path +1. **Pipeline failures** → #docs-engineering Slack +2. **Source data issues** → #code-security-docs Slack +3. **Pandoc conversion issues** → Check Pandoc version and file format +4. **Repo access issues** → Request access to `github/semmle-code` + +### On-call procedures +If the pipeline fails: +1. Check workflow logs for errors +2. Verify Pandoc is installed and working +3. Confirm access to `semmle-code` repo +4. Check for ReStructuredText format changes +5. Test conversion locally before re-running +6. Escalate to Code Security team if source data issue + +### Common failure modes +- **Pandoc not found** - Install Pandoc locally or in CI +- **semmle-code not cloned** - Clone repo at docs-internal root +- **Conversion errors** - Check for unsupported RST syntax +- **Branch not found** - Verify branch name in workflow input + +## Known Constraints + +### Pipeline limitations +- **Manual trigger only** - No automated schedule (runs on-demand) +- **Pandoc dependency** - Requires external tool installation +- **Repo access** - Requires access to private `semmle-code` repo +- **Local testing** - Must clone semmle-code locally to test + +### Content constraints +- **Frontmatter preservation** - Only first sync sets frontmatter +- **Introduction placement** - Must be above auto-generation comment +- **No inline editing** - Cannot edit autogenerated sections +- **Version handling** - Limited liquid versioning support + +### Technical constraints +- **ReStructuredText format** - Source must be valid RST +- **Pandoc conversion** - Limited control over conversion output +- **File naming** - Determined by source file structure +- **Link rewriting** - May need manual adjustment after generation + +### Process constraints +- **Release alignment** - Sync timing depends on CodeQL releases +- **PR review required** - Changes must be reviewed before merge +- **Content coordination** - Writers must coordinate intro additions +- **Multiple versions** - May need separate syncs for version branches + +We are not expecting significant new work to this pipeline, but we will support incoming changes from semmle-code. diff --git a/src/codeql-cli/lib/config.json b/src/codeql-cli/lib/config.json index dd6f8c49c67d..d62f6633ffe9 100644 --- a/src/codeql-cli/lib/config.json +++ b/src/codeql-cli/lib/config.json @@ -15,8 +15,8 @@ "autogenerated": "codeql-cli" }, "markdownPrefix": "{% data reusables.codeql-cli.man-pages-version-note %}", - "targetDirectory": "content/code-security/codeql-cli/codeql-cli-manual", + "targetDirectory": "content/code-security/reference/code-scanning/codeql/codeql-cli-manual", "sourceDirectory": "semmle-code/documentation/restructuredtext/codeql-cli/manual", "removeKeywords": [], - "linterIgnore": ["content/code-security/codeql-cli/codeql-cli-manual"] + "linterIgnore": ["content/code-security/reference/code-scanning/codeql/codeql-cli-manual"] } diff --git a/src/codeql-cli/scripts/sync.ts b/src/codeql-cli/scripts/sync.ts index 7ca45f732e7b..d7a273980178 100755 --- a/src/codeql-cli/scripts/sync.ts +++ b/src/codeql-cli/scripts/sync.ts @@ -29,7 +29,7 @@ async function main() { includeBasePath: true, globs: ['**/*.md'], }) - const cliMarkdownContents: Record = {} + const cliMarkdownContents: Record; content: string }> = {} for (const file of markdownFiles) { const sourceContent = await readFile(file, 'utf8') diff --git a/src/codeql-queries/README.md b/src/codeql-queries/README.md new file mode 100644 index 000000000000..5bf9bd0f092b --- /dev/null +++ b/src/codeql-queries/README.md @@ -0,0 +1,88 @@ +# CodeQL query tables + +This pipeline creates autogenerated documentation for docs.github.com from the query suites included with the [CodeQL bundle](https://github.com/github/codeql-action/releases). + +The pipeline generates Markdown tables that are stored in reusable files and used in article pages on the docs.github.com site. + +There are two types of query table generators: + +1. **Security queries** (`generate-code-scanning-query-list.ts`) - generates tables for security-related queries from the `code-scanning` and `security-extended` suites, including CWE information and autofix support. +2. **Code quality queries** (`generate-code-quality-query-list.ts`) - generates tables for code quality queries from the `code-quality` suite, showing query categories (reliability, maintainability). + +## How does it work + +```mermaid +--- +title: "Process for generating CodeQL query tables" +--- +flowchart TB + +accDescr: A flow chart describing how the automation generates documentation for CodeQL queries. + + start([Start]) --> checkout[Checkout the codeql repository] + start --> download[Download the CodeQL CLI] + + checkout --> security-suites[fa:fa-file Security query suites *.qls] + checkout --> quality-suites[fa:fa-file Quality query suites *.qls] + + security-suites --> generate-security[Generate security tables] + quality-suites --> generate-quality[Generate quality tables] + + download --> codeql-cli[CodeQL CLI: codeql.exe] + codeql-cli --> generate-security + codeql-cli --> generate-quality + + generate-security --> security-markdown[fa:fa-file Security reusables *.md] + generate-quality --> quality-markdown[fa:fa-file Quality reusables *.md] + + security-markdown --> merge[Merge artifacts] + quality-markdown --> merge + + merge --> pr[Generate a PR with both:
    data/reusables/code-scanning/codeql-query-tables/*.md
    data/reusables/code-quality/codeql-query-tables/*.md] + pr --> finish([End]) + +%% Define styles + classDef start fill:#1AAC9D, color:white + classDef action fill:#6557F6, color:white + classDef finish fill:#F8C324, color:white + classDef file fill:#ddd + +%% Assign styles + class start start; + class finish finish; + class checkout,download,generate-security,generate-quality,merge,pr action; + class security-markdown,quality-markdown,security-suites,quality-suites,codeql-cli file; +``` + +A [workflow](../../.github/workflows/generate-codeql-query-lists.yml) is used to trigger the automation of the CodeQL query tables documentation. The workflow is manually triggered by a member of the GitHub Docs team approximately every two weeks to align to releases of the CodeQL CLI. The workflow takes an input parameter that specifies the branch to pull the source files from in the codeql repo. If the branch input is omitted, the workflow will default to the `main` branch. + +The workflow runs two scripts in parallel: +- `npm run generate-code-scanning-query-list` - generates security query tables under `data/reusables/code-scanning/codeql-query-tables/` +- `npm run generate-code-quality-query-list` - generates code quality query tables under `data/reusables/code-quality/codeql-query-tables/` + +The workflow automatically creates a new pull request with changes from both scripts and the label `codeql-query-tables`. + +## Local development + +To run the pipeline locally, see the comments in the scripts: +- Security queries: [generate-code-scanning-query-list.ts](scripts/generate-code-scanning-query-list.ts) +- Code quality queries: [generate-code-quality-query-list.ts](scripts/generate-code-quality-query-list.ts) + +## Content team + +The content writers can use the reusables in any content article. They have no need to make any changes to the scripts unless additional built-in query suites are added. + +For security queries, reusables are stored in `data/reusables/code-scanning/codeql-query-tables/`. +For code quality queries, reusables are stored in `data/reusables/code-quality/codeql-query-tables/`. + +## How to get help + +### For workflow and script problems + +Slack: `#docs-engineering` +Repo: `github/docs-engineering` + +### For CodeQL repository and CLI problems + +Slack: `#code-scanning-engine-quality` +Repo: `github/code-scanning-engine-quality-team` diff --git a/src/codeql-queries/scripts/generate-code-quality-query-list.ts b/src/codeql-queries/scripts/generate-code-quality-query-list.ts new file mode 100644 index 000000000000..a0348201000a --- /dev/null +++ b/src/codeql-queries/scripts/generate-code-quality-query-list.ts @@ -0,0 +1,291 @@ +/** + * This script generates a block of Markdown that can be saved as a reusable. + * The reusable lists all the code quality queries for one programming language, with categories, as a Markdown table. + * + * To be able to execute this script, you need to have the CodeQL CLI installed. + * To do that, you need two things: + * + * 1. The directory where the github/codeql repo is cloned + * 2. The path to the executable `codeql` file. + * + * The directory where the github/codeql repo is cloned is needed because + * that's how it looks up files. You can set it up like this: + * + * cd /tmp + * git clone git@github.com:github/codeql.git + * cd codeql + * pwd + * + * To install the codeql executable, use `gh` like this: + * + * gh extension install github/gh-codeql + * gh codeql set-channel nightly + * gh codeql version + * + * Note that when you run the `gh codeql version` command, it will tell you + * where the executable is installed. For example: + * + * /Users/peterbe/.local/share/gh/extensions/gh-codeql/dist/nightly/codeql-bundle-20231204/codeql + * + * If you've git cloned github/codeql in /tmp/ now you can execute this script. + * For example, to generate the Markdown + * for Python: + * + * npm run generate-code-quality-query-list -- \ + * --codeql-path ~/.local/share/gh/extensions/gh-codeql/dist/nightly/codeql-bundle-20231204/codeql \ + * --codeql-dir /tmp/codeql python | tee /tmp/python.md + * less /tmp/python.md + */ + +import fs from 'fs' +import { execFileSync } from 'child_process' + +import chalk from 'chalk' +import { program } from 'commander' + +program + .description('Generate a reusable Markdown for code quality queries by language') + .option('--verbose', 'Verbose outputs') + .option('--codeql-path ', 'path to the codeql executable', 'codeql') + .option('--codeql-dir ', 'path to the codeql executable', '.codeql/') + .option('-o, --output-file ', 'output file path (default: stdout)', 'stdout') + .argument('', 'for example java') + .parse(process.argv) + +type Options = { + codeqlPath: string + codeqlDir: string + outputFile: string + verbose: boolean +} + +type QueryMetadata = { + id?: string + name?: string + tags?: string + severity?: string + problem?: { + severity?: string + } +} + +type Query = { + name: string + url: string + categories: string[] + severity: string +} + +type QueryExtended = Query & { + primaryCategory: string +} + +const opts = program.opts() +main( + { + codeqlPath: opts.codeqlPath, + codeqlDir: opts.codeqlDir, + outputFile: opts.outputFile, + verbose: Boolean(opts.verbose), + }, + program.args[0], +) + +async function main(options: Options, language: string) { + if (options.verbose && options.outputFile === 'stdout') { + console.warn(chalk.yellow('Verbose mode is on but output is going to stdout')) + } + + if (!testCodeQLPath(options)) { + process.exit(1) + } + + const queries: { + [id: string]: Query + } = {} + + const languagePack = `${language}-code-quality.qls` + if (options.verbose) console.log(chalk.dim(`Searching for queries in ${languagePack}`)) + const res = execFileSync( + options.codeqlPath, + ['resolve', 'queries', `--search-path=${options.codeqlDir}`, languagePack], + { + encoding: 'utf-8', + }, + ) + for (const line of res.split('\n')) { + if (line.trim()) { + if (options.verbose) console.log('found', line) + const metadata = getMetadata(options, line) + const { id, name, tags, severity } = metadata + if (id && name) { + const categories = getCategories(tags || '') + const url = getDocsLink(language, id) + + // Only include queries that have categories + if (categories.length) { + queries[id] = { url, name, categories, severity: severity || 'N/A' } + } else { + if (options.verbose) { + console.log(chalk.dim(`Skipping ${id} because it has no categories`)) + } + } + } + } + } + + function decorate(query: Query): QueryExtended { + // Determine primary category for sorting + // Prefer 'maintainability' over 'reliability' + const primaryCategory = query.categories.includes('maintainability') + ? 'maintainability' + : query.categories.includes('reliability') + ? 'reliability' + : query.categories[0] || '' + + return { + ...query, + primaryCategory, + } + } + + const entries = Object.values(queries).map(decorate) + + // Sort by primary category (maintainability first), then alphabetically by name + entries.sort((a, b) => { + if (a.primaryCategory === 'maintainability' && b.primaryCategory !== 'maintainability') + return -1 + else if (a.primaryCategory !== 'maintainability' && b.primaryCategory === 'maintainability') + return 1 + + if (a.primaryCategory === 'reliability' && b.primaryCategory !== 'reliability') return -1 + else if (a.primaryCategory !== 'reliability' && b.primaryCategory === 'reliability') return 1 + + return a.name.localeCompare(b.name) + }) + + printQueries(options, entries) +} + +function printQueries(options: Options, queries: QueryExtended[]) { + const markdown: string[] = [] + markdown.push('{% rowheaders %}') + markdown.push('') // blank line + const header = ['Query name', 'Category', 'Severity'] + markdown.push(`| ${header.join(' | ')} |`) + markdown.push(`| ${header.map(() => '---').join(' | ')} |`) + + for (const query of queries) { + const markdownLink = `[${query.name}](${query.url})` + // Capitalize first letter of category for display + const categoryDisplay = query.categories + .map((cat) => cat.charAt(0).toUpperCase() + cat.slice(1)) + .join(', ') + // Capitalize first letter of severity for display + const severityDisplay = query.severity.charAt(0).toUpperCase() + query.severity.slice(1) + const row = [markdownLink, categoryDisplay, severityDisplay] + markdown.push(`| ${row.join(' | ')} |`) + } + markdown.push('') // blank line + markdown.push('{% endrowheaders %}') + markdown.push('') // always end with a blank line + + if (options.outputFile === 'stdout') { + console.log(markdown.join('\n')) + } else { + fs.writeFileSync(options.outputFile, markdown.join('\n'), 'utf-8') + } +} + +function getMetadata(options: Options, queryFile: string): QueryMetadata { + const metadataJson = execFileSync(options.codeqlPath, ['resolve', 'metadata', queryFile], { + encoding: 'utf-8', + }) + const parsed = JSON.parse(metadataJson) + + // Extract severity from various possible locations in the metadata + // CodeQL metadata can have @problem.severity in the query file, which may be + // represented in different ways in the JSON output from `codeql resolve metadata` + const severity = + parsed.problem?.severity || // Nested: { problem: { severity: "error" } } + parsed['@problem']?.severity || // Nested with @: { "@problem": { severity: "error" } } + parsed['@problem.severity'] || // Direct key: { "@problem.severity": "error" } + parsed['problem.severity'] || // Direct key without @: { "problem.severity": "error" } + parsed.severity || // Simple: { severity: "error" } + parsed['@severity'] // With @: { "@severity": "error" } + + if (options.verbose) { + // On first query only, show all available keys to help debug + if (!getMetadata.shownKeys) { + console.log(chalk.yellow('Available metadata keys:'), Object.keys(parsed)) + if (parsed.problem) { + console.log(chalk.yellow('Available problem keys:'), Object.keys(parsed.problem)) + } + if (parsed['@problem']) { + console.log(chalk.yellow('Available @problem keys:'), Object.keys(parsed['@problem'])) + } + getMetadata.shownKeys = true + } + if (severity) { + console.log(chalk.dim(`Query ${parsed.id} has severity: ${severity}`)) + } else { + console.log(chalk.red(`Query ${parsed.id} has NO severity found`)) + console.log(chalk.red('Available keys for this query:'), Object.keys(parsed)) + } + } + + return { + ...parsed, + severity, + } +} + +// Add a property to track if we've shown keys +getMetadata.shownKeys = false + +/** + * + * @param language 'cpp' + * @param queryId 'external-entity-expansion' + * @returns https://codeql.github.com/codeql-query-help/cpp/cpp-external-entity-expansion/ + */ +function getDocsLink(language: string, queryId: string) { + return `https://codeql.github.com/codeql-query-help/${language}/${queryId.replaceAll('/', '-')}/` +} + +/** + * + * @param tags 'maintainability readability reliability external/cwe/cwe-1078 external/cwe/cwe-670 security' + * @returns ['maintainability', 'reliability'] + */ +function getCategories(tags: string) { + const categories: string[] = [] + for (const tag of tags.split(/\s+/g)) { + if (tag === 'maintainability' || tag === 'reliability') { + categories.push(tag) + } + } + return categories +} + +function testCodeQLPath(options: Options) { + try { + const output = execFileSync(options.codeqlPath, ['--version'], { encoding: 'utf-8' }) + if (options.verbose) { + const matched = output.match(/CodeQL command-line toolchain release ([\d.+]+)/) + if (matched) { + console.log('codeql version', chalk.green(matched[0])) + return true + } + } + return true + } catch (error) { + console.error('Could not find codeql executable at', options.codeqlPath) + if (options.verbose) { + throw error + } else { + console.log(chalk.yellow(`${options.codeqlPath} --version`), 'failed') + return false + } + } +} diff --git a/src/code-scanning/scripts/generate-code-scanning-query-list.ts b/src/codeql-queries/scripts/generate-code-scanning-query-list.ts similarity index 98% rename from src/code-scanning/scripts/generate-code-scanning-query-list.ts rename to src/codeql-queries/scripts/generate-code-scanning-query-list.ts index d02e6e311439..8dfa75149b2c 100644 --- a/src/code-scanning/scripts/generate-code-scanning-query-list.ts +++ b/src/codeql-queries/scripts/generate-code-scanning-query-list.ts @@ -53,7 +53,8 @@ import chalk from 'chalk' import { program } from 'commander' // We don't want to introduce a global dependency on @github/cocofix, so we install it by hand // as described above and suppress the import warning. -import { getSupportedQueries } from '@github/cocofix/dist/querySuites' /* eslint-disable-line import/no-extraneous-dependencies, import/no-unresolved */ +// eslint-disable-next-line import/no-unresolved -- @github/cocofix is installed manually +import { getSupportedQueries } from '@github/cocofix/dist/querySuites' import type { Language } from 'codeql-ts' program diff --git a/src/codeql-queries/scripts/tsconfig.json b/src/codeql-queries/scripts/tsconfig.json new file mode 100644 index 000000000000..ebbc6a4ae1d3 --- /dev/null +++ b/src/codeql-queries/scripts/tsconfig.json @@ -0,0 +1,5 @@ +{ + "extends": "../../../tsconfig.json", + "include": ["generate-code-scanning-query-list.ts", "generate-code-quality-query-list.ts"], + "exclude": ["node_modules"] +} diff --git a/src/color-schemes/README.md b/src/color-schemes/README.md index 11824222f55a..54a41ac2a914 100644 --- a/src/color-schemes/README.md +++ b/src/color-schemes/README.md @@ -1,5 +1,72 @@ -# Color schemes +# Color Schemes -Color schemes are user preferences regarding which type of colors they would like the site to use. Currently we support a number of mode, including light, dark, and several accessibility options. +This module manages the application of color themes (light, dark, high contrast, etc.) to the GitHub Docs site. It ensures that the documentation matches the user's preferred color scheme as configured on GitHub.com. -We chose the name "schemes" instead of modes or themes because that is what the HTML specification calls them. +## Purpose & Scope + +The primary goal is to read the user's color preference from a cookie and apply the correct theme context to the React application. This supports: +- **Modes**: Light, Dark, Auto (system preference). +- **Themes**: Specific variations like "Dark Dimmed" or "Dark High Contrast". +- **Compatibility**: Bridging the gap between raw CSS class names and Primer React component props. + +## Architecture + +The core logic is contained within `src/color-schemes/components/useTheme.ts`. + +### The `color_mode` Cookie + +The site relies on a cookie named `color_mode` to determine the user's preference. This cookie is typically set by the main GitHub application and shared with the docs subdomains. The cookie value is a JSON string containing: +- `color_mode`: The overall mode (`light`, `dark`, `auto`). +- `light_theme`: The specific theme to use when in light mode. +- `dark_theme`: The specific theme to use when in dark mode. + +### `useTheme` Hook + +The `useTheme` hook is the main entry point. It performs the following steps: +1. **Reads the Cookie**: Parses the `color_mode` cookie safely. +2. **Normalizes Data**: Validates the values against supported enums (`SupportedTheme`, `CssColorMode`). +3. **Formats for Consumers**: Returns two distinct theme objects: + - `css`: For applying global CSS classes (uses `light`/`dark`). + - `component`: For passing to Primer React's `ThemeProvider` (uses `day`/`night`). + +### Mapping Logic + +Primer React uses slightly different terminology than the underlying CSS or the cookie schema. The module handles this translation: +- CSS `light` -> Component `day` +- CSS `dark` -> Component `night` + +## Setup & Usage + +To access the current theme in a component: + +```typescript +import { useTheme } from '@/color-schemes/components/useTheme' + +const MyComponent = () => { + const { theme } = useTheme() + + // Access CSS-friendly values + console.log(theme.css.colorMode) + + // Access Primer-friendly values + console.log(theme.component.dayScheme) +} +``` + +This hook is primarily used at the root of the application (e.g., in `src/frame/components/Page.tsx` or `_app.tsx`) to wrap the content in a `ThemeProvider`. + +## Dependencies + +- **`js-cookie`**: Used via `src/frame/components/lib/cookies` to read the browser cookie. +- **Primer React**: The output format is specifically designed to satisfy Primer React's theming requirements. + +## Ownership + +- **Team**: `@github/docs-engineering` + +## Current State & Known Issues + +- **Hydration Mismatch / Flash of Unstyled Content**: Since the theme is read from a cookie on the client side (in `useEffect`), there can be a brief moment where the default theme is applied before the user's preference loads. +- **Race Condition Workaround**: There is a `setTimeout` hack in `useTheme.ts` to delay the theme application. This is necessary to prevent Primer React's internal logic from overriding the user's preference with `auto` on initial load. + - *Reference*: [Primer React Issue #2229](https://github.com/primer/react/issues/2229) +- **Future**: The long-term goal is to rely entirely on CSS variables, removing the need for complex JavaScript state management for theming. \ No newline at end of file diff --git a/src/content-linter/lib/helpers/liquid-utils.ts b/src/content-linter/lib/helpers/liquid-utils.ts index f8c3b2204789..79744a18346c 100644 --- a/src/content-linter/lib/helpers/liquid-utils.ts +++ b/src/content-linter/lib/helpers/liquid-utils.ts @@ -34,7 +34,6 @@ export const TAG_OPEN = '{{' export const TAG_CLOSE = '}}' export const conditionalTags = ['if', 'elseif', 'unless', 'case', 'ifversion'] -const CONDITIONAL_TAG_NAMES = ['if', 'ifversion', 'elsif', 'else', 'endif'] // Token parameter uses TopLevelToken which has begin and end properties export function getPositionData( @@ -120,13 +119,17 @@ export function getContentDeleteData( // `ifversion` tag is used. // Returns TagToken array since we filter to only Tag tokens export function getLiquidIfVersionTokens(content: string): TagToken[] { + // Include 'case' and 'endcase' so we can filter out `else` tags that belong to case statements + const IFVERSION_TAG_NAMES = ['if', 'ifversion', 'elsif', 'else', 'endif', 'case', 'endcase'] const tokens = getLiquidTokens(content) .filter((token): token is TagToken => token.kind === TokenKind.Tag) - .filter((token) => CONDITIONAL_TAG_NAMES.includes(token.name)) + .filter((token) => IFVERSION_TAG_NAMES.includes(token.name)) let inIfStatement = false + let inCaseStatement = false const ifVersionTokens: TagToken[] = [] for (const token of tokens) { + // Filter out `if` statements and their related tags if (token.name === 'if') { inIfStatement = true continue @@ -136,6 +139,16 @@ export function getLiquidIfVersionTokens(content: string): TagToken[] { inIfStatement = false continue } + // Filter out `case` statements and their related tags (including `else`) + if (token.name === 'case') { + inCaseStatement = true + continue + } + if (inCaseStatement && token.name !== 'endcase') continue + if (inCaseStatement && token.name === 'endcase') { + inCaseStatement = false + continue + } ifVersionTokens.push(token) } return ifVersionTokens diff --git a/src/content-linter/lib/linting-rules/ctas-schema.ts b/src/content-linter/lib/linting-rules/ctas-schema.ts index 00981e0fb5a8..72c58a70ec75 100644 --- a/src/content-linter/lib/linting-rules/ctas-schema.ts +++ b/src/content-linter/lib/linting-rules/ctas-schema.ts @@ -105,15 +105,16 @@ export const ctasSchema: Rule = { for (const error of errors) { let message = '' if (error.keyword === 'required') { - message = `Missing required parameter: ${(error.params as any)?.missingProperty}` + message = `Missing required parameter: ${(error.params as { missingProperty?: string })?.missingProperty}` } else if (error.keyword === 'enum') { const paramName = error.instancePath.substring(1) // Get the actual invalid value from refParams and allowed values from params const invalidValue = refParams[paramName] - const allowedValues = (error.params as any)?.allowedValues || [] + const allowedValues = + (error.params as { allowedValues?: unknown[] })?.allowedValues || [] message = `Invalid value for ${paramName}: "${invalidValue}". Valid values are: ${allowedValues.join(', ')}` } else if (error.keyword === 'additionalProperties') { - message = `Unexpected parameter: ${(error.params as any)?.additionalProperty}` + message = `Unexpected parameter: ${(error.params as { additionalProperty?: string })?.additionalProperty}` } else { message = `CTA URL validation error: ${error.message}` } diff --git a/src/content-linter/lib/linting-rules/frontmatter-children.ts b/src/content-linter/lib/linting-rules/frontmatter-children.ts new file mode 100644 index 000000000000..1c4d0a5b1ce2 --- /dev/null +++ b/src/content-linter/lib/linting-rules/frontmatter-children.ts @@ -0,0 +1,100 @@ +import fs from 'fs' +import path from 'path' +import { addError } from 'markdownlint-rule-helpers' + +import { getFrontmatter } from '../helpers/utils' +import type { RuleParams, RuleErrorCallback } from '@/content-linter/types' + +interface Frontmatter { + children?: string[] + [key: string]: unknown +} + +/** + * Check if a child path is valid. + * Supports both: + * - Relative paths (e.g., /local-child) resolved from current directory + * - Absolute /content/ paths (e.g., /content/actions/workflows) resolved from content root + */ +function isValidChildPath(childPath: string, currentFilePath: string): boolean { + const ROOT = process.env.ROOT || '.' + const contentDir = path.resolve(ROOT, 'content') + + let resolvedPath: string + + if (childPath.startsWith('/content/')) { + // Absolute path from content root - strip /content/ prefix + const absoluteChildPath = childPath.slice('/content/'.length) + resolvedPath = path.resolve(contentDir, absoluteChildPath) + } else { + // Relative path from current file's directory + const currentDir: string = path.dirname(currentFilePath) + const normalizedPath = childPath.startsWith('/') ? childPath.substring(1) : childPath + resolvedPath = path.resolve(currentDir, normalizedPath) + } + + // Security check: ensure resolved path stays within content directory + // This prevents path traversal attacks using sequences like '../' + if (!resolvedPath.startsWith(contentDir + path.sep) && resolvedPath !== contentDir) { + return false + } + + // Check for direct .md file + const mdPath = `${resolvedPath}.md` + if (fs.existsSync(mdPath) && fs.statSync(mdPath).isFile()) { + return true + } + + // Check for index.md file in directory + const indexPath = path.join(resolvedPath, 'index.md') + if (fs.existsSync(indexPath) && fs.statSync(indexPath).isFile()) { + return true + } + + // Check if the path exists as a directory (may have children) + if (fs.existsSync(resolvedPath) && fs.statSync(resolvedPath).isDirectory()) { + return true + } + + return false +} + +export const frontmatterChildren = { + names: ['GHD063', 'frontmatter-children'], + description: + 'Children frontmatter paths must exist. Supports relative paths and absolute /content/ paths for cross-product inclusion.', + tags: ['frontmatter', 'children'], + function: (params: RuleParams, onError: RuleErrorCallback) => { + const fm = getFrontmatter(params.lines) as Frontmatter | null + if (!fm || !fm.children) return + + const childrenLine: string | undefined = params.lines.find((line) => + line.startsWith('children:'), + ) + + if (!childrenLine) return + + const lineNumber: number = params.lines.indexOf(childrenLine) + 1 + + if (Array.isArray(fm.children)) { + const invalidPaths: string[] = [] + + for (const child of fm.children) { + if (!isValidChildPath(child, params.name)) { + invalidPaths.push(child) + } + } + + if (invalidPaths.length > 0) { + addError( + onError, + lineNumber, + `Found invalid children paths: ${invalidPaths.join(', ')}. For cross-product paths, use /content/ prefix (e.g., /content/actions/workflows).`, + childrenLine, + [1, childrenLine.length], + null, + ) + } + } + }, +} diff --git a/src/content-linter/lib/linting-rules/frontmatter-landing-recommended.ts b/src/content-linter/lib/linting-rules/frontmatter-landing-carousels.ts similarity index 68% rename from src/content-linter/lib/linting-rules/frontmatter-landing-recommended.ts rename to src/content-linter/lib/linting-rules/frontmatter-landing-carousels.ts index ac6b9894b3cd..cad6bd9f25c2 100644 --- a/src/content-linter/lib/linting-rules/frontmatter-landing-recommended.ts +++ b/src/content-linter/lib/linting-rules/frontmatter-landing-carousels.ts @@ -6,7 +6,7 @@ import { getFrontmatter } from '../helpers/utils' import type { RuleParams, RuleErrorCallback } from '@/content-linter/types' interface Frontmatter { - recommended?: string[] + carousels?: Record layout?: string [key: string]: unknown } @@ -52,42 +52,48 @@ function isValidArticlePath(articlePath: string, currentFilePath: string): boole } } -export const frontmatterLandingRecommended = { - names: ['GHD056', 'frontmatter-landing-recommended'], +export const frontmatterLandingCarousels = { + names: ['GHD056', 'frontmatter-landing-carousels'], description: - 'Only landing pages can have recommended articles, there should be no duplicate recommended articles, and all recommended articles must exist', - tags: ['frontmatter', 'landing', 'recommended'], + 'Only landing pages can have carousels, there should be no duplicate articles, and all articles must exist', + tags: ['frontmatter', 'landing', 'carousels'], function: (params: RuleParams, onError: RuleErrorCallback) => { // Using any for frontmatter as it's a dynamic YAML object with varying properties const fm = getFrontmatter(params.lines) as Frontmatter | null - if (!fm || !fm.recommended) return + if (!fm) return - const recommendedLine: string | undefined = params.lines.find((line) => - line.startsWith('recommended:'), + const hasCarousels = fm.carousels && typeof fm.carousels === 'object' + + if (!hasCarousels) return + + const carouselsLine: string | undefined = params.lines.find((line) => + line.startsWith('carousels:'), ) - if (!recommendedLine) return + if (!carouselsLine) return - const lineNumber: number = params.lines.indexOf(recommendedLine) + 1 + const lineNumber: number = params.lines.indexOf(carouselsLine) + 1 if (!fm.layout || !fm.layout.includes('landing')) { addError( onError, lineNumber, - 'recommended frontmatter key is only valid for landing pages', - recommendedLine, - [1, recommendedLine.length], + 'carousels frontmatter key is only valid for landing pages', + carouselsLine, + [1, carouselsLine.length], null, ) } - // Check for duplicate recommended items and invalid paths - if (Array.isArray(fm.recommended)) { + // Check each carousel for duplicates and invalid paths + for (const [carouselKey, articles] of Object.entries(fm.carousels!)) { + if (!Array.isArray(articles)) continue + const seen = new Set() const duplicates: string[] = [] const invalidPaths: string[] = [] - for (const item of fm.recommended) { + for (const item of articles) { if (seen.has(item)) { duplicates.push(item) } else { @@ -104,9 +110,9 @@ export const frontmatterLandingRecommended = { addError( onError, lineNumber, - `Found duplicate recommended articles: ${duplicates.join(', ')}`, - recommendedLine, - [1, recommendedLine.length], + `Found duplicate articles in carousel '${carouselKey}': ${duplicates.join(', ')}`, + carouselsLine, + [1, carouselsLine.length], null, ) } @@ -115,9 +121,9 @@ export const frontmatterLandingRecommended = { addError( onError, lineNumber, - `Found invalid recommended article paths: ${invalidPaths.join(', ')}`, - recommendedLine, - [1, recommendedLine.length], + `Found invalid article paths in carousel '${carouselKey}': ${invalidPaths.join(', ')}`, + carouselsLine, + [1, carouselsLine.length], null, ) } diff --git a/src/content-linter/lib/linting-rules/image-file-kebab-case.ts b/src/content-linter/lib/linting-rules/image-file-kebab-case.ts index 96535ee93dd5..dd0e94c930e6 100644 --- a/src/content-linter/lib/linting-rules/image-file-kebab-case.ts +++ b/src/content-linter/lib/linting-rules/image-file-kebab-case.ts @@ -18,7 +18,7 @@ export const imageFileKebabCase = { suggestedFileName, imageFileName, [token.line.indexOf(imageFileName) + 1, imageFileName.length], - null, // Todo add fix + null, ) } }) diff --git a/src/content-linter/lib/linting-rules/index.ts b/src/content-linter/lib/linting-rules/index.ts index 3afc9fa151bd..9248237a7e81 100644 --- a/src/content-linter/lib/linting-rules/index.ts +++ b/src/content-linter/lib/linting-rules/index.ts @@ -46,13 +46,14 @@ import { liquidIfversionVersions } from '@/content-linter/lib/linting-rules/liqu import { outdatedReleasePhaseTerminology } from '@/content-linter/lib/linting-rules/outdated-release-phase-terminology' import { frontmatterVersionsWhitespace } from '@/content-linter/lib/linting-rules/frontmatter-versions-whitespace' import { thirdPartyActionsReusable } from '@/content-linter/lib/linting-rules/third-party-actions-reusable' -import { frontmatterLandingRecommended } from '@/content-linter/lib/linting-rules/frontmatter-landing-recommended' +import { frontmatterLandingCarousels } from '@/content-linter/lib/linting-rules/frontmatter-landing-carousels' import { ctasSchema } from '@/content-linter/lib/linting-rules/ctas-schema' import { journeyTracksLiquid } from './journey-tracks-liquid' import { journeyTracksGuidePathExists } from './journey-tracks-guide-path-exists' import { journeyTracksUniqueIds } from './journey-tracks-unique-ids' import { frontmatterHeroImage } from './frontmatter-hero-image' import { frontmatterIntroLinks } from './frontmatter-intro-links' +import { frontmatterChildren } from './frontmatter-children' // Using any type because @github/markdownlint-github doesn't provide TypeScript declarations // The elements in the array have a 'names' property that contains rule identifiers @@ -110,13 +111,14 @@ export const gitHubDocsMarkdownlint = { tableColumnIntegrity, // GHD047 frontmatterVersionsWhitespace, // GHD051 thirdPartyActionsReusable, // GHD054 - frontmatterLandingRecommended, // GHD056 + frontmatterLandingCarousels, // GHD056 ctasSchema, // GHD057 journeyTracksLiquid, // GHD058 journeyTracksGuidePathExists, // GHD059 journeyTracksUniqueIds, // GHD060 frontmatterHeroImage, // GHD061 frontmatterIntroLinks, // GHD062 + frontmatterChildren, // GHD063 // Search-replace rules searchReplace, // Open-source plugin diff --git a/src/content-linter/lib/linting-rules/journey-tracks-guide-path-exists.ts b/src/content-linter/lib/linting-rules/journey-tracks-guide-path-exists.ts index 17bfbe04c3af..d890b24c3f05 100644 --- a/src/content-linter/lib/linting-rules/journey-tracks-guide-path-exists.ts +++ b/src/content-linter/lib/linting-rules/journey-tracks-guide-path-exists.ts @@ -5,7 +5,7 @@ import { addError } from 'markdownlint-rule-helpers' import { getFrontmatter } from '../helpers/utils' import type { RuleParams, RuleErrorCallback } from '@/content-linter/types' -// Yoink path validation approach from frontmatter-landing-recommended +// Yoink path validation approach from frontmatter-landing-carousels function isValidGuidePath(guidePath: string, currentFilePath: string): boolean { const ROOT = process.env.ROOT || '.' @@ -71,14 +71,19 @@ export const journeyTracksGuidePathExists = { const trackObj = track as Record if (trackObj.guides && Array.isArray(trackObj.guides)) { for (let guideIndex = 0; guideIndex < trackObj.guides.length; guideIndex++) { - const guide: string = trackObj.guides[guideIndex] - if (typeof guide === 'string') { - if (!isValidGuidePath(guide, params.name)) { + const guideObj = trackObj.guides[guideIndex] + + // Validate guide is an object with expected properties + if (!guideObj || typeof guideObj !== 'object') continue + + // Validate href property + if ('href' in guideObj && typeof guideObj.href === 'string') { + if (!isValidGuidePath(guideObj.href, params.name)) { addError( onError, journeyTracksLineNumber, - `Journey track guide path does not exist: ${guide} (track ${trackIndex + 1}, guide ${guideIndex + 1})`, - guide, + `Journey track guide path does not exist: ${guideObj.href} (track ${trackIndex + 1}, guide ${guideIndex + 1})`, + guideObj.href, ) } } diff --git a/src/content-linter/lib/linting-rules/journey-tracks-liquid.ts b/src/content-linter/lib/linting-rules/journey-tracks-liquid.ts index b125c043c1fd..bb602fc1c14d 100644 --- a/src/content-linter/lib/linting-rules/journey-tracks-liquid.ts +++ b/src/content-linter/lib/linting-rules/journey-tracks-liquid.ts @@ -75,16 +75,38 @@ export const journeyTracksLiquid = { if (track.guides && Array.isArray(track.guides)) { for (let guideIndex = 0; guideIndex < track.guides.length; guideIndex++) { - const guide: string = track.guides[guideIndex] - if (typeof guide === 'string') { + const guideObj = track.guides[guideIndex] + + // Validate guide is an object with expected properties + if (!guideObj || typeof guideObj !== 'object') continue + + // Validate href property + if ('href' in guideObj && typeof guideObj.href === 'string') { + try { + liquid.parse(guideObj.href) + } catch (error: any) { + addError( + onError, + trackLineNumber, + `Invalid Liquid syntax in journey track guide href (track ${trackIndex + 1}, guide ${guideIndex + 1}): ${error.message}`, + guideObj.href, + ) + } + } + + // Validate alternativeNextStep property if present + if ( + 'alternativeNextStep' in guideObj && + typeof guideObj.alternativeNextStep === 'string' + ) { try { - liquid.parse(guide) + liquid.parse(guideObj.alternativeNextStep) } catch (error: any) { addError( onError, trackLineNumber, - `Invalid Liquid syntax in journey track guide (track ${trackIndex + 1}, guide ${guideIndex + 1}): ${error.message}`, - guide, + `Invalid Liquid syntax in journey track guide alternativeNextStep (track ${trackIndex + 1}, guide ${guideIndex + 1}): ${error.message}`, + guideObj.alternativeNextStep, ) } } diff --git a/src/content-linter/lib/linting-rules/link-punctuation.ts b/src/content-linter/lib/linting-rules/link-punctuation.ts index 75045e2b2eb4..afeecb5656c8 100644 --- a/src/content-linter/lib/linting-rules/link-punctuation.ts +++ b/src/content-linter/lib/linting-rules/link-punctuation.ts @@ -3,31 +3,39 @@ import type { RuleParams, RuleErrorCallback, Rule } from '../../types' import { doesStringEndWithPeriod, getRange, isStringQuoted } from '../helpers/utils' +// Minimal type for markdownit tokens used in this rule +interface MarkdownToken { + children?: MarkdownToken[] + line?: string + type?: string + content?: string + lineNumber?: number +} + export const linkPunctuation: Rule = { names: ['GHD001', 'link-punctuation'], description: 'Internal link titles must not contain punctuation', tags: ['links', 'url'], parser: 'markdownit', function: (params: RuleParams, onError: RuleErrorCallback) => { - // Using 'any' type for token as markdownlint-rule-helpers doesn't provide TypeScript types - filterTokens(params, 'inline', (token: any) => { + filterTokens(params, 'inline', (token: MarkdownToken) => { const { children, line } = token let inLink = false - for (const child of children) { + for (const child of children || []) { if (child.type === 'link_open') { inLink = true } else if (child.type === 'link_close') { inLink = false - } else if (inLink && child.type === 'text') { + } else if (inLink && child.type === 'text' && child.content) { const content = child.content.trim() const hasPeriod = doesStringEndWithPeriod(content) const hasQuotes = isStringQuoted(content) if (hasPeriod || hasQuotes) { - const range = getRange(line, content) + const range = line ? getRange(line, content) : [] addError( onError, - child.lineNumber, + child.lineNumber || 1, 'Remove quotes and/or period punctuation from the link title.', child.content, range, diff --git a/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts b/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts index c56439c41d64..96b7b70e6962 100644 --- a/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts +++ b/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts @@ -206,9 +206,10 @@ async function getApplicableVersionFromLiquidTag(conditionStr: string) { const ands = ver.split(' and ') const firstAnd = ands[0].split(' ')[0] // if all ands don't start with the same version it's invalid + // Note: This edge case (e.g., "fpt and ghes >= 3.1") doesn't occur in our content. + // All actual uses have matching versions (e.g., "ghes and ghes > 3.19"). + // If this edge case appears in the future, additional logic would be needed here. if (!ands.every((and) => and.startsWith(firstAnd))) { - // noop - we don't handle this case - // TODO - handle this case in the future return [] } const andValues = [] diff --git a/src/content-linter/lib/linting-rules/rai-reusable-usage.ts b/src/content-linter/lib/linting-rules/rai-reusable-usage.ts index 56ce74eb1cc1..05268c8d06b7 100644 --- a/src/content-linter/lib/linting-rules/rai-reusable-usage.ts +++ b/src/content-linter/lib/linting-rules/rai-reusable-usage.ts @@ -10,7 +10,7 @@ import type { RuleParams, RuleErrorCallback, Rule } from '../../types' interface Frontmatter { type?: string // Allow any additional frontmatter properties since we only care about 'type' - [key: string]: any + [key: string]: unknown } interface LiquidToken { diff --git a/src/content-linter/scripts/lint-content.ts b/src/content-linter/scripts/lint-content.ts index 585a0cc3a1a5..f4a94433e51a 100755 --- a/src/content-linter/scripts/lint-content.ts +++ b/src/content-linter/scripts/lint-content.ts @@ -512,11 +512,13 @@ function getFormattedResults( .filter(([, results]) => results.length) for (const [key, fileResults] of filteredResults) { if (verbose) { - output[key] = fileResults.map((flaw: LintError) => formatResult(flaw, isInPrecommitMode)) + output[key] = fileResults + .map((flaw: LintError) => formatResult(flaw, isInPrecommitMode)) + .filter((result): result is FormattedResult => result !== null) } else { - const formattedResults = fileResults.map((flaw: LintError) => - formatResult(flaw, isInPrecommitMode), - ) + const formattedResults = fileResults + .map((flaw: LintError) => formatResult(flaw, isInPrecommitMode)) + .filter((result): result is FormattedResult => result !== null) // Only add the file to output if there are results after filtering if (formattedResults.length > 0) { @@ -562,14 +564,18 @@ function getCountBySeverity( // Removes null values and properties that are not relevant to content // writers, adds the severity to each result object, and transforms // some error and fix data into a more readable format. -function formatResult(object: LintError, isInPrecommitMode: boolean): FormattedResult { +function formatResult(object: LintError, isInPrecommitMode: boolean): FormattedResult | null { const formattedResult: FormattedResult = {} as FormattedResult // Add severity to each result object const ruleName = object.ruleNames[1] || object.ruleNames[0] const ruleConfig = allConfig[ruleName] as Config | undefined + // Skip rules that aren't in our config. This can happen when using + // / comments + // without specifying rule names, which re-enables ALL markdownlint rules + // including ones we don't use (like line-length/MD013). if (!ruleConfig) { - throw new Error(`Rule not found in allConfig: '${ruleName}'`) + return null } formattedResult.severity = ruleConfig.severity || getSearchReplaceRuleSeverity(ruleName, object, isInPrecommitMode) diff --git a/src/content-linter/scripts/lint-report.ts b/src/content-linter/scripts/lint-report.ts index 62fcf8ea28f4..7e39cc15fd9c 100644 --- a/src/content-linter/scripts/lint-report.ts +++ b/src/content-linter/scripts/lint-report.ts @@ -1,6 +1,6 @@ import { program } from 'commander' import fs from 'fs' -import coreLib from '@actions/core' +import * as coreLib from '@actions/core' import github from '@/workflows/github' import { getEnvInputs } from '@/workflows/get-env-inputs' diff --git a/src/content-linter/style/github-docs.ts b/src/content-linter/style/github-docs.ts index e70be6fbf19b..551576bf18be 100644 --- a/src/content-linter/style/github-docs.ts +++ b/src/content-linter/style/github-docs.ts @@ -242,7 +242,7 @@ export const githubDocsFrontmatterConfig = { 'partial-markdown-files': false, 'yml-files': false, }, - 'frontmatter-landing-recommended': { + 'frontmatter-landing-carousels': { // GHD056 severity: 'error', 'partial-markdown-files': false, @@ -284,6 +284,12 @@ export const githubDocsFrontmatterConfig = { 'partial-markdown-files': false, 'yml-files': false, }, + 'frontmatter-children': { + // GHD063 + severity: 'error', + 'partial-markdown-files': false, + 'yml-files': false, + }, } // Configures rules from the `github/markdownlint-github` repo diff --git a/src/content-linter/tests/category-pages.ts b/src/content-linter/tests/category-pages.ts index a6add3b57499..2c31c6ef04ca 100644 --- a/src/content-linter/tests/category-pages.ts +++ b/src/content-linter/tests/category-pages.ts @@ -50,14 +50,17 @@ describe.skip('category pages', () => { // otherwise, if one of them has no categories, the tests will fail. for (const tuple of productTuples) { const [, productIndex] = tuple + + const productDir = path.dirname(productIndex) + // Get links included in product index page. // Each link corresponds to a product subdirectory (category). // Example: "getting-started-with-github" + // Note: We need to read this synchronously here because vitest's describe.each + // can't asynchronously define tests const contents = fs.readFileSync(productIndex, 'utf8') const data = getFrontmatterData(contents) - const productDir = path.dirname(productIndex) - const children: string[] = data.children const categoryLinks = children // Only include category directories, not standalone category files like content/actions/quickstart.md @@ -118,15 +121,19 @@ describe.skip('category pages', () => { await contextualize(req as ExtendedRequest, res as Response, next) await shortVersions(req as ExtendedRequest, res as Response, next) + // Read the product index data for rendering + const productIndexContents = await fs.promises.readFile(productIndex, 'utf8') + const productIndexData = getFrontmatterData(productIndexContents) + // Save the index title for later testing - indexTitle = data.title.includes('{') - ? await renderContent(data.title, req.context, { textOnly: true }) - : data.title - - if (data.shortTitle) { - indexShortTitle = data.shortTitle.includes('{') - ? await renderContent(data.shortTitle, req.context, { textOnly: true }) - : data.shortTitle + indexTitle = productIndexData.title.includes('{') + ? await renderContent(productIndexData.title, req.context, { textOnly: true }) + : productIndexData.title + + if (productIndexData.shortTitle) { + indexShortTitle = productIndexData.shortTitle.includes('{') + ? await renderContent(productIndexData.shortTitle, req.context, { textOnly: true }) + : productIndexData.shortTitle } else { indexShortTitle = '' } @@ -232,6 +239,15 @@ describe.skip('category pages', () => { }) function getPath(productDir: string, link: string, filename: string) { + // Handle absolute /content/ paths for cross-product children + // The link parameter contains the child path from frontmatter + if (link.startsWith('/content/')) { + const absolutePath = link.slice('/content/'.length) + if (filename === 'index') { + return path.join(contentDir, absolutePath, 'index.md') + } + return path.join(contentDir, absolutePath, `${filename}.md`) + } return path.join(productDir, link, `${filename}.md`) } diff --git a/src/content-linter/tests/fixtures/frontmatter-children/invalid-paths.md b/src/content-linter/tests/fixtures/frontmatter-children/invalid-paths.md new file mode 100644 index 000000000000..e2bd12cbd3cb --- /dev/null +++ b/src/content-linter/tests/fixtures/frontmatter-children/invalid-paths.md @@ -0,0 +1,8 @@ +--- +title: Invalid children paths +children: + - /content/nonexistent/product + - /another/invalid/path +--- + +This page has invalid children paths. diff --git a/src/content-linter/tests/fixtures/frontmatter-children/no-children.md b/src/content-linter/tests/fixtures/frontmatter-children/no-children.md new file mode 100644 index 000000000000..256cd22d03d7 --- /dev/null +++ b/src/content-linter/tests/fixtures/frontmatter-children/no-children.md @@ -0,0 +1,5 @@ +--- +title: No children +--- + +This page has no children frontmatter. diff --git a/src/content-linter/tests/fixtures/frontmatter-children/valid-content-prefix.md b/src/content-linter/tests/fixtures/frontmatter-children/valid-content-prefix.md new file mode 100644 index 000000000000..85fe35cc0ec1 --- /dev/null +++ b/src/content-linter/tests/fixtures/frontmatter-children/valid-content-prefix.md @@ -0,0 +1,8 @@ +--- +title: Valid children with content prefix +children: + - /content/get-started/foo + - /content/get-started/learning-about-github +--- + +This page has valid /content/ prefixed children paths. diff --git a/src/content-linter/tests/fixtures/journey-tracks/duplicate-ids.md b/src/content-linter/tests/fixtures/journey-tracks/duplicate-ids.md index bcc808a81367..a54559bc8dc8 100644 --- a/src/content-linter/tests/fixtures/journey-tracks/duplicate-ids.md +++ b/src/content-linter/tests/fixtures/journey-tracks/duplicate-ids.md @@ -11,15 +11,15 @@ journeyTracks: - id: duplicate-id title: "First Track" guides: - - /article-one + - href: /article-one - id: unique-id title: "Unique Track" guides: - - /article-two + - href: /article-two - id: duplicate-id title: "Second Track with Same ID" guides: - - /subdir/article-three + - href: /subdir/article-three --- # Journey with Duplicate IDs diff --git a/src/content-linter/tests/fixtures/journey-tracks/invalid-paths.md b/src/content-linter/tests/fixtures/journey-tracks/invalid-paths.md index ef4f7d558bc1..c863f9c0f0df 100644 --- a/src/content-linter/tests/fixtures/journey-tracks/invalid-paths.md +++ b/src/content-linter/tests/fixtures/journey-tracks/invalid-paths.md @@ -11,9 +11,9 @@ journeyTracks: - id: track-1 title: "Track with Invalid Guides" guides: - - /article-one - - /nonexistent/guide - - /another/invalid/path + - href: /article-one + - href: /nonexistent/guide + - href: /another/invalid/path --- # Journey with Invalid Paths diff --git a/src/content-linter/tests/fixtures/journey-tracks/non-journey-layout.md b/src/content-linter/tests/fixtures/journey-tracks/non-journey-layout.md index a7dcec80ebc9..53b5599487f2 100644 --- a/src/content-linter/tests/fixtures/journey-tracks/non-journey-layout.md +++ b/src/content-linter/tests/fixtures/journey-tracks/non-journey-layout.md @@ -11,7 +11,7 @@ journeyTracks: - id: track-1 title: "Should be ignored" guides: - - /nonexistent/path + - href: /nonexistent/path --- # Non-Journey Page diff --git a/src/content-linter/tests/fixtures/journey-tracks/valid-journey.md b/src/content-linter/tests/fixtures/journey-tracks/valid-journey.md index 30b98033b436..bf64df138981 100644 --- a/src/content-linter/tests/fixtures/journey-tracks/valid-journey.md +++ b/src/content-linter/tests/fixtures/journey-tracks/valid-journey.md @@ -11,12 +11,12 @@ journeyTracks: - id: track-1 title: "Getting Started Track" guides: - - /article-one - - /article-two + - href: /article-one + - href: /article-two - id: track-2 title: "Advanced Track" guides: - - /subdir/article-three + - href: /subdir/article-three --- # Valid Journey Landing diff --git a/src/content-linter/tests/fixtures/landing-recommended/article-one.md b/src/content-linter/tests/fixtures/landing-carousels/article-one.md similarity index 100% rename from src/content-linter/tests/fixtures/landing-recommended/article-one.md rename to src/content-linter/tests/fixtures/landing-carousels/article-one.md diff --git a/src/content-linter/tests/fixtures/landing-recommended/article-two.md b/src/content-linter/tests/fixtures/landing-carousels/article-two.md similarity index 100% rename from src/content-linter/tests/fixtures/landing-recommended/article-two.md rename to src/content-linter/tests/fixtures/landing-carousels/article-two.md diff --git a/src/content-linter/tests/fixtures/landing-carousels/duplicate-carousels.md b/src/content-linter/tests/fixtures/landing-carousels/duplicate-carousels.md new file mode 100644 index 000000000000..34b43112e777 --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/duplicate-carousels.md @@ -0,0 +1,20 @@ +--- +title: Landing with Duplicates +layout: product-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +carousels: + recommended: + - /article-one + - /article-two + - /article-one + - /subdir/article-three +--- + +# Landing with Duplicates + +This landing page has duplicate carousel articles. diff --git a/src/content-linter/tests/fixtures/landing-carousels/duplicate-recommended.md b/src/content-linter/tests/fixtures/landing-carousels/duplicate-recommended.md new file mode 100644 index 000000000000..34b43112e777 --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/duplicate-recommended.md @@ -0,0 +1,20 @@ +--- +title: Landing with Duplicates +layout: product-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +carousels: + recommended: + - /article-one + - /article-two + - /article-one + - /subdir/article-three +--- + +# Landing with Duplicates + +This landing page has duplicate carousel articles. diff --git a/src/content-linter/tests/fixtures/landing-carousels/invalid-non-landing.md b/src/content-linter/tests/fixtures/landing-carousels/invalid-non-landing.md new file mode 100644 index 000000000000..c399479cb97a --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/invalid-non-landing.md @@ -0,0 +1,19 @@ +--- +title: Not a Landing Page +layout: inline +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +carousels: + recommended: + - /article-one + - /article-two + - /subdir/article-three +--- + +# Not a Landing Page + +This page has a carousels property but is not a landing page. diff --git a/src/content-linter/tests/fixtures/landing-recommended/invalid-paths.md b/src/content-linter/tests/fixtures/landing-carousels/invalid-paths.md similarity index 50% rename from src/content-linter/tests/fixtures/landing-recommended/invalid-paths.md rename to src/content-linter/tests/fixtures/landing-carousels/invalid-paths.md index fb76b85bcea2..4d33154a025b 100644 --- a/src/content-linter/tests/fixtures/landing-recommended/invalid-paths.md +++ b/src/content-linter/tests/fixtures/landing-carousels/invalid-paths.md @@ -7,12 +7,13 @@ versions: ghes: '*' topics: - Testing -recommended: - - /article-one - - /nonexistent/path - - /another/invalid/path +carousels: + recommended: + - /article-one + - /nonexistent/path + - /another/invalid/path --- # Landing with Invalid Paths -This landing page has some invalid recommended article paths. +This landing page has some invalid carousel article paths. diff --git a/src/content-linter/tests/fixtures/landing-carousels/no-carousels.md b/src/content-linter/tests/fixtures/landing-carousels/no-carousels.md new file mode 100644 index 000000000000..149684323fe9 --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/no-carousels.md @@ -0,0 +1,14 @@ +--- +title: Landing without Carousels +layout: product-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +--- + +# Landing without Carousels + +This is a landing page without any carousels. diff --git a/src/content-linter/tests/fixtures/landing-carousels/no-recommended.md b/src/content-linter/tests/fixtures/landing-carousels/no-recommended.md new file mode 100644 index 000000000000..149684323fe9 --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/no-recommended.md @@ -0,0 +1,14 @@ +--- +title: Landing without Carousels +layout: product-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +--- + +# Landing without Carousels + +This is a landing page without any carousels. diff --git a/src/content-linter/tests/fixtures/landing-recommended/subdir/article-three.md b/src/content-linter/tests/fixtures/landing-carousels/subdir/article-three.md similarity index 100% rename from src/content-linter/tests/fixtures/landing-recommended/subdir/article-three.md rename to src/content-linter/tests/fixtures/landing-carousels/subdir/article-three.md diff --git a/src/content-linter/tests/fixtures/landing-recommended/test-absolute-only.md b/src/content-linter/tests/fixtures/landing-carousels/test-absolute-only.md similarity index 85% rename from src/content-linter/tests/fixtures/landing-recommended/test-absolute-only.md rename to src/content-linter/tests/fixtures/landing-carousels/test-absolute-only.md index 964f85cf6a49..da9b8de286e9 100644 --- a/src/content-linter/tests/fixtures/landing-recommended/test-absolute-only.md +++ b/src/content-linter/tests/fixtures/landing-carousels/test-absolute-only.md @@ -3,8 +3,9 @@ title: Test Absolute Only Path layout: product-landing versions: fpt: '*' -recommended: - - /article-two +carousels: + recommended: + - /article-two --- # Test Absolute Only Path diff --git a/src/content-linter/tests/fixtures/landing-recommended/test-absolute-priority.md b/src/content-linter/tests/fixtures/landing-carousels/test-absolute-priority.md similarity index 71% rename from src/content-linter/tests/fixtures/landing-recommended/test-absolute-priority.md rename to src/content-linter/tests/fixtures/landing-carousels/test-absolute-priority.md index bc529b8d8b3e..ab8cd042fefe 100644 --- a/src/content-linter/tests/fixtures/landing-recommended/test-absolute-priority.md +++ b/src/content-linter/tests/fixtures/landing-carousels/test-absolute-priority.md @@ -3,9 +3,10 @@ title: Test Absolute Path Priority layout: product-landing versions: fpt: '*' -recommended: - - /article-one - - /subdir/article-three +carousels: + recommended: + - /article-one + - /subdir/article-three --- # Test Absolute Path Priority diff --git a/src/content-linter/tests/fixtures/landing-recommended/test-path-priority.md b/src/content-linter/tests/fixtures/landing-carousels/test-path-priority.md similarity index 74% rename from src/content-linter/tests/fixtures/landing-recommended/test-path-priority.md rename to src/content-linter/tests/fixtures/landing-carousels/test-path-priority.md index 226c7f956a91..30e078ff8b80 100644 --- a/src/content-linter/tests/fixtures/landing-recommended/test-path-priority.md +++ b/src/content-linter/tests/fixtures/landing-carousels/test-path-priority.md @@ -3,8 +3,9 @@ title: Test Path Priority Resolution layout: product-landing versions: fpt: '*' -recommended: - - /article-one +carousels: + recommended: + - /article-one --- # Test Path Priority Resolution @@ -12,6 +13,6 @@ recommended: This tests that /article-one resolves to the absolute path: tests/fixtures/fixtures/content/article-one.md (absolute from fixtures root) NOT the relative path: - tests/fixtures/landing-recommended/article-one.md (relative to this file) + tests/fixtures/landing-carousels/article-one.md (relative to this file) The absolute path should be prioritized over the relative path. diff --git a/src/content-linter/tests/fixtures/landing-recommended/test-priority-validation.md b/src/content-linter/tests/fixtures/landing-carousels/test-priority-validation.md similarity index 80% rename from src/content-linter/tests/fixtures/landing-recommended/test-priority-validation.md rename to src/content-linter/tests/fixtures/landing-carousels/test-priority-validation.md index 248f88d8433c..560b75a2ac78 100644 --- a/src/content-linter/tests/fixtures/landing-recommended/test-priority-validation.md +++ b/src/content-linter/tests/fixtures/landing-carousels/test-priority-validation.md @@ -3,9 +3,10 @@ title: Test Priority Validation layout: product-landing versions: fpt: '*' -recommended: - - /article-one - - /nonexistent-absolute +carousels: + recommended: + - /article-one + - /nonexistent-absolute --- # Test Priority Validation diff --git a/src/content-linter/tests/fixtures/landing-carousels/valid-landing.md b/src/content-linter/tests/fixtures/landing-carousels/valid-landing.md new file mode 100644 index 000000000000..76083ae222c2 --- /dev/null +++ b/src/content-linter/tests/fixtures/landing-carousels/valid-landing.md @@ -0,0 +1,20 @@ +--- +title: Valid Landing Page +layout: product-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Testing +carousels: + recommended: + - /article-one + - /article-two + - /subdir/article-three + - /get-started +--- + +# Valid Landing Page + +This is a valid landing page with carousel articles and landing page paths. diff --git a/src/content-linter/tests/fixtures/landing-recommended/duplicate-recommended.md b/src/content-linter/tests/fixtures/landing-recommended/duplicate-recommended.md deleted file mode 100644 index 8a50baa93d43..000000000000 --- a/src/content-linter/tests/fixtures/landing-recommended/duplicate-recommended.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Landing with Duplicates -layout: product-landing -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Testing -recommended: - - /article-one - - /article-two - - /article-one - - /subdir/article-three ---- - -# Landing with Duplicates - -This landing page has duplicate recommended articles. diff --git a/src/content-linter/tests/fixtures/landing-recommended/invalid-non-landing.md b/src/content-linter/tests/fixtures/landing-recommended/invalid-non-landing.md deleted file mode 100644 index 81cdf1352056..000000000000 --- a/src/content-linter/tests/fixtures/landing-recommended/invalid-non-landing.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Not a Landing Page -layout: inline -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Testing -recommended: - - /article-one - - /article-two - - /subdir/article-three ---- - -# Not a Landing Page - -This page has a recommended property but is not a landing page. diff --git a/src/content-linter/tests/fixtures/landing-recommended/no-recommended.md b/src/content-linter/tests/fixtures/landing-recommended/no-recommended.md deleted file mode 100644 index dcc452f24f61..000000000000 --- a/src/content-linter/tests/fixtures/landing-recommended/no-recommended.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Landing without Recommended -layout: product-landing -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Testing ---- - -# Landing without Recommended - -This is a landing page without any recommended articles. diff --git a/src/content-linter/tests/fixtures/landing-recommended/valid-landing.md b/src/content-linter/tests/fixtures/landing-recommended/valid-landing.md deleted file mode 100644 index 09d5956c5ca0..000000000000 --- a/src/content-linter/tests/fixtures/landing-recommended/valid-landing.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Valid Landing Page -layout: product-landing -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Testing -recommended: - - /article-one - - /article-two - - /subdir/article-three - - /get-started ---- - -# Valid Landing Page - -This is a valid landing page with recommended articles and landing page paths. diff --git a/src/content-linter/tests/unit/frontmatter-children.ts b/src/content-linter/tests/unit/frontmatter-children.ts new file mode 100644 index 000000000000..388550747f31 --- /dev/null +++ b/src/content-linter/tests/unit/frontmatter-children.ts @@ -0,0 +1,53 @@ +import { describe, expect, test, beforeAll, afterAll } from 'vitest' + +import { runRule } from '@/content-linter/lib/init-test' +import { frontmatterChildren } from '@/content-linter/lib/linting-rules/frontmatter-children' + +const VALID_CONTENT_PREFIX = + 'src/content-linter/tests/fixtures/frontmatter-children/valid-content-prefix.md' +const INVALID_PATHS = 'src/content-linter/tests/fixtures/frontmatter-children/invalid-paths.md' +const NO_CHILDREN = 'src/content-linter/tests/fixtures/frontmatter-children/no-children.md' + +const ruleName = frontmatterChildren.names[1] + +// Configure the test fixture to not split frontmatter and content +const fmOptions = { markdownlintOptions: { frontMatter: null } } + +describe(ruleName, () => { + const envVarValueBefore = process.env.ROOT + + beforeAll(() => { + process.env.ROOT = 'src/fixtures/fixtures' + }) + + afterAll(() => { + process.env.ROOT = envVarValueBefore + }) + + test('page with valid /content/ prefixed children paths passes', async () => { + const result = await runRule(frontmatterChildren, { + files: [VALID_CONTENT_PREFIX], + ...fmOptions, + }) + expect(result[VALID_CONTENT_PREFIX]).toEqual([]) + }) + + test('page without children property passes', async () => { + const result = await runRule(frontmatterChildren, { + files: [NO_CHILDREN], + ...fmOptions, + }) + expect(result[NO_CHILDREN]).toEqual([]) + }) + + test('page with invalid children paths fails', async () => { + const result = await runRule(frontmatterChildren, { + files: [INVALID_PATHS], + ...fmOptions, + }) + expect(result[INVALID_PATHS]).toHaveLength(1) + expect(result[INVALID_PATHS][0].errorDetail).toContain('Found invalid children paths:') + expect(result[INVALID_PATHS][0].errorDetail).toContain('/content/nonexistent/product') + expect(result[INVALID_PATHS][0].errorDetail).toContain('/another/invalid/path') + }) +}) diff --git a/src/content-linter/tests/unit/frontmatter-landing-recommended.ts b/src/content-linter/tests/unit/frontmatter-landing-carousels.ts similarity index 59% rename from src/content-linter/tests/unit/frontmatter-landing-recommended.ts rename to src/content-linter/tests/unit/frontmatter-landing-carousels.ts index 7dc86e0c197c..3238d9555f7e 100644 --- a/src/content-linter/tests/unit/frontmatter-landing-recommended.ts +++ b/src/content-linter/tests/unit/frontmatter-landing-carousels.ts @@ -1,23 +1,23 @@ import { describe, expect, test, beforeAll, afterAll } from 'vitest' import { runRule } from '@/content-linter/lib/init-test' -import { frontmatterLandingRecommended } from '@/content-linter/lib/linting-rules/frontmatter-landing-recommended' +import { frontmatterLandingCarousels } from '@/content-linter/lib/linting-rules/frontmatter-landing-carousels' -const VALID_LANDING = 'src/content-linter/tests/fixtures/landing-recommended/valid-landing.md' +const VALID_LANDING = 'src/content-linter/tests/fixtures/landing-carousels/valid-landing.md' const INVALID_NON_LANDING = - 'src/content-linter/tests/fixtures/landing-recommended/invalid-non-landing.md' -const DUPLICATE_RECOMMENDED = - 'src/content-linter/tests/fixtures/landing-recommended/duplicate-recommended.md' -const INVALID_PATHS = 'src/content-linter/tests/fixtures/landing-recommended/invalid-paths.md' -const NO_RECOMMENDED = 'src/content-linter/tests/fixtures/landing-recommended/no-recommended.md' + 'src/content-linter/tests/fixtures/landing-carousels/invalid-non-landing.md' +const DUPLICATE_CAROUSELS = + 'src/content-linter/tests/fixtures/landing-carousels/duplicate-carousels.md' +const INVALID_PATHS = 'src/content-linter/tests/fixtures/landing-carousels/invalid-paths.md' +const NO_CAROUSELS = 'src/content-linter/tests/fixtures/landing-carousels/no-carousels.md' const ABSOLUTE_PRIORITY = - 'src/content-linter/tests/fixtures/landing-recommended/test-absolute-priority.md' -const PATH_PRIORITY = 'src/content-linter/tests/fixtures/landing-recommended/test-path-priority.md' -const ABSOLUTE_ONLY = 'src/content-linter/tests/fixtures/landing-recommended/test-absolute-only.md' + 'src/content-linter/tests/fixtures/landing-carousels/test-absolute-priority.md' +const PATH_PRIORITY = 'src/content-linter/tests/fixtures/landing-carousels/test-path-priority.md' +const ABSOLUTE_ONLY = 'src/content-linter/tests/fixtures/landing-carousels/test-absolute-only.md' const PRIORITY_VALIDATION = - 'src/content-linter/tests/fixtures/landing-recommended/test-priority-validation.md' + 'src/content-linter/tests/fixtures/landing-carousels/test-priority-validation.md' -const ruleName = frontmatterLandingRecommended.names[1] +const ruleName = frontmatterLandingCarousels.names[1] // Configure the test fixture to not split frontmatter and content const fmOptions = { markdownlintOptions: { frontMatter: null } } @@ -32,59 +32,59 @@ describe(ruleName, () => { afterAll(() => { process.env.ROOT = envVarValueBefore }) - test('landing page with recommended articles passes', async () => { - const result = await runRule(frontmatterLandingRecommended, { + test('landing page with carousel articles passes', async () => { + const result = await runRule(frontmatterLandingCarousels, { files: [VALID_LANDING], ...fmOptions, }) expect(result[VALID_LANDING]).toEqual([]) }) - test('non-landing page with recommended property fails', async () => { - const result = await runRule(frontmatterLandingRecommended, { + test('non-landing page with carousels property fails', async () => { + const result = await runRule(frontmatterLandingCarousels, { files: [INVALID_NON_LANDING], ...fmOptions, }) expect(result[INVALID_NON_LANDING]).toHaveLength(1) expect(result[INVALID_NON_LANDING][0].errorDetail).toContain( - 'recommended frontmatter key is only valid for landing pages', + 'carousels frontmatter key is only valid for landing pages', ) }) - test('pages without recommended property pass', async () => { - const result = await runRule(frontmatterLandingRecommended, { - files: [NO_RECOMMENDED], + test('pages without carousels property pass', async () => { + const result = await runRule(frontmatterLandingCarousels, { + files: [NO_CAROUSELS], ...fmOptions, }) - expect(result[NO_RECOMMENDED]).toEqual([]) + expect(result[NO_CAROUSELS]).toEqual([]) }) - test('page with duplicate recommended articles fails', async () => { - const result = await runRule(frontmatterLandingRecommended, { - files: [DUPLICATE_RECOMMENDED], + test('page with duplicate carousel articles fails', async () => { + const result = await runRule(frontmatterLandingCarousels, { + files: [DUPLICATE_CAROUSELS], ...fmOptions, }) - expect(result[DUPLICATE_RECOMMENDED]).toHaveLength(1) // Only duplicate error since all paths are valid - expect(result[DUPLICATE_RECOMMENDED][0].errorDetail).toContain( - 'Found duplicate recommended articles: /article-one', + expect(result[DUPLICATE_CAROUSELS]).toHaveLength(1) // Only duplicate error since all paths are valid + expect(result[DUPLICATE_CAROUSELS][0].errorDetail).toContain( + "Found duplicate articles in carousel 'recommended': /article-one", ) }) - test('page with invalid recommended article paths fails', async () => { - const result = await runRule(frontmatterLandingRecommended, { + test('page with invalid carousel article paths fails', async () => { + const result = await runRule(frontmatterLandingCarousels, { files: [INVALID_PATHS], ...fmOptions, }) expect(result[INVALID_PATHS]).toHaveLength(1) expect(result[INVALID_PATHS][0].errorDetail).toContain( - 'Found invalid recommended article paths:', + "Found invalid article paths in carousel 'recommended':", ) expect(result[INVALID_PATHS][0].errorDetail).toContain('/nonexistent/path') expect(result[INVALID_PATHS][0].errorDetail).toContain('/another/invalid/path') }) - test('page with valid recommended articles passes', async () => { - const result = await runRule(frontmatterLandingRecommended, { + test('page with valid carousel articles passes', async () => { + const result = await runRule(frontmatterLandingCarousels, { files: [VALID_LANDING], ...fmOptions, }) @@ -97,10 +97,10 @@ describe(ruleName, () => { // // Setup: // - /article-one should resolve to src/fixtures/fixtures/content/article-one.md (absolute) - // - article-one (relative) would resolve to src/content-linter/tests/fixtures/landing-recommended/article-one.md + // - article-one (relative) would resolve to src/content-linter/tests/fixtures/landing-carousels/article-one.md // // The test passes because our logic prioritizes the absolute path resolution first - const result = await runRule(frontmatterLandingRecommended, { + const result = await runRule(frontmatterLandingCarousels, { files: [ABSOLUTE_PRIORITY], ...fmOptions, }) @@ -114,11 +114,11 @@ describe(ruleName, () => { // Setup: // - /article-one could resolve to EITHER: // 1. src/fixtures/fixtures/content/article-one.md (absolute - should be chosen) - // 2. src/content-linter/tests/fixtures/landing-recommended/article-one.md (relative - should be ignored) + // 2. src/content-linter/tests/fixtures/landing-carousels/article-one.md (relative - should be ignored) // // Our prioritization logic should choose #1 (absolute) over #2 (relative) // This test passes because the absolute path exists and is found first - const result = await runRule(frontmatterLandingRecommended, { + const result = await runRule(frontmatterLandingCarousels, { files: [PATH_PRIORITY], ...fmOptions, }) @@ -128,9 +128,9 @@ describe(ruleName, () => { test('absolute-only paths work when no relative path exists', async () => { // This test verifies that absolute path resolution works when no relative path exists // /article-two exists in src/fixtures/fixtures/content/article-two.md - // but NOT in src/content-linter/tests/fixtures/landing-recommended/article-two.md + // but NOT in src/content-linter/tests/fixtures/landing-carousels/article-two.md // This test would fail if we didn't prioritize absolute paths properly - const result = await runRule(frontmatterLandingRecommended, { + const result = await runRule(frontmatterLandingCarousels, { files: [ABSOLUTE_ONLY], ...fmOptions, }) @@ -140,7 +140,7 @@ describe(ruleName, () => { test('mixed valid and invalid absolute paths are handled correctly', async () => { // This test has both a valid absolute path (/article-one) and an invalid one (/nonexistent-absolute) // It should fail because of the invalid path, proving our absolute path resolution is working - const result = await runRule(frontmatterLandingRecommended, { + const result = await runRule(frontmatterLandingCarousels, { files: [PRIORITY_VALIDATION], ...fmOptions, }) diff --git a/src/content-linter/tests/unit/journey-tracks.ts b/src/content-linter/tests/unit/journey-tracks.ts index f097eb3f16ae..08615adadbfe 100644 --- a/src/content-linter/tests/unit/journey-tracks.ts +++ b/src/content-linter/tests/unit/journey-tracks.ts @@ -40,7 +40,7 @@ journeyTracks: title: "Track with {% invalid liquid" description: "Description with {{ unclosed liquid" guides: - - /article-one + - href: /article-one --- # Journey with Liquid Issues @@ -55,6 +55,36 @@ This journey landing page has invalid liquid syntax in journeyTracks. expect(result['test-invalid-liquid.md'][0].ruleDescription).toMatch(/liquid syntax/i) expect(result['test-invalid-liquid.md'][1].ruleDescription).toMatch(/liquid syntax/i) }) + + test('invalid liquid syntax in alternativeNextStep fails', async () => { + const invalidAlternativeNextStepContent = `--- +title: Journey with Invalid Alternative Next Step +layout: journey-landing +versions: + fpt: '*' + ghec: '*' + ghes: '*' +journeyTracks: + - id: track-1 + title: "Test Track" + guides: + - href: /article-one + alternativeNextStep: "Want to skip? See {% invalid liquid syntax" +--- + +# Journey with Invalid Alternative Next Step +` + const result = await runRule(journeyTracksLiquid, { + strings: { 'test-invalid-alternative-next-step.md': invalidAlternativeNextStepContent }, + ...fmOptions, + }) + + expect(result['test-invalid-alternative-next-step.md']).toHaveLength(1) + expect(result['test-invalid-alternative-next-step.md'][0].errorDetail).toMatch( + /alternativeNextStep/, + ) + expect(result['test-invalid-alternative-next-step.md'][0].errorDetail).toMatch(/liquid syntax/i) + }) }) describe('journey-tracks-guide-path-exists', () => { diff --git a/src/content-render/README.md b/src/content-render/README.md index 2d134219cede..36499ae65712 100644 --- a/src/content-render/README.md +++ b/src/content-render/README.md @@ -1,11 +1,36 @@ -# Render content +# Content render -In this directory is the main pipeline that converts our content from Liquid, Markdown and YAML into HTML. This directory _does not include React components_. +The content-render subject is the main pipeline that converts content from Liquid, Markdown, and YAML into HTML. It handles template processing, Markdown parsing, custom Liquid tags, and unified (remark/rehype) transformations. This directory does not include React components. -## Usage +## Purpose & Scope + +This subject is responsible for: +- Rendering Liquid templates with context variables +- Converting Markdown to HTML with unified (remark/rehype) +- Custom Liquid tags for content and data references +- Code block syntax highlighting and headers +- Link rewriting (local paths, assets, anchors) +- Image transformations and wrapping +- Alert/note callout rendering +- Table accessibility improvements +- Text-only extraction for search indexing + +## Architecture & Key Assets + +### Key capabilities and their locations + +- `index.ts` - `renderContent()`: Main entry point for content rendering +- `liquid/engine.ts` - Liquid engine with custom tag registration +- `unified/processor.ts` - Unified pipeline with remark/rehype plugins +- `liquid/*.ts` - Custom Liquid tags (data, ifversion, octicon, etc.) +- `unified/*.ts` - Content transformation plugins + +## Setup & Usage + +### Basic usage ```javascript -const renderContent = require('.') +import { renderContent } from '@/content-render' const html = await renderContent(` # Beep @@ -22,26 +47,25 @@ Creates:

    bar

    ``` -## API +### API -### renderContent(markdown, context = {}, options = {}) +#### renderContent(markdown, context = {}, options = {}) Render a string of `markdown` with optional `context`. Returns a `Promise`. -Liquid will be looking for includes in `${process.cwd()}/includes`. +Liquid will look for includes in `${process.cwd()}/includes`. Options: +- `fileName`: File name for debugging purposes +- `textOnly`: Output text instead of HTML using cheerio (for search indexing) -- `fileName`: File name for debugging purposes. -- `textOnly`: Output text instead of html using [cheerio](https://ghub.io/cheerio). - -### .liquid +#### .liquid -The [Liquid](https://ghub.io/liquidjs) instance used internally. +The Liquid instance used internally for direct access. ### Code block headers -You can add a header to code blocks by adding the ` copy` annotation after the code fences, and a specified language: +Add a header to code blocks with the `copy` annotation: ```js copy const copyMe = true @@ -49,50 +73,113 @@ You can add a header to code blocks by adding the ` copy` annotation after the c The un-highlighted text is available as `button.js-btn-copy`'s `data-clipboard-text` attribute. -## Liquid tags +## Data & External Dependencies -See also [contributing/liquid-helpers.md](../../contributing/liquid-helpers.md) +### Data inputs +- Markdown content with Liquid templates +- Context object with variables and functions +- Data from `data/` directory (reusables, variables, features) +- Content includes from `includes/` directory -This directory contains custom Liquid tags for outputting dynamic content. These custom tags exist for a few reasons: +### Dependencies +- **LiquidJS** - Template engine for Liquid processing +- **unified/remark/rehype** - Markdown to HTML transformation +- **cheerio** - HTML parsing for text-only mode +- **highlight.js** - Syntax highlighting for code blocks +- Custom plugins for GitHub-specific transformations -- Content and styling should be separated. Writers should not be concerned with writing or maintaining stylistic markup. -- Content should be localized to match the current language. -- Styling and markup should be DRY and reusable. +### Transformation pipeline -## Using tags +1. **Liquid rendering** - Process Liquid tags and variables +2. **Markdown parsing** - Convert to syntax tree (remark) +3. **Unified plugins** - Apply transformations +4. **HTML generation** - Convert to final HTML (rehype) +5. **Post-processing** - Additional cleanup if needed -Tags can be used in: +## Cross-links & Ownership -- Articles and TOCs (`content/**/*.md`) -- Include files (`includes/*.html`) +### Related subjects +- [`src/frame`](../frame/README.md) - Page rendering uses renderContent +- [`src/data-directory`](../data-directory/README.md) - Data accessed via {% data %} tags +- [`src/versions`](../versions/README.md) - {% ifversion %} tag logic +- All content in `content/` - Source of Markdown to render +- Includes in `includes/` - Reusable Liquid includes -Tags always expect a single argument, a language agnostic href: +### Internal documentation +- [Liquid helpers guide](../../contributing/liquid-helpers.md) +- [Content style guide](../../contributing/) - Using Liquid tags in content -```html -{% data variables.product.product_name %} -``` +### Ownership +- Team: Docs Engineering -## Supported tags +## Current State & Next Steps -| Markup | Renders | -| -- | -- | -| `{% indented_data_reference foo.bar spaces=NUMBER %}` | A data reference with the specified number of spaces prepended to each line. Defaults to 2 spaces if no spaces included. For example: `{% indented_data_reference reusables.pages.wildcard-dns-warning spaces=3 %}` +### Supported Liquid tags -## Creating tags +Custom tags implemented: -Each custom tag has the following: +| Tag | Purpose | +|-----|---------| +| `{% data variables.product.product_name %}` | Access data variables | +| `{% ifversion fpt %}...{% endif %}` | Conditional content by version | +| `{% octicon "check" %}` | Render Octicons | +| `{% indented_data_reference foo.bar spaces=2 %}` | Data reference with indentation | +| `{% tool name %}` | Tool-specific content | +| `{% prompt %}` | Command prompt styling | -- a JavaScript class in `lib/liquid-tags/` -- an HTML template in `includes/liquid-tags/` +See [contributing/liquid-helpers.md](../../contributing/liquid-helpers.md) for complete list. -The class and the template should have corresponding names, like `lib/liquid-tags/my-tag.ts` and `includes/liquid-tags/my-tag.html` +### Using tags + +Tags can be used in: +- Articles and TOCs (`content/**/*.md`) +- Include files (`includes/*.html`) -You must also register the new tag in `src/content-render/liquid/engine.ts` with a line like this: +Tags expect language-agnostic hrefs or data paths: +```liquid +{% data variables.product.product_name %} +{% ifversion ghes > 3.9 %}...{% endif %} ``` -engine.registerTag('my_tag', require('./liquid-tags/my-tag')) -``` - -## Further reading -- Liquid Docs: https://github.com/liquid-lang/liquid-node#registering-new-tags +### Creating new Liquid tags + +1. Create TypeScript class in `liquid/my-tag.ts` and implement the rendering logic directly in the class (using inline HTML or template strings). +2. Register in `liquid/engine.ts`: + ```typescript + import MyTag from './my-tag' + engine.registerTag('my_tag', MyTag) + ``` +3. Add tests in `tests/` +4. Document in `contributing/liquid-helpers.md` + +See [LiquidJS docs](https://liquidjs.com/tutorials/register-filters-tags.html) for tag API. + +### Unified plugins + +Plugins transform the Markdown AST: +- `rewrite-local-links` - Rewrites internal `/en/...` links +- `rewrite-asset-urls` - Handles `/assets/...` paths +- `heading-links` - Adds anchor links to headings +- `alerts` - Converts `> [!NOTE]` to styled alerts +- `code-header` - Adds copy buttons to code blocks +- And many more... + +### Adding new unified plugins + +1. Create plugin in `unified/my-plugin.ts` +2. Add to processor in `unified/processor.ts` +3. Add tests +4. Consider impact on performance (plugins run on every render) + +### Known limitations +- Liquid rendering happens before Markdown parsing (can't use Markdown in Liquid output easily) +- Some transformations are performance-sensitive (cached where possible) +- Text-only mode used for search has different output than HTML mode +- Custom Liquid tags must be registered manually + +### Performance considerations +- Rendering is cached at the page level +- Liquid includes are resolved on every render +- Heavy transformations should be avoided in hot paths +- Use `textOnly` mode for search indexing (faster) diff --git a/src/content-render/liquid/data.ts b/src/content-render/liquid/data.ts index fce51925c73f..28c8f581738f 100644 --- a/src/content-render/liquid/data.ts +++ b/src/content-render/liquid/data.ts @@ -7,10 +7,13 @@ import { getDataByLanguage } from '@/data-directory/lib/get-data' const Syntax = /([a-z0-9/\\_.\-[\]]+)/i const SyntaxHelp = "Syntax Error in 'data' - Valid syntax: data [path]" -// Using any for scope because it has custom environments property not in Liquid's Scope type +// Using unknown for scope because it has custom environments property not in Liquid's Scope type interface CustomScope { - environments: any - [key: string]: any + environments: { + currentLanguage?: string + [key: string]: unknown + } + [key: string]: unknown } interface DataTag { @@ -32,7 +35,7 @@ export default { }, async render(scope: CustomScope) { - let text = getDataByLanguage(this.path, scope.environments.currentLanguage) + let text = getDataByLanguage(this.path, scope.environments.currentLanguage || '') if (text === undefined) { if (scope.environments.currentLanguage === 'en') { const message = `Can't find the key 'data ${this.path}' in the scope.` diff --git a/src/content-render/scripts/cta-builder.ts b/src/content-render/scripts/cta-builder.ts index 1d1f3eb3038e..bd633c63dbb6 100644 --- a/src/content-render/scripts/cta-builder.ts +++ b/src/content-render/scripts/cta-builder.ts @@ -18,6 +18,19 @@ interface CTAParams { ref_style?: string } +const CTA_PARAM_KEYS: (keyof CTAParams)[] = ['ref_product', 'ref_plan', 'ref_type', 'ref_style'] + +interface CTASchemaProperty { + type: string + name: string + description: string + enum: string[] +} + +type CTASchemaProperties = { + [K in keyof CTAParams]-?: CTASchemaProperty +} + // Conversion mappings from old CTA format to new schema const ctaToTypeMapping: Record = { 'GHEC trial': 'trial', @@ -153,27 +166,40 @@ function extractCTAParams(url: string): CTAParams { const urlObj = new URL(url) const ctaParams: CTAParams = {} for (const [key, value] of urlObj.searchParams.entries()) { - if (key.startsWith('ref_')) { - ;(ctaParams as any)[key] = value + if (key.startsWith('ref_') && CTA_PARAM_KEYS.includes(key as keyof CTAParams)) { + ctaParams[key as keyof CTAParams] = value } } return ctaParams } +interface AjvErrorParams { + missingProperty?: string + allowedValues?: string[] + additionalProperty?: string +} + +interface AjvError { + keyword: string + instancePath: string + message?: string + params: AjvErrorParams +} + // Process AJV validation errors into readable messages -function formatValidationErrors(ctaParams: CTAParams, errors: any[]): string[] { +function formatValidationErrors(ctaParams: CTAParams, errors: AjvError[]): string[] { const errorMessages: string[] = [] for (const error of errors) { let message = '' if (error.keyword === 'required') { - message = `Missing required parameter: ${(error.params as any)?.missingProperty}` + message = `Missing required parameter: ${error.params.missingProperty}` } else if (error.keyword === 'enum') { const paramName = error.instancePath.substring(1) const invalidValue = ctaParams[paramName as keyof CTAParams] - const allowedValues = (error.params as any)?.allowedValues || [] + const allowedValues = error.params.allowedValues || [] message = `Invalid value for ${paramName}: "${invalidValue}". Valid values are: ${allowedValues.join(', ')}` } else if (error.keyword === 'additionalProperties') { - message = `Unexpected parameter: ${(error.params as any)?.additionalProperty}` + message = `Unexpected parameter: ${error.params.additionalProperty}` } else { message = `Validation error: ${error.message}` } @@ -191,7 +217,7 @@ function validateCTAParams(params: CTAParams): { isValid: boolean; errors: strin return { isValid: true, errors: [] } } - const errors = formatValidationErrors(params, ajvErrors) + const errors = formatValidationErrors(params, ajvErrors as unknown as AjvError[]) return { isValid: false, errors, @@ -382,12 +408,14 @@ async function interactiveBuilder(): Promise { // Required parameters console.log(chalk.white(`\nRequired parameters:`)) + const schemaProps = ctaSchema.properties as CTASchemaProperties for (const requiredParam of ctaSchema.required) { - ;(params as any)[requiredParam] = await selectFromOptions( + const paramKey = requiredParam as keyof CTAParams + params[paramKey] = await selectFromOptions( requiredParam, - (ctaSchema.properties as any)[requiredParam].description, - (ctaSchema.properties as any)[requiredParam].enum, + schemaProps[paramKey].description, + schemaProps[paramKey].enum, prompt, ) } @@ -399,15 +427,16 @@ async function interactiveBuilder(): Promise { const optionalProperties = allProperties.filter((prop) => !ctaSchema.required.includes(prop)) for (const optionalParam of optionalProperties) { + const paramKey = optionalParam as keyof CTAParams const includeParam = await confirmChoice( - `Include ${(ctaSchema.properties as any)[optionalParam].name.toLowerCase()}?`, + `Include ${schemaProps[paramKey].name.toLowerCase()}?`, prompt, ) if (includeParam) { - ;(params as any)[optionalParam] = await selectFromOptions( + params[paramKey] = await selectFromOptions( optionalParam, - (ctaSchema.properties as any)[optionalParam].description, - (ctaSchema.properties as any)[optionalParam].enum, + schemaProps[paramKey].description, + schemaProps[paramKey].enum, prompt, ) } diff --git a/src/content-render/scripts/liquid-tags.ts b/src/content-render/scripts/liquid-tags.ts new file mode 100644 index 000000000000..7854b05b7d68 --- /dev/null +++ b/src/content-render/scripts/liquid-tags.ts @@ -0,0 +1,878 @@ +/* + * @purpose Writer tool + * @description Expand and restore Liquid data references in content files + */ +// Usage: npm run liquid-tags -- expand --paths content/pull-requests/about.md +// Usage: npm run liquid-tags -- restore --paths content/pull-requests/about.md + +import { Command } from 'commander' +import fs from 'fs' +import path from 'path' +import yaml from 'js-yaml' +import chalk from 'chalk' + +// Type definitions +interface ExpandOptions { + paths: string[] + verbose?: boolean + markers?: boolean + dryRun?: boolean + reusablesOnly?: boolean + variablesOnly?: boolean + shallow?: boolean +} + +interface LiquidReference { + original: string + type: 'reusable' | 'variable' + path: string + startIndex: number + endIndex: number +} + +// Constants +const ROOT = process.env.ROOT || '.' +const DATA_ROOT = path.resolve(path.join(ROOT, 'data')) +const REUSABLES_ROOT = path.join(DATA_ROOT, 'reusables') +const VARIABLES_ROOT = path.join(DATA_ROOT, 'variables') + +// Regex pattern to match expanded content blocks +const EXPANDED_PATTERN = /(.+?)/gs + +/** + * Get the file path for a data reference + * + * Validates and normalizes the incoming dataPath to prevent path traversal + * and ensure the final resolved path remains within the expected root. + */ +function getDataFilePath(type: 'reusable' | 'variable', dataPath: string): string { + // Basic validation of the raw dataPath + if (path.isAbsolute(dataPath)) { + throw new Error(`Invalid ${type} data path: absolute paths are not allowed: ${dataPath}`) + } + + // Disallow path traversal and empty segments + const segments = dataPath.split(/[\\/]/) + if (segments.some((segment) => segment === '..' || segment === '')) { + throw new Error(`Invalid ${type} data path: contains disallowed segments: ${dataPath}`) + } + + // Restrict allowed characters to a conservative safe set + if (!/^[A-Za-z0-9_.\-/]+$/.test(dataPath)) { + throw new Error(`Invalid ${type} data path: contains disallowed characters: ${dataPath}`) + } + + if (type === 'reusable') { + const baseRoot = path.resolve(REUSABLES_ROOT) + const relativePath = dataPath.replace(/\./g, '/') + const candidatePath = path.resolve(baseRoot, `${relativePath}.md`) + + if (!candidatePath.startsWith(baseRoot + path.sep)) { + throw new Error(`Invalid reusable data path: escapes reusables root: ${dataPath}`) + } + + return candidatePath + } else { + const baseRoot = path.resolve(VARIABLES_ROOT) + const fileName = dataPath.split('.')[0] + const candidatePath = path.resolve(baseRoot, `${fileName}.yml`) + + if (!candidatePath.startsWith(baseRoot + path.sep)) { + throw new Error(`Invalid variable data path: escapes variables root: ${dataPath}`) + } + + return candidatePath + } +} + +/** + * Convert a file path back to data path format (for consistent verbose output) + */ +function convertFilePathToDataPath(filePath: string): string { + const normalizedPath = path.normalize(filePath) + + if (normalizedPath.includes('reusables')) { + const relativePath = path.relative(REUSABLES_ROOT, normalizedPath) + return `reusables.${relativePath.replace(/\.md$/, '').replace(/[\\/]/g, '.')}` + } else if (normalizedPath.includes('variables')) { + const relativePath = path.relative(VARIABLES_ROOT, normalizedPath) + return `variables.${relativePath.replace(/\.yml$/, '').replace(/[\\/]/g, '.')}` + } + + return filePath +} + +const program = new Command() + +program + .name('liquid-tags') + .description('Tools to expand and restore Liquid data references in content files') + +program + .command('expand') + .description('Expand {% data reusables %} and {% data variables %} statements to their content') + .option('--paths ', 'Content file paths to process', []) + .option('-v, --verbose', 'Verbose output', false) + .option('--no-markers', 'Skip HTML comment markers (output cannot be restored to Liquid)', true) + .option('--reusables-only', 'Process only reusables (skip variables)', false) + .option('--variables-only', 'Process only variables (skip reusables)', false) + .option('--shallow', 'Expand only one level (do not expand nested references)', false) + .action((options: ExpandOptions) => expandReferences(options)) + +program + .command('restore') + .description('Restore original Liquid statements from HTML comment markers') + .option('--paths ', 'Content file paths to process', []) + .option('-v, --verbose', 'Verbose output', false) + .option('--reusables-only', 'Process only reusables (skip variables)', false) + .option('--variables-only', 'Process only variables (skip reusables)', false) + .action((options: ExpandOptions) => restoreReferences(options)) + +program.parse() + +/** + * Get allowed types based on command options + */ +function getAllowedTypes(options: ExpandOptions): Array<'reusable' | 'variable'> { + if (options.reusablesOnly && options.variablesOnly) { + console.log( + chalk.yellow( + 'Warning: Both --reusables-only and --variables-only specified. Processing both types.', + ), + ) + return ['reusable', 'variable'] + } + + if (options.reusablesOnly) { + return ['reusable'] + } + + if (options.variablesOnly) { + return ['variable'] + } + + // Default: process both types + return ['reusable', 'variable'] +} + +/** + * Expand Liquid data references in content files + */ +async function expandReferences(options: ExpandOptions): Promise { + const { paths, verbose, markers, shallow } = options + // markers will be true by default, false when --no-markers is used + const withMarkers = markers !== false + const recursive = !shallow // Recursive by default unless --shallow is specified + const allowedTypes = getAllowedTypes(options) + const maxIterations = 10 // Safety limit for recursive expansion + + if (paths.length === 0) { + console.error(chalk.red('Error: No paths provided. Use --paths option.')) + process.exit(1) + } + + for (const filePath of paths) { + try { + let iteration = 0 + let hasRemainingRefs = true + + while (hasRemainingRefs && iteration < maxIterations) { + iteration++ + + if (verbose && recursive && iteration > 1) { + console.log(chalk.blue(`Processing (iteration ${iteration}): ${filePath}`)) + } else if (verbose) { + console.log(chalk.blue(`Processing: ${filePath}`)) + if (allowedTypes.length < 2) { + console.log(chalk.dim(` Only processing: ${allowedTypes.join(', ')}`)) + } + } + + if (!fs.existsSync(filePath)) { + console.error(chalk.red(`Error: File not found: ${filePath}`)) + break + } + + const content = fs.readFileSync(filePath, 'utf-8') + const expandedContent = await expandFileContent( + content, + filePath, + verbose, + withMarkers, + allowedTypes, + ) + + if (expandedContent !== content) { + fs.writeFileSync(filePath, expandedContent, 'utf-8') + if (iteration === 1 || !recursive) { + console.log(chalk.green(`✓ Expanded references in: ${filePath}`)) + } + } else { + if (verbose && iteration === 1) { + console.log(chalk.gray(` No references found in: ${filePath}`)) + } + } + + // Check for remaining references + const remainingRefs = findLiquidReferences(expandedContent, allowedTypes) + hasRemainingRefs = remainingRefs.length > 0 + + if (shallow) { + // Shallow mode: show remaining references and break + if (hasRemainingRefs) { + console.log( + chalk.yellow( + `👉 FYI: ${remainingRefs.length} Liquid reference(s) remain in ${filePath}`, + ), + ) + console.log( + chalk.yellow( + ' These come from reusables/variables that contain references to other reusables/variables', + ), + ) + console.log( + chalk.yellow( + ' Run the expand command again to expand them, or omit --shallow for full expansion', + ), + ) + if (verbose) { + for (const ref of remainingRefs) { + console.log(chalk.dim(` ${ref.original}`)) + } + } else { + console.log(chalk.dim(' Use --verbose to see the specific references')) + } + } + break + } + + if (hasRemainingRefs && iteration >= maxIterations) { + console.log( + chalk.yellow(`⚠️ Reached maximum iterations (${maxIterations}) for ${filePath}`), + ) + console.log( + chalk.yellow( + ` ${remainingRefs.length} reference(s) still remain - there may be circular references`, + ), + ) + if (verbose) { + for (const ref of remainingRefs) { + console.log(chalk.dim(` ${ref.original}`)) + } + } + } else if (!hasRemainingRefs && iteration > 1) { + console.log( + chalk.green( + `✓ Fully expanded all references in: ${filePath} (${iteration} iterations)`, + ), + ) + } + } + } catch (error: any) { + console.error(chalk.red(`Error processing ${filePath}: ${error.message}`)) + } + } +} + +/** + * Restore content by restoring original Liquid statements from HTML comments + */ +async function restoreReferences(options: ExpandOptions): Promise { + const { paths, verbose } = options + const allowedTypes = getAllowedTypes(options) + + if (paths.length === 0) { + console.error(chalk.red('Error: No paths provided. Use --paths option.')) + process.exit(1) + } + + for (const filePath of paths) { + try { + if (verbose) { + console.log(chalk.blue(`Restoring: ${filePath}`)) + if (allowedTypes.length < 2) { + console.log(chalk.dim(` Only processing: ${allowedTypes.join(', ')}`)) + } + } + + if (!fs.existsSync(filePath)) { + console.error(chalk.red(`Error: File not found: ${filePath}`)) + continue + } + + const content = fs.readFileSync(filePath, 'utf-8') + + // Check for content edits before restoring + const hasEdits = await detectContentEdits(content, verbose, allowedTypes) + if (hasEdits) { + console.log( + chalk.blue( + `${filePath} contains expanded references; any edits made will be preserved in data files`, + ), + ) + if (!verbose) { + console.log(chalk.dim(' Use --verbose to see details of the edits')) + } + + // Update data files with the edited content before restoring + const updatedDataFiles = updateDataFiles(filePath, verbose, false, allowedTypes) + + // Automatically restore any updated data files back to liquid tags + if (updatedDataFiles.length > 0) { + if (verbose) + console.log(chalk.blue(' Restoring updated data files back to liquid tags...')) + for (const dataFile of updatedDataFiles) { + try { + const dataContent = fs.readFileSync(dataFile, 'utf-8') + const restoredDataContent = restoreFileContent(dataContent, verbose, allowedTypes) + if (restoredDataContent !== dataContent) { + fs.writeFileSync(dataFile, restoredDataContent, 'utf-8') + if (verbose) { + const dataPath = convertFilePathToDataPath(dataFile) + console.log(chalk.green(` Restored: ${dataPath}`)) + } + } + } catch (error) { + if (verbose) { + const dataPath = convertFilePathToDataPath(dataFile) + console.log(chalk.yellow(` Could not restore ${dataPath}: ${error}`)) + } + } + } + } + } + + // Always restore the main file content regardless of edits + const restoredContent = restoreFileContent(content, verbose, allowedTypes) + + if (restoredContent !== content) { + fs.writeFileSync(filePath, restoredContent, 'utf-8') + console.log(chalk.green(`✓ Restored references in: ${filePath}`)) + } else { + console.log(chalk.gray(`No expanded references found in: ${filePath}`)) + } + } catch (error: any) { + console.error(chalk.red(`Error restoring ${filePath}: ${error.message}`)) + } + } +} + +/** + * Expand all Liquid data references in file content + */ +async function expandFileContent( + content: string, + filePath: string, + verbose?: boolean, + withMarkers?: boolean, + allowedTypes?: Array<'reusable' | 'variable'>, +): Promise { + const references = findLiquidReferences(content, allowedTypes) + + if (references.length === 0) { + return content + } + + let expandedContent = content + let offset = 0 + + for (const ref of references) { + try { + const resolvedValue = await resolveLiquidReference(ref, verbose) + + if (resolvedValue !== null) { + const originalText = ref.original + let replacement: string + + if (withMarkers) { + const commentStart = `` + const commentEnd = `` + replacement = `${commentStart}${resolvedValue}${commentEnd}` + } else { + replacement = resolvedValue + } + + const startPos = ref.startIndex + offset + const endPos = ref.endIndex + offset + + expandedContent = + expandedContent.substring(0, startPos) + replacement + expandedContent.substring(endPos) + + offset += replacement.length - originalText.length + + if (verbose) { + console.log(chalk.green(` Expanded: ${ref.type}s.${ref.path}`)) + } + } else { + if (verbose) { + console.log(chalk.yellow(` Warning: Could not expand ${ref.type}s.${ref.path}`)) + } + } + } catch (error: any) { + if (verbose) { + console.log(chalk.red(` Error expanding ${ref.type}s.${ref.path}: ${error.message}`)) + } + } + } + + // Note: Remaining reference detection is now handled in expandReferences function for recursive mode + + return expandedContent +} + +/** + * Detect if expanded content has been edited by comparing with original data + */ +async function detectContentEdits( + content: string, + verbose?: boolean, + allowedTypes?: Array<'reusable' | 'variable'>, +): Promise { + let hasEdits = false + + let match + while ((match = EXPANDED_PATTERN.exec(content)) !== null) { + const [, type, dataPath, resolvedContent] = match + const refType = type as 'reusable' | 'variable' + + // Only check if this type is allowed + if (!allowedTypes || allowedTypes.includes(refType)) { + try { + // Load the original content from data files + const originalContent = loadDataValue(refType, dataPath.trim()) + + if (originalContent !== null) { + // Compare against the original content directly, not re-resolved + // This avoids nested resolution issues that cause false positives + const currentContent = resolvedContent.trim() + + if (currentContent !== originalContent.trim()) { + hasEdits = true + if (verbose) { + console.log(chalk.yellow(` Content has been edited: ${type}s.${dataPath}`)) + console.log( + chalk.dim(' Original:'), + originalContent.substring(0, 50) + (originalContent.length > 50 ? '...' : ''), + ) + console.log( + chalk.dim(' Current: '), + currentContent.substring(0, 50) + (currentContent.length > 50 ? '...' : ''), + ) + } + } + } + } catch (error) { + if (verbose) { + console.log(chalk.yellow(` Could not verify content for ${type}s.${dataPath}: ${error}`)) + } + } + } + } + + return hasEdits +} + +/** + * Load data value from file system (helper for edit detection) + */ +function loadDataValue(type: 'reusable' | 'variable', dataPath: string): string | null { + try { + const targetPath = getDataFilePath(type, dataPath) + + if (!fs.existsSync(targetPath)) { + return null + } + + if (type === 'reusable') { + const content = fs.readFileSync(targetPath, 'utf8') + // Remove any frontmatter if present (same as resolveReusable) + const contentWithoutFrontmatter = content.replace(/^---[\s\S]*?---\s*/, '') + return contentWithoutFrontmatter.trim() + } else { + const yamlContent = fs.readFileSync(targetPath, 'utf8') + const data = yaml.load(yamlContent) as any + + // Navigate to the nested property + const pathParts = dataPath.split('.') + let current = data + for (let i = 1; i < pathParts.length; i++) { + if (current && typeof current === 'object' && pathParts[i] in current) { + current = current[pathParts[i]] + } else { + return null + } + } + + return typeof current === 'string' ? current.trim() : String(current).trim() + } + } catch { + // Silently return null for any errors + } + return null +} + +/** + * Restore content by restoring original Liquid statements + */ +function restoreFileContent( + content: string, + verbose?: boolean, + allowedTypes?: Array<'reusable' | 'variable'>, +): string { + return content.replace(EXPANDED_PATTERN, (match, type, dataPath) => { + const refType = type as 'reusable' | 'variable' + + // Only restore if this type is allowed + if (!allowedTypes || allowedTypes.includes(refType)) { + const originalLiquid = `{% data ${type}s.${dataPath} %}` + + if (verbose) { + console.log(chalk.green(` Restored: ${type}s.${dataPath}`)) + } + + return originalLiquid + } + + // Return unchanged if type is not allowed + return match + }) +} + +/** + * Update data files with content from expanded blocks + * Returns array of file paths that were updated + */ +function updateDataFiles( + filePath: string, + verbose?: boolean, + dryRun?: boolean, + allowedTypes?: Array<'reusable' | 'variable'>, +): string[] { + const content = fs.readFileSync(filePath, 'utf8') + const updates = extractDataUpdates(content, allowedTypes) + + if (updates.length === 0) { + if (verbose) { + console.log(chalk.yellow(' No content changes found')) + } + return [] + } + + // Group updates by file path + const updatesByFile = new Map() + for (const update of updates) { + const key = `${update.type}:${update.path}` + if (!updatesByFile.has(key)) { + updatesByFile.set(key, []) + } + updatesByFile.get(key)!.push(update.newContent) + } + + const updatedFiles: string[] = [] + + // Apply updates to each data file + for (const [key, contents] of updatesByFile) { + const [type, dataPath] = key.split(':') + const targetFilePath = applyDataUpdates( + type as 'reusable' | 'variable', + dataPath, + contents, + verbose, + dryRun, + ) + if (targetFilePath) { + updatedFiles.push(targetFilePath) + } + } + + return updatedFiles +} + +/** + * Extract data updates from expanded content blocks + */ +function extractDataUpdates( + content: string, + allowedTypes?: Array<'reusable' | 'variable'>, +): Array<{ type: 'reusable' | 'variable'; path: string; newContent: string }> { + const updates: Array<{ type: 'reusable' | 'variable'; path: string; newContent: string }> = [] + + let match + while ((match = EXPANDED_PATTERN.exec(content)) !== null) { + const [, type, dataPath, resolvedContent] = match + const refType = type as 'reusable' | 'variable' + + // Only include if this type is allowed + if (!allowedTypes || allowedTypes.includes(refType)) { + // Check if this content was actually changed before including it + try { + const originalContent = loadDataValue(refType, dataPath.trim()) + if (originalContent !== null && resolvedContent.trim() !== originalContent.trim()) { + // Only add to updates if content was actually changed + updates.push({ + type: refType, + path: dataPath.trim(), + newContent: resolvedContent.trim(), + }) + } + } catch { + // If we can't verify, assume it was changed to be safe + updates.push({ + type: refType, + path: dataPath.trim(), + newContent: resolvedContent.trim(), + }) + } + } + } + + return updates +} + +/** + * Apply updates to a specific data file + * Returns the file path if file was updated, null otherwise + */ +function applyDataUpdates( + type: 'reusable' | 'variable', + dataPath: string, + contents: string[], + verbose?: boolean, + dryRun?: boolean, +): string | null { + const targetPath = getDataFilePath(type, dataPath) + + // Check if file exists + if (!fs.existsSync(targetPath)) { + if (verbose) { + console.log(chalk.red(` Error: Data file not found: ${targetPath}`)) + } + return null + } + + if (dryRun) { + if (verbose) { + console.log(chalk.blue(` Would update: ${targetPath}`)) + if (contents.length > 1) { + console.log( + chalk.yellow( + ` Warning: Multiple content blocks found for ${dataPath}, would use first one`, + ), + ) + } + console.log( + chalk.dim( + ` New content: ${contents[0].substring(0, 100)}${contents[0].length > 100 ? '...' : ''}`, + ), + ) + } else { + console.log(chalk.green(` Updated: ${targetPath}`)) + } + return targetPath // Return path even in dry run + } + + try { + if (type === 'reusable') { + // For reusables, replace entire file content + if (contents.length > 1) { + console.log( + chalk.yellow(` Warning: Multiple content blocks found for ${dataPath}, using first one`), + ) + } + + // Preserve original file's newline behavior + const originalContent = fs.readFileSync(targetPath, 'utf8') + const hasTrailingNewline = originalContent.endsWith('\n') + const newContent = + hasTrailingNewline && !contents[0].endsWith('\n') ? `${contents[0]}\n` : contents[0] + + fs.writeFileSync(targetPath, newContent) + if (verbose) { + console.log(chalk.green(` Updated: ${type}s.${dataPath}`)) + } + } else { + // For variables, update YAML structure + const yamlContent = fs.readFileSync(targetPath, 'utf8') + const data = yaml.load(yamlContent) as any + + // Navigate to the nested property + const pathParts = dataPath.split('.') + const propertyPath = pathParts.slice(1) // Skip the file name + + let current = data + for (let i = 0; i < propertyPath.length - 1; i++) { + if (!current[propertyPath[i]]) { + current[propertyPath[i]] = {} + } + current = current[propertyPath[i]] + } + + // Update the final property + const finalKey = propertyPath[propertyPath.length - 1] + if (contents.length > 1) { + console.log( + chalk.yellow(` Warning: Multiple content blocks found for ${dataPath}, using first one`), + ) + } + current[finalKey] = contents[0] + + // Preserve original file's newline behavior for YAML + const hasTrailingNewline = yamlContent.endsWith('\n') + const yamlOutput = yaml.dump(data) + const finalYaml = + hasTrailingNewline && !yamlOutput.endsWith('\n') ? `${yamlOutput}\n` : yamlOutput + + // Write back to file + fs.writeFileSync(targetPath, finalYaml) + if (verbose) { + console.log(chalk.green(` Updated: ${type}s.${dataPath}`)) + } + } + return targetPath + } catch (error: any) { + if (verbose) { + console.log(chalk.red(` Error updating ${type}s.${dataPath}: ${error.message}`)) + } + return null + } +} + +/** + * Find all Liquid data references in content + */ +function findLiquidReferences( + content: string, + allowedTypes?: Array<'reusable' | 'variable'>, +): LiquidReference[] { + const references: LiquidReference[] = [] + const types = allowedTypes || ['reusable', 'variable'] + + // Pattern to match {% data reusables.path %} and {% data variables.path %} + const liquidPattern = /{%\s*data\s+(reusables|variables)\.([^%]+)\s*%}/g + + let match + while ((match = liquidPattern.exec(content)) !== null) { + const [original, type, dataPath] = match + const refType = type.slice(0, -1) as 'reusable' | 'variable' // Remove 's' from end + + // Only include if this type is allowed + if (types.includes(refType)) { + references.push({ + original, + type: refType, + path: dataPath.trim(), + startIndex: match.index, + endIndex: match.index + original.length, + }) + } + } + + return references +} + +/** + * Resolve a single Liquid data reference to its content + */ +async function resolveLiquidReference( + ref: LiquidReference, + verbose?: boolean, +): Promise { + try { + if (ref.type === 'reusable') { + return await resolveReusable(ref.path, verbose) + } else if (ref.type === 'variable') { + return await resolveVariable(ref.path, verbose) + } + } catch (error: any) { + if (verbose) { + console.log(chalk.red(` Error resolving ${ref.type}: ${error.message}`)) + } + } + + return null +} + +/** + * Resolve a reusable reference by reading the markdown file + */ +async function resolveReusable(reusablePath: string, verbose?: boolean): Promise { + const filePath = getDataFilePath('reusable', reusablePath) + + if (!fs.existsSync(filePath)) { + if (verbose) { + console.log(chalk.yellow(` Reusable not found: ${reusablePath}`)) + } + return null + } + + try { + const content = fs.readFileSync(filePath, 'utf-8') + // Remove any frontmatter if present + const contentWithoutFrontmatter = content.replace(/^---[\s\S]*?---\s*/, '') + return contentWithoutFrontmatter.trim() + } catch (error: any) { + if (verbose) { + console.log(chalk.yellow(` Error reading reusable ${reusablePath}: ${error.message}`)) + } + return null + } +} + +/** + * Resolve a variable reference by reading from YAML files + */ +async function resolveVariable(variablePath: string, verbose?: boolean): Promise { + const pathParts = variablePath.split('.') + + if (pathParts.length < 2) { + if (verbose) { + console.log(chalk.yellow(` Invalid variable path: ${variablePath}`)) + } + return null + } + + const filePath = getDataFilePath('variable', variablePath) + + if (!fs.existsSync(filePath)) { + if (verbose) { + console.log(chalk.yellow(` Variable file not found: ${filePath}`)) + } + return null + } + + try { + const yamlContent = fs.readFileSync(filePath, 'utf-8') + const data = yaml.load(yamlContent) as Record + + // Navigate through the key path to find the value + const [, ...keyPath] = pathParts // Skip filename, get remaining path + let value: any = data + for (const key of keyPath) { + if (value && typeof value === 'object' && key in value) { + value = value[key] + } else { + if (verbose) { + console.log(chalk.yellow(` Variable key not found: ${variablePath}`)) + } + return null + } + } + + // Convert value to string + if (typeof value === 'string') { + return value + } else if (value !== null && value !== undefined) { + return String(value) + } else { + if (verbose) { + console.log(chalk.yellow(` Variable value is null/undefined: ${variablePath}`)) + } + return null + } + } catch (error: any) { + if (verbose) { + console.log(chalk.yellow(` Error parsing variable ${variablePath}: ${error.message}`)) + } + return null + } +} diff --git a/src/content-render/scripts/move-by-content-type.ts b/src/content-render/scripts/move-by-content-type.ts new file mode 100644 index 000000000000..2acc86c97f75 --- /dev/null +++ b/src/content-render/scripts/move-by-content-type.ts @@ -0,0 +1,642 @@ +/** + * @purpose Writer tool + * @description Move files to the relevant directory based on `contentType` frontmatter + */ + +import { program } from 'commander' +import fs from 'fs/promises' +import path from 'path' +import chalk from 'chalk' +import { execFileSync } from 'child_process' +import walkFiles from '@/workflows/walk-files.js' +import readFrontmatter from '@/frame/lib/read-frontmatter.js' +import { contentTypesEnum } from '@/frame/lib/frontmatter' + +const CONTENT_TYPES = contentTypesEnum.filter( + (type) => type !== 'homepage' && type !== 'other' && type !== 'landing', +) + +// The number of path segments at the product level (e.g., "content//..."). +// Used when determining whether a target directory is a deeper subdirectory. +const PRODUCT_LEVEL_PATH_SEGMENTS = 3 + +const contentTypeToDir = (contentType: string): string => { + return contentType === 'rai' ? 'responsible-use' : contentType +} + +const validContentTypeDirs = new Set(CONTENT_TYPES.map(contentTypeToDir)) + +// Helper: Should we skip this index.md file from processing? +function shouldSkipIndexFile(filePath: string): boolean { + const relativePath = path.relative(process.cwd(), filePath) + const parts = relativePath.split(path.sep) + const contentIndex = parts.indexOf('content') + + // Skip product-level index.md: content/product/index.md + if (parts.length === contentIndex + PRODUCT_LEVEL_PATH_SEGMENTS) return true + + // Skip content-type-level index.md that's already in place: content/product/content-type/index.md + if (parts.length === contentIndex + 4) { + const parentDir = parts[parts.length - 2] + if (validContentTypeDirs.has(parentDir)) return true + } + + return false +} + +// Helper: Calculate target directory for a file +function calculateTarget(filePath: string, contentType: string, productDir: string) { + const relativePath = path.relative(process.cwd(), filePath) + const parts = relativePath.split(path.sep) + const contentIndex = parts.indexOf('content') + const fileName = path.basename(filePath) + + // Determine target content-type directory + const targetContentType = contentTypeToDir(contentType) + + // Calculate target path + if (targetContentType === 'how-tos') { + // Preserve subdirectory structure for how-tos + const pathAfterProduct = parts.slice(contentIndex + 2, -1) + if (pathAfterProduct[0] === 'how-tos') { + // Already in how-tos, no change + return { targetDir: path.dirname(filePath), targetPath: filePath } + } else { + // Move to how-tos preserving structure + const targetDir = path.join(productDir, targetContentType, ...pathAfterProduct) + return { targetDir, targetPath: path.join(targetDir, fileName) } + } + } else { + // Flatten to content-type directory + const targetDir = path.join(productDir, targetContentType) + return { targetDir, targetPath: path.join(targetDir, fileName) } + } +} + +interface FileMove { + filePath: string + targetDir: string + targetPath: string + contentType: string +} + +program + .name('content-type-based-move') + .description('Reorganize content files into subdirectories based on their contentType property') + .argument('[paths...]', 'Content paths to process') + .action(async (paths: string[]) => { + // ==================== + // 1. GATHER FILES + // ==================== + const filesToProcess: string[] = [] + if (paths?.length > 0) { + for (const p of paths) { + const stats = await fs.stat(p) + if (stats.isDirectory()) { + filesToProcess.push(...(await walkFiles(p, ['.md']))) + } else if (p.endsWith('.md')) { + filesToProcess.push(p) + } + } + } else { + filesToProcess.push(...(await walkFiles(path.join(process.cwd(), 'content'), ['.md']))) + } + + console.log(chalk.white(`Processing ${filesToProcess.length} files...\n`)) + + // ==================== + // 2. ANALYZE & PLAN MOVES + // ==================== + console.log(chalk.white('Analyzing files...\n')) + + const filesToMove: FileMove[] = [] + const skipped: Array<{ file: string; reason: string }> = [] + const targetDirs = new Set() // Relative paths of all target directories + const subdirTargets = new Set() // Subdirectories receiving index.md files + const productDirs = new Set() + const productsWithRai = new Set() + + for (const filePath of filesToProcess) { + const relativePath = path.relative(process.cwd(), filePath) + + try { + // Skip certain index.md files + if (path.basename(filePath) === 'index.md' && shouldSkipIndexFile(filePath)) { + continue + } + + // Read and validate contentType + const fileContent = await fs.readFile(filePath, 'utf-8') + const { data } = readFrontmatter(fileContent) + + if (!data?.contentType) { + skipped.push({ file: relativePath, reason: 'No contentType property found' }) + console.log(chalk.yellow(`⚠ Skipping ${relativePath}: No contentType property`)) + continue + } + + const contentType = data.contentType as string + const parts = relativePath.split(path.sep) + const contentIndex = parts.indexOf('content') + + // Skip all landing pages - they should only be product-level index.md and don't move + if (contentType === 'landing') { + console.log(chalk.gray(`→ Skipping ${relativePath}: landing pages don't move`)) + continue + } + + // Validate contentType + if (!CONTENT_TYPES.includes(contentType as any)) { + skipped.push({ file: relativePath, reason: `Invalid contentType: ${contentType}` }) + console.log( + chalk.yellow(`⚠ Skipping ${relativePath}: Invalid contentType "${contentType}"`), + ) + continue + } + + // Get product directory + if (contentIndex === -1 || contentIndex + 1 >= parts.length) { + console.log( + chalk.yellow(`⚠ Skipping ${relativePath}: Cannot determine product directory`), + ) + continue + } + + const productName = parts[contentIndex + 1] + const productDir = path.join(process.cwd(), 'content', productName) + productDirs.add(productDir) + + if (contentType === 'rai') productsWithRai.add(productName) + + // Calculate target + const { targetDir, targetPath } = calculateTarget(filePath, contentType, productDir) + + // Skip if already in correct location + if (path.dirname(filePath) === targetDir) continue + + // Skip if target exists + try { + await fs.access(targetPath) + skipped.push({ file: relativePath, reason: 'Target already exists' }) + console.log(chalk.yellow(`⚠ Skipping ${relativePath}: Target file already exists`)) + continue + } catch { + // Good, doesn't exist + } + + // Track this move + filesToMove.push({ filePath, targetDir, targetPath, contentType }) + + const relativeTargetDir = path.relative(process.cwd(), targetDir) + targetDirs.add(relativeTargetDir) + + // Track subdirectories that will receive index.md files + if ( + path.basename(filePath) === 'index.md' && + relativeTargetDir.split(path.sep).length > PRODUCT_LEVEL_PATH_SEGMENTS + ) { + subdirTargets.add(relativeTargetDir) + } + } catch (error) { + if (error instanceof Error) { + console.error( + chalk.red(`✗ Error analyzing ${relativePath}: ${error.message}\n${error.stack}`), + ) + } else { + console.error(chalk.red(`✗ Error analyzing ${relativePath}: ${String(error)}`)) + } + skipped.push({ file: relativePath, reason: `Error: ${error}` }) + } + } + + // ==================== + // 3. ENSURE STANDARD DIRECTORIES + // ==================== + console.log(chalk.white('Ensuring standard content-type directories exist...\n')) + + // Add standard content-type directories for each affected product + if (paths?.length > 0) { + for (const p of paths) { + const fullPath = path.resolve(process.cwd(), p) + const relativePath = path.relative(process.cwd(), fullPath) + const parts = relativePath.split(path.sep) + const contentIndex = parts.indexOf('content') + + if (contentIndex !== -1 && contentIndex + 1 < parts.length) { + const productName = parts[contentIndex + 1] + + for (const ct of CONTENT_TYPES.filter((t) => t !== 'rai' && t !== 'landing')) { + targetDirs.add(path.join('content', productName, contentTypeToDir(ct))) + } + + if (productsWithRai.has(productName)) { + targetDirs.add(path.join('content', productName, 'responsible-use')) + } + } + } + } + + // ==================== + // 4. CREATE PLACEHOLDERS + // ==================== + console.log(chalk.white('Creating placeholder index.md files...\n')) + + const newPlaceholders: string[] = [] + const titleMap: Record = { + 'get-started': 'Get started', + concepts: 'Concepts', + 'how-tos': 'How-tos', + reference: 'Reference', + tutorials: 'Tutorials', + 'responsible-use': 'Responsible use', + } + + for (const dirPath of targetDirs) { + const absoluteDirPath = path.join(process.cwd(), dirPath) + const indexPath = path.join(absoluteDirPath, 'index.md') + + try { + await fs.access(indexPath) + console.log(chalk.gray(`- Skipping ${dirPath}/index.md (already exists)`)) + } catch { + // Only create placeholders for top-level content-type directories (not subdirectories) + if (dirPath.split(path.sep).length > PRODUCT_LEVEL_PATH_SEGMENTS) continue + + // Skip if an index.md will be moved here + if (subdirTargets.has(dirPath)) { + console.log(chalk.gray(`- Skipping ${dirPath}/index.md (will be moved)`)) + continue + } + + const contentTypeName = path.basename(dirPath) + const title = titleMap[contentTypeName] || contentTypeName + + // Determine the correct contentType for this placeholder + // Map directory name back to contentType enum value + const placeholderContentType = + contentTypeName === 'responsible-use' ? 'rai' : contentTypeName + + const content = `--- +title: ${title} +versions: + fpt: '*' + ghec: '*' + ghes: '*' +contentType: ${placeholderContentType} +--- + +` + + await fs.mkdir(absoluteDirPath, { recursive: true }) + await fs.writeFile(indexPath, content, 'utf-8') + newPlaceholders.push(indexPath) + + console.log(chalk.green(`✓ Created ${dirPath}/index.md`)) + } + } + + // ==================== + // 5. GENERATE INTROS + // ==================== + if (newPlaceholders.length > 0) { + console.log(chalk.white('\nGenerating intros for placeholder files...\n')) + + for (const placeholderPath of newPlaceholders) { + try { + const fileContent = await fs.readFile(placeholderPath, 'utf-8') + const { data } = readFrontmatter(fileContent) + + if (data?.intro) continue + + const relativePath = path.relative(process.cwd(), placeholderPath) + console.log(chalk.gray(`Generating intro for ${relativePath}...`)) + + execFileSync( + 'npm', + ['run', 'ai-tools', '--', '--prompt', 'intro', '--files', relativePath, '--write'], + { + cwd: process.cwd(), + stdio: 'inherit', + }, + ) + + console.log(chalk.green(`✓ Generated intro for ${relativePath}`)) + } catch (error) { + if (error instanceof Error) { + console.error( + chalk.yellow( + `⚠ Could not generate intro for ${placeholderPath}: ${error.message}\n${error.stack}`, + ), + ) + } else { + console.error( + chalk.yellow(`⚠ Could not generate intro for ${placeholderPath}: ${String(error)}`), + ) + } + } + } + } + + // ==================== + // 6. MOVE FILES + // ==================== + console.log(chalk.white('\nMoving files...\n')) + + const moved: Array<{ file: string; from: string; to: string }> = [] + + // Categorize files by type for correct move order + const regularFiles = filesToMove.filter((f) => path.basename(f.filePath) !== 'index.md') + const topLevelIndexFiles = filesToMove.filter((f) => { + if (path.basename(f.filePath) !== 'index.md') return false + return ( + path.relative(process.cwd(), f.targetDir).split(path.sep).length === + PRODUCT_LEVEL_PATH_SEGMENTS + ) + }) + const subdirIndexFiles = filesToMove.filter((f) => { + if (path.basename(f.filePath) !== 'index.md') return false + return ( + path.relative(process.cwd(), f.targetDir).split(path.sep).length > + PRODUCT_LEVEL_PATH_SEGMENTS + ) + }) + + // Move subdirectory index files first (copy only, delete later) + const indexFilesToDeleteLater: string[] = [] + for (const file of subdirIndexFiles) { + try { + await fs.mkdir(file.targetDir, { recursive: true }) + + const content = await fs.readFile(file.filePath, 'utf-8') + const { data, content: body } = readFrontmatter(content) + // Clear children array because paths will be invalid in the new content-type directory structure + if (data?.children) data.children = [] + + await fs.writeFile( + file.targetPath, + readFrontmatter.stringify(body || '', data || {}), + 'utf-8', + ) + indexFilesToDeleteLater.push(file.filePath) + + moved.push({ + file: path.relative(process.cwd(), file.filePath), + from: path.relative(process.cwd(), file.filePath), + to: path.relative(process.cwd(), file.targetPath), + }) + + console.log(chalk.green(`✓ Copied ${path.relative(process.cwd(), file.filePath)}`)) + } catch (error) { + skipped.push({ + file: path.relative(process.cwd(), file.filePath), + reason: `Error: ${error}`, + }) + console.log( + chalk.red(`✗ Error copying ${path.relative(process.cwd(), file.filePath)}: ${error}`), + ) + } + } + + // Move regular files + for (const file of regularFiles) { + try { + await fs.mkdir(file.targetDir, { recursive: true }) + + const relativeFilePath = path.relative(process.cwd(), file.filePath) + const relativeTargetPath = path.relative(process.cwd(), file.targetPath) + + execFileSync( + 'npm', + ['run', 'move-content', '--', relativeFilePath, relativeTargetPath, '--no-git'], + { + cwd: process.cwd(), + stdio: 'inherit', + }, + ) + + moved.push({ file: relativeFilePath, from: relativeFilePath, to: relativeTargetPath }) + console.log(chalk.green(`✓ Moved ${relativeFilePath}`)) + } catch (error) { + skipped.push({ + file: path.relative(process.cwd(), file.filePath), + reason: `Error: ${error}`, + }) + console.log( + chalk.red(`✗ Error moving ${path.relative(process.cwd(), file.filePath)}: ${error}`), + ) + } + } + + // Delete source subdirectory index files + for (const sourcePath of indexFilesToDeleteLater) { + try { + await fs.unlink(sourcePath) + console.log(chalk.gray(`✓ Deleted source ${path.relative(process.cwd(), sourcePath)}`)) + } catch (error) { + console.log(chalk.yellow(`⚠ Could not delete ${sourcePath}: ${error}`)) + } + } + + // Move top-level index files + for (const file of topLevelIndexFiles) { + try { + await fs.mkdir(file.targetDir, { recursive: true }) + await fs.copyFile(file.filePath, file.targetPath) + await fs.unlink(file.filePath) + + moved.push({ + file: path.relative(process.cwd(), file.filePath), + from: path.relative(process.cwd(), file.filePath), + to: path.relative(process.cwd(), file.targetPath), + }) + + console.log(chalk.green(`✓ Moved ${path.relative(process.cwd(), file.filePath)}`)) + } catch (error) { + skipped.push({ + file: path.relative(process.cwd(), file.filePath), + reason: `Error: ${error}`, + }) + console.log( + chalk.red(`✗ Error moving ${path.relative(process.cwd(), file.filePath)}: ${error}`), + ) + } + } + + // ==================== + // 7. CLEANUP & UPDATE + // ==================== + console.log( + chalk.white('\nCleaning up old directories and updating parent index.md files...\n'), + ) + + const deletedByProduct = new Map() + + for (const productDir of productDirs) { + const productName = path.basename(productDir) + + try { + const entries = await fs.readdir(productDir, { withFileTypes: true }) + + for (const entry of entries) { + if (entry.isDirectory() && !validContentTypeDirs.has(entry.name)) { + const oldDirPath = path.join(productDir, entry.name) + + try { + await fs.rm(oldDirPath, { recursive: true, force: true }) + console.log( + chalk.gray(`✓ Deleted old directory: ${path.relative(process.cwd(), oldDirPath)}`), + ) + + if (!deletedByProduct.has(productName)) deletedByProduct.set(productName, []) + deletedByProduct.get(productName)!.push(`/${productName}/${entry.name}`) + } catch (error) { + console.log(chalk.yellow(`⚠ Could not delete ${oldDirPath}: ${error}`)) + } + } + } + } catch (error) { + console.log(chalk.yellow(`⚠ Could not read product directory ${productDir}: ${error}`)) + } + + // Update product index.md + const productIndexPath = path.join(productDir, 'index.md') + try { + const content = await fs.readFile(productIndexPath, 'utf-8') + const { data, content: body } = readFrontmatter(content) + + if (data) { + let updated = false + + // Build children array + const productRelativePath = path.relative(process.cwd(), productDir) + const newChildren: string[] = [] + for (const ct of CONTENT_TYPES.map(contentTypeToDir)) { + const dirPath = path.join(productRelativePath, ct) + if (targetDirs.has(dirPath)) newChildren.push(`/${ct}`) + } + + if (newChildren.length > 0) { + data.children = newChildren + updated = true + } + + // Add redirects for deleted directories + const deletedPaths = deletedByProduct.get(productName) || [] + if (deletedPaths.length > 0) { + if (!data.redirect_from) data.redirect_from = [] + else if (!Array.isArray(data.redirect_from)) data.redirect_from = [data.redirect_from] + + for (const deletedPath of deletedPaths) { + if (!data.redirect_from.includes(deletedPath)) { + data.redirect_from.push(deletedPath) + } + } + updated = true + } + + if (updated) { + await fs.writeFile(productIndexPath, readFrontmatter.stringify(body, data), 'utf-8') + const changes = [] + if (newChildren.length > 0) changes.push(`${newChildren.length} children`) + if (deletedPaths.length > 0) changes.push(`${deletedPaths.length} redirects`) + console.log( + chalk.green( + `✓ Updated ${path.relative(process.cwd(), productIndexPath)} (${changes.join(', ')})`, + ), + ) + } + } + } catch (error) { + console.log(chalk.yellow(`⚠ Could not update ${productIndexPath}: ${error}`)) + } + } + + // ==================== + // 8. SORT CHILDREN ARRAYS + // ==================== + console.log(chalk.white('\nSorting children arrays...\n')) + + for (const dirPath of targetDirs) { + const absoluteDirPath = path.join(process.cwd(), dirPath) + const indexPath = path.join(absoluteDirPath, 'index.md') + + try { + const content = await fs.readFile(indexPath, 'utf-8') + const { data, content: body } = readFrontmatter(content) + + if (!data) continue + + // For how-tos, build children from subdirectories + if (path.basename(dirPath) === 'how-tos') { + const entries = await fs.readdir(absoluteDirPath, { withFileTypes: true }) + const subdirs = entries + .filter((e) => e.isDirectory()) + .map((e) => `/${e.name}`) + .sort() + + if (subdirs.length > 0) { + data.children = subdirs + await fs.writeFile(indexPath, readFrontmatter.stringify(body, data), 'utf-8') + console.log( + chalk.green( + `✓ Added children to ${path.relative(process.cwd(), indexPath)} (${subdirs.length} subdirectories)`, + ), + ) + } + } + // For others, sort with about-* first + else if (data.children && Array.isArray(data.children) && data.children.length > 0) { + const sorted = [...data.children].sort((a, b) => { + const aBasename = path.basename(a) + const bBasename = path.basename(b) + const aIsAbout = aBasename.startsWith('about-') + const bIsAbout = bBasename.startsWith('about-') + + if (aIsAbout && !bIsAbout) return -1 + if (!aIsAbout && bIsAbout) return 1 + return aBasename.localeCompare(bBasename) + }) + + if (JSON.stringify(sorted) !== JSON.stringify(data.children)) { + data.children = sorted + await fs.writeFile(indexPath, readFrontmatter.stringify(body, data), 'utf-8') + console.log( + chalk.green(`✓ Sorted children in ${path.relative(process.cwd(), indexPath)}`), + ) + } + } + } catch (error) { + if ((error as NodeJS.ErrnoException).code !== 'ENOENT') { + console.log(chalk.yellow(`⚠ Could not update ${indexPath}: ${error}`)) + } + } + } + + // ==================== + // 9. SUMMARY + // ==================== + console.log(chalk.white(`\n${'='.repeat(60)}`)) + console.log(chalk.white('Summary:')) + console.log(chalk.white(` Moved: ${moved.length} files`)) + console.log(chalk.white(` Skipped: ${skipped.length} files`)) + + if (newPlaceholders.length > 0) { + console.log( + chalk.cyan( + `\nNote: ${newPlaceholders.length} placeholder index.md files were created with`, + ), + ) + console.log(chalk.cyan(`AI-generated intros. Please review before committing.`)) + } + + console.log(chalk.blue('='.repeat(60))) + + if (skipped.length > 0) { + console.log(chalk.yellow('\nSkipped files:')) + for (const skip of skipped) { + console.log(chalk.gray(` ${skip.file}: ${skip.reason}`)) + } + } + }) + +program.parse() diff --git a/src/content-render/tests/liquid-helpers.ts b/src/content-render/tests/liquid-helpers.ts index 9cc9fd671b29..eb02f4fd84bc 100644 --- a/src/content-render/tests/liquid-helpers.ts +++ b/src/content-render/tests/liquid-helpers.ts @@ -3,14 +3,13 @@ import { afterAll, beforeAll, describe, expect, test, vi } from 'vitest' import { liquid } from '@/content-render/index' import languages from '@/languages/lib/languages-server' import { DataDirectory } from '@/tests/helpers/data-directory' +import type { Context } from '@/types' describe('liquid helper tags', () => { vi.setConfig({ testTimeout: 60 * 1000 }) - // Using 'any' type as context is a test fixture with dynamic properties set in beforeAll - const context: any = {} - // Using 'any' type as DataDirectory is from data-directory.ts which lacks type definitions - let dd: any + const context: Partial = {} + let dd: DataDirectory const enDirBefore = languages.en.dir beforeAll(() => { diff --git a/src/content-render/tests/liquid-tags.ts b/src/content-render/tests/liquid-tags.ts new file mode 100644 index 000000000000..0209be92c090 --- /dev/null +++ b/src/content-render/tests/liquid-tags.ts @@ -0,0 +1,99 @@ +import { describe, test, expect, beforeEach, afterEach, vi } from 'vitest' +import fs from 'fs/promises' +import path from 'path' +import { execSync } from 'child_process' + +const rootDir = path.join(__dirname, '../../..') +const testContentDir = path.join(rootDir, 'content/test-integration') + +describe('liquid-tags script integration tests', () => { + vi.setConfig({ testTimeout: 60 * 1000 }) + + beforeEach(async () => { + // Create test directory + await fs.mkdir(testContentDir, { recursive: true }) + }) + + afterEach(async () => { + // Clean up test files + await fs.rm(testContentDir, { recursive: true, force: true }) + }) + + // Helper function to run script commands + async function runScript(args: string): Promise<{ output: string; exitCode: number }> { + let output = '' + let exitCode = 0 + + try { + output = execSync(`tsx src/content-render/scripts/liquid-tags.ts ${args}`, { + encoding: 'utf8', + cwd: rootDir, + stdio: 'pipe', + timeout: 30000, + }) + } catch (error: unknown) { + const execError = error as { stdout?: string; stderr?: string; status?: number } + output = (execError.stdout || '') + (execError.stderr || '') + exitCode = execError.status || 1 + } + + return { output, exitCode } + } + + test('expand command should complete successfully with basic content', async () => { + // Create a test file with liquid reference + const testFile = path.join(testContentDir, 'basic-test.md') + const testContent = `--- +title: Test +--- + +This uses {% data variables.product.prodname_dotcom %} in content. +` + + await fs.writeFile(testFile, testContent) + + const { output, exitCode } = await runScript(`expand --paths "${testFile}"`) + + // Should complete without error + expect(exitCode, `Script failed with output: ${output}`).toBe(0) + expect(output.length).toBeGreaterThan(0) + + // Check that the file was modified + const expandedContent = await fs.readFile(testFile, 'utf8') + expect(expandedContent).not.toBe(testContent) + expect(expandedContent).toContain('GitHub') // Should expand to actual fixture value + }) + + test('restore command should complete successfully', async () => { + const testFile = path.join(testContentDir, 'restore-test.md') + const originalContent = `--- + title: Test + --- + +This uses {% data variables.product.prodname_dotcom %} in content. +` + + await fs.writeFile(testFile, originalContent) + + // First expand + await runScript(`expand --paths "${testFile}"`) + + // Then restore + const { output, exitCode } = await runScript(`restore --paths "${testFile}"`) + + expect(exitCode, `Restore script failed with output: ${output}`).toBe(0) + expect(output.length).toBeGreaterThan(0) + + // Should be back to original liquid tags + const restoredContent = await fs.readFile(testFile, 'utf8') + expect(restoredContent).toContain('{% data variables.product.prodname_dotcom %}') + expect(restoredContent).not.toContain('GitHub') + }) + + test('help command should display usage information', async () => { + const { output, exitCode } = await runScript('expand --help') + + expect(exitCode, `Help command failed with output: ${output}`).toBe(0) + expect(output).toMatch(/resolve|usage|help|command/i) + }) +}) diff --git a/src/data-directory/README.md b/src/data-directory/README.md index e69de29bb2d1..77fc9dd37848 100644 --- a/src/data-directory/README.md +++ b/src/data-directory/README.md @@ -0,0 +1,81 @@ +# Data directory + +Purpose-built utilities, schemas, and workflows that power our Liquid `{% data %}` and `{% indented_data_reference %}` tags, reusable content, UI strings, and feature metadata. This subject focuses on how we read, validate, and serve files in `data/` across languages. + +## Purpose & scope +- Provide a consistent API (`getDataByLanguage`, `getDeepDataByLanguage`) to load `data/` files for Liquid rendering and server contexts. +- Enforce schemas for critical data (features, variables, learning tracks, release notes, tables, glossaries, code languages, CTAs). +- Ship CLI and CI helpers that keep `data/` clean (orphaned feature detection, deleted-feature PR guardrails). +- Exclude: content authoring guidance (see `content/`), page routing (see `src/app`/`src/frame`), and general linter rules (see `src/content-linter`). + +## Architecture & key assets +- `lib/get-data.ts`: translation-aware loader with memoized reads, forced-English exceptions, and UI data merging; used by Liquid tags and server contexts. +- `lib/data-directory.ts` + `lib/filename-to-key.ts`: generic walker that turns files into dotted-key objects with optional preprocessing. +- `lib/data-schemas/`: AJV schema registry that auto-discovers `data/tables/*.yml` schemas and registers other critical shapes (features, variables, learning tracks, release notes, glossaries, code languages, CTAs). +- Middleware: `middleware/data-tables.ts` caches table data into `req.context.tables` (English). +- Scripts: `scripts/find-orphaned-features/*` (detect/delete unused `data/features/*.yml`) and `scripts/deleted-features-pr-comment.ts` (warn on feature deletions in PRs). +- Tests: `tests/` cover schema validation, data loading, key normalization, and orphan detection fixtures. + +## Data loading contracts +- `lib/get-data.ts` + - `getDataByLanguage(dottedPath, langCode)`: Returns a single value (YAML/MD/variables/reusables/ui/glossaries/release-notes/product-examples). + - `getDeepDataByLanguage(dottedPath, langCode)`: Returns nested objects for an entire subtree (e.g., `tables`, `features`). + - Translation fallbacks: If a localized file is missing or unparsable, falls back to English. Certain files are forced-English (`ALWAYS_ENGLISH_YAML_FILES`, `ALWAYS_ENGLISH_MD_FILES`). + - Memoization: Caches reads except in `NODE_ENV=development` to simplify local debugging. +- `lib/data-directory.ts` + - Recursively walks a directory, filters by extensions (`.json`, `.md/.markdown`, `.yml`) and ignore patterns, and emits a dotted-key object using `filename-to-key`. + - Optional `preprocess` hook for content transformation (used in tests/prior scripts). + +## Schemas and validation +- Schema registry: `lib/data-schemas/index.ts` maps data paths to schema modules; auto-registers any `data/tables/*.yml` that has a matching `data-schemas/tables/{name}.ts`. +- Tests: `src/data-directory/tests/data-schemas.ts` loads schemas via AJV and asserts every registered file validates. +- Adding a schema: + 1. Create `src/data-directory/lib/data-schemas/.ts` (or `tables/.ts`). + 2. If non-table, add to `manualSchemas` in `data-schemas/index.ts`; table schemas are auto-detected. + 3. Run tests (see below). + +## Middleware +- `middleware/data-tables.ts` populates `req.context.tables` with `getDeepDataByLanguage('tables', 'en')`. Intended for server/Express contexts where table data is needed without per-request file IO. + +## Scripts & workflows +- `npm run find-orphaned-features -- --source-directory data/features --output orphans.json` + - Scans pages, reusables, variables (all languages) for `{% ifversion %}` feature references and reports unused `data/features/*.yml`. +- `npm run find-orphaned-features delete -- orphans.json --max 10` + - Deletes up to N orphaned feature files (English root) after manual review. +- `npm run deleted-features-pr-comment -- ` + - Generates Markdown warning if a PR removes or renames feature files; used in CI (requires `GITHUB_TOKEN`). + +## Testing +- All tests: `npm test -- src/data-directory/tests` +- Targeted: + - Schemas: `npm test -- src/data-directory/tests/data-schemas.ts` + - Orphans: `npm test -- src/data-directory/tests/orphaned-features.ts` + - Loader basics: `npm test -- src/data-directory/tests/get-data.ts` + +## Data conventions and consumers +- File locations: Everything under `data/` (English and localized mirrors). Reusables/variables/ui are read via dotted paths (`reusables.foo.bar`, `variables.product.prodname_ghe_server`, `ui.pages.home`). +- Markdown in data: Frontmatter is stripped by `gray-matter`; content is trimmed. +- Downstream consumers: + - Liquid tags: `content-render/liquid/data.ts`, `indented-data-reference.ts` + - Content linter: `content-linter/lib/linting-rules/liquid-data-tags.ts`, `frontmatter-intro-links.ts` + - Server: `app/lib/app-router-context.ts`, `app/lib/server-context-utils.ts` + - Metrics/tests: `content-render/tests`, `content-linter/tests/site-data-references.ts` +- Translation notes: + - Fallbacks ensure missing localized YAML/MD reads from English. + - Specific files are forced-English to avoid corrupt translations (see constants in `get-data.ts`). + +## Setup & usage tips +- Ensure `data/` exists relative to project root; schemas auto-scan `data/tables` at runtime. +- Set `DEBUG_JIT_DATA_READS=true` to log every on-disk read from the data loaders; useful alongside tests or local runs to trace which data files are touched. +- When adding a new data directory: + - Prefer YAML for structured data; add schema if shape matters to correctness. + - Add README under `data//` when introducing new contracts. + - Update `manualSchemas` if not a table. + +## Ownership & escalation +- Primary: Docs Engineering. +- Content changes: Docs Content (docs-content). + +## Current state & next steps +- Current state: KTLO; minimal changes expected. Update this README when touching data loaders, schemas, or scripts. +- Next steps: Keep the schema registry aligned with new data shapes and rerun `npm test -- src/data-directory/tests` when data contracts change. \ No newline at end of file diff --git a/src/data-directory/lib/data-schemas/ctas.ts b/src/data-directory/lib/data-schemas/ctas.ts index 3951ae78847b..6daa18f9f481 100644 --- a/src/data-directory/lib/data-schemas/ctas.ts +++ b/src/data-directory/lib/data-schemas/ctas.ts @@ -12,7 +12,18 @@ export default { type: 'string', name: 'Product', description: 'The GitHub product the CTA leads users to', - enum: ['copilot', 'ghec', 'desktop', 'code-quality', 'cli', 'github'], + enum: [ + 'copilot', + 'ghec', + 'desktop', + 'code-quality', + 'code-scanning', + 'secret-scanning', + 'supply-chain-security', + 'security-advisories', + 'cli', + 'github', + ], }, // Type of CTA: The type of action the CTA encourages users to take @@ -40,7 +51,7 @@ export default { name: 'Plan', description: 'For links to sign up for or trial a plan, the specific plan we link to (optional)', - enum: ['enterprise', 'business', 'pro', 'free'], + enum: ['enterprise', 'business', 'pro', 'pro-plus', 'free'], }, }, } diff --git a/src/data-directory/lib/data-schemas/tables/copilot/copilot-matrix.ts b/src/data-directory/lib/data-schemas/tables/copilot/copilot-matrix.ts new file mode 100644 index 000000000000..aeaab295a71c --- /dev/null +++ b/src/data-directory/lib/data-schemas/tables/copilot/copilot-matrix.ts @@ -0,0 +1,87 @@ +export default { + type: 'object', + additionalProperties: false, + required: ['metadata', 'ides'], + properties: { + metadata: { + type: 'object', + additionalProperties: false, + required: ['title', 'supportLevels'], + properties: { + lastUpdated: { + type: 'string', + pattern: '^\\d{4}-\\d{2}-\\d{2}$', // YYYY-MM-DD format + }, + title: { + type: 'string', + lintable: true, + }, + supportLevels: { + type: 'array', + items: { + type: 'string', + enum: ['not-supported', 'preview', 'supported'], + }, + minItems: 3, + maxItems: 3, + }, + }, + }, + ides: { + type: 'object', + additionalProperties: false, + patternProperties: { + // More flexible pattern for IDE names + '^.+$': { + type: 'object', + additionalProperties: false, + required: ['versions', 'versionGroups', 'features'], + properties: { + versions: { + type: 'array', + items: { + type: 'string', + // More flexible version pattern to handle 0.0.0, 17.13.0, etc. + pattern: '^\\d+\\.\\d+\\.\\d+$', + }, + minItems: 1, + }, + versionGroups: { + type: 'object', + // Allow any property name for version groups + patternProperties: { + '^.+$': { + type: 'array', + items: { + type: 'string', + pattern: '^\\d+\\.\\d+\\.\\d+$', + }, + minItems: 1, + }, + }, + }, + additionalProperties: false, + features: { + type: 'object', + // Allow any feature name + patternProperties: { + '^.+$': { + type: 'object', + // Allow any version number as key + patternProperties: { + '^\\d+\\.\\d+\\.\\d+$': { + type: 'string', + enum: ['not-supported', 'preview', 'supported'], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + }, + }, + }, + }, +} diff --git a/src/data-directory/lib/data-schemas/tables/copilot/model-comparison.ts b/src/data-directory/lib/data-schemas/tables/copilot/model-comparison.ts new file mode 100644 index 000000000000..022eb8da25aa --- /dev/null +++ b/src/data-directory/lib/data-schemas/tables/copilot/model-comparison.ts @@ -0,0 +1,37 @@ +// This schema enforces the structure in model-comparison.yml + +const modelComparisonSchema = { + type: 'object', + additionalProperties: false, + required: ['models'], + properties: { + models: { + type: 'array', + items: { + type: 'object', + additionalProperties: false, + required: ['name', 'task_area', 'excels_at', 'further_reading'], + properties: { + name: { + type: 'string', + lintable: true, + }, + task_area: { + type: 'string', + lintable: true, + }, + excels_at: { + type: 'string', + lintable: true, + }, + further_reading: { + type: 'string', + lintable: true, + }, + }, + }, + }, + }, +} + +export default modelComparisonSchema diff --git a/src/data-directory/scripts/deleted-features-pr-comment.ts b/src/data-directory/scripts/deleted-features-pr-comment.ts index e50a50c16483..a29a0b701711 100644 --- a/src/data-directory/scripts/deleted-features-pr-comment.ts +++ b/src/data-directory/scripts/deleted-features-pr-comment.ts @@ -9,7 +9,7 @@ */ import github from '@actions/github' -import core from '@actions/core' +import { setOutput } from '@actions/core' import { program } from 'commander' const { GITHUB_TOKEN, GITHUB_REPOSITORY } = process.env @@ -27,7 +27,7 @@ if (GITHUB_REPOSITORY) { const headSHA = process.env.HEAD_SHA || context.payload.pull_request!.head.sha const markdown = await main(owner, repo, baseSHA, headSHA) - core.setOutput('markdown', markdown) + setOutput('markdown', markdown) } else { program .description('Print a nice Markdown comment if there were features deleted in a PR.') diff --git a/src/deployments/README.md b/src/deployments/README.md index 9efbd1f1b0df..f5129374476e 100644 --- a/src/deployments/README.md +++ b/src/deployments/README.md @@ -1,6 +1,122 @@ # Deployments -Documentation and build files for our deployments. +The deployments subject contains documentation and build scripts for deploying docs.github.com to production and staging environments. This includes Docker build configuration, repository fetching scripts, and deployment procedures. + +## Purpose & Scope + +This subject is responsible for: +- Production deployment configuration and automation +- Staging server deployment processes +- Docker image build scripts for fetching repos (early-access, translations) +- Deployment documentation and procedures +- Integration with Moda (GitHub's internal deployment platform) + +## Architecture & Key Assets + +### Key capabilities and their locations + +- `production/build-scripts/fetch-repos.sh` - Main script that orchestrates fetching docs-early-access and all translation repos during Docker build +- `production/build-scripts/clone-or-use-cached-repo.sh` - Utility function to clone repos or use cached versions +- `production/build-scripts/merge-early-access.sh` - Merges early-access content into production content +- `Dockerfile` (root) - Multi-stage Docker build for production deployments +- `.github/workflows/moda-ci.yaml` - CI/CD workflow that builds and deploys via Moda + +## Setup & Usage + +### Production deployments + +Production deploys happen automatically: +- Pushing to `main` branch triggers automatic deployment to production +- Status updates posted in `#docs-ops` Slack channel +- Deployment uses Moda (GitHub's internal deployment platform) + +### Building production Docker image locally + +```bash +docker build -t docs:latest . --secret id=DOCS_BOT_PAT_BASE,src=<(echo "") +``` + +Requirements for PAT: +- Must have `contents: read` access to: + 1. All `docs-internal.` translation repos + 2. `docs-early-access` repo + +Run the built image locally. + +### Staging deployments + +To deploy to a staging server: +1. Push your branch to `docs-internal` +2. Open a draft PR +3. Wait for `docs-internal Moda CI` checks to pass +4. In `#docs-ops` Slack, run: `.deploy docs-internal/ to staging-` +5. Access at `https://docs-staging-.service.iad.github.net` (requires Developer VPN) + +### Running tests + +No subject-specific tests exist currently. CI/CD validation happens through Moda workflows. + +## Data & External Dependencies + +### Data inputs +- Dockerfile and build scripts +- GitHub PAT for private repo access (`DOCS_BOT_PAT_BASE`) +- Early access repo (`docs-early-access`) + +### Dependencies +- Docker and Docker BuildKit +- Moda platform (GitHub internal) +- GitHub Vault for secrets management +- Node.js (installed during Docker build) +- Git (for cloning repos during build) + +### Build process +1. Clone docs-internal content, assets, data +2. Fetch and merge docs-early-access +3. Fetch all translation repos in parallel +4. Install production dependencies +5. Build Next.js application +6. Create production Docker image + +### Data outputs +- Docker image with full site content (public + early-access + translations) +- Deployed application on Moda infrastructure +- Deployment notifications in Slack + +## Cross-links & Ownership + +### Related subjects +- [`src/early-access`](../early-access/README.md) - Early access content merged during build +- [`src/languages`](../languages/README.md) - Translation repos fetched during build +- Root `Dockerfile` - Docker build configuration +- `.github/workflows/moda-ci.yaml` - CI/CD workflow + +### Internal documentation +For detailed internal documentation, see: +- `Moda` directory in internal Docs Engineering repo +- Production deploy procedures (internal docs) + +### Ownership +- Team: Docs Engineering +- Slack: #build, #deploy-support (for deployment status and commands) + +## Current State & Next Steps + +### Known limitations +- Build scripts are shell scripts, not TypeScript (different from rest of codebase) +- Requires VPN access for staging server access +- Local Docker builds require manual PAT management + +### Deployment monitoring +- Deployment status posted to `#docs-ops` Slack channel +- Moda provides deployment dashboards and logs (internal) +- Rollback procedures documented in internal Docs Engineering repo + +### Required secrets +- `DOCS_BOT_PAT_BASE` - GitHub PAT with access to private repos +- Managed via GitHub Vault +- Passed securely to Docker build via `--secret` flag + +### Rollback procedures +Rollback procedures are documented in the internal Docs Engineering repository. Contact @docs-engineering or #deploy-support assistance. -- For production deploys: [src/deployments/production](./production/) -- For staging deploys: [src/deployments/staging](./staging/) diff --git a/src/deployments/production/README.md b/src/deployments/production/README.md index 37de6f425038..c3b88752f3ea 100644 --- a/src/deployments/production/README.md +++ b/src/deployments/production/README.md @@ -1,6 +1,6 @@ # Production deploys -For internal Docs relating to our production deploys see [TODO Docs-Engineering URL] + ## Auto deploys diff --git a/src/deployments/production/build-scripts/clone-or-use-cached-repo.sh b/src/deployments/production/build-scripts/clone-or-use-cached-repo.sh index b7742c3d5ea2..6bac6c38288b 100644 --- a/src/deployments/production/build-scripts/clone-or-use-cached-repo.sh +++ b/src/deployments/production/build-scripts/clone-or-use-cached-repo.sh @@ -19,9 +19,21 @@ clone_or_use_cached_repo() { cd "$repo_name" # Fetch latest changes - git fetch origin "$branch" - git checkout "$branch" - git pull origin "$branch" + if ! git fetch origin "$branch"; then + echo "❌ Failed to fetch repository '$repo_name'" + cd .. + return 1 + fi + if ! git checkout "$branch"; then + echo "❌ Failed to checkout branch '$branch' in repository '$repo_name'" + cd .. + return 1 + fi + if ! git pull origin "$branch"; then + echo "❌ Failed to pull repository '$repo_name'" + cd .. + return 1 + fi echo "Updated repository '$repo_name' with the latest changes from $branch." @@ -30,7 +42,10 @@ clone_or_use_cached_repo() { echo "Cloning repository '$repo_name' from branch '$branch'..." # We only need the most recent change for production deploys, so we use --depth 1 - git clone --depth 1 --branch "$branch" "https://${GITHUB_TOKEN}@github.com/github/$repo_url.git" "$repo_name" + if ! git clone --depth 1 --branch "$branch" "https://${GITHUB_TOKEN}@github.com/github/$repo_url.git" "$repo_name"; then + echo "❌ Failed to clone repository '$repo_name'" + return 1 + fi fi echo "Repository '$repo_name' is up to date." diff --git a/src/dev-toc/README.md b/src/dev-toc/README.md index 5820ec371030..0a5a0d60fb34 100644 --- a/src/dev-toc/README.md +++ b/src/dev-toc/README.md @@ -1,33 +1,143 @@ # Developer table of contents -This directory generates a full table of contents for the docs.github.com site. +The dev-toc subject generates a static, browsable table of contents (TOC) for local development. It creates HTML files showing the complete documentation site structure across all versions, making it easy to navigate and verify the site hierarchy during development. + +## Purpose & Scope + +This subject is responsible for: +- Generating static HTML TOC files for all versions +- Rendering page titles with Liquid templating +- Creating expandable/collapsible navigation tree +- Supporting auto-expansion of specific product sections +- Opening generated TOC in browser automatically +- Developer tool for site navigation and verification -The table of contents is generated locally within the `static` subdirectory as a series of `index.html` files, within version subdirectories such as `free-pro-team@latest` and `enterprise-cloud@latest` etc. +## Architecture & Key Assets + +### Key capabilities and their locations + +- `generate.ts` - Main script that builds TOC HTML files for all versions +- `layout.html` - HTML template with expandable/collapsible tree structure +- `static/` - Output directory containing generated `index.html` files per version (not committed) -## Generating the table of contents +## Setup & Usage -To generate the table of contents, run the following command from the Terminal: +### Generating the TOC + +Generate the complete table of contents: ```bash npm run dev-toc ``` -After generating the files, the ToC should open in your default browser. If it doesn't, open your browser and navigate to `file:///PATH/TO/docs-internal/src/dev-toc/static/free-pro-team@latest/index.html`. +This will: +1. Generate HTML files in `src/dev-toc/static/` for each version +2. Render all page titles (including Liquid templates) +3. Open the TOC in your default browser at the FPT version + +If it doesn't open automatically, navigate to the generated file in your browser. -## Generating the ToC with one or more sections auto-expanded +### Auto-expanding specific sections -Alternatively, you can generate the table of contents with a specific top-level section of the docs auto-expanded by running the following command: +Generate TOC with specific product sections pre-expanded: ```bash -tsx src/dev-toc/generate.ts -o PRODUCT-ID [PRODUCT-ID PRODUCT-ID ...] +tsx src/dev-toc/generate.ts -o actions ``` -where `PRODUCT-ID` is the first part of the URL for the top-level section of the docs. For example, the `actions` section of the docs has the URL `https://docs.github.com/en/actions`, so the `PRODUCT-ID` is `actions`. So the command would be: - +Multiple sections: ```bash -tsx src/dev-toc/generate.ts -o actions +tsx src/dev-toc/generate.ts -o actions copilot pull-requests ``` -Note: if you generate the table more than once, with a different product ID flag you will need to refresh the page to see the changes. +Where product IDs match the URL structure (e.g., `actions` for `https://docs.github.com/en/actions`). + +Note: If regenerating with different flags, refresh your browser to see changes. + +### What gets generated + +For each version, the script: +1. Loads the site tree for that version +2. Recursively renders all page titles (handles Liquid templating) +3. Builds an HTML tree with expandable/collapsible sections +4. Writes to `static/{version}/index.html` + +## Data & External Dependencies + +### Data inputs +- Site tree from content files (all pages and their hierarchy) +- Page frontmatter (titles, which may include Liquid) +- Version information from `@/versions/lib/all-versions` + +### Dependencies +- `@/frame/middleware/context/context` - Context initialization +- `@/content-render` - Liquid template rendering +- `@/versions` - Version enumeration +- HTML template in `layout.html` +- Browser (for opening generated TOC) + +### Data outputs +- Static HTML files in `static/` directory +- One `index.html` per version +- Expandable tree navigation with page links +- Links that can open in VS Code or browser + +## Cross-links & Ownership + +### Related subjects +- [`src/frame`](../frame/README.md) - Site tree structure and context +- [`src/content-render`](../content-render/README.md) - Liquid rendering for titles +- [`src/versions`](../versions/README.md) - Version enumeration +- Content files - Source of page hierarchy + +### Ownership +- Team: Docs Content (with engineering support and reviews as needed) + +## Current State & Next Steps + +### Use cases + +The dev-toc is useful for: +- **Navigation** - Quickly browse entire site structure during development +- **Verification** - Check that pages appear in correct hierarchy +- **Title debugging** - See rendered titles (including Liquid output) +- **Structure review** - Review content organization across versions +- **Link checking** - Verify navigation structure makes sense + +### Known limitations +- Generated files are static (don't auto-update when content changes) +- Must regenerate when content structure changes +- Only shows structure, not content +- Requires re-running script to see updates +- Links open file paths, not the dev server + +### Output directory +The `static/` directory is gitignored because it contains generated files that vary by local environment. + +### Development workflow + +Common pattern: +1. Make content structure changes +2. Run `npm run dev-toc` +3. Review structure in generated TOC +4. Verify pages appear in correct locations +5. Check that parent/child relationships are correct + +### Troubleshooting + +**TOC doesn't open:** +Manually navigate to `src/dev-toc/static/free-pro-team@latest/index.html` in your file browser. + +**Missing pages:** +- Ensure content files have proper frontmatter +- Check that pages are included in parent's `children` array +- Regenerate TOC after content changes + +**Liquid rendering errors:** +Check console output when running `generate.ts` for template errors. + +**Wrong sections expanded:** +Regenerate with correct `-o` flags, then refresh browser (hard refresh may be needed). + diff --git a/src/early-access/README.md b/src/early-access/README.md index eb3bf3824a7f..c243f4ebfd1a 100644 --- a/src/early-access/README.md +++ b/src/early-access/README.md @@ -1,3 +1,79 @@ -# Early access +# Early Access -Early access allows the Docs team to publish docs to docs.github.com without putting the content files in github/docs or github/docs-internal. This allows the Docs team to publish articles about limited access features. +The Early Access module enables the GitHub Docs team to publish documentation for features that are in limited access (beta, technical preview, etc.) without exposing the content in the public `github/docs` repository. + +## Purpose & Scope + +This system allows for: +- **Private Content Hosting**: Storing sensitive or unreleased documentation in a separate, private repository (`github/docs-early-access`). +- **Seamless Integration**: Merging this private content into the main site build so it appears native to the user (e.g., under `/en/early-access`). +- **Access Control**: Hiding these pages from public navigation and search engines, making them accessible only via direct links or specific "Early Access" index pages. + +## Architecture + +### Content Storage + +Early access content lives in a separate private repository: `github/docs-early-access`. +- **Structure**: It mirrors the main repo's structure (`content/`, `data/`, `assets/`). +- **Integration**: During the build process (or local development), files from the private repo are copied or symlinked into the main `docs-internal` directory. + +### Middleware + +The logic for serving and listing these pages is handled in `src/early-access/middleware/early-access-links.ts`. +- **`earlyAccessContext`**: This middleware runs on requests to `/early-access`. It: + - Checks if the user is on an early access path. + - Retrieves a list of hidden pages whose path starts with `early-access`. + - Injects these links into the rendering context (`req.context.earlyAccessPageLinks`), allowing index pages to dynamically list available early access content. + +### Scripts + +A suite of scripts in `src/early-access/scripts` manages the workflow: +- **`clone-locally`**: Clones the private `docs-early-access` repo for local development. +- **`symlink-from-local-repo.ts`**: Symlinks the cloned content into the main `content/` and `assets/` directories so the Next.js server can see them. +- **`merge-early-access.sh`**: Used in CI/CD to physically move files from the checked-out private repo into the build directory. +- **`update-data-and-image-paths.ts`**: A utility to fix up paths when moving content between the main repo and early access. + +## Setup & Usage + +### Local Development + +To work on Early Access content locally: + +1. **Clone the Repo**: + ```bash + npm run clone-early-access + ``` + This clones `github/docs-early-access` into a sibling directory. + +2. **Symlink Content**: + ```bash + npm run symlink-from-local-repo + ``` + This links the content into `docs-internal`. + +3. **Run the Server**: + ```bash + npm start + ``` + You can now access pages at `http://localhost:4000/en/early-access`. + +### Adding New Content + +1. Create markdown files in the `docs-early-access` repo. +2. Ensure the frontmatter includes `hidden: true` to prevent it from appearing in the main sidebar navigation (unless specifically desired). +3. Use the `early-access` directory prefix. + +## Dependencies + +- **`github/docs-early-access`**: The private repository containing the actual content. +- **CI/CD Workflows**: The deployment process must have access to the private repo to merge the content before building. + +## Ownership + +- **Team**: `@github/docs-engineering` +- **Content Owners**: The Writers and Product Managers responsible for the specific early access features. + +## Current State & Known Issues + +- **"Hidden" but Public**: While the source is private, once deployed to `docs.github.com`, the pages are technically public if you know the URL. They are "security through obscurity" (hidden from nav/search), not authenticated. +- **Build Complexity**: The merging process adds complexity to the build pipeline and can sometimes cause confusion with path resolution or asset loading if files are moved incorrectly. \ No newline at end of file diff --git a/src/eslint-rules/README.md b/src/eslint-rules/README.md new file mode 100644 index 000000000000..3b7ec018a9c4 --- /dev/null +++ b/src/eslint-rules/README.md @@ -0,0 +1,21 @@ +# Custom ESLint Rules + +We can declare custom rules in this directory and import them from our ESLint config in [eslint.config.ts](../../eslint.config.ts) + +Custom rules are useful for enforcing best practices and more effective than a "warning" comment since automated linter tests will fail if custom rules aren't followed. + +**Note:** Custom rules must be written as JavaScript (`.js`) files, not TypeScript. ESLint loads custom rule plugins at runtime using Node's module system, which expects JavaScript. While the main ESLint config can be TypeScript, the rule implementations themselves need to be JavaScript. + +## Creating a new rule + +1. Create the rule in this directory +2. Export it from [index.js](./index.js) +3. Enable it in [eslint.config.ts](../../eslint.config.ts) under the `"rules"` key, e.g. + +```typescript +'custom-rules/use-custom-logger': 'error', +``` + +Note that the rule is prepended with `custom-rules` + +4. Please include a `README.md` in your rule's directory explaining why it is necessary and any times the rule can be ignored. diff --git a/src/eslint-rules/index.js b/src/eslint-rules/index.js new file mode 100644 index 000000000000..8e0e03398c32 --- /dev/null +++ b/src/eslint-rules/index.js @@ -0,0 +1,6 @@ +// Export custom rules from here +module.exports = { + rules: { + "use-custom-logger": require("./use-custom-logger/use-custom-logger"), + }, +}; diff --git a/src/eslint-rules/package.json b/src/eslint-rules/package.json new file mode 100644 index 000000000000..a6b961f3d116 --- /dev/null +++ b/src/eslint-rules/package.json @@ -0,0 +1,10 @@ +{ + "name": "eslint-plugin-custom-rules", + "type": "commonjs", + "version": "1.0.0", + "license": "MIT", + "main": "index.js", + "peerDependencies": { + "eslint": "^8.0.0 || ^9.0.0" + } +} diff --git a/src/eslint-rules/use-custom-logger/README.md b/src/eslint-rules/use-custom-logger/README.md new file mode 100644 index 000000000000..80f4d003dffa --- /dev/null +++ b/src/eslint-rules/use-custom-logger/README.md @@ -0,0 +1,15 @@ +# Use Custom Logger Rule + +This rule enforces using `logger.` instead of `console.log` in backend code. + +Please see [the logger README](../../observability/logger/README.md) for more details. + +## When to ignore + +Anywhere that isn't server code doesn't need to use the `logger`. e.g. React components, GitHub Actions, and CLI scripts. + +## Auto fix + +This rule supports auto-fixing via `--fix`. + +Run `npm run lint -- --fix` to apply the changes, but please make sure to double check that the automatic fix looks correct before committing. diff --git a/src/eslint-rules/use-custom-logger/tests/use-custom-logger.ts b/src/eslint-rules/use-custom-logger/tests/use-custom-logger.ts new file mode 100644 index 000000000000..a9eb68e4d7db --- /dev/null +++ b/src/eslint-rules/use-custom-logger/tests/use-custom-logger.ts @@ -0,0 +1,470 @@ +import { describe, it } from 'vitest' +import { RuleTester, Rule } from 'eslint' +import ruleModule from '../use-custom-logger' + +const rule = ruleModule as Rule.RuleModule + +const ruleTester = new RuleTester({ + languageOptions: { + ecmaVersion: 2022, + sourceType: 'module', + }, +}) + +describe('use-custom-logger', () => { + it('should pass valid code without console usage', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [ + { + code: ` + import { createLogger } from '@/observability/logger'; + const logger = createLogger(import.meta.url); + logger.info('test'); + `, + }, + { + code: ` + const x = 5; + const y = 10; + `, + }, + ], + invalid: [], + }) + }) + + it('should detect and fix console.log', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + console.log('test'); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.info('test'); + `, + }, + ], + }) + }) + + it('should detect and fix console.error', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + console.error('test'); + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.error('test'); + `, + }, + ], + }) + }) + + it('should detect and fix console.warn', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + console.warn('warning'); + `, + errors: [ + { + message: 'Please use our internal logger.warn instead of console.warn', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.warn('warning'); + `, + }, + ], + }) + }) + + it('should detect and fix console.debug', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + console.debug('debug info'); + `, + errors: [ + { + message: 'Please use our internal logger.debug instead of console.debug', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.debug('debug info'); + `, + }, + ], + }) + }) + + it('should handle files with no existing imports', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: `console.log('hello');`, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + output: `import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); +logger.info('hello');`, + }, + ], + }) + }) + + it('should not add duplicate imports when logger import exists', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { createLogger } from '@/observability/logger'; + console.log('test'); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + output: ` + import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.info('test'); + `, + }, + ], + }) + }) + + it('should not add duplicate logger declaration when it exists', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { createLogger } from '@/observability/logger'; + const logger = createLogger(import.meta.url); + console.log('test'); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + output: ` + import { createLogger } from '@/observability/logger'; + const logger = createLogger(import.meta.url); + logger.info('test'); + `, + }, + ], + }) + }) + + it('should handle multiple console calls in one file', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + console.log('first'); + console.error('second'); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + logger.info('first'); + logger.error('second'); + `, + }, + ], + }) + }) + + it('should transform console.error(err) to logger.error with message', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + const err = new Error('test'); + console.error(err); + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const err = new Error('test'); + logger.error('Error occurred', { err }); + `, + }, + ], + }) + }) + + it('should transform console.error(error) to logger.error with message', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + const error = new Error('test'); + console.error(error); + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const error = new Error('test'); + logger.error('Error occurred', { error }); + `, + }, + ], + }) + }) + + it('should transform console.warn(err) to logger.warn with message', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + import { something } from 'somewhere'; + const err = new Error('test'); + console.warn(err); + `, + errors: [ + { + message: 'Please use our internal logger.warn instead of console.warn', + }, + ], + output: ` + import { something } from 'somewhere'; +import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const err = new Error('test'); + logger.warn('Error occurred', { err }); + `, + }, + ], + }) + }) + + it('should transform console.error(e) to logger.error with message', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + try { + throw new Error('test'); + } catch (e) { + console.error(e); + } + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: `import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + try { + throw new Error('test'); + } catch (e) { + logger.error('Error occurred', { e }); + } + `, + }, + ], + }) + }) + + it('should transform console.error(failBotError) to logger.error with message', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + const failBotError = new Error('test'); + console.error(failBotError); + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: `import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const failBotError = new Error('test'); + logger.error('Error occurred', { failBotError }); + `, + }, + ], + }) + }) + + it('should not transform console.error with message and error object', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + const err = new Error('test'); + console.error('Something went wrong', err); + `, + errors: [ + { + message: 'Please use our internal logger.error instead of console.error', + }, + ], + output: `import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const err = new Error('test'); + logger.error('Something went wrong', err); + `, + }, + ], + }) + }) + + it('should not transform console.log with error variable', () => { + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + const err = new Error('test'); + console.log(err); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + output: `import { createLogger } from '@/observability/logger'; + +const logger = createLogger(import.meta.url); + + const err = new Error('test'); + logger.info(err); + `, + }, + ], + }) + }) + + it('should handle logger variable with destructuring pattern', () => { + // This test ensures the rule recognizes logger variables from destructuring patterns + // and doesn't create a duplicate declaration + ruleTester.run('use-custom-logger', rule, { + valid: [], + invalid: [ + { + code: ` + const { logger } = something; + console.log('test'); + `, + errors: [ + { + message: 'Please use our internal logger.info instead of console.log', + }, + ], + // The auto-fix will add the import but not the declaration since logger exists via destructuring + output: `import { createLogger } from '@/observability/logger'; + + const { logger } = something; + logger.info('test'); + `, + }, + ], + }) + }) +}) diff --git a/src/eslint-rules/use-custom-logger/use-custom-logger.js b/src/eslint-rules/use-custom-logger/use-custom-logger.js new file mode 100644 index 000000000000..e498cb20e7db --- /dev/null +++ b/src/eslint-rules/use-custom-logger/use-custom-logger.js @@ -0,0 +1,179 @@ +module.exports = { + meta: { + type: "suggestion", + docs: { + description: "Use our internal logger instead of console", + category: "Best Practices", + recommended: false, + }, + fixable: "code", + schema: [], // no options + }, + create(context) { + const sourceCode = context.getSourceCode(); + // flag to ensure we add the logger setup only once per file + let setupInserted = false; + + // Check if the logger import is already present. + function needsLoggerImport() { + return !sourceCode.ast.body.some( + (node) => + node.type === "ImportDeclaration" && + node.source.value === "@/observability/logger", + ); + } + + // Check if a logger variable is already declared. + // This checks for both direct declarations (const logger = ...) and + // destructured patterns (const { logger } = ...). + function needsLoggerDeclaration() { + return !sourceCode.ast.body.some((node) => { + if (node.type === "VariableDeclaration") { + return node.declarations.some((decl) => { + // Check for direct identifier: const logger = ... + if (decl.id.type === "Identifier" && decl.id.name === "logger") { + return true; + } + // Check for destructured pattern: const { logger } = ... + if (decl.id.type === "ObjectPattern") { + return decl.id.properties.some( + (prop) => + prop.type === "Property" && + prop.key.type === "Identifier" && + prop.key.name === "logger", + ); + } + return false; + }); + } + return false; + }); + } + + // Retrieve the last import statement. + function getLastImportNode() { + const imports = sourceCode.ast.body.filter( + (node) => node.type === "ImportDeclaration", + ); + return imports.length > 0 ? imports[imports.length - 1] : null; + } + + return { + CallExpression(node) { + const callee = node.callee; + if ( + callee && + callee.type === "MemberExpression" && + callee.object && + callee.object.name === "console" && + callee.property && + ["log", "error", "debug", "warn"].includes(callee.property.name) + ) { + const method = callee.property.name; + // Determine the replacement method: "log" should become "info". + const newMethod = method === "log" ? "info" : method; + context.report({ + node: callee, + message: `Please use our internal logger.${newMethod} instead of console.${method}`, + fix(fixer) { + const fixes = []; + const args = node.arguments; + + // Replace 'console' with 'logger' + fixes.push(fixer.replaceText(callee.object, "logger")); + // Replace the property; if it's "log", change to "info" + fixes.push(fixer.replaceText(callee.property, newMethod)); + + // Check if we need to transform arguments for error-level methods + // If the first argument appears to be an error variable (common pattern: err, error, e) + // and there's only one argument, we should add a descriptive message + if ( + (newMethod === "error" || newMethod === "warn") && + args.length === 1 && + args[0].type === "Identifier" && + /^(err|error|e|.+Error|.+Err|failBotError|exception)$/i.test( + args[0].name, + ) + ) { + // Transform console.error(err) to logger.error('Error occurred', { err }) + // This makes the log message more useful and follows structured logging pattern + const errorVarName = sourceCode.getText(args[0]); + fixes.push( + fixer.replaceText( + args[0], + `'Error occurred', { ${errorVarName} }`, + ), + ); + } + + // Insert our logger setup (import + declaration) only once per file. + if (!setupInserted) { + setupInserted = true; + + const needsImport = needsLoggerImport(); + const needsDeclaration = needsLoggerDeclaration(); + const lastImport = getLastImportNode(); + + if (needsImport && needsDeclaration) { + // Insert both import and declaration together + if (lastImport) { + fixes.push( + fixer.insertTextAfter( + lastImport, + "\nimport { createLogger } from '@/observability/logger';\n\nconst logger = createLogger(import.meta.url);\n", + ), + ); + } else { + // No imports – insert at the top + fixes.push( + fixer.insertTextBeforeRange( + [0, 0], + "import { createLogger } from '@/observability/logger';\n\nconst logger = createLogger(import.meta.url);\n", + ), + ); + } + } else if (needsImport) { + // Only insert the import + if (lastImport) { + fixes.push( + fixer.insertTextAfter( + lastImport, + "\nimport { createLogger } from '@/observability/logger';", + ), + ); + } else { + fixes.push( + fixer.insertTextBeforeRange( + [0, 0], + "import { createLogger } from '@/observability/logger';\n", + ), + ); + } + } else if (needsDeclaration) { + // Only insert the logger declaration + if (lastImport) { + fixes.push( + fixer.insertTextAfter( + lastImport, + "\n\nconst logger = createLogger(import.meta.url);\n", + ), + ); + } else { + fixes.push( + fixer.insertTextAfterRange( + [0, 0], + "\nconst logger = createLogger(import.meta.url);\n", + ), + ); + } + } + } + + return fixes; + }, + }); + } + }, + }; + }, +}; diff --git a/src/events/README.md b/src/events/README.md index 5f973804633c..1a8681c5ce7f 100644 --- a/src/events/README.md +++ b/src/events/README.md @@ -1,21 +1,147 @@ # Events -We record events from the browser into our data pipeline to aggregate anonymous data about how folks are using the Docs. +The events subject handles client-side analytics by recording user interactions from the browser and sending them to GitHub's data pipeline. Events track anonymous usage data to help understand how users interact with docs.github.com and identify areas for improvement. -## Why events +## Purpose & Scope -Data helps us to understand where our Docs are successful, and where we need to improve. +This subject is responsible for: +- Recording browser events (page views, clicks, searches, surveys, etc.) +- Validating event data against JSON schemas +- Sending events to Hydro (GitHub's data warehouse) +- Analyzing survey comments with sentiment analysis +- Providing React components for event tracking +- Server-side event endpoint (`POST /events`) -## How to view events +## Architecture & Key Assets -1. We send a `POST /events` request from the browser. -2. Any data sent we check against our JSON schema. -3. After passing the schema check, we send the data along the path to the warehouse. +### Key capabilities and their locations -## How to work on event +- `middleware.ts` - Express router handling `POST /events` endpoint, validates and publishes events +- `lib/schema.ts` - JSON Schema definitions for all event types using AJV validation +- `components/events.ts` - Client-side utilities for sending events from the browser -When adding or changing properties, make sure to update the schema in both the JS file as well as the schema for the warehouse. +## Setup & Usage -## How to get help for events +### Event flow + +1. Browser sends `POST /events` request with event data +2. Middleware validates against JSON schema +3. If valid, event is sent to Hydro data warehouse +4. If invalid, validation error is logged (not sent to warehouse) + +### Event types + +Supported event types (see `EventType` enum): +- `page` - Page view +- `exit` - User leaving page +- `link` - Link click +- `search` - Search query +- `survey` - Survey response + +### Sending events from the browser + +```typescript +import { sendEvent } from '@/events/components/events' + +sendEvent({ + type: 'link', + link_url: 'https://example.com', +}) +``` + +### Event schema structure + +All events require a `context` object with: +- `event_id` (UUID) +- `user` (UUID) - Anonymous user identifier +- `version` - Schema version +- `created` - Timestamp +- `path` - Current page path +- Browser metadata (user agent, viewport size, etc.) + +Each event type has additional required/optional fields defined in `lib/schema.ts`. + +### Local testing + +Test event validation locally: +```bash +npm run test -- src/events/tests +``` + +Test comment analysis: +```bash +tsx src/events/scripts/analyze-comment-cli.ts "This is a great article!" +``` + +## Data & External Dependencies + +### Data inputs +- Browser events from client-side JavaScript +- Survey responses and comments +- User context (language, version, product, path) +- Browser metadata (user agent, viewport, etc.) + +### Dependencies +- Hydro API - GitHub's data warehouse +- AJV - JSON schema validation +- AI comment analysis service (internal) +- `@/versions`, `@/products`, `@/languages` - For enum validation + +### Schema validation + +Schemas enforce: +- Required fields for each event type +- Enum values (languages, versions, products, tools) +- Format validation (UUID, date-time, URI) +- Additional properties not allowed + +### Data outputs +- Events sent to Hydro data warehouse +- Validation errors logged to Failbot (production) +- Survey sentiment analysis results + +## Cross-links & Ownership + +### Related subjects +- [`src/observability`](../observability/README.md) - Error logging and monitoring +- [`src/versions`](../versions/README.md) - Version enum validation +- [`src/products`](../products/README.md) - Product enum validation +- [`src/languages`](../languages/README.md) - Language enum validation +- [`src/tools`](../tools/README.md) - Tool enum validation + +### Internal documentation +For detailed internal documentation about the data pipeline and Hydro, see the internal Docs Engineering repository. + +### Ownership +- Team: Docs Engineering (code and analytics), Data Engineering (data pipeline) + +## Current State & Next Steps + +### Known limitations +- Survey comment sentiment analysis requires network call (adds latency) +- Event validation errors are deduplicated with LRU cache to prevent spam +- In production, events are fire-and-forget (don't wait for response) +- Validation errors sent to Hydro to track schema mismatches + +### Adding a new event type + +1. Add event type to `EventType` enum in `types.ts` +2. Add type-specific properties to `EventPropsByType` in `types.ts` +3. Add schema definition to `lib/schema.ts` +4. Update warehouse schema (internal process) +5. Add client-side tracking code in components as needed +6. Test validation with unit tests + +### Survey comment analysis + +Survey responses with comments are analyzed for sentiment: +- Positive/negative/neutral rating assigned +- Language detection for comment text +- Results stored in `survey_rating` and `survey_comment_language` fields + +### Monitoring and debugging + +- Validation errors appear in server logs +- Production validation errors sent to Hydro for tracking +- Use `analyze-comment-cli.ts` to test sentiment analysis locally -For hubbers, see the internal docs in the internal engineering repository. diff --git a/src/events/components/events.ts b/src/events/components/events.ts index f6843162ccf2..f1a539e5b339 100644 --- a/src/events/components/events.ts +++ b/src/events/components/events.ts @@ -1,10 +1,12 @@ import Cookies from '@/frame/components/lib/cookies' +import { ANALYTICS_ENABLED } from '@/frame/lib/constants' import { parseUserAgent } from './user-agent' import { Router } from 'next/router' import { isLoggedIn } from '@/frame/components/hooks/useHasAccount' import { getExperimentVariationForContext } from './experiments/experiment' import { EventType, EventPropsByType } from '../types' import { isHeadless } from './is-headless' +import { sendHydroAnalyticsEvent, getOctoClientId } from './hydro-analytics' const COOKIE_NAME = '_docs-events' @@ -113,6 +115,7 @@ export function sendEvent({ content_type: getMetaContent('page-content-type'), status: Number(getMetaContent('status') || 0), is_logged_in: isLoggedIn(), + octo_client_id: getOctoClientId(), // Device information // os, os_version, browser, browser_version: @@ -151,6 +154,9 @@ export function sendEvent({ queueEvent(body) + // Send events to hydro-analytics-client for cross-subdomain tracking + sendHydroAnalyticsEvent(body) + if (type === EventType.exit) { flushQueue() } @@ -166,7 +172,9 @@ function flushQueue() { eventQueue = [] try { - navigator.sendBeacon(endpoint, new Blob([eventsBody], { type: 'application/json' })) + if (ANALYTICS_ENABLED) { + navigator.sendBeacon(endpoint, new Blob([eventsBody], { type: 'application/json' })) + } } catch (err) { console.warn(`sendBeacon to '${endpoint}' failed.`, err) } @@ -436,6 +444,7 @@ function initPrintEvent() { } export function initializeEvents() { + if (!ANALYTICS_ENABLED) return if (initialized) return initialized = true initPageAndExitEvent() // must come first diff --git a/src/events/components/experiments/ExperimentContentSwap.tsx b/src/events/components/experiments/ExperimentContentSwap.tsx new file mode 100644 index 000000000000..f4703b5b4f8d --- /dev/null +++ b/src/events/components/experiments/ExperimentContentSwap.tsx @@ -0,0 +1,58 @@ +import { useLayoutEffect, useState } from 'react' +import { useShouldShowExperiment } from '@/events/components/experiments/useShouldShowExperiment' +import { EXPERIMENTS } from '@/events/components/experiments/experiments' + +const EXPERIMENT_KEY = EXPERIMENTS.readability_copilot.key + +// Swaps visibility of .exp-control / .exp-treatment divs within the article +// body based on the user's experiment group. Both variants are rendered +// server-side (and cached by Fastly). Treatment divs must have the `hidden` +// and `data-nosnippet` attributes in the authored HTML so control content is +// always the safe fallback and crawlers ignore the treatment variant. +export function ExperimentContentSwap({ containerRef }: { containerRef: string }) { + const [hasExperimentDivs, setHasExperimentDivs] = useState(false) + + // Check once on mount whether this page has any experiment markup. + // If not, skip the experiment hook entirely to avoid unnecessary work. + useLayoutEffect(() => { + const container = document.querySelector(containerRef) + if (container?.querySelector(`[data-experiment="${EXPERIMENT_KEY}"]`)) { + setHasExperimentDivs(true) + } + }, [containerRef]) + + if (!hasExperimentDivs) return null + + return +} + +// Separated so the experiment hook only runs when experiment divs are present. +function ExperimentSwapper({ containerRef }: { containerRef: string }) { + const { showExperiment, experimentLoading } = useShouldShowExperiment( + EXPERIMENTS.readability_copilot, + ) + + // useLayoutEffect fires synchronously after DOM mutations but before + // the browser paints, minimizing the flash of control content for + // treatment users. + useLayoutEffect(() => { + if (experimentLoading) return + + const container = document.querySelector(containerRef) + if (!container) return + + const selector = `[data-experiment="${EXPERIMENT_KEY}"]` + const controlDivs = container.querySelectorAll(`.exp-control${selector}`) + const treatmentDivs = container.querySelectorAll(`.exp-treatment${selector}`) + + if (showExperiment) { + for (const div of controlDivs) div.hidden = true + for (const div of treatmentDivs) div.hidden = false + } else { + for (const div of controlDivs) div.hidden = false + for (const div of treatmentDivs) div.hidden = true + } + }, [showExperiment, experimentLoading, containerRef]) + + return null +} diff --git a/src/events/components/experiments/content-ab-testing.md b/src/events/components/experiments/content-ab-testing.md new file mode 100644 index 000000000000..3fa33cbeabf4 --- /dev/null +++ b/src/events/components/experiments/content-ab-testing.md @@ -0,0 +1,74 @@ +# Content A/B testing + +This guide explains how to set up an A/B test on article content using the experiment framework. Both content variants live in the same Markdown file and are served in a single Fastly-cached response. Client-side JavaScript swaps which variant is visible based on the user's experiment group. + +For background on A/B testing at GitHub Docs, see [the A/B testing guide](https://github.com/github/docs-team/blob/main/analytics/ab-test.md). + +> [!IMPORTANT] +> Only one experiment can have `includeVariationInContext: true` at a time, because `experiment_variation` is a single key in the event context. Multiple experiments can run concurrently if the others use `sendExperimentSuccess` for tracking instead. See the [experiments README](./README.md) for details. + +## Authoring an experiment article + +Wrap the control (original) and treatment (rewritten) content in HTML divs. Both variants render as normal Markdown inside the divs. + +```markdown +--- +title: Your article title +--- + +
    + +Original article body here. Markdown renders normally inside the div. + +Links, lists, code blocks, and all other Markdown features work as usual. + +
    + +``` + +### Rules + +* **Blank lines required**: Leave a blank line after the opening `
    ` and before the closing `
    ` so Markdown renders correctly inside the div. +* **`data-experiment` attribute**: Must match the experiment key registered in `experiments.ts` (currently `readability_copilot`). +* **`hidden` attribute**: Always add `hidden` to the treatment div. This ensures the control is shown by default (safe fallback if JavaScript fails). +* **`data-nosnippet` attribute**: Always add `data-nosnippet` to the treatment div. This tells search engines to ignore the treatment text. +* **Multiple pairs**: You can have multiple control/treatment pairs in one article if only some sections differ. Each pair must have the matching `data-experiment`, class, and attributes. + +## Previewing the treatment + +* **Staff cookie**: If you have the `staffonly` cookie set, you will always see the treatment. +* **URL parameter**: Add `?feature=readability` to any article URL to force the treatment variant. +* **Console override**: In the browser console, run: + ```javascript + window.overrideControlGroup('readability_copilot', 'treatment') + ``` + Reload the page to see the treatment. Use `'control'` to switch back. + +## How tracking works + +When `includeVariationInContext` is `true` (which it is for this experiment), **every** analytics event on the page automatically includes `experiment_variation: "control"` or `"treatment"` in its context. This means: + +* Page view events → measure impressions per variant +* Link click events → measure CTA clicks per variant +* Exit events → measure scroll depth (`exit_scroll_length`), time on page (`exit_visit_duration`), and scroll engagement (`exit_scroll_flip`) per variant +* No extra tracking code is needed in the content + +CTA links that point to external sites (like `github.com/features/copilot`) are already tracked by the existing link event system. The `link_samesite: false` flag identifies external (CTA) clicks. + +To analyze additional event types (such as scroll depth or time on page), add queries to the dashboard—no code changes are needed. + +## Analyzing results + +Use the **[Docs Experiment Results dashboard](https://gh.io/docs-8c0c)** to track split verification, CTA click-through rates, sequential significance testing, and per-article breakdowns. The dashboard has parameters for experiment name, path product, and minimum detectable effect. + +Dashboard source config: [`docs-team/analytics/dashboard-builder/experiment-results.config.ts`](https://github.com/github/docs-team/blob/main/analytics/dashboard-builder/experiment-results.config.ts) + +## Ending the experiment + +1. Set `isActive: false` in `src/events/components/experiments/experiments.ts`. +2. Remove the experiment divs from the articles, keeping whichever variant won. +3. Open a PR documenting the results. diff --git a/src/events/components/experiments/experiment.ts b/src/events/components/experiments/experiment.ts index df264c710697..f7d30b2f7336 100644 --- a/src/events/components/experiments/experiment.ts +++ b/src/events/components/experiments/experiment.ts @@ -29,6 +29,8 @@ export function shouldShowExperiment( const experiments = getActiveExperiments('all') for (const experiment of experiments) { if (experiment.key === experimentKey) { + // Respect isActive so flipping it to false actually stops the experiment + if (!experiment.isActive) return false // If there is an override for the current session, use that if (controlGroupOverride[experiment.key]) { const controlGroup = getExperimentControlGroupFromSession( diff --git a/src/events/components/experiments/experiments.ts b/src/events/components/experiments/experiments.ts index 6e3e72ec67ff..f4fe2f607d5f 100644 --- a/src/events/components/experiments/experiments.ts +++ b/src/events/components/experiments/experiments.ts @@ -15,7 +15,7 @@ type Experiment = { } // Update this with the name of the experiment, e.g. | 'example_experiment' -export type ExperimentNames = 'placeholder_experiment' +export type ExperimentNames = 'placeholder_experiment' | 'readability_copilot' export const EXPERIMENTS = { // Placeholder experiment to maintain type compatibility @@ -29,6 +29,16 @@ export const EXPERIMENTS = { alwaysShowForStaff: false, turnOnWithURLParam: 'placeholder', // Placeholder URL param }, + readability_copilot: { + key: 'readability_copilot', + isActive: true, + percentOfUsersToGetExperiment: 50, + includeVariationInContext: true, + limitToLanguages: ['en'], + limitToVersions: [], + alwaysShowForStaff: true, + turnOnWithURLParam: 'readability', + }, /* Add new experiments here, example: 'example_experiment': { key: 'example_experiment', diff --git a/src/events/components/hydro-analytics.ts b/src/events/components/hydro-analytics.ts new file mode 100644 index 000000000000..1a1ae51cd3be --- /dev/null +++ b/src/events/components/hydro-analytics.ts @@ -0,0 +1,109 @@ +/** + * Integration with @github/hydro-analytics-client for cross-subdomain tracking. + * + * This sends events to collector.githubapp.com alongside our existing analytics. + * The client auto-collects: page, title, client_id, referrer, user_agent, + * screen_resolution, browser_resolution, browser_languages, pixel_ratio, timestamp, tz_seconds + * + * We send all other docs-specific context fields, including: + * - path_language, path_version, path_product, path_article + * - page_document_type, page_type, content_type + * - color_mode_preference, is_logged_in, experiment_variation, is_headless + * - event_id, page_event_id, octo_client_id + * - Plus any event-specific properties (exit metrics, link_url, etc.) + * + * All functions are wrapped in try/catch to ensure that issues with the + * hydro-analytics-client or collector don't affect our primary analytics. + */ + +import { + AnalyticsClient, + getOrCreateClientId as hydroGetOrCreateClientId, +} from '@github/hydro-analytics-client' +import { EventType } from '../types' + +/** + * Safe wrapper around hydro-analytics-client's getOrCreateClientId. + * Returns undefined if the client fails for any reason. + */ +export function getOctoClientId(): string | undefined { + try { + return hydroGetOrCreateClientId() + } catch (error) { + console.log('hydro-analytics-client getOctoClientId error:', error) + return undefined + } +} + +const hydroClient = new AnalyticsClient({ + collectorUrl: 'https://collector.githubapp.com/docs/collect', + clientId: getOctoClientId(), +}) + +// Fields that hydro-analytics-client already collects automatically +const AUTO_COLLECTED_FIELDS = new Set([ + 'referrer', + 'user_agent', + 'viewport_width', + 'viewport_height', + 'screen_width', + 'screen_height', + 'pixel_ratio', + 'timezone', + 'user_language', + 'href', + 'title', +]) + +/** + * Flatten a nested event body into a single-level context object, + * excluding fields that hydro-analytics-client already auto-collects, + * and adding fields required for analytics_v0_page_view compatibility. + */ +export function prepareData(body: Record): { + type: string + context: Record +} { + const { context: nestedContext, type, ...rest } = body + const flattened = { + ...((nestedContext as Record) || {}), + ...rest, + } + const context = Object.fromEntries( + Object.entries(flattened) + .filter(([, value]) => value != null) + .filter(([key]) => !AUTO_COLLECTED_FIELDS.has(key)) + .map(([key, value]) => [key, String(value)]), + ) + + // Add fields required for analytics_v0_page_view compatibility + // These are expected by the BI team's dashboards + context.react_app = 'docs' + // Preserve our page_type as docs_page_type, then set page_type to 'marketing' for BI + if (context.page_type) { + context.docs_page_type = context.page_type + } + context.page_type = 'marketing' + + return { type: typeof type === 'string' ? type : 'unknown', context } +} + +/** + * Send an event to hydro-analytics-client. + * For page events, sends as a page view. For all other events, sends as a custom event. + * + * This is wrapped in try/catch to ensure that if the hydro collector is down + * or errors, it doesn't affect our primary analytics pipeline. + */ +export function sendHydroAnalyticsEvent(body: Record): void { + try { + const { type, context } = prepareData(body) + if (type === EventType.page) { + hydroClient.sendPageView(context) + } else { + hydroClient.sendEvent(type, context) + } + } catch (error) { + console.log('hydro-analytics-client error:', error) + } +} diff --git a/src/events/components/is-headless.ts b/src/events/components/is-headless.ts index 048647f67792..6f72df0a05af 100644 --- a/src/events/components/is-headless.ts +++ b/src/events/components/is-headless.ts @@ -2,7 +2,7 @@ declare global { interface Window { - GHDOCSPLAYWRIGHT: any + GHDOCSPLAYWRIGHT: boolean | number } } diff --git a/src/events/lib/schema.ts b/src/events/lib/schema.ts index 3f1bb45ccddd..719457cbaa8e 100644 --- a/src/events/lib/schema.ts +++ b/src/events/lib/schema.ts @@ -124,6 +124,11 @@ const context = { type: 'boolean', description: 'The cookie value of staffonly', }, + octo_client_id: { + type: 'string', + description: + 'The _octo cookie client ID for cross-subdomain tracking with github.com analytics.', + }, // Device information os: { diff --git a/src/events/tests/hydro-analytics.ts b/src/events/tests/hydro-analytics.ts new file mode 100644 index 000000000000..2f00389bb67c --- /dev/null +++ b/src/events/tests/hydro-analytics.ts @@ -0,0 +1,131 @@ +import { describe, expect, test } from 'vitest' +import { prepareData } from '../components/hydro-analytics' + +describe('prepareData', () => { + test('flattens nested context into top level', () => { + const body = { + type: 'page', + context: { + event_id: '123', + path_language: 'en', + }, + } + const result = prepareData(body) + expect(result.type).toBe('page') + expect(result.context.event_id).toBe('123') + expect(result.context.path_language).toBe('en') + }) + + test('includes top-level props alongside context', () => { + const body = { + type: 'exit', + context: { event_id: '123' }, + exit_scroll_length: 0.75, + } + const result = prepareData(body) + expect(result.type).toBe('exit') + expect(result.context.event_id).toBe('123') + expect(result.context.exit_scroll_length).toBe('0.75') + }) + + test('filters out auto-collected fields', () => { + const body = { + type: 'page', + context: { + event_id: '123', + referrer: 'https://google.com', + user_agent: 'Mozilla/5.0', + viewport_width: 1024, + title: 'Test Page', + path_language: 'en', + }, + } + const result = prepareData(body) + expect(result.context.event_id).toBe('123') + expect(result.context.path_language).toBe('en') + expect(result.context.referrer).toBeUndefined() + expect(result.context.user_agent).toBeUndefined() + expect(result.context.viewport_width).toBeUndefined() + expect(result.context.title).toBeUndefined() + }) + + test('filters out null and undefined values', () => { + const body = { + type: 'page', + context: { + event_id: '123', + path_language: null, + path_version: undefined, + path_product: 'actions', + }, + } + const result = prepareData(body) + expect(result.context.event_id).toBe('123') + expect(result.context.path_product).toBe('actions') + expect(result.context.path_language).toBeUndefined() + expect(result.context.path_version).toBeUndefined() + }) + + test('converts all values to strings', () => { + const body = { + type: 'exit', + context: { + status: 200, + is_logged_in: true, + is_headless: false, + }, + } + const result = prepareData(body) + expect(result.context.status).toBe('200') + expect(result.context.is_logged_in).toBe('true') + expect(result.context.is_headless).toBe('false') + }) + + test('defaults type to unknown if not a string', () => { + const body = { + type: 123, + context: { event_id: '123' }, + } + const result = prepareData(body) + expect(result.type).toBe('unknown') + }) + + test('handles missing context gracefully', () => { + const body = { + type: 'page', + exit_scroll_length: 0.5, + } + const result = prepareData(body) + expect(result.type).toBe('page') + expect(result.context.exit_scroll_length).toBe('0.5') + }) + + test('adds react_app field for analytics_v0_page_view compatibility', () => { + const body = { + type: 'page', + context: { event_id: '123' }, + } + const result = prepareData(body) + expect(result.context.react_app).toBe('docs') + }) + + test('adds page_type field when not present', () => { + const body = { + type: 'page', + context: { event_id: '123' }, + } + const result = prepareData(body) + expect(result.context.page_type).toBe('marketing') + expect(result.context.docs_page_type).toBeUndefined() + }) + + test('preserves existing page_type as docs_page_type and sets page_type to marketing', () => { + const body = { + type: 'page', + context: { event_id: '123', page_type: 'article' }, + } + const result = prepareData(body) + expect(result.context.page_type).toBe('marketing') + expect(result.context.docs_page_type).toBe('article') + }) +}) diff --git a/src/events/types.ts b/src/events/types.ts index 36e63d0dc7eb..006d244ada23 100644 --- a/src/events/types.ts +++ b/src/events/types.ts @@ -41,6 +41,7 @@ export type EventProps = { is_logged_in: boolean dotcom_user: string is_staff: boolean + octo_client_id?: string os: string os_version: string browser: string diff --git a/src/fixtures/README.md b/src/fixtures/README.md index 49a354472cf4..d63c7609b6b1 100644 --- a/src/fixtures/README.md +++ b/src/fixtures/README.md @@ -103,3 +103,67 @@ Optionally, also set `DEBUG_MIDDLEWARE_TESTS` variable to get stacktraces for `5 ```shell DEBUG_MIDDLEWARE_TESTS=true ROOT=src/fixtures/fixtures TRANSLATIONS_FIXTURE_ROOT=src/fixtures/fixtures/translations vitest src/fixtures/tests ``` + +## Fixture Dependencies by Subject + +Which subjects rely on which fixtures: + +| Subject | Fixtures Used | Purpose | +|---------|---------------|---------| +| `src/content-render` | Liquid tags, Markdown files | Test custom tags and rendering | +| `src/versions` | Version frontmatter | Test version conditionals | +| `src/redirects` | Redirect frontmatter | Test redirect logic | +| `src/search` | Search index content | Test search functionality | +| `src/landings` | Landing page layouts | Test landing page rendering | +| `src/rest` | REST API fixtures | Test REST docs rendering | +| `src/graphql` | GraphQL schema fixtures | Test GraphQL docs rendering | +| `src/webhooks` | Webhook fixtures | Test webhook docs rendering | + +### Adding fixtures for new subjects + +When adding new functionality: +1. Create minimal content in `src/fixtures/fixtures/content/` +2. Add any required data in `src/fixtures/fixtures/data/` +3. Keep product names matching real content (top-level only) +4. Run `./src/tests/scripts/copy-fixture-data.ts` to sync required files + +## Ownership & Escalation + +### Ownership +- Team: Docs Engineering + +### Escalation +Fixture content is maintained by the team. If tests break due to fixture issues: +1. Check if fixture content needs updating +2. Run `./src/tests/scripts/copy-fixture-data.ts` to sync +3. Ask in #docs-engineering if unclear + +### Maintenance responsibilities +- Keep fixtures minimal but functional +- Update when adding new features +- Don't let fixtures drift from real content structure +- Document fixture-specific test patterns + +## Related Documentation + +- [Playwright tests](./PLAYWRIGHT.md) - Browser-based E2E tests +- [Axe accessibility tests](./axe.md) - Accessibility testing with fixtures +- [Test infrastructure](../tests/README.md) - Overall testing setup + +## Known Limitations + +### Fixture coverage +- Not all subjects have comprehensive fixtures +- Some complex scenarios may need real content for testing +- Translation fixtures are minimal + +### Maintenance burden +- Fixtures need updates when content structure changes +- Some data files must be kept in sync with real content +- Product names must exactly match real content + +### Best practices +- Keep fixtures focused on one feature at a time +- Don't replicate entire content structure unnecessarily +- Use fixtures for functionality tests, not content validation +- Update fixtures when breaking changes occur diff --git a/src/fixtures/fixtures/content/admin/index.md b/src/fixtures/fixtures/content/admin/index.md new file mode 100644 index 000000000000..ac0afdc79daa --- /dev/null +++ b/src/fixtures/fixtures/content/admin/index.md @@ -0,0 +1,14 @@ +--- +title: Enterprise administrator documentation +shortTitle: Enterprise administrators +intro: 'Documentation and guides for enterprise administrators.' + +changelog: + label: enterprise +layout: product-landing +versions: + ghec: '*' + ghes: '*' +children: + - /monitoring-activity-in-your-enterprise +--- diff --git a/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/index.md b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/index.md new file mode 100644 index 000000000000..99c47f7b8ca7 --- /dev/null +++ b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/index.md @@ -0,0 +1,14 @@ +--- +title: Monitoring activity in your enterprise +intro: 'You can view user and system activity by leveraging audit logs.' +redirect_from: + - /enterprise/admin/installation/monitoring-activity-on-your-github-enterprise-server-instance +versions: + ghec: '*' + ghes: '*' +topics: + - Enterprise +children: + - /reviewing-audit-logs-for-your-enterprise +shortTitle: Monitor user activity +--- diff --git a/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md new file mode 100644 index 000000000000..36c8f6bb82bc --- /dev/null +++ b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md @@ -0,0 +1,31 @@ +--- +title: Audit log events for your enterprise +intro: Review the events recorded in an enterprise's audit log. +shortTitle: Audit log events +permissions: 'Enterprise owners {% ifversion ghes %}and site administrators {% endif %}' +redirect_from: + - /enterprise/admin/articles/audited-actions + - /enterprise/admin/installation/audited-actions + - /enterprise/admin/user-management/audited-actions + - /admin/user-management/audited-actions + - /admin/user-management/monitoring-activity-in-your-enterprise/audited-actions +versions: + ghec: '*' + ghes: '*' +type: reference +topics: + - Auditing + - Enterprise + - Logging + - Security +autogenerated: audit-logs +--- + +> [!NOTE] This article lists events that may appear in the audit log for an **enterprise**. For the events that can appear in a user account's security log or the audit log for an organization, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events) and [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization). + +## What types of events are included? + +* **Without Enterprise Managed Users**, the audit log only includes events related to the enterprise account and the organizations within it. +* **With Enterprise Managed Users**, the audit log also includes user events, which are not listed here. For that list, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events). + + diff --git a/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md new file mode 100644 index 000000000000..5f97a80c8053 --- /dev/null +++ b/src/fixtures/fixtures/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md @@ -0,0 +1,13 @@ +--- +title: Reviewing audit logs for your enterprise +intro: You can view user and system activity in the audit logs for your enterprise. +shortTitle: Review audit logs +versions: + ghec: '*' + ghes: '*' +topics: + - Enterprise +children: + - /audit-log-events-for-your-enterprise +--- + diff --git a/src/fixtures/fixtures/content/authentication/index.md b/src/fixtures/fixtures/content/authentication/index.md new file mode 100644 index 000000000000..d4c8fa05c7ae --- /dev/null +++ b/src/fixtures/fixtures/content/authentication/index.md @@ -0,0 +1,33 @@ +--- +title: Authentication documentation +shortTitle: Authentication +intro: 'Keep your account and data secure with features like two-factor authentication, SSH, and commit signature verification.' +redirect_from: + - /categories/56/articles + - /categories/ssh + - /mac-verify-ssh + - /ssh-issues + - /verify-ssh-redirect + - /win-verify-ssh + - /categories/92/articles + - /categories/gpg + - /categories/security + - /categories/authenticating-to-github + - /github/authenticating-to-github +versions: + fpt: '*' + ghes: '*' + ghec: '*' + +changelog: + label: '2FA,authentication,security keys,SSH,token authentication' +layout: product-landing +topics: + - 2FA + - Identity + - Access management + - Usernames + - Device verification +children: + - /keeping-your-account-and-data-secure +--- diff --git a/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/index.md b/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/index.md new file mode 100644 index 000000000000..f4d0c2b8a7da --- /dev/null +++ b/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/index.md @@ -0,0 +1,17 @@ +--- +title: Keeping your account and data secure +intro: 'To protect your personal information, you should keep both your account on GitHub and any associated data secure.' +redirect_from: + - /articles/keeping-your-account-and-data-secure + - /github/authenticating-to-github/keeping-your-account-and-data-secure +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Identity + - Access management +children: + - /security-log-events +shortTitle: Account security +--- diff --git a/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/security-log-events.md b/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/security-log-events.md new file mode 100644 index 000000000000..2e487730989d --- /dev/null +++ b/src/fixtures/fixtures/content/authentication/keeping-your-account-and-data-secure/security-log-events.md @@ -0,0 +1,21 @@ +--- +title: Security log events +intro: Learn about security log events recorded for your personal account. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Identity + - Access management +autogenerated: audit-logs +--- + +> [!NOTE] +> This article contains the events that may appear in your user account's security log. + +## About security log events + +Reference grouped by category. + + diff --git a/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md b/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md new file mode 100644 index 000000000000..7c15fa25285e --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md @@ -0,0 +1,36 @@ +--- +title: database analyze +intro: Analyze a database, producing meaningful results in the context of the source code. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +type: reference +product: Code Security +autogenerated: codeql-cli +--- + + + + + + + +## Synopsis + +```shell copy +codeql database analyze --format= --output= [--threads=] [--ram=] ... -- ... +``` + +## Description + +Analyze a database, producing meaningful results in the context of the +source code. + +## Options + +### Primary Options + +#### `` + +[Mandatory] Path to the CodeQL database to query. \ No newline at end of file diff --git a/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/index.md b/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/index.md new file mode 100644 index 000000000000..c62b5a479950 --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/codeql-cli/codeql-cli-manual/index.md @@ -0,0 +1,10 @@ +--- +title: CodeQL CLI Manual +intro: Manual for CodeQL CLI +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: + - /database-analyze +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/content/code-security/codeql-cli/index.md b/src/fixtures/fixtures/content/code-security/codeql-cli/index.md new file mode 100644 index 000000000000..45dd85dfe99f --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/codeql-cli/index.md @@ -0,0 +1,10 @@ +--- +title: CodeQL CLI +intro: CodeQL CLI documentation +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: + - /codeql-cli-manual +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/content/code-security/index.md b/src/fixtures/fixtures/content/code-security/index.md index 34725a2bd810..c01870c61ff9 100644 --- a/src/fixtures/fixtures/content/code-security/index.md +++ b/src/fixtures/fixtures/content/code-security/index.md @@ -14,4 +14,6 @@ versions: children: - /getting-started - /guides + - /secret-scanning + - /codeql-cli --- diff --git a/src/fixtures/fixtures/content/code-security/secret-scanning/index.md b/src/fixtures/fixtures/content/code-security/secret-scanning/index.md new file mode 100644 index 000000000000..745fbc6c0460 --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/secret-scanning/index.md @@ -0,0 +1,10 @@ +--- +title: Secret scanning +intro: Secret scanning documentation +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: + - /introduction +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/index.md b/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/index.md new file mode 100644 index 000000000000..e1df66e8d945 --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/index.md @@ -0,0 +1,10 @@ +--- +title: Introduction to secret scanning +intro: Introduction to secret scanning +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: + - /supported-secret-scanning-patterns +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md new file mode 100644 index 000000000000..fc0c866631af --- /dev/null +++ b/src/fixtures/fixtures/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md @@ -0,0 +1,20 @@ +--- +title: Supported secret scanning patterns +intro: Lists of supported secrets. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +type: reference +autogenerated: secret-scanning +--- + +## Supported secrets + +This table lists the secrets supported by secret scanning. + +| Provider | Token | +|----|:----| +{%- for entry in secretScanningData %} +| {{ entry.provider }} | {{ entry.secretType }} | +{%- endfor %} \ No newline at end of file diff --git a/src/fixtures/fixtures/content/codespaces/guides.md b/src/fixtures/fixtures/content/codespaces/guides.md new file mode 100644 index 000000000000..e6d2b6800bb4 --- /dev/null +++ b/src/fixtures/fixtures/content/codespaces/guides.md @@ -0,0 +1,14 @@ +--- +title: Guides for GitHub Codespaces +intro: Learn how to make the most of GitHub Codespaces. +layout: product-guides +versions: + fpt: '*' +topics: + - Codespaces + - Developer +includeGuides: + - /get-started/start-your-journey/hello-world +learningTracks: + - foo_bar +--- diff --git a/src/fixtures/fixtures/content/codespaces/index.md b/src/fixtures/fixtures/content/codespaces/index.md new file mode 100644 index 000000000000..d9e241ea294a --- /dev/null +++ b/src/fixtures/fixtures/content/codespaces/index.md @@ -0,0 +1,10 @@ +--- +title: GitHub Codespaces documentation +intro: Develop in a codespace. +versions: + fpt: '*' +children: + - /guides +topics: + - Codespaces +--- diff --git a/src/fixtures/fixtures/content/get-started/article-grid-bespoke/index.md b/src/fixtures/fixtures/content/get-started/article-grid-bespoke/index.md index 939c6507c921..43376ac26bb5 100644 --- a/src/fixtures/fixtures/content/get-started/article-grid-bespoke/index.md +++ b/src/fixtures/fixtures/content/get-started/article-grid-bespoke/index.md @@ -6,10 +6,11 @@ versions: ghes: "*" ghec: "*" layout: bespoke-landing -recommended: - - /grid-category-one/grid-article-one - - /grid-category-one/grid-article-two - - /grid-category-two/grid-article-three +carousels: + recommended: + - /grid-category-one/grid-article-one + - /grid-category-one/grid-article-two + - /grid-category-two/grid-article-three spotlight: - article: /grid-category-one/grid-article-one image: /assets/images/placeholder.png diff --git a/src/fixtures/fixtures/content/get-started/article-grid-discovery/index.md b/src/fixtures/fixtures/content/get-started/article-grid-discovery/index.md index 8944b2da5cea..0093ed207121 100644 --- a/src/fixtures/fixtures/content/get-started/article-grid-discovery/index.md +++ b/src/fixtures/fixtures/content/get-started/article-grid-discovery/index.md @@ -6,10 +6,11 @@ versions: ghes: "*" ghec: "*" layout: discovery-landing -recommended: - - /grid-category-one/grid-article-one - - /grid-category-one/grid-article-two - - /grid-category-two/grid-article-three +carousels: + recommended: + - /grid-category-one/grid-article-one + - /grid-category-one/grid-article-two + - /grid-category-two/grid-article-three spotlight: - article: /grid-category-one/grid-article-one image: /assets/images/placeholder.png diff --git a/src/fixtures/fixtures/content/get-started/carousel/index.md b/src/fixtures/fixtures/content/get-started/carousel/index.md index e31cabbfba67..fe29f6d81d0e 100644 --- a/src/fixtures/fixtures/content/get-started/carousel/index.md +++ b/src/fixtures/fixtures/content/get-started/carousel/index.md @@ -6,10 +6,11 @@ versions: ghes: '*' ghec: '*' layout: discovery-landing -recommended: - - /category-one/article-one - - /category-one/article-two - - /category-two/article-three +carousels: + recommended: + - /category-one/article-one + - /category-one/article-two + - /category-two/article-three spotlight: - article: /category-one/article-one image: /assets/images/placeholder.png diff --git a/src/fixtures/fixtures/content/get-started/foo/index.md b/src/fixtures/fixtures/content/get-started/foo/index.md index e49f67728324..774984fc4731 100644 --- a/src/fixtures/fixtures/content/get-started/foo/index.md +++ b/src/fixtures/fixtures/content/get-started/foo/index.md @@ -18,4 +18,5 @@ children: - /page-with-permissions-and-product-callout - /table-with-ifversions - /code-snippet-with-hashbang + - /journey-test-article --- diff --git a/src/fixtures/fixtures/content/get-started/foo/journey-test-article.md b/src/fixtures/fixtures/content/get-started/foo/journey-test-article.md new file mode 100644 index 000000000000..e6541e22874c --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/foo/journey-test-article.md @@ -0,0 +1,12 @@ +--- +title: Journey Test Article +intro: This article is used for testing journey branching text. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +--- + +## Test Article + +This article exists solely for testing journey navigation features. diff --git a/src/fixtures/fixtures/content/get-started/index.md b/src/fixtures/fixtures/content/get-started/index.md index f49326331f7e..e64ae2eced8b 100644 --- a/src/fixtures/fixtures/content/get-started/index.md +++ b/src/fixtures/fixtures/content/get-started/index.md @@ -21,14 +21,14 @@ journeyTracks: title: 'Getting started' description: 'Learn the basics of our platform.' guides: - - '/get-started/start-your-journey/hello-world' - - '/get-started/foo/bar' + - href: '/get-started/start-your-journey/hello-world' + - href: '/get-started/foo/bar' - id: 'advanced' title: 'Advanced topics' description: 'Dive deeper into advanced features.' guides: - - '/get-started/foo/autotitling' - - '/get-started/start-your-journey/hello-world' + - href: '/get-started/foo/autotitling' + - href: '/get-started/start-your-journey/hello-world' children: - /start-your-journey - /foo @@ -45,6 +45,8 @@ children: - /carousel - /article-grid-discovery - /article-grid-bespoke + - /multi-carousel + - /non-child-resolution communityRedirect: name: Provide HubGit Feedback href: 'https://hubgit.com/orgs/community/discussions/categories/get-started' diff --git a/src/fixtures/fixtures/content/get-started/multi-carousel/index.md b/src/fixtures/fixtures/content/get-started/multi-carousel/index.md new file mode 100644 index 000000000000..c3b815525019 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/multi-carousel/index.md @@ -0,0 +1,25 @@ +--- +title: Multi-Carousel Test Page +intro: "A test page for testing multiple carousels with articles." +versions: + fpt: "*" + ghes: "*" + ghec: "*" +layout: discovery-landing +carousels: + # This has a matching key in ui.yml -> should display "Recommended" title + recommended: + - /get-started/foo/bar + - /get-started/foo/autotitling + - /get-started/foo/for-playwright + # This has NO matching key in ui.yml -> should display no title + titleTwoNoMatchingUiYml: + - /get-started/foo/for-playwright + - /get-started/foo/autotitling + - /get-started/foo/bar +children: + - /placeholder +--- + +This page tests multiple carousels. +Each carousel can have a different set of articles, and the title comes from ui.yml if the key matches. diff --git a/src/fixtures/fixtures/content/get-started/multi-carousel/placeholder/index.md b/src/fixtures/fixtures/content/get-started/multi-carousel/placeholder/index.md new file mode 100644 index 000000000000..afcda2c62812 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/multi-carousel/placeholder/index.md @@ -0,0 +1,11 @@ +--- +title: Placeholder +intro: 'Placeholder child for multi-carousel fixture' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: [] +--- + +Placeholder content. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/articles-only/index.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/articles-only/index.md new file mode 100644 index 000000000000..bc99bb47d3be --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/articles-only/index.md @@ -0,0 +1,10 @@ +--- +title: Cross-product children test +intro: Testing cross-product children resolution using /content/ prefix +versions: + fpt: '*' +children: + - /content/actions/using-workflows/storing-workflow-data-as-artifacts +--- + +This category uses /content/ prefix for cross-product article inclusion. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/children-only/index.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/children-only/index.md new file mode 100644 index 000000000000..30d82dcb912e --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/children-only/index.md @@ -0,0 +1,10 @@ +--- +title: Children only test +intro: Testing children-only page resolution +versions: + fpt: '*' +children: + - /content/actions/using-workflows/storing-workflow-data-as-artifacts +--- + +This category uses traditional children-only approach but with a cross-product path. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/index.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/index.md new file mode 100644 index 000000000000..1ddd29f7ffa6 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/index.md @@ -0,0 +1,17 @@ +--- +title: Non-child resolution test +intro: Testing non-child page resolution from frontmatter +versions: + fpt: '*' + ghec: '*' + ghes: '*' +children: + - /children-only + - /articles-only + - /local-category + - /standalone-article + - /versioned-cross-product + - /content/actions/using-workflows/storing-workflow-data-as-artifacts +--- + +This is the non-child resolution test page. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/index.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/index.md new file mode 100644 index 000000000000..1f36ea49b409 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/index.md @@ -0,0 +1,12 @@ +--- +title: Local category test +intro: Testing local children combined with cross-product children +versions: + fpt: '*' +children: + - /local-article-one + - /local-article-two + - /content/actions/using-workflows/storing-workflow-data-as-artifacts +--- + +This category has both local children and cross-product children. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-one.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-one.md new file mode 100644 index 000000000000..18ee8fca82cd --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-one.md @@ -0,0 +1,8 @@ +--- +title: Local article one +intro: A local article in the local category +versions: + fpt: '*' +--- + +This is local article one. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-two.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-two.md new file mode 100644 index 000000000000..14cf59975403 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/local-category/local-article-two.md @@ -0,0 +1,8 @@ +--- +title: Local article two +intro: Another local article in the local category +versions: + fpt: '*' +--- + +This is local article two. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/standalone-article.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/standalone-article.md new file mode 100644 index 000000000000..07d23dc68547 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/standalone-article.md @@ -0,0 +1,8 @@ +--- +title: Standalone article +intro: A standalone article for testing +versions: + fpt: '*' +--- + +This is a standalone article. diff --git a/src/fixtures/fixtures/content/get-started/non-child-resolution/versioned-cross-product/index.md b/src/fixtures/fixtures/content/get-started/non-child-resolution/versioned-cross-product/index.md new file mode 100644 index 000000000000..ed09f293cac6 --- /dev/null +++ b/src/fixtures/fixtures/content/get-started/non-child-resolution/versioned-cross-product/index.md @@ -0,0 +1,15 @@ +--- +title: Versioned cross-product test +intro: Testing cross-product children with version constraints +versions: + fpt: '*' + ghec: '*' + ghes: '*' +children: + - /content/get-started/versioning/only-fpt + - /content/get-started/versioning/only-ghec + - /content/get-started/versioning/only-ghec-and-ghes +--- + +This category includes cross-product children from articles with different version constraints. +The children should only appear in versions where the referenced article is available. diff --git a/src/fixtures/fixtures/content/get-started/test-journey/index.md b/src/fixtures/fixtures/content/get-started/test-journey/index.md index 1b30f95696ac..c6cc9365b545 100644 --- a/src/fixtures/fixtures/content/get-started/test-journey/index.md +++ b/src/fixtures/fixtures/content/get-started/test-journey/index.md @@ -7,18 +7,19 @@ versions: ghes: '*' ghec: '*' journeyTracks: - - id: 'getting_started' - title: 'Getting started' - description: 'Learn the basics of our platform.' + - id: 'first_track' + title: 'First Track' + description: 'The first track in the journey.' guides: - - '/get-started/start-your-journey/hello-world' - - '/get-started/foo/bar' - - id: 'advanced' - title: 'Advanced topics' - description: 'Dive deeper into advanced features.' + - href: '/get-started/start-your-journey/hello-world' + - href: '/get-started/foo/journey-test-article' + alternativeNextStep: 'Want to skip ahead? See [AUTOTITLE](/get-started/start-your-journey/hello-world)' + - id: 'second_track' + title: 'Next Track' + description: 'The second track in the journey.' guides: - - '/get-started/foo/autotitling' - - '/get-started/start-your-journey/hello-world' + - href: '/get-started/foo/autotitling' + - href: '/get-started/start-your-journey/hello-world' --- This is a test page for journey tracks. diff --git a/src/fixtures/fixtures/content/graphql/index.md b/src/fixtures/fixtures/content/graphql/index.md new file mode 100644 index 000000000000..0f156df84b52 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/index.md @@ -0,0 +1,12 @@ +--- +title: GitHub GraphQL API documentation +intro: 'To create integrations, retrieve data, and automate your workflows, use the {% data variables.product.prodname_dotcom %} GraphQL API.' +shortTitle: GraphQL API +versions: + fpt: '*' + ghec: '*' + ghes: '*' +children: + - /overview + - /reference +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/overview/breaking-changes.md b/src/fixtures/fixtures/content/graphql/overview/breaking-changes.md new file mode 100644 index 000000000000..a00972605cdd --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/overview/breaking-changes.md @@ -0,0 +1,20 @@ +--- +title: Breaking changes +intro: Learn about recent and upcoming breaking changes to the {% data variables.product.prodname_dotcom %} GraphQL API. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About breaking changes + +Breaking changes are any changes that might require action from our integrators. We divide these changes into two categories: + +* **Breaking:** Changes that will break existing queries to the GraphQL API. For example, removing a field would be a breaking change. +* **Dangerous:** Changes that won't break existing queries but could affect the runtime behavior of clients. Adding an enum value is an example of a dangerous change. + +We'll announce upcoming breaking changes at least three months before making changes to the GraphQL schema, to give integrators time to make the necessary adjustments. + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/overview/changelog.md b/src/fixtures/fixtures/content/graphql/overview/changelog.md new file mode 100644 index 000000000000..248d15f70c0f --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/overview/changelog.md @@ -0,0 +1,13 @@ +--- +title: Changelog +intro: The GraphQL schema changelog is a list of recent and upcoming changes to our GraphQL API schema. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +Breaking changes include changes that will break existing queries or could affect the runtime behavior of clients. For a list of breaking changes and when they will occur, see our breaking changes log. + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/overview/index.md b/src/fixtures/fixtures/content/graphql/overview/index.md new file mode 100644 index 000000000000..3bf6a4f19795 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/overview/index.md @@ -0,0 +1,15 @@ +--- +title: Overview +intro: Learn about the GraphQL API overview topics. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +children: + - /breaking-changes + - /changelog +--- + +## GraphQL API overview + +The GraphQL API provides a powerful way to query GitHub data. \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/enums.md b/src/fixtures/fixtures/content/graphql/reference/enums.md new file mode 100644 index 000000000000..f6a15cadaf07 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/enums.md @@ -0,0 +1,17 @@ +--- +title: Enums +intro: Enums represent possible sets of values for a field. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About enums + +Enums are special types that define a set of possible values. When a field has an enum type, it can only be set to one of the predefined values. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/index.md b/src/fixtures/fixtures/content/graphql/reference/index.md new file mode 100644 index 000000000000..b93b3e6db2cb --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/index.md @@ -0,0 +1,20 @@ +--- +title: Reference +intro: View reference documentation to learn about the data types available in the {% data variables.product.prodname_dotcom %} GraphQL API schema. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +children: + - /queries + - /mutations + - /objects + - /interfaces + - /enums + - /unions + - /input-objects + - /scalars +autogenerated: graphql +--- + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/input-objects.md b/src/fixtures/fixtures/content/graphql/reference/input-objects.md new file mode 100644 index 000000000000..aa1265a6f104 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/input-objects.md @@ -0,0 +1,17 @@ +--- +title: Input objects +intro: Input objects are special types that allow you to pass complex objects as arguments to queries and mutations. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About input objects + +Input objects are used when you need to pass a structured set of values as an argument to a field. They are similar to regular objects, but they are specifically designed to be used as input arguments. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/interfaces.md b/src/fixtures/fixtures/content/graphql/reference/interfaces.md new file mode 100644 index 000000000000..f93c982d7cb3 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/interfaces.md @@ -0,0 +1,17 @@ +--- +title: Interfaces +intro: Interfaces are abstract types that include a certain set of fields that other types must include if they implement the interface. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About interfaces + +Interfaces allow you to define a set of fields that multiple object types can implement. They help ensure consistency across your schema. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/mutations.md b/src/fixtures/fixtures/content/graphql/reference/mutations.md new file mode 100644 index 000000000000..6d0894956cf7 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/mutations.md @@ -0,0 +1,17 @@ +--- +title: Mutations +intro: The mutation type defines GraphQL operations that create, update, or delete data on the server. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About mutations + +Every GraphQL schema has a root type for both queries and mutations. The mutation type defines GraphQL operations that modify data on the server. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/objects.md b/src/fixtures/fixtures/content/graphql/reference/objects.md new file mode 100644 index 000000000000..074cd5b87bdc --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/objects.md @@ -0,0 +1,17 @@ +--- +title: Objects +intro: Objects in GraphQL represent the resources you can access. An object can contain a list of fields, which are specifically typed. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About objects + +Objects are the most common type in a GraphQL schema. They represent the resources you can access and contain fields that define the data you can query. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/queries.md b/src/fixtures/fixtures/content/graphql/reference/queries.md new file mode 100644 index 000000000000..10427d7cf754 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/queries.md @@ -0,0 +1,17 @@ +--- +title: Queries +intro: The query type defines GraphQL operations that retrieve data from the server. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About queries + +Every GraphQL schema has a root type for both queries and mutations. The query type defines GraphQL operations that retrieve data from the server. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/scalars.md b/src/fixtures/fixtures/content/graphql/reference/scalars.md new file mode 100644 index 000000000000..939b3a6ec6f8 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/scalars.md @@ -0,0 +1,17 @@ +--- +title: Scalars +intro: Scalars are primitive values in GraphQL. They represent the leaves of a query. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About scalars + +Scalars are primitive types that represent concrete values. GraphQL comes with a set of default scalar types, including String, Int, Float, Boolean, and ID. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/graphql/reference/unions.md b/src/fixtures/fixtures/content/graphql/reference/unions.md new file mode 100644 index 000000000000..49c919383ca0 --- /dev/null +++ b/src/fixtures/fixtures/content/graphql/reference/unions.md @@ -0,0 +1,17 @@ +--- +title: Unions +intro: Unions represent an object that could be one of multiple types. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +autogenerated: graphql +--- + +## About unions + +A union type is a special type that represents an object that could be one of a listed set of types. When you query a field that returns a union type, you need to use conditional fragments to query any fields. + +For more information, see [AUTOTITLE](/get-started/start-your-journey/hello-world). + + \ No newline at end of file diff --git a/src/fixtures/fixtures/content/index.md b/src/fixtures/fixtures/content/index.md index e3b95a0713d8..c4fda9c57663 100644 --- a/src/fixtures/fixtures/content/index.md +++ b/src/fixtures/fixtures/content/index.md @@ -29,17 +29,19 @@ children: - early-access - pages - code-security + - codespaces - actions - rest - webhooks + - graphql - video-transcripts # - account-and-profile - # - authentication + - authentication # - repositories - # - admin + - admin # - billing # - site-policy - # - organizations + - organizations # - pull-requests # - issues # - copilot diff --git a/src/fixtures/fixtures/content/organizations/index.md b/src/fixtures/fixtures/content/organizations/index.md new file mode 100644 index 000000000000..da877c1e75f5 --- /dev/null +++ b/src/fixtures/fixtures/content/organizations/index.md @@ -0,0 +1,21 @@ +--- +title: Organizations and teams documentation +shortTitle: Organizations +intro: 'You can use organizations to collaborate with a large number of people across many projects at once, while managing access to your data and customizing settings.' +redirect_from: + - /articles/about-improved-organization-permissions + - /categories/setting-up-and-managing-organizations-and-teams + - /github/setting-up-and-managing-organizations-and-teams + - /organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization + +layout: product-landing +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Organizations + - Teams +children: + - /keeping-your-organization-secure +--- diff --git a/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/index.md b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/index.md new file mode 100644 index 000000000000..f368912f58dd --- /dev/null +++ b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/index.md @@ -0,0 +1,18 @@ +--- +title: Keeping your organization secure +intro: 'You can harden security for your organization by managing security settings, requiring two-factor authentication (2FA), and reviewing the activity and integrations within your organization.' +redirect_from: + - /articles/preventing-unauthorized-access-to-organization-information + - /articles/keeping-your-organization-secure + - /github/setting-up-and-managing-organizations-and-teams/keeping-your-organization-secure +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Organizations + - Teams +children: + - /managing-security-settings-for-your-organization +shortTitle: Organization security +--- diff --git a/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md new file mode 100644 index 000000000000..ffdc3fe1e26d --- /dev/null +++ b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md @@ -0,0 +1,22 @@ +--- +title: Audit log events for your organization +intro: Learn about audit log events recorded for your organization. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Organizations + - Teams +shortTitle: Audit log events +autogenerated: audit-logs +--- + +> [!NOTE] +> This article contains the events that may appear in your organization's audit log. + +## About audit log events for your organization + +Reference grouped by category. + + diff --git a/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md new file mode 100644 index 000000000000..3cb126f6d440 --- /dev/null +++ b/src/fixtures/fixtures/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md @@ -0,0 +1,14 @@ +--- +title: Managing security settings for your organization +shortTitle: Manage security settings +intro: 'You can manage security settings and review the audit log and integrations for your organization.' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Organizations + - Teams +children: + - /audit-log-events-for-your-organization +--- diff --git a/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-fine-grained-personal-access-tokens.md b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-fine-grained-personal-access-tokens.md new file mode 100644 index 000000000000..02039420e79e --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-fine-grained-personal-access-tokens.md @@ -0,0 +1,14 @@ +--- +title: Endpoints available for fine-grained personal access tokens +shortTitle: Endpoints for fine-grained PATs +intro: You can use fine-grained personal access tokens to make requests to the following REST endpoints. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - API +autogenerated: github-apps +--- + + diff --git a/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-installation-access-tokens.md b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-installation-access-tokens.md new file mode 100644 index 000000000000..01f651198145 --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-installation-access-tokens.md @@ -0,0 +1,15 @@ +--- +title: Endpoints available for GitHub App installation access tokens +shortTitle: Endpoints for GitHub App installation tokens +intro: Your GitHub App can make requests to the following REST endpoints with an installation access token. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - API + - GitHub Apps +autogenerated: github-apps +--- + + diff --git a/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-user-access-tokens.md b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-user-access-tokens.md new file mode 100644 index 000000000000..90a4af09f92c --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/endpoints-available-for-github-app-user-access-tokens.md @@ -0,0 +1,15 @@ +--- +title: Endpoints available for GitHub App user access tokens +shortTitle: Endpoints for GitHub App user tokens +intro: Your GitHub App can make requests to the following REST endpoints with a user access token. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - API + - GitHub Apps +autogenerated: github-apps +--- + + diff --git a/src/fixtures/fixtures/content/rest/authentication/index.md b/src/fixtures/fixtures/content/rest/authentication/index.md new file mode 100644 index 000000000000..7871f85c2e01 --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/index.md @@ -0,0 +1,14 @@ +--- +title: Authentication +intro: Authentication guides and reference documentation for the REST API. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +children: + - /endpoints-available-for-github-app-installation-access-tokens + - /endpoints-available-for-github-app-user-access-tokens + - /endpoints-available-for-fine-grained-personal-access-tokens + - /permissions-required-for-github-apps + - /permissions-required-for-fine-grained-personal-access-tokens +--- diff --git a/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens.md b/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens.md new file mode 100644 index 000000000000..97dd25100c20 --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens.md @@ -0,0 +1,18 @@ +--- +title: Permissions required for fine-grained personal access tokens +intro: For each permission granted to a fine-grained personal access token, these are the REST API endpoints that can be accessed. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - API +shortTitle: Permissions for fine-grained PATs +autogenerated: github-apps +--- + +## About fine-grained personal access token permissions + +Fine-grained personal access tokens are created with a set of permissions. + + diff --git a/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-github-apps.md b/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-github-apps.md new file mode 100644 index 000000000000..fbf39c4938f5 --- /dev/null +++ b/src/fixtures/fixtures/content/rest/authentication/permissions-required-for-github-apps.md @@ -0,0 +1,18 @@ +--- +title: Permissions required for GitHub Apps +intro: For each permission granted to a GitHub App, these are the REST API endpoints that the app can use. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - API +shortTitle: Permissions for GitHub Apps +autogenerated: github-apps +--- + +## About GitHub App permissions + +GitHub Apps are created with a set of permissions. Permissions define what resources the GitHub App can access via the API. + + diff --git a/src/fixtures/fixtures/content/rest/index.md b/src/fixtures/fixtures/content/rest/index.md index a0f5c9ded9cb..71127de8ea33 100644 --- a/src/fixtures/fixtures/content/rest/index.md +++ b/src/fixtures/fixtures/content/rest/index.md @@ -19,6 +19,7 @@ versions: children: - /about-the-rest-api - /actions + - /authentication --- diff --git a/src/fixtures/fixtures/data/learning-tracks/codespaces.yml b/src/fixtures/fixtures/data/learning-tracks/codespaces.yml new file mode 100644 index 000000000000..78343b79c7ba --- /dev/null +++ b/src/fixtures/fixtures/data/learning-tracks/codespaces.yml @@ -0,0 +1,6 @@ +# Codespaces learning tracks +foo_bar: + title: Sample learning track + description: A sample track for testing + guides: + - /get-started/start-your-journey/hello-world diff --git a/src/fixtures/fixtures/data/ui.yml b/src/fixtures/fixtures/data/ui.yml index 1e3986a0f4ec..1f6257f545fe 100644 --- a/src/fixtures/fixtures/data/ui.yml +++ b/src/fixtures/fixtures/data/ui.yml @@ -98,6 +98,7 @@ pages: about_versions: About versions permissions_callout_title: Who can use this feature? video_from_transcript: See video for this transcript + view_page_as_markdown: View page as Markdown support: still_need_help: Still need help? contact_support: Contact support @@ -258,6 +259,7 @@ footer: machine: Some of this content may be machine- or AI-translated. journey_landing: articles: '{{ number }} Articles' + articles_heading: Articles product_landing: article_grid: heading: Articles @@ -344,6 +346,9 @@ cookbook_landing: category: Category complexity: Complexity +carousels: + recommended: Recommended + not_found: title: Ooops! message: It looks like this page doesn't exist. diff --git a/src/fixtures/fixtures/index.md b/src/fixtures/fixtures/index.md new file mode 100644 index 000000000000..5a6fbc3cbb75 --- /dev/null +++ b/src/fixtures/fixtures/index.md @@ -0,0 +1,6 @@ +--- +title: This is an index page +intro: 'I am missing a children frontmatter property' +versions: + fpt: '*' +--- \ No newline at end of file diff --git a/src/fixtures/fixtures/rest-redirects.json b/src/fixtures/fixtures/rest-redirects.json index 9da019b1201d..872699d5d4c6 100644 --- a/src/fixtures/fixtures/rest-redirects.json +++ b/src/fixtures/fixtures/rest-redirects.json @@ -460,10 +460,10 @@ "/v3/orgs/outside_collaborators": "/en/rest/orgs/outside-collaborators", "/v3/orgs/pre_receive_hooks": "/en/enterprise-server/rest/enterprise-admin/org-pre-receive-hooks", "/v3/orgs/teams": "/en/rest/teams/teams", - "/v3/projects/cards": "/en/enterprise-cloud@latest/rest/projects-classic/cards", - "/v3/projects/collaborators": "/en/rest/projects-classic/collaborators", - "/v3/projects/columns": "/en/rest/projects-classic/columns", - "/v3/projects": "/en/rest/projects-classic", + "/v3/projects/cards": "/en/enterprise-server@3.16/rest/projects-classic/cards", + "/v3/projects/collaborators": "/en/enterprise-server@3.16/rest/projects-classic/collaborators", + "/v3/projects/columns": "/en/enterprise-server@3.16/rest/projects-classic/columns", + "/v3/projects": "/en/enterprise-server@3.16/rest/projects-classic", "/v3/pulls/comments": "/en/rest/pulls/comments", "/v3/pulls": "/en/rest/pulls", "/v3/pulls/review_requests": "/en/rest/pulls/review-requests", @@ -492,8 +492,8 @@ "/v3/repos/traffic": "/en/rest/metrics/traffic", "/v3/scim": "/en/enterprise-cloud@latest/rest/scim", "/v3/search": "/en/rest/search", - "/v3/teams/discussion_comments": "/en/rest/teams/discussion-comments", - "/v3/teams/discussions": "/en/rest/teams/discussions", + "/v3/teams/discussion_comments": "/en/discussions", + "/v3/teams/discussions": "/en/discussions", "/v3/teams": "/en/rest/teams", "/v3/teams/members": "/en/rest/teams/members", "/v3/teams/team_sync": "/en/enterprise-cloud@latest/rest/teams/team-sync", diff --git a/src/fixtures/fixtures/sample-toc-index.md b/src/fixtures/fixtures/sample-toc-index.md index b9ec21688f23..e73e44e96834 100644 --- a/src/fixtures/fixtures/sample-toc-index.md +++ b/src/fixtures/fixtures/sample-toc-index.md @@ -2,6 +2,6 @@ title: A sample TOC versions: free-pro-team: '*' +children: + - /article-one --- - -{% link_in_list /sample-article %} diff --git a/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json new file mode 100644 index 000000000000..39dcd46be7e7 --- /dev/null +++ b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json @@ -0,0 +1,25 @@ +{ + "organization_api_insights": { + "displayTitle": "Organization permissions for \"API Insights\"", + "permissions": [ + { + "category": "orgs", + "slug": "get-route-stats-by-actor", + "subcategory": "api-insights", + "verb": "get", + "requestPath": "/orgs/{org}/insights/api/route-stats/{actor_type}/{actor_id}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "orgs", + "slug": "get-subject-stats", + "subcategory": "api-insights", + "verb": "get", + "requestPath": "/orgs/{org}/insights/api/subject-stats", + "additional-permissions": false, + "access": "read" + } + ] + } +} diff --git a/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json new file mode 100644 index 000000000000..49c40f93199e --- /dev/null +++ b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json @@ -0,0 +1,16 @@ +{ + "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + } + ] +} diff --git a/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json new file mode 100644 index 000000000000..5830350c0419 --- /dev/null +++ b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json @@ -0,0 +1,29 @@ +{ + "organization_api_insights": { + "displayTitle": "Organization permissions for \"API Insights\"", + "permissions": [ + { + "category": "orgs", + "slug": "get-route-stats-by-actor", + "subcategory": "api-insights", + "verb": "get", + "requestPath": "/orgs/{org}/insights/api/route-stats/{actor_type}/{actor_id}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "orgs", + "slug": "get-subject-stats", + "subcategory": "api-insights", + "verb": "get", + "requestPath": "/orgs/{org}/insights/api/subject-stats", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + } + ] + } +} diff --git a/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json new file mode 100644 index 000000000000..49c40f93199e --- /dev/null +++ b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json @@ -0,0 +1,16 @@ +{ + "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + } + ] +} diff --git a/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json new file mode 100644 index 000000000000..49c40f93199e --- /dev/null +++ b/src/fixtures/fixtures/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json @@ -0,0 +1,16 @@ +{ + "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + } + ] +} diff --git a/src/fixtures/fixtures/src/webhooks/data/fpt/schema.json b/src/fixtures/fixtures/src/webhooks/data/fpt/schema.json new file mode 100644 index 000000000000..9c371b9c02c0 --- /dev/null +++ b/src/fixtures/fixtures/src/webhooks/data/fpt/schema.json @@ -0,0 +1,56 @@ +{ + "check_run": { + "completed": { + "descriptionHtml": "

    Check run is completed.

    ", + "summaryHtml": "", + "bodyParameters": [ + { + "name": "action", + "description": "The action performed. Value: completed", + "isRequired": true, + "type": "string" + }, + { + "name": "check_run", + "description": "The check run object", + "isRequired": true, + "type": "object" + } + ], + "availability": ["Repository", "Organization", "GitHub App"], + "action": "completed", + "category": "check_run", + "payloadExample": { + "action": "completed", + "check_run": { + "id": 4, + "status": "completed", + "conclusion": "neutral" + } + } + } + }, + "issues": { + "opened": { + "descriptionHtml": "

    Issue is opened.

    ", + "summaryHtml": "", + "bodyParameters": [ + { + "name": "action", + "description": "The action performed", + "isRequired": true, + "type": "string" + }, + { + "name": "issue", + "description": "The issue object", + "isRequired": false, + "type": "object" + } + ], + "availability": ["Repository", "Organization"], + "action": "opened", + "category": "issues" + } + } +} diff --git a/src/fixtures/fixtures/test-discovery-landing.md b/src/fixtures/fixtures/test-discovery-landing.md index 5eb46113b294..454c0f99d71d 100644 --- a/src/fixtures/fixtures/test-discovery-landing.md +++ b/src/fixtures/fixtures/test-discovery-landing.md @@ -1,9 +1,10 @@ --- title: Test Discovery Landing Page intro: This is a test discovery landing page -recommended: - - /get-started/quickstart - - /actions/learn-github-actions +carousels: + recommended: + - /get-started/quickstart + - /actions/learn-github-actions --- # Test Discovery Landing Page diff --git a/src/fixtures/tests/annotations.ts b/src/fixtures/tests/annotations.ts index f75df8e8b895..9a87ca2401ac 100644 --- a/src/fixtures/tests/annotations.ts +++ b/src/fixtures/tests/annotations.ts @@ -22,7 +22,7 @@ describe('annotations', () => { expect(annotation.find('.annotate-inline').length).toBe(1) expect(annotation.find('.annotate-row').length).toBe(3) const notes = $('.annotate-row .annotate-note p', annotation) - const noteTexts = notes.map((i: number, el: any) => $(el).text()).get() + const noteTexts = notes.map((_, el) => $(el).text()).get() expect(noteTexts).toEqual(["Let's get started", 'This is just a sample', 'End of the script']) } // Second code snippet block @@ -33,7 +33,7 @@ describe('annotations', () => { expect(annotation.find('.annotate-inline').length).toBe(1) expect(annotation.find('.annotate-row').length).toBe(2) const notes = $('.annotate-row .annotate-note p', annotation) - const noteTexts = notes.map((i: number, el: any) => $(el).text()).get() + const noteTexts = notes.map((_, el) => $(el).text()).get() expect(noteTexts).toEqual(['Has to start with a comment.', 'This is the if statement']) } // Yaml code snippet that starts with an empty comment @@ -44,7 +44,7 @@ describe('annotations', () => { expect(annotation.find('.annotate-inline').length).toBe(1) expect(annotation.find('.annotate-row').length).toBe(3) const notes = $('.annotate-row .annotate-note p', annotation) - const noteTexts = notes.map((i: number, el: any) => $(el).text()).get() + const noteTexts = notes.map((_, el) => $(el).text()).get() expect(noteTexts).toEqual([ 'Configures this workflow to run every time a change is pushed to the branch called release.', "This job checks out the repository contents ...\nAnd here's the second comment line.", diff --git a/src/fixtures/tests/internal-links.ts b/src/fixtures/tests/internal-links.ts index d95dcc71d0f1..e0847dc2395e 100644 --- a/src/fixtures/tests/internal-links.ts +++ b/src/fixtures/tests/internal-links.ts @@ -9,7 +9,7 @@ describe('autotitle', () => { test('internal links with AUTOTITLE resolves', async () => { const $: cheerio.Root = await getDOM('/get-started/foo/autotitling') const links = $('#article-contents a[href]') - links.each((i: number, element: any) => { + links.each((i: number, element: cheerio.Element) => { if ($(element).attr('href')?.includes('/get-started/start-your-journey/hello-world')) { expect($(element).text()).toBe('Hello World') } @@ -49,13 +49,14 @@ describe('cross-version-links', () => { // Tests that the hardcoded prefix is always removed const firstLink = links.filter( - (i: number, element: any) => $(element).text() === 'Hello world always in free-pro-team', + (i: number, element: cheerio.Element) => + $(element).text() === 'Hello world always in free-pro-team', ) expect(firstLink.attr('href')).toBe('/en/get-started/start-your-journey/hello-world') // Tests that the second link always goes to enterprise-server@X.Y const secondLink = links.filter( - (i: number, element: any) => + (i: number, element: cheerio.Element) => $(element).text() === 'Autotitling page always in enterprise-server latest', ) expect(secondLink.attr('href')).toBe( @@ -72,7 +73,7 @@ describe('link-rewriting', () => { { const link = links.filter( - (i: number, element: any) => $(element).text() === 'Cross Version Linking', + (i: number, element: cheerio.Element) => $(element).text() === 'Cross Version Linking', ) expect(link.attr('href')).toMatch('/en/get-started/') } @@ -80,21 +81,25 @@ describe('link-rewriting', () => { // Some links are left untouched { - const link = links.filter((i: number, element: any) => + const link = links.filter((i: number, element: cheerio.Element) => $(element).text().includes('Enterprise 11.10'), ) expect(link.attr('href')).toMatch('/en/enterprise/') } { - const link = links.filter((i: number, element: any) => $(element).text().includes('peterbe')) + const link = links.filter((i: number, element: cheerio.Element) => + $(element).text().includes('peterbe'), + ) expect(link.attr('href')).toMatch(/^https:/) } { - const link = links.filter((i: number, element: any) => $(element).text().includes('Picture')) + const link = links.filter((i: number, element: cheerio.Element) => + $(element).text().includes('Picture'), + ) expect(link.attr('href')).toMatch(/^\/assets\//) } { - const link = links.filter((i: number, element: any) => + const link = links.filter((i: number, element: cheerio.Element) => $(element).text().includes('GraphQL Schema'), ) expect(link.attr('href')).toMatch(/^\/public\//) @@ -108,7 +113,7 @@ describe('link-rewriting', () => { const links = $('#article-contents a[href]') const link = links.filter( - (i: number, element: any) => $(element).text() === 'Cross Version Linking', + (i: number, element: cheerio.Element) => $(element).text() === 'Cross Version Linking', ) expect(link.attr('href')).toMatch('/en/enterprise-cloud@latest/get-started/') }) @@ -121,7 +126,7 @@ describe('link-rewriting', () => { const links = $('#article-contents a[href]') const link = links.filter( - (i: number, element: any) => $(element).text() === 'Cross Version Linking', + (i: number, element: cheerio.Element) => $(element).text() === 'Cross Version Linking', ) expect(link.attr('href')).toMatch( `/en/enterprise-server@${enterpriseServerReleases.latestStable}/get-started/`, @@ -133,14 +138,14 @@ describe('subcategory links', () => { test('no free-pro-team prefix', async () => { const $: cheerio.Root = await getDOM('/rest/actions') const links = $('[data-testid="table-of-contents"] a[href]') - links.each((i: number, element: any) => { + links.each((i: number, element: cheerio.Element) => { expect($(element).attr('href')).not.toContain('/free-pro-team@latest') }) }) test('enterprise-server prefix', async () => { const $: cheerio.Root = await getDOM('/enterprise-server@latest/rest/actions') const links = $('[data-testid="table-of-contents"] a[href]') - links.each((i: number, element: any) => { + links.each((i: number, element: cheerio.Element) => { expect($(element).attr('href')).toMatch(/\/enterprise-server@\d/) }) }) diff --git a/src/fixtures/tests/minitoc.ts b/src/fixtures/tests/minitoc.ts index 1fbeaf279f7f..9d2475853acd 100644 --- a/src/fixtures/tests/minitoc.ts +++ b/src/fixtures/tests/minitoc.ts @@ -4,7 +4,6 @@ import cheerio from 'cheerio' import { getDOM } from '@/tests/helpers/e2etest' describe('minitoc', () => { - // TODO disable the mini TOC tests when we replace it with sticky TOC header test('renders mini TOC in articles with more than one heading', async () => { const $: cheerio.Root = await getDOM('/en/get-started/minitocs/multiple-headings') expect($('h2#in-this-article').length).toBe(1) diff --git a/src/fixtures/tests/playwright-rendering.spec.ts b/src/fixtures/tests/playwright-rendering.spec.ts index bc775209b347..d844e2294dd6 100644 --- a/src/fixtures/tests/playwright-rendering.spec.ts +++ b/src/fixtures/tests/playwright-rendering.spec.ts @@ -1,6 +1,7 @@ import dotenv from 'dotenv' import { test, expect } from '@playwright/test' import { turnOffExperimentsInPage, dismissCTAPopover } from '../helpers/turn-off-experiments' +import { HOVERCARDS_ENABLED, ANALYTICS_ENABLED } from '../../frame/lib/constants' // This exists for the benefit of local testing. // In GitHub Actions, we rely on setting the environment variable directly @@ -347,6 +348,8 @@ test('sidebar custom link functionality works', async ({ page }) => { }) test.describe('hover cards', () => { + test.skip(!HOVERCARDS_ENABLED, 'Hovercards are disabled') + test('hover over link', async ({ page }) => { await page.goto('/pages/quickstart') await turnOffExperimentsInPage(page) @@ -502,11 +505,7 @@ test.describe('test nav at different viewports', () => { await page.goto('/get-started/foo/bar') // version picker should be visible - await page - .getByRole('button', { - name: 'Select GitHub product version: current version is free-pro-team@latest', - }) - .click() + await page.getByTestId('version-picker').getByRole('button').click() expect((await page.getByRole('menuitemradio').all()).length).toBeGreaterThan(0) await expect(page.getByRole('menuitemradio', { name: 'Enterprise Cloud' })).toBeVisible() @@ -546,11 +545,7 @@ test.describe('test nav at different viewports', () => { await page.goto('/get-started/foo/bar') // version picker is visible - await page - .getByRole('button', { - name: 'Select GitHub product version: current version is free-pro-team@latest', - }) - .click() + await page.getByTestId('version-picker').getByRole('button').click() expect((await page.getByRole('menuitemradio').all()).length).toBeGreaterThan(0) await expect(page.getByRole('menuitemradio', { name: 'Enterprise Cloud' })).toBeVisible() @@ -581,11 +576,7 @@ test.describe('test nav at different viewports', () => { await expect(page.getByTestId('language-picker')).not.toBeVisible() // version picker is visible - await expect( - page.getByRole('button', { - name: 'Select GitHub product version: current version is free-pro-team@latest', - }), - ).toBeVisible() + await expect(page.getByTestId('version-picker').getByRole('button')).toBeVisible() // language picker is in mobile menu await page.getByTestId('mobile-menu').click() @@ -616,11 +607,7 @@ test.describe('test nav at different viewports', () => { await expect(page.getByTestId('language-picker')).not.toBeVisible() // version picker is not visible - await expect( - page.getByRole('button', { - name: 'Select GitHub product version: current version is free-pro-team@latest', - }), - ).not.toBeVisible() + await expect(page.getByTestId('version-picker').getByRole('button')).not.toBeVisible() // version picker is in mobile menu await expect(page.getByTestId('version-picker')).not.toBeVisible() @@ -691,6 +678,8 @@ test.describe('test nav at different viewports', () => { }) test.describe('survey', () => { + test.skip(!ANALYTICS_ENABLED, 'Analytics are disabled') + test('happy path, thumbs up and enter comment and email', async ({ page }) => { let fulfilled = 0 let hasSurveyPressedEvent = false @@ -1058,8 +1047,90 @@ test.describe('LandingCarousel component', () => { }) }) +test.describe('Multi-carousel support', () => { + test('displays multiple carousels from carousels frontmatter', async ({ page }) => { + await page.goto('/get-started/multi-carousel') + + // Should have multiple carousels rendered + const carousels = page.locator('[data-testid="landing-carousel"]') + const carouselCount = await carousels.count() + + // We defined exactly 2 carousels in the frontmatter + expect(carouselCount).toBe(2) + }) + + test('carousel with matching ui.yml key displays translated title', async ({ page }) => { + await page.goto('/get-started/multi-carousel') + + // The "recommended" carousel should show "Recommended" title from ui.yml + const carouselHeadings = page.locator('[data-testid="landing-carousel"] h2') + + const headingTexts = await carouselHeadings.allTextContents() + + // Check that at least one heading has "Recommended" + expect(headingTexts.some((text) => text.includes('Recommended'))).toBe(true) + }) + + test('carousel without matching ui.yml key renders without title', async ({ page }) => { + await page.goto('/get-started/multi-carousel') + + // The "titleTwoNoMatchingUiYml" carousel should not have a visible heading + // or the heading element should be empty/not exist for that carousel + const carouselHeadings = page.locator('[data-testid="landing-carousel"] h2') + const headingTexts = await carouselHeadings.allTextContents() + + // The raw key "titleTwoNoMatchingUiYml" should NOT appear as a heading + // (the component should not show the key as fallback) + expect(headingTexts.some((text) => text === 'titleTwoNoMatchingUiYml')).toBe(false) + }) + + test('heading h2 element is only present when ui.yml translation exists', async ({ page }) => { + await page.goto('/get-started/multi-carousel') + + const carousels = page.locator('[data-testid="landing-carousel"]') + const count = await carousels.count() + + // We have 2 carousels: "recommended" and "titleTwoNoMatchingUiYml" + expect(count).toBe(2) + + // Count carousels that have h2 elements + let carouselsWithHeadings = 0 + for (let i = 0; i < count; i++) { + const carousel = carousels.nth(i) + const h2Count = await carousel.locator('h2').count() + if (h2Count > 0) { + carouselsWithHeadings++ + } + } + + // Only 1 carousel should have a heading (recommended has ui.yml entry) + // titleTwoNoMatchingUiYml should NOT have an h2 element at all + expect(carouselsWithHeadings).toBe(1) + + // Verify the specific titles that should be visible + const visibleHeadings = await carousels.locator('h2').allTextContents() + expect(visibleHeadings).toContain('Recommended') + expect(visibleHeadings).not.toContain('titleTwoNoMatchingUiYml') + }) + + test('each carousel has articles based on frontmatter paths', async ({ page }) => { + await page.goto('/get-started/multi-carousel') + + const carousels = page.locator('[data-testid="landing-carousel"]') + const count = await carousels.count() + + // Each carousel should have at least one article + for (let i = 0; i < count; i++) { + const carousel = carousels.nth(i) + const articles = carousel.locator('[data-testid="carousel-items"] a') + const articleCount = await articles.count() + expect(articleCount).toBeGreaterThan(0) + } + }) +}) + test.describe('Journey Tracks', () => { - test('displays journey tracks on landing pages', async ({ page }) => { + test('displays all journey tracks on landing pages', async ({ page }) => { await page.goto('/get-started/test-journey') const journeyTracks = page.locator('[data-testid="journey-tracks"]') @@ -1071,7 +1142,7 @@ test.describe('Journey Tracks', () => { // Verify track has proper structure const firstTrack = tracks.first() - await expect(firstTrack.locator('h3')).toBeVisible() // Track title + await expect(firstTrack.locator('h2')).toBeVisible() // Track title await expect(firstTrack.locator('p')).toBeVisible() // Track description }) @@ -1139,6 +1210,53 @@ test.describe('Journey Tracks', () => { expect(trackContent).not.toContain('{%') expect(trackContent).not.toContain('%}') }) + + test('journey navigation components show on article pages', async ({ page }) => { + // go to an article that's part of a journey track + await page.goto('/get-started/start-your-journey/hello-world') + + // journey card should be visible in sidebar + const journeyCard = page.locator('[data-testid="journey-track-card"]') + await expect(journeyCard).toBeVisible() + + // journey footer nav should be visible + const journeyNav = page.locator('[data-testid="journey-track-nav"]') + await expect(journeyNav).toBeVisible() + }) + + test('journey footer nav component links to first article in next track from last article in previous track', async ({ + page, + }) => { + await page.goto('/get-started/foo/bar') + + const journeyNav = page.locator('[data-testid="journey-track-nav"]') + await expect(journeyNav).toBeVisible() + + // Link should display the next track's title and go to its first article + const nextTrackLink = journeyNav.locator('a').filter({ hasText: 'Advanced topics' }) + await expect(nextTrackLink).toBeVisible() + + const href = await nextTrackLink.getAttribute('href') + expect(href).toContain('/get-started/foo/autotitling') + }) + + test('journey card displays branching text when present', async ({ page }) => { + await page.goto('/get-started/foo/journey-test-article') + + const journeyCard = page.locator('[data-testid="journey-track-card"]') + await expect(journeyCard).toBeVisible() + + // Branching text should be rendered with markdown links + await expect(journeyCard).toContainText('Want to skip ahead?') + + // AUTOTITLE should be resolved to actual article title + const branchingLink = journeyCard.locator('a').filter({ hasText: 'Hello World' }) + await expect(branchingLink).toBeVisible() + await expect(journeyCard).not.toContainText('AUTOTITLE') + + const href = await branchingLink.getAttribute('href') + expect(href).toContain('/get-started/start-your-journey/hello-world') + }) }) test.describe('LandingArticleGridWithFilter component', () => { @@ -1293,3 +1411,80 @@ test.describe('LandingArticleGridWithFilter component', () => { await expect(articleGrid).toBeVisible() }) }) + +test.describe('Non-child page resolution', () => { + test('category page with local children renders properly', async ({ page }) => { + // The local-category has local children (local-article-one, local-article-two) + // and an external article reference via children frontmatter + await page.goto('/get-started/non-child-resolution/local-category') + + // Should have a title + await expect(page).toHaveTitle(/Local category test/) + + // The page should load without errors and have main content + await expect(page.locator('main')).toBeVisible() + }) + + test('cross-product children page loads correctly', async ({ page }) => { + // The articles-only fixture now uses /content/ prefix in children for cross-product paths + await page.goto('/get-started/non-child-resolution/articles-only') + + await expect(page).toHaveTitle(/Cross-product children test/) + await expect(page.locator('main')).toBeVisible() + }) + + test('children-only page with /content/ path loads correctly', async ({ page }) => { + // The children-only fixture uses /content/ prefix for cross-product paths + await page.goto('/get-started/non-child-resolution/children-only') + + await expect(page).toHaveTitle(/Children only test/) + await expect(page.locator('main')).toBeVisible() + }) + + test('standalone article is accessible', async ({ page }) => { + await page.goto('/get-started/non-child-resolution/standalone-article') + + await expect(page).toHaveTitle(/Standalone article/) + await expect(page.locator('main')).toBeVisible() + }) + + test('versioned cross-product children - fpt shows only fpt article', async ({ page }) => { + // In fpt version, only the only-fpt article should be available + await page.goto('/get-started/non-child-resolution/versioned-cross-product') + + await expect(page).toHaveTitle(/Versioned cross-product test/) + await expect(page.locator('main')).toBeVisible() + + // Check TOC has the fpt-only article + const tocLinks = page.locator('[data-testid="table-of-contents"] a') + await expect(tocLinks).toHaveCount(1) + await expect(tocLinks.first()).toHaveAttribute('href', /only-fpt/) + }) + + test('versioned cross-product children - ghec shows ghec articles', async ({ page }) => { + // In ghec version, only-ghec and only-ghec-and-ghes should be available + await page.goto( + '/enterprise-cloud@latest/get-started/non-child-resolution/versioned-cross-product', + ) + + await expect(page).toHaveTitle(/Versioned cross-product test/) + await expect(page.locator('main')).toBeVisible() + + // Check TOC has ghec articles (only-ghec and only-ghec-and-ghes) + const tocLinks = page.locator('[data-testid="table-of-contents"] a') + await expect(tocLinks).toHaveCount(2) + }) + + test('cross-product children excluded from sidebar in Japanese translation', async ({ page }) => { + // The Japanese translation should work with cross-product children + await page.goto('/ja/get-started/non-child-resolution') + + // Verify page loads correctly with Japanese site context + // Note: The title may not be fully translated in test fixtures, but the page should render + await expect(page).toHaveTitle(/GitHub Docs/) + await expect(page.locator('main')).toBeVisible() + + // Verify page loads correctly - the cross-product children don't prevent the page from working + // The detailed sidebar filtering is tested by the survey test which verifies no duplicate entries + }) +}) diff --git a/src/frame/README.md b/src/frame/README.md index a8d5302ace56..3ba5bce80ee6 100644 --- a/src/frame/README.md +++ b/src/frame/README.md @@ -1,5 +1,138 @@ # Frame -This is the outlining directory that makes the site work, the spine of the site. +The frame subject provides the foundational infrastructure for the docs.github.com application. It serves as the "spine" of the site, handling core Express server setup, middleware orchestration, shared React components, and fundamental utilities that don't belong to a specific subject. + +## Purpose & Scope + +This subject is responsible for: +* Server initialization and Express app creation +* Middleware orchestration across all subjects +* Context management (`req.context` object building) +* Shared React components (layouts, navigation, error pages) +* Fundamental utilities (path parsing, frontmatter validation, page data) +* Next.js integration and page routing + +Philosophy: The preference is to move code into more specific subject folders when possible. Frame should contain only cross-cutting concerns that truly span multiple subjects or don't have a clear subject-specific home. + +## Architecture & Key Assets + +``` +src/frame/ +├── components/ # Shared React components (DefaultLayout, Link, article, page-header/footer) +├── lib/ # Core utilities (app.ts, page.ts, frontmatter.ts, path-utils.ts) +├── middleware/ # Express middleware pipeline and context builders +├── pages/ # Next.js pages directory (legacy) +├── stylesheets/ # Global CSS and SCSS +├── server.ts # Server entry point +└── start-server.ts # Server startup logic +``` + +### Key files and functions + +- `lib/app.ts` - `createApp()`: Creates and configures the Express application with all middleware +- `lib/warm-server.ts` - `warmServer()`: Pre-loads pages, redirects, and site tree on startup +- `lib/page.ts` - `Page` class: Represents a content page with rendering and metadata methods +- `lib/frontmatter.ts` - AJV schema: Validates frontmatter structure for all markdown files +- `lib/path-utils.ts` - Path parsing functions: Extract version, product, language from URLs +- `middleware/index.ts` - Orchestrates the full middleware pipeline across all subjects +- `middleware/context/context.ts` - `contextualize()`: Initializes base `req.context` object +- `middleware/find-page.ts` - Locates the matching page in the site tree +- `middleware/render-page.ts` - Renders page content and sends response +- `components/DefaultLayout.tsx` - Main layout wrapper for all pages + +## Setup & Usage + +### Running the server locally + +```bash +npm run dev +# Server starts at http://localhost:4000 +``` + +### Running tests + +```bash +npm run test -- src/frame/tests +``` + +### Middleware pipeline order + +The middleware in `middleware/index.ts` executes in a specific order. Key stages: +1. Connection management (timeout, abort handling) +2. Security and headers (helmet, CORS) +3. Language detection and context initialization +4. URL normalization and redirects +5. Page finding and subject-specific middleware +6. Context enrichment (breadcrumbs, TOC, features) +7. Page rendering +8. Error handling + +### Adding new middleware + +When adding middleware, consider: +- Does it belong in a specific subject? If so, add it there and import into `middleware/index.ts` +- Where does it fit in the pipeline order? +- Does it need to modify `req.context`? +- Add to `middleware/index.ts` in the appropriate position + +## Data & External Dependencies + +### Data inputs +- Content files (`content/` directory) parsed and loaded into pages +- Data files (`data/` directory) loaded for variables, features, versions +- Frontmatter schema defines required/optional fields for all pages + +### Dependencies +- Express.js for HTTP server and middleware +- Next.js for some routing and SSR (transitioning away from pages/ directory) +- AJV for frontmatter validation +- Various subject middleware (versions, languages, redirects, etc.) + +### Data outputs +- `req.context` object: Populated and passed to all downstream middleware and components +- Site tree: Navigation structure built from content files +- Rendered HTML: Final page output sent to clients + +## Cross-links & Ownership + +### Related subjects +Nearly every subject interacts with frame: +- [`src/versions`](../versions/README.md) - Version detection and middleware +- [`src/languages`](../languages/README.md) - Language detection and translation +- [`src/redirects`](../redirects/README.md) - URL redirect handling +- [`src/content-render`](../content-render/README.md) - Markdown rendering +- [`src/landings`](../landings/README.md) - Landing page layouts +- [`src/learning-track`](../learning-track/README.md) - Learning track navigation + +### Ownership +- Team: Docs Engineering + +## Current State & Next Steps + +### Known limitations +- Middleware pipeline complexity: Many middleware pieces interact, making debugging challenging +- Context object size: `req.context` accumulates many properties across middleware +- Mixed patterns: Some components are in `components/`, others in subject folders +- Legacy pages directory: Transitioning from Next.js pages/ to app/ router + +### Migration in progress +- Moving from Next.js pages router to app router +- Refactoring subject-specific code out of frame when possible +- Consolidating similar patterns across middleware + +### When to add code to frame +Add code here only if: +- It's truly cross-cutting (used by 3+ subjects) +- It's fundamental infrastructure (server, middleware orchestration) +- No specific subject is a clear fit + +Otherwise, prefer adding to a subject-specific directory. + +### Future improvements +### Possible extractions +- Extract subject-specific middleware to their own directories (e.g., move language detection middleware to `src/languages/middleware`) +- Extract redirect logic to `src/redirects/middleware` +- Extract version detection to `src/versions/middleware` +- Extract search-specific middleware to `src/search/middleware` +- Extract context object building to individual subjects -The preference would be to put these files into a more specific subject folder when possible. diff --git a/src/frame/components/DefaultLayout.tsx b/src/frame/components/DefaultLayout.tsx index b57e727d6814..768b1f2a3247 100644 --- a/src/frame/components/DefaultLayout.tsx +++ b/src/frame/components/DefaultLayout.tsx @@ -63,7 +63,43 @@ export const DefaultLayout = (props: Props) => { const metaDescription = page.introPlainText ? page.introPlainText : t('default_description') - const SOCIAL_CATEGORIES = new Set(['code-security', 'actions', 'issues', 'copilot']) + const SOCIAL_CATEGORIES = new Set([ + 'account-and-profile', + 'actions', + 'admin', + 'apps', + 'authentication', + 'billing', + 'code-security', + 'codespaces', + 'communities', + 'contributing', + 'copilot', + 'desktop', + 'discussions', + 'education', + 'enterprise-onboarding', + 'get-started', + 'github-cli', + 'github-models', + 'graphql', + 'integrations', + 'issues', + 'migrations', + 'nonprofit', + 'organizations', + 'packages', + 'pages', + 'pull-requests', + 'repositories', + 'rest', + 'search-github', + 'site-policy', + 'sponsors', + 'subscriptions-and-notifications', + 'support', + 'webhooks', + ]) const SOCIAL_CARD_IMG_BASE_URL = `${xHost ? `https://${xHost}` : ''}/assets/cb-345/images/social-cards` function getCategoryImageUrl(category: string): string { @@ -77,6 +113,15 @@ export const DefaultLayout = (props: Props) => { return getCategoryImageUrl('default') } + // Helper function to build API article URLs with proper query parameter handling + function buildApiArticleUrl(apiPath: string): string { + // Parse router.asPath to separate pathname and query parameters + const [pathname, queryString] = router.asPath.split('?') + const fullPathname = `/${router.locale}${pathname}` + const queryParams = queryString ? `&${queryString}` : '' + return `https://docs.github.com${apiPath}?pathname=${fullPathname}${queryParams}` + } + return ( @@ -141,25 +186,21 @@ export const DefaultLayout = (props: Props) => { {page.introPlainText && } - {/* LLM-friendly alternate formats - only for articles */} - {page.documentType === 'article' && ( - <> - - - - )} + {/* LLM-friendly alternate formats */} + + import('@/frame/components/ClientSideRefresh'), { ssr: false, @@ -42,10 +45,13 @@ export const ArticlePage = () => { productVideoUrl, miniTocItems, currentLearningTrack, + currentJourneyTrack, supportPortalVaIframeProps, currentLayout, + currentPath, } = useArticleContext() const isLearningPath = !!currentLearningTrack?.trackName + const isJourneyTrack = !!currentJourneyTrack?.trackId const { t } = useTranslation(['pages']) const introProp = ( @@ -71,7 +77,9 @@ export const ArticlePage = () => { const toc = ( <> + {isLearningPath && } + {isJourneyTrack && } {miniTocItems.length > 1 && } ) @@ -88,6 +96,7 @@ export const ArticlePage = () => { )} {renderedPage} + {effectiveDate && (
    Effective as of:{' '} @@ -122,6 +131,11 @@ export const ArticlePage = () => {
    ) : null} + {isJourneyTrack ? ( +
    + +
    + ) : null} ) : (
    @@ -148,6 +162,11 @@ export const ArticlePage = () => {
    ) : null} + {isJourneyTrack ? ( +
    + +
    + ) : null} )} diff --git a/src/frame/components/article/ViewMarkdownButton.module.scss b/src/frame/components/article/ViewMarkdownButton.module.scss new file mode 100644 index 000000000000..9dfb8f872cee --- /dev/null +++ b/src/frame/components/article/ViewMarkdownButton.module.scss @@ -0,0 +1,8 @@ +.button { + font-size: 12px; + padding: 4px 8px; + border-color: #d1d9e0; + background-color: transparent; + border-radius: 6px; + cursor: pointer; +} diff --git a/src/frame/components/article/ViewMarkdownButton.tsx b/src/frame/components/article/ViewMarkdownButton.tsx new file mode 100644 index 000000000000..1ef21b47f3a2 --- /dev/null +++ b/src/frame/components/article/ViewMarkdownButton.tsx @@ -0,0 +1,45 @@ +import { FileIcon } from '@primer/octicons-react' +import { Button } from '@primer/react' +import { sendEvent } from '@/events/components/events' +import { EventType } from '@/events/types' +import { useTranslation } from '@/languages/components/useTranslation' +import cx from 'classnames' +import styles from './ViewMarkdownButton.module.scss' + +interface ViewMarkdownButtonProps { + currentPath: string +} + +export const ViewMarkdownButton = ({ currentPath }: ViewMarkdownButtonProps) => { + const { t } = useTranslation('pages') + + const encodedPath = encodeURIComponent(currentPath).replace(/%2F/g, '/').replace(/%40/g, '@') + const markdownUrl = `/api/article/body?pathname=${encodedPath}` + + const handleClick = () => { + sendEvent({ + type: EventType.link, + link_url: markdownUrl, + link_samesite: false, + link_container: 'view-markdown-button', + }) + window.open(markdownUrl, '_blank') + } + + return ( +
    + +
    + ) +} diff --git a/src/frame/components/context/ArticleContext.tsx b/src/frame/components/context/ArticleContext.tsx index 222fcebd0bd2..22cc1cf223ad 100644 --- a/src/frame/components/context/ArticleContext.tsx +++ b/src/frame/components/context/ArticleContext.tsx @@ -42,6 +42,7 @@ export type ArticleContextT = { allTools: Record supportPortalVaIframeProps: SupportPortalVaIframeProps currentLayout?: string + currentPath: string } export const ArticleContext = createContext(null) @@ -107,5 +108,6 @@ export const getArticleContextFromRequest = (req: any): ArticleContextT => { allTools: page.allToolsParsed || [], // this is set at the page level, see lib/page.ts supportPortalVaIframeProps, currentLayout: req.context.currentLayoutName, + currentPath: req.context.currentPath || '', } } diff --git a/src/frame/components/context/MainContext.tsx b/src/frame/components/context/MainContext.tsx index 10fcb7a42b58..560aff136184 100644 --- a/src/frame/components/context/MainContext.tsx +++ b/src/frame/components/context/MainContext.tsx @@ -86,6 +86,7 @@ type EnterpriseServerReleases = { oldestSupported: string nextDeprecationDate: string supported: Array + releasesWithOldestDeprecationDate: Array } export type MainContextT = { @@ -193,7 +194,11 @@ export const getMainContext = async (req: any, res: any): Promise // To know whether we need this key, we need to match this // with the business logic in `DeprecationBanner.tsx` which is as follows: - if (req.context.currentVersion.includes(req.context.enterpriseServerReleases.oldestSupported)) { + if ( + req.context.enterpriseServerReleases.releasesWithOldestDeprecationDate.includes( + req.context.currentRelease, + ) + ) { reusables.enterprise_deprecation = { version_was_deprecated: req.context.getDottedData( 'reusables.enterprise_deprecation.version_was_deprecated', @@ -264,6 +269,7 @@ export const getMainContext = async (req: any, res: any): Promise 'oldestSupported', 'nextDeprecationDate', 'supported', + 'releasesWithOldestDeprecationDate', ]), enterpriseServerVersions: req.context.enterpriseServerVersions, error: req.context.error ? req.context.error.toString() : '', diff --git a/src/frame/lib/constants.ts b/src/frame/lib/constants.ts index 250450778ca6..626fbf5f1239 100644 --- a/src/frame/lib/constants.ts +++ b/src/frame/lib/constants.ts @@ -12,6 +12,7 @@ const DEFAULT_MAX_REQUEST_TIMEOUT = isDev ? 15_000 : 10_000 export const ROOT = process.env.ROOT || '.' export const USER_LANGUAGE_COOKIE_NAME = 'user_language' +export const USER_VERSION_COOKIE_NAME = 'user_version' export const TRANSLATIONS_ROOT = process.env.TRANSLATIONS_ROOT || 'translations' export const MAX_REQUEST_TIMEOUT = process.env.REQUEST_TIMEOUT ? parseInt(process.env.REQUEST_TIMEOUT, 10) @@ -34,3 +35,6 @@ export const minimumNotFoundHtml = ` • Privacy `.replace(/\n/g, '') + +export const ANALYTICS_ENABLED = true +export const HOVERCARDS_ENABLED = true diff --git a/src/frame/lib/create-tree.ts b/src/frame/lib/create-tree.ts index 7b112a65b93b..1cb18aa80d7d 100644 --- a/src/frame/lib/create-tree.ts +++ b/src/frame/lib/create-tree.ts @@ -119,11 +119,36 @@ export default async function createTree( childPreviousTree = previousTree.childPages[i] } } - const subTree = await createTree( - path.posix.join(originalPath, child), - basePath, - childPreviousTree, - ) + + // Handle absolute /content/ paths - allows cross-product directory inclusion + // e.g., /content/actions/workflows will include the entire actions/workflows tree + let childPath: string + if (child.startsWith('/content/')) { + // Absolute content path - resolve from the content root + // Strip '/content/' prefix and join with the base content directory + const absoluteChildPath = child.slice('/content/'.length) + childPath = path.posix.join(basePath, absoluteChildPath) + + // Security check: ensure the resolved path stays within the content directory + // This prevents path traversal attacks using sequences like '../' + const resolvedPath = path.resolve(childPath) + const resolvedBasePath = path.resolve(basePath) + if (!resolvedPath.startsWith(resolvedBasePath + path.sep)) { + throw new Error( + `Invalid child path "${child}" in ${originalPath}/index.md - path traversal detected. ` + + `Resolved path "${resolvedPath}" escapes content directory "${resolvedBasePath}".`, + ) + } + } else { + // Traditional relative path + childPath = path.posix.join(originalPath, child) + } + + const subTree = await createTree(childPath, basePath, childPreviousTree) + if (subTree && child.startsWith('/content/')) { + // Mark this subtree as a cross-product child so it can be excluded from the sidebar + subTree.crossProductChild = true + } if (!subTree) { // Remove that children. // For example, the 'early-access' might have been in the diff --git a/src/frame/lib/frontmatter.ts b/src/frame/lib/frontmatter.ts index 3beca783efd6..0d4dc7ee5da6 100644 --- a/src/frame/lib/frontmatter.ts +++ b/src/frame/lib/frontmatter.ts @@ -19,6 +19,7 @@ interface SchemaProperty { properties?: Record required?: string[] additionalProperties?: boolean + patternProperties?: Record format?: string description?: string minItems?: number @@ -247,7 +248,20 @@ export const schema: Schema = { guides: { type: 'array', items: { - type: 'string', + type: 'object', + required: ['href'], + properties: { + href: { + type: 'string', + description: 'Path to the article in the journey track', + }, + alternativeNextStep: { + type: 'string', + description: + 'Optional branching text for the article when guiding users through the journey', + }, + }, + additionalProperties: false, }, description: 'Array of article paths that make up this journey track', }, @@ -348,7 +362,15 @@ export const schema: Schema = { }, autogenerated: { type: 'string', - enum: ['audit-logs', 'codeql-cli', 'github-apps', 'graphql', 'rest', 'webhooks'], + enum: [ + 'audit-logs', + 'codeql-cli', + 'github-apps', + 'graphql', + 'rest', + 'secret-scanning', + 'webhooks', + ], }, // START category-landing tags category: { @@ -401,12 +423,20 @@ category: }, description: 'Array of articles to feature in the spotlight section', }, - // Recommended configuration for category landing pages - recommended: { - type: 'array', - minItems: 3, - maxItems: 9, - description: 'Array of articles to feature in the carousel section', + // Carousels configuration for category landing pages (supports multiple carousels) + carousels: { + type: 'object', + description: 'Multiple named carousels with articles to feature', + patternProperties: { + '^[a-zA-Z_][a-zA-Z0-9_]*$': { + type: 'array', + minItems: 3, + maxItems: 9, + items: { + type: 'string', + }, + }, + }, }, // Included categories for article grid filtering includedCategories: { diff --git a/src/frame/lib/get-toc-items.ts b/src/frame/lib/get-toc-items.ts deleted file mode 100644 index 4cd40eb0ba8f..000000000000 --- a/src/frame/lib/get-toc-items.ts +++ /dev/null @@ -1,57 +0,0 @@ -import { productMap } from '@/products/lib/all-products' - -interface TocItem { - type: 'category' | 'subcategory' | 'article' - href: string -} - -interface Page { - relativePath: string - markdown: string -} - -const productTOCs = Object.values(productMap) - .filter((product) => !product.external) - .map((product) => product.toc.replace('content/', '')) - -const linkString = /{% [^}]*?link.*? \/(.*?) ?%}/m -const linksArray = new RegExp(linkString.source, 'gm') - -// return an array of objects like { type: 'category|subcategory|article', href: 'path' } -export default function getTocItems(page: Page): TocItem[] | undefined { - // only process product and category tocs - if (!page.relativePath.endsWith('index.md')) return - if (page.relativePath === 'index.md') return - - // ignore content above Table of Contents heading - const pageContent = page.markdown.replace(/[\s\S]*?# Table of contents\n/im, '') - - // find array of TOC link strings - const rawItems = pageContent.match(linksArray) - - // return an empty array if this is a localized page - if (!rawItems) { - return [] - } - - return rawItems - .map((item: string) => { - const match = item.match(linkString) - if (!match) return null - - const tocItem: TocItem = {} as TocItem - - // a product's toc items are always categories - // whereas a category's toc items can be either subcategories or articles - tocItem.type = productTOCs.includes(page.relativePath) - ? 'category' - : page.relativePath.includes('/index.md') - ? 'subcategory' - : 'article' - - tocItem.href = match[1] - - return tocItem - }) - .filter((item): item is TocItem => item !== null) -} diff --git a/src/frame/lib/page-data.ts b/src/frame/lib/page-data.ts index e301bd223e31..ab40fef20809 100644 --- a/src/frame/lib/page-data.ts +++ b/src/frame/lib/page-data.ts @@ -259,6 +259,12 @@ async function translateTree( translatedData, ) as any, ) as any + + // Preserve the crossProductChild flag from the English tree + if (enTree.crossProductChild) { + ;(item as UnversionedTree).crossProductChild = true + } + if ( ((item as UnversionedTree).page as any).children && ((item as UnversionedTree).page as any).children.length > 0 @@ -377,9 +383,14 @@ export async function loadPageList( if (!item.childPages) return await Promise.all( - item.childPages.map( - async (childPage: UnversionedTree) => await addToCollection(childPage, collection), - ), + item.childPages + // Cross-product children are pages included from other parts of the + // tree via absolute `/content/` paths in a bespoke landing page's + // children list. They already exist in their original location, so + // including them again would create duplicate entries in the flat + // page list which breaks search-index uniqueness constraints. + .filter((childPage: UnversionedTree) => !childPage.crossProductChild) + .map(async (childPage: UnversionedTree) => await addToCollection(childPage, collection)), ) } diff --git a/src/frame/lib/page.ts b/src/frame/lib/page.ts index b90a82345f57..5f3c619cbd8c 100644 --- a/src/frame/lib/page.ts +++ b/src/frame/lib/page.ts @@ -6,7 +6,6 @@ import getApplicableVersions from '@/versions/lib/get-applicable-versions' import generateRedirectsForPermalinks from '@/redirects/lib/permalinks' import getEnglishHeadings from '@/languages/lib/get-english-headings' import { getAlertTitles } from '@/languages/lib/get-alert-titles' -import getTocItems from './get-toc-items' import Permalink from './permalink' import { renderContent } from '@/content-render/index' import processLearningTracks from '@/learning-track/lib/process-learning-tracks' @@ -96,10 +95,12 @@ class Page { public rawIncludeGuides?: string[] public introLinks?: Record public rawIntroLinks?: Record - public recommended?: string[] - public rawRecommended?: string[] + public carousels?: Record + public rawCarousels?: Record public autogenerated?: string public featuredLinks?: FeaturedLinksExpanded + public children?: string[] + public layout?: string // Derived properties public languageCode!: string @@ -111,7 +112,6 @@ class Page { public documentType: string public applicableVersions: string[] public permalinks: Permalink[] - public tocItems?: any[] public communityRedirect?: CommunityRedirect public detectedPlatforms: string[] = [] public includesPlatformSpecificContent: boolean = false @@ -224,7 +224,7 @@ class Page { this.rawLearningTracks = this.learningTracks this.rawIncludeGuides = this.includeGuides as any this.rawIntroLinks = this.introLinks - this.rawRecommended = this.recommended + this.rawCarousels = this.carousels // Is this the Homepage or a Product, Category, Topic, or Article? this.documentType = getDocumentType(this.relativePath) @@ -259,9 +259,13 @@ class Page { this.applicableVersions, ) + // Ensure 'children' frontmatter exists if this is a standard index page if (this.relativePath.endsWith('index.md')) { - // get an array of linked items in product and category TOCs - this.tocItems = getTocItems(this) + if (!this.children && !/(search|early-access)\/.*index.md/.test(this.relativePath)) { + if (this.layout !== 'journey-landing') { + throw new Error(`${this.fullPath} must contain 'children' frontmatter.`) + } + } } // if this is an article and it doesn't have showMiniToc = false, set mini TOC to true diff --git a/src/frame/lib/path-utils.ts b/src/frame/lib/path-utils.ts index 64c3fb1eef82..ff6f1d181c82 100644 --- a/src/frame/lib/path-utils.ts +++ b/src/frame/lib/path-utils.ts @@ -109,32 +109,37 @@ export function getVersionObjectFromPath(href: string | undefined) { return allVersions[versionFromPath] } -// TODO needs refactoring + tests // Return the product segment from the path +// Extracts the product identifier from various URL patterns including versioned paths export function getProductStringFromPath(href: string | undefined): string { + // Handle empty or undefined paths if (!href) return 'homepage' - href = getPathWithoutLanguage(href) - if (href === '/') return 'homepage' + const normalizedHref = getPathWithoutLanguage(href) + if (normalizedHref === '/') return 'homepage' - // The first segment will always be empty on this split - const pathParts = href.split('/') + // Split path into segments (first segment is always empty string) + const pathParts = normalizedHref.split('/') + // Handle special product paths that appear anywhere in the URL if (pathParts.includes('early-access')) return 'early-access' - // For rest pages the currentProduct should be rest - // We use this to show SidebarRest, which is a different sidebar than the rest of the site - if (pathParts[1] === 'rest') return 'rest' - if (pathParts[1] === 'copilot') return 'copilot' - if (pathParts[1] === 'get-started') return 'get-started' - - // Possible scenarios for href (assume part[0] is an empty string): - // - // * part[1] is a version and part[2] is undefined, so return part[1] as an enterprise landing page - // * part[1] is a version and part[2] is defined, so return part[2] as the product - // * part[1] is NOT a version, so return part[1] as the product - const isEnterprise = supportedVersions.has(pathParts[1]) - const productString = isEnterprise && pathParts[2] ? pathParts[2] : pathParts[1] + // Handle special products that always appear as the first segment + // These products use custom sidebars and need explicit handling + const specialProducts = ['rest', 'copilot', 'get-started'] + if (specialProducts.includes(pathParts[1])) { + return pathParts[1] + } + + // Determine if first segment is a version (e.g., 'enterprise-server@3.9') + // If yes, product is in pathParts[2], otherwise it's in pathParts[1] + // Examples: + // /enterprise-server@3.9/admin -> product is 'admin' + // /github/getting-started -> product is 'github' + // /enterprise-server@3.9 -> product is 'enterprise-server@3.9' (enterprise landing) + const hasVersionPrefix = supportedVersions.has(pathParts[1]) + const productString = hasVersionPrefix && pathParts[2] ? pathParts[2] : pathParts[1] + return productString } diff --git a/src/frame/middleware/cache-control.ts b/src/frame/middleware/cache-control.ts index 27a912def830..7132b94329d7 100644 --- a/src/frame/middleware/cache-control.ts +++ b/src/frame/middleware/cache-control.ts @@ -93,6 +93,13 @@ export function languageCacheControl(res: Response): void { res.set('vary', 'accept-language, x-user-language') } +// Vary on both language and version for homepage redirects +// x-user-version is a custom request header derived from req.cookie:user_version +export function languageAndVersionCacheControl(res: Response): void { + defaultCacheControl(res) + res.set('vary', 'accept-language, x-user-language, x-user-version') +} + // Long cache control for versioned assets: images, CSS, JS... export const assetCacheControl = cacheControlFactory(60 * 60 * 24 * 7, { immutable: true }) diff --git a/src/frame/middleware/context/current-product-tree.ts b/src/frame/middleware/context/current-product-tree.ts index 130e8504e380..80b6fa2ab816 100644 --- a/src/frame/middleware/context/current-product-tree.ts +++ b/src/frame/middleware/context/current-product-tree.ts @@ -127,6 +127,7 @@ async function getCurrentProductTreeTitles(input: Tree, context: Context): Promi if (page.hidden) node.hidden = true if (page.sidebarLink) node.sidebarLink = page.sidebarLink if (page.layout && typeof page.layout === 'string') node.layout = page.layout + if (input.crossProductChild) node.crossProductChild = true return node } @@ -146,7 +147,9 @@ function excludeHidden(tree: TitlesTree) { function sidebarTree(tree: TitlesTree) { const { href, title, shortTitle, childPages, sidebarLink } = tree - const childChildPages = childPages.map(sidebarTree) + // Filter out cross-product children from the sidebar + const filteredChildPages = childPages.filter((child) => !child.crossProductChild) + const childChildPages = filteredChildPages.map(sidebarTree) const newTree: TitlesTree = { href, title: shortTitle || title, diff --git a/src/frame/middleware/context/generic-toc.ts b/src/frame/middleware/context/generic-toc.ts index 7d5bf55da1f5..7a22c9053944 100644 --- a/src/frame/middleware/context/generic-toc.ts +++ b/src/frame/middleware/context/generic-toc.ts @@ -131,7 +131,7 @@ async function getTocItems(node: Tree, context: Context, opts: Options): Promise } return await Promise.all( - node.childPages.filter(filterHidden).map(async (child) => { + (node.childPages || []).filter(filterHidden).map(async (child) => { const { page } = child const title = await page.renderProp('rawTitle', context, { textOnly: true }) const octicon = page.octicon ?? null diff --git a/src/frame/middleware/context/product-examples.ts b/src/frame/middleware/context/product-examples.ts index a40b0a4390f2..67143cc1bc35 100644 --- a/src/frame/middleware/context/product-examples.ts +++ b/src/frame/middleware/context/product-examples.ts @@ -16,7 +16,7 @@ function getProductExampleData( try { return getDataByLanguage(`product-examples.${product}.${key}`, language) } catch (error) { - if (error instanceof Error && (error as any).code === 'ENOENT') return + if (error instanceof Error && 'code' in error && error.code === 'ENOENT') return throw error } } diff --git a/src/frame/middleware/find-page.ts b/src/frame/middleware/find-page.ts index 617b162d901d..a78feb5c3dc1 100644 --- a/src/frame/middleware/find-page.ts +++ b/src/frame/middleware/find-page.ts @@ -105,10 +105,9 @@ async function rereadByPath( const languageCode = match[1] const withoutLanguage = uri.replace(languagePrefixPathRegex, '/') const withoutVersion = withoutLanguage.replace(`/${currentVersion}`, '') - // TODO: Support loading translations the same way. - // NOTE: No one is going to test translations like this in development - // but perhaps one day we can always and only do these kinds of lookups - // at runtime. + // Note: We don't support loading translations at runtime. All translations + // are loaded at build time. This function only handles English content reloading + // during development. const possible = path.join(contentRoot, withoutVersion) const filePath = existsSync(possible) ? path.join(possible, 'index.md') : `${possible}.md` const relativePath = path.relative(contentRoot, filePath) diff --git a/src/frame/middleware/helmet.ts b/src/frame/middleware/helmet.ts index e045cbbaeb80..f2979fab0776 100644 --- a/src/frame/middleware/helmet.ts +++ b/src/frame/middleware/helmet.ts @@ -28,7 +28,9 @@ const DEFAULT_OPTIONS = { prefetchSrc: ["'self'"], // When doing local dev, especially in Safari, you need to add `ws:` // which NextJS uses for the hot module reloading. - connectSrc: ["'self'", isDev && 'ws:'].filter(Boolean) as string[], + connectSrc: ["'self'", 'https://collector.githubapp.com', isDev && 'ws:'].filter( + Boolean, + ) as string[], fontSrc: ["'self'", 'data:'], imgSrc: [...GITHUB_DOMAINS, 'data:', 'placehold.it'], objectSrc: ["'self'"], diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts index eb69e7acffac..c2ef6d86b824 100644 --- a/src/frame/middleware/index.ts +++ b/src/frame/middleware/index.ts @@ -16,6 +16,7 @@ import { import handleErrors from '@/observability/middleware/handle-errors' import handleNextDataPath from './handle-next-data-path' import detectLanguage from '@/languages/middleware/detect-language' +import detectVersion from '@/versions/middleware/detect-version' import reloadTree from './reload-tree' import context from './context/context' import shortVersions from '@/versions/middleware/short-versions' @@ -44,7 +45,7 @@ import currentProductTree from './context/current-product-tree' import genericToc from './context/generic-toc' import breadcrumbs from './context/breadcrumbs' import glossaries from './context/glossaries' -import resolveRecommended from './resolve-recommended' +import resolveCarousels from './resolve-carousels' import renderProductName from './context/render-product-name' import features from '@/versions/middleware/features' import productExamples from './context/product-examples' @@ -213,6 +214,7 @@ export default function index(app: Express) { // *** Config and context for redirects *** app.use(urlDecode) // Must come before detectLanguage to decode @ symbols in version segments app.use(detectLanguage) // Must come before context, breadcrumbs, find-page, handle-errors, homepages + app.use(detectVersion) // Must come before handle-redirects for version cookie support app.use(asyncMiddleware(reloadTree)) // Must come before context app.use(asyncMiddleware(context)) // Must come before early-access-*, handle-redirects app.use(shortVersions) // Support version shorthands @@ -279,7 +281,7 @@ export default function index(app: Express) { app.use(asyncMiddleware(glossaries)) app.use(asyncMiddleware(generalSearchMiddleware)) app.use(asyncMiddleware(featuredLinks)) - app.use(asyncMiddleware(resolveRecommended)) + app.use(asyncMiddleware(resolveCarousels)) app.use(asyncMiddleware(learningTrack)) app.use(asyncMiddleware(journeyTrack)) diff --git a/src/frame/middleware/llms-txt.ts b/src/frame/middleware/llms-txt.ts index 88020d11ecb9..1ae9ea740d6b 100644 --- a/src/frame/middleware/llms-txt.ts +++ b/src/frame/middleware/llms-txt.ts @@ -56,6 +56,8 @@ function generateBasicLlmsTxt(): string { ## Docs Content - [Page List API](${BASE_API_URL}/en/free-pro-team@latest) +- [Versions API](${BASE_API_URL}/versions): \`curl "https://docs.github.com/api/pagelist/versions"\` +- [Languages API](${BASE_API_URL}/languages): \`curl "https://docs.github.com/api/pagelist/languages"\` - [Article API](https://docs.github.com/api/article): \`curl "https://docs.github.com/api/article?pathname=/en/get-started/start-your-journey/about-github-and-git"\` - [Search API](https://docs.github.com/api/search): \`curl "https://docs.github.com/api/search?query=actions&language=en&version=free-pro-team@latest"\` diff --git a/src/frame/middleware/resolve-recommended.ts b/src/frame/middleware/resolve-carousels.ts similarity index 57% rename from src/frame/middleware/resolve-recommended.ts rename to src/frame/middleware/resolve-carousels.ts index 12d81c9fb864..ecd80e156a4e 100644 --- a/src/frame/middleware/resolve-recommended.ts +++ b/src/frame/middleware/resolve-carousels.ts @@ -6,7 +6,7 @@ import Permalink from '@/frame/lib/permalink' import { createLogger } from '@/observability/logger/index' -const logger = createLogger('middleware:resolve-recommended') +const logger = createLogger('middleware:resolve-carousels') /** * Build an article path by combining language, optional base path, and article path @@ -94,77 +94,78 @@ function getPageHref(page: any): string { } /** - * Middleware to resolve recommended articles from rawRecommended paths and legacy spotlight field + * Middleware to resolve carousel articles from rawCarousels object */ -async function resolveRecommended( +async function resolveCarousels( req: ExtendedRequest, res: Response, next: NextFunction, ): Promise { try { const page = req.context?.page - const rawRecommended = (page as any)?.rawRecommended - const spotlight = (page as any)?.spotlight - // Collect article paths from rawRecommended or spotlight if there are no - // recommended articles - let articlePaths: string[] = [] - - // Add paths from rawRecommended - if (rawRecommended && Array.isArray(rawRecommended)) { - articlePaths.push(...rawRecommended) - } + const rawCarousels = (page as any)?.rawCarousels - // Add paths from spotlight (legacy field) if no recommended articles - if (articlePaths.length === 0 && spotlight && Array.isArray(spotlight)) { - const spotlightPaths = spotlight - .filter((item: any) => item && typeof item.article === 'string') - .map((item: any) => item.article) - articlePaths.push(...spotlightPaths) - } + // Handle carousels format + if (rawCarousels && typeof rawCarousels === 'object') { + const resolvedCarousels: Record = {} - if (articlePaths.length === 0) { - return next() - } + for (const [carouselKey, articlePaths] of Object.entries(rawCarousels)) { + if (!Array.isArray(articlePaths) || articlePaths.length === 0) { + continue + } - // remove duplicate articles - articlePaths = [...new Set(articlePaths)] - const resolved: ResolvedArticle[] = [] - - for (const rawPath of articlePaths) { - try { - const foundPage = tryResolveArticlePath(rawPath, page?.relativePath, req) - - if ( - foundPage && - (!req.context?.currentVersion || - foundPage.applicableVersions.includes(req.context.currentVersion)) - ) { - const href = getPageHref(foundPage) - const category = foundPage.relativePath - ? foundPage.relativePath.split('/').slice(0, -1).filter(Boolean) - : [] - - resolved.push({ - title: foundPage.title, - intro: await renderContent(foundPage.intro, req.context), - href, - category, - }) + // Remove duplicate articles + const uniquePaths = [...new Set(articlePaths)] + const resolved: ResolvedArticle[] = [] + + for (const rawPath of uniquePaths) { + try { + const foundPage = tryResolveArticlePath(rawPath, page?.relativePath, req) + + if ( + foundPage && + (!req.context?.currentVersion || + foundPage.applicableVersions.includes(req.context.currentVersion)) + ) { + const href = getPageHref(foundPage) + const category = foundPage.relativePath + ? foundPage.relativePath.split('/').slice(0, -1).filter(Boolean) + : [] + + resolved.push({ + title: await renderContent(foundPage.title, req.context, { textOnly: true }), + intro: await renderContent(foundPage.intro, req.context, { textOnly: true }), + href, + category, + }) + } + } catch (error) { + logger.warn(`Failed to resolve carousel article: ${rawPath}`, { error }) + } + } + + if (resolved.length > 0) { + // Prevent prototype pollution by rejecting __proto__ keys + if ( + carouselKey !== '__proto__' && + carouselKey !== 'constructor' && + carouselKey !== 'prototype' + ) { + resolvedCarousels[carouselKey] = resolved + } } - } catch (error) { - logger.warn(`Failed to resolve recommended article: ${rawPath}`, { error }) } - } - // Replace the rawRecommended with resolved articles - if (page) { - ;(page as any).recommended = resolved + // Store resolved carousels on the page + if (page && Object.keys(resolvedCarousels).length > 0) { + ;(page as any).carousels = resolvedCarousels + } } } catch (error) { - logger.error('Error in resolveRecommended middleware:', { error }) + logger.error('Error in resolveCarousels middleware:', { error }) } next() } -export default resolveRecommended +export default resolveCarousels diff --git a/src/frame/stylesheets/index.scss b/src/frame/stylesheets/index.scss index 37accdd7d1f8..178fcc2d5834 100644 --- a/src/frame/stylesheets/index.scss +++ b/src/frame/stylesheets/index.scss @@ -15,3 +15,6 @@ @import "src/content-render/stylesheets/index.scss"; @import "src/links/stylesheets/hover-card.scss"; + +// For primer Spinners and other animated components +@import "@primer/primitives/dist/css/base/motion/motion.css"; diff --git a/src/frame/tests/find-page-middleware.ts b/src/frame/tests/find-page-middleware.ts index cf36fc9c4e2f..ab42f6d23883 100644 --- a/src/frame/tests/find-page-middleware.ts +++ b/src/frame/tests/find-page-middleware.ts @@ -1,45 +1,52 @@ import { fileURLToPath } from 'url' import path from 'path' import http from 'http' +import { Socket } from 'net' import { describe, expect, test } from 'vitest' import type { Response } from 'express' import Page from '@/frame/lib/page' import findPage from '@/frame/middleware/find-page' -import type { ExtendedRequest } from '@/types' +import type { ExtendedRequest, Context } from '@/types' const __dirname = path.dirname(fileURLToPath(import.meta.url)) +type TestResponse = Response & { _status?: number; _message?: string } + function makeRequestResponse( url: string, currentVersion = 'free-pro-team@latest', -): [ExtendedRequest, Response & { _status?: number; _message?: string }] { - const req = new http.IncomingMessage(null as any) as ExtendedRequest +): [ExtendedRequest, TestResponse] { + const req = new http.IncomingMessage(new Socket()) as ExtendedRequest + + Object.defineProperty(req, 'path', { + value: url, + writable: true, + }) + req.method = 'GET' req.url = url - // @ts-expect-error - path is read-only but we need to set it for testing - req.path = url req.cookies = {} req.headers = {} - // Custom keys on the request + const context: Context = { + currentVersion, + pages: {}, + } + req.pagePath = url - req.context = {} - req.context.currentVersion = currentVersion - req.context.pages = {} + req.context = context - const res = new http.ServerResponse(req) as Response & { - _status?: number - _message?: string - } - res.status = function (code: number) { + const res = new http.ServerResponse(req) as TestResponse + res.status = function status(this: TestResponse, code: number) { this._status = code - return { + return Object.assign(this, { send: (message: string) => { this._message = message + return this }, - } as any + }) } return [req, res] @@ -56,7 +63,7 @@ describe('find page middleware', () => { }) if (page && req.context) { req.context.pages = { - '/en/foo/bar': page as any, + '/en/foo/bar': page, } } @@ -88,7 +95,7 @@ describe('find page middleware', () => { }) if (page && req.context) { req.context.pages = { - '/en/page-with-redirects': page as any, + '/en/page-with-redirects': page, } } @@ -98,6 +105,7 @@ describe('find page middleware', () => { }) expect(req.context?.page).toBeInstanceOf(Page) }) + test('finds it for non-fpt version URLS', async () => { const [req, res] = makeRequestResponse('/en/page-with-redirects', 'enterprise-cloud@latest') const page = await Page.init({ @@ -107,7 +115,7 @@ describe('find page middleware', () => { }) if (page && req.context) { req.context.pages = { - '/en/page-with-redirects': page as any, + '/en/page-with-redirects': page, } } @@ -129,7 +137,7 @@ describe('find page middleware', () => { }) if (page && req.context) { req.context.pages = { - '/en/page-with-redirects': page as any, + '/en/page-with-redirects': page, } } diff --git a/src/frame/tests/find-page.ts b/src/frame/tests/find-page.ts index 60189ae9f874..8ecc9b24a282 100644 --- a/src/frame/tests/find-page.ts +++ b/src/frame/tests/find-page.ts @@ -5,6 +5,7 @@ import { describe, expect, test, vi } from 'vitest' import Page from '@/frame/lib/page' import findPage from '@/frame/lib/find-page' +import type { Page as PageType } from '@/types' const __dirname = path.dirname(fileURLToPath(import.meta.url)) @@ -31,7 +32,7 @@ describe('find page', () => { const redirectedPage = findPage( redirectToFind, - pageMap as any, // Using any due to type conflicts between different Page type definitions + pageMap as unknown as Record, page.buildRedirects(), ) expect(redirectedPage).toBeDefined() diff --git a/src/frame/tests/non-child-pages-resolution.test.ts b/src/frame/tests/non-child-pages-resolution.test.ts new file mode 100644 index 000000000000..39ae9f4a46b9 --- /dev/null +++ b/src/frame/tests/non-child-pages-resolution.test.ts @@ -0,0 +1,194 @@ +import { describe, expect, test } from 'vitest' +import path from 'path' +import fs from 'fs' + +// ROOT is the project root directory +// From src/frame/tests/ -> ../../.. gets to project root +const ROOT = path.resolve(__dirname, '../../..') + +/** + * Tests for non-child page resolution: + * `/content/` prefix in children frontmatter resolves to absolute content paths, + * allowing cross-product directory and article inclusion. + */ + +describe('Non-child page resolution', () => { + describe('/content/ prefix in children frontmatter', () => { + test('detects /content/ prefix in children', () => { + const child = '/content/actions/workflows' + expect(child.startsWith('/content/')).toBe(true) + }) + + test('strips /content/ prefix correctly', () => { + const child = '/content/actions/workflows' + const strippedPath = child.slice('/content/'.length) + expect(strippedPath).toBe('actions/workflows') + }) + + test('relative children do not have /content/ prefix', () => { + const relativeChild = '/local-child' + expect(relativeChild.startsWith('/content/')).toBe(false) + }) + + test('/content/ prefix handling resolves absolute paths for directories', () => { + const basePath = '/Users/test/docs-internal/content' + const child = '/content/actions/workflows' + + // Simulate the logic from create-tree.ts + let childPath: string + if (child.startsWith('/content/')) { + const absoluteChildPath = child.slice('/content/'.length) + childPath = path.posix.join(basePath, absoluteChildPath) + } else { + childPath = path.posix.join('/Users/test/docs-internal/content/get-started', child) + } + + expect(childPath).toBe('/Users/test/docs-internal/content/actions/workflows') + }) + + test('/content/ prefix handling resolves absolute paths for articles', () => { + const basePath = '/Users/test/docs-internal/content' + const child = '/content/get-started/foo/bar' + + // Simulate the logic from create-tree.ts + let childPath: string + if (child.startsWith('/content/')) { + const absoluteChildPath = child.slice('/content/'.length) + childPath = path.posix.join(basePath, absoluteChildPath) + } else { + childPath = path.posix.join('/Users/test/docs-internal/content/get-started', child) + } + + expect(childPath).toBe('/Users/test/docs-internal/content/get-started/foo/bar') + }) + + test('relative children resolve relative to current directory', () => { + const originalPath = '/Users/test/docs-internal/content/get-started' + const child = '/local-child' + + // Simulate the logic from create-tree.ts + let childPath: string + if (child.startsWith('/content/')) { + const absoluteChildPath = child.slice('/content/'.length) + childPath = path.posix.join('/Users/test/docs-internal/content', absoluteChildPath) + } else { + childPath = path.posix.join(originalPath, child) + } + + expect(childPath).toBe('/Users/test/docs-internal/content/get-started/local-child') + }) + }) + + describe('children path formats', () => { + test('children array can contain mixed path formats', () => { + const children = [ + '/local-category', // Local directory + '/standalone-article', // Local article + '/content/actions/workflows', // Cross-product directory + '/content/get-started/foo/bar', // Cross-product article + ] + expect(Array.isArray(children)).toBe(true) + expect(children.every((c) => typeof c === 'string')).toBe(true) + }) + + test('/content/ paths and relative paths are distinguishable', () => { + const children = ['/local-child', '/content/other-product/article'] + + const crossProductPaths = children.filter((c) => c.startsWith('/content/')) + const localPaths = children.filter((c) => !c.startsWith('/content/')) + + expect(crossProductPaths).toEqual(['/content/other-product/article']) + expect(localPaths).toEqual(['/local-child']) + }) + }) + + describe('test fixtures validation', () => { + const fixturesRoot = ROOT + const nonChildResolutionPath = path.join( + fixturesRoot, + 'src/fixtures/fixtures/content/get-started/non-child-resolution', + ) + + test('non-child-resolution fixture directory exists', () => { + expect(fs.existsSync(nonChildResolutionPath)).toBe(true) + }) + + test('non-child-resolution index.md exists', () => { + const indexPath = path.join(nonChildResolutionPath, 'index.md') + expect(fs.existsSync(indexPath)).toBe(true) + }) + + test('children-only fixture exists', () => { + const childrenOnlyPath = path.join(nonChildResolutionPath, 'children-only/index.md') + expect(fs.existsSync(childrenOnlyPath)).toBe(true) + }) + + test('cross-product children fixture exists (formerly articles-only)', () => { + const articlesOnlyPath = path.join(nonChildResolutionPath, 'articles-only/index.md') + expect(fs.existsSync(articlesOnlyPath)).toBe(true) + }) + + test('local-category fixture exists with local articles', () => { + const localCategoryPath = path.join(nonChildResolutionPath, 'local-category') + expect(fs.existsSync(path.join(localCategoryPath, 'index.md'))).toBe(true) + expect(fs.existsSync(path.join(localCategoryPath, 'local-article-one.md'))).toBe(true) + expect(fs.existsSync(path.join(localCategoryPath, 'local-article-two.md'))).toBe(true) + }) + + test('versioned-cross-product fixture exists', () => { + const versionedPath = path.join(nonChildResolutionPath, 'versioned-cross-product/index.md') + expect(fs.existsSync(versionedPath)).toBe(true) + }) + }) + + describe('translation behavior', () => { + test('cross-product children paths are language-agnostic', () => { + // The /content/ prefix paths should work regardless of the current language + // The actual translation is handled by the page loading system + const child = '/content/actions/using-workflows/storing-workflow-data-as-artifacts' + + // Path should not include language prefix + expect(child.startsWith('/content/')).toBe(true) + expect(child).not.toMatch(/\/content\/(en|ja|es|pt|zh|ru|ko|fr|de)\//) + }) + + test('resolved paths use content directory, not translations', () => { + // Cross-product children are resolved from the main content directory + // Translations are handled separately by the page rendering system + const basePath = '/Users/test/docs-internal/content' + const child = '/content/actions/workflows' + + const resolvedPath = path.posix.join(basePath, child.slice('/content/'.length)) + expect(resolvedPath).toBe('/Users/test/docs-internal/content/actions/workflows') + expect(resolvedPath).not.toContain('translations') + }) + }) + + describe('crossProductChild flag', () => { + test('flag is set for /content/ prefix paths', () => { + // Simulate the logic from create-tree.ts + const child = '/content/actions/workflows' + const isCrossProduct = child.startsWith('/content/') + expect(isCrossProduct).toBe(true) + }) + + test('flag is not set for relative paths', () => { + const child = '/local-child' + const isCrossProduct = child.startsWith('/content/') + expect(isCrossProduct).toBe(false) + }) + + test('crossProductChild flag excludes items from sidebar', () => { + // Simulate the sidebarTree filtering logic + const childPages = [ + { href: '/en/get-started/foo', title: 'Foo', crossProductChild: false }, + { href: '/en/actions/workflows', title: 'Workflows', crossProductChild: true }, + { href: '/en/get-started/bar', title: 'Bar', crossProductChild: false }, + ] + + const sidebarChildPages = childPages.filter((c) => !c.crossProductChild) + expect(sidebarChildPages).toHaveLength(2) + expect(sidebarChildPages.map((c) => c.title)).toEqual(['Foo', 'Bar']) + }) + }) +}) diff --git a/src/frame/tests/page.ts b/src/frame/tests/page.ts index 03f8821b0798..266babf20100 100644 --- a/src/frame/tests/page.ts +++ b/src/frame/tests/page.ts @@ -439,6 +439,18 @@ describe('catches errors thrown in Page class', () => { await expect(getPage).rejects.toThrowError('versions') }) + test('missing children frontmatter in index file', async () => { + async function getPage() { + return await Page.init({ + relativePath: 'index.md', + basePath: path.join(__dirname, '../../../src/fixtures/fixtures'), + languageCode: 'en', + }) + } + + await expect(getPage).rejects.toThrowError(/must contain 'children' frontmatter/) + }) + test('English page with a version in frontmatter that its parent product is not available in', async () => { async function getPage() { return await Page.init({ diff --git a/src/frame/tests/path-utils.ts b/src/frame/tests/path-utils.ts new file mode 100644 index 000000000000..1df7e18f0bba --- /dev/null +++ b/src/frame/tests/path-utils.ts @@ -0,0 +1,47 @@ +import { describe, expect, test } from 'vitest' + +import { getProductStringFromPath } from '@/frame/lib/path-utils' + +describe('getProductStringFromPath', () => { + test('returns "homepage" for root paths', () => { + expect(getProductStringFromPath('/')).toBe('homepage') + expect(getProductStringFromPath('/en')).toBe('homepage') + expect(getProductStringFromPath(undefined)).toBe('homepage') + }) + + test('handles early-access product', () => { + expect(getProductStringFromPath('/en/early-access/github/overview')).toBe('early-access') + expect(getProductStringFromPath('/early-access/admin/guides')).toBe('early-access') + }) + + test('handles special products (rest, copilot, get-started)', () => { + expect(getProductStringFromPath('/en/rest/overview')).toBe('rest') + expect(getProductStringFromPath('/rest/reference/repos')).toBe('rest') + expect(getProductStringFromPath('/en/copilot/using-copilot')).toBe('copilot') + expect(getProductStringFromPath('/copilot/features')).toBe('copilot') + expect(getProductStringFromPath('/en/get-started/quickstart')).toBe('get-started') + expect(getProductStringFromPath('/get-started/onboarding')).toBe('get-started') + }) + + test('extracts product from non-versioned paths', () => { + expect(getProductStringFromPath('/en/github/getting-started')).toBe('github') + expect(getProductStringFromPath('/actions/quickstart')).toBe('actions') + expect(getProductStringFromPath('/en/admin/installation')).toBe('admin') + expect(getProductStringFromPath('/code-security/overview')).toBe('code-security') + }) + + test('extracts product from versioned paths', () => { + // Note: These tests use free-pro-team which is a supported version + expect(getProductStringFromPath('/en/free-pro-team@latest/admin/installation')).toBe('admin') + expect(getProductStringFromPath('/free-pro-team@latest/actions/quickstart')).toBe('actions') + expect(getProductStringFromPath('/en/free-pro-team@latest/github/getting-started')).toBe( + 'github', + ) + }) + + test('handles enterprise landing pages (version without product)', () => { + // When a version is present but no product segment follows, return the version string + expect(getProductStringFromPath('/en/free-pro-team@latest')).toBe('free-pro-team@latest') + expect(getProductStringFromPath('/enterprise-server@latest')).toBe('enterprise-server@latest') + }) +}) diff --git a/src/frame/tests/resolve-carousels.test.ts b/src/frame/tests/resolve-carousels.test.ts new file mode 100644 index 000000000000..683b2ba3fac0 --- /dev/null +++ b/src/frame/tests/resolve-carousels.test.ts @@ -0,0 +1,399 @@ +import { describe, test, expect, vi, beforeEach } from 'vitest' +import type { Response, NextFunction } from 'express' +import type { ExtendedRequest, Page, ResolvedArticle } from '@/types' +import findPage from '@/frame/lib/find-page' +import resolveCarousels from '../middleware/resolve-carousels' + +// Mock the findPage function +vi.mock('@/frame/lib/find-page', () => ({ + default: vi.fn(), +})) + +// Mock the renderContent function +vi.mock('@/content-render/index', () => ({ + renderContent: vi.fn((content, _context, options) => { + // When textOnly is true, return plain text (no HTML wrapper) + if (options?.textOnly) { + return content + } + return `

    ${content}

    ` + }), +})) + +describe('resolveCarousels middleware', () => { + const mockFindPage = vi.mocked(findPage) + + type TestPage = Partial & { + rawCarousels?: Record + } + + const createMockRequest = ( + pageData: TestPage = {}, + contextData: Partial & { pages?: Record } = {}, + ): ExtendedRequest => { + const { pages: pagesOverride, ...restContext } = contextData + const hasPagesOverride = Object.prototype.hasOwnProperty.call(contextData, 'pages') + const pages = hasPagesOverride + ? pagesOverride + : ({ + '/test-article': { + title: 'Test Article', + intro: 'Test intro', + relativePath: 'test/article.md', + } as unknown as Page, + } as Record) + + return { + context: { + page: pageData as Page, + pages, + redirects: {}, + currentVersion: 'free-pro-team@latest', + currentLanguage: 'en', + ...restContext, + }, + } as unknown as ExtendedRequest + } + + const mockRes = {} as Response + const mockNext = vi.fn() as NextFunction + + beforeEach(() => { + vi.clearAllMocks() + }) + + test('should call next when no context', async () => { + const req = {} as ExtendedRequest + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockNext).toHaveBeenCalled() + expect(mockFindPage).not.toHaveBeenCalled() + }) + + test('should call next when no page', async () => { + const req = { context: {} } as ExtendedRequest + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockNext).toHaveBeenCalled() + expect(mockFindPage).not.toHaveBeenCalled() + }) + + test('should call next when no pages collection', async () => { + const req = createMockRequest( + { rawCarousels: { recommended: ['/test-article'] } }, + { pages: undefined }, + ) + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockNext).toHaveBeenCalled() + expect(mockFindPage).not.toHaveBeenCalled() + }) + + test('should call next when no rawCarousels', async () => { + const req = createMockRequest() + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockNext).toHaveBeenCalled() + expect(mockFindPage).not.toHaveBeenCalled() + }) + + test('should resolve carousel articles when they exist', async () => { + const testPage: Partial = { + title: 'Test Article', + intro: 'Test intro', + relativePath: 'copilot/tutorials/article.md', + applicableVersions: ['free-pro-team@latest'], + } + + mockFindPage.mockReturnValue(testPage as unknown as Page) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/copilot/tutorials/article'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockFindPage).toHaveBeenCalledWith( + '/en/copilot/tutorials/article', + req.context!.pages, + req.context!.redirects, + ) + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Test Article', + intro: 'Test intro', + href: '/copilot/tutorials/article', + category: ['copilot', 'tutorials'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) + + test('should resolve multiple carousels', async () => { + const testPage1: Partial = { + title: 'Article One', + intro: 'Intro one', + relativePath: 'test/article-one.md', + applicableVersions: ['free-pro-team@latest'], + } + const testPage2: Partial = { + title: 'Article Two', + intro: 'Intro two', + relativePath: 'test/article-two.md', + applicableVersions: ['free-pro-team@latest'], + } + + mockFindPage + .mockReturnValueOnce(testPage1 as unknown as Page) + .mockReturnValueOnce(testPage2 as unknown as Page) + + const req = createMockRequest({ + rawCarousels: { + recommended: ['/test/article-one'], + featured: ['/test/article-two'], + }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Article One', + intro: 'Intro one', + href: '/test/article-one', + category: ['test'], + }, + ], + featured: [ + { + title: 'Article Two', + intro: 'Intro two', + href: '/test/article-two', + category: ['test'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) + + test('should handle articles not found', async () => { + mockFindPage.mockReturnValue(undefined) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/nonexistent-article'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockFindPage).toHaveBeenCalledWith( + '/en/nonexistent-article', + req.context!.pages, + req.context!.redirects, + ) + // Carousel should not be added if all articles are not found + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toBeUndefined() + expect(mockNext).toHaveBeenCalled() + }) + + test('should handle errors gracefully', async () => { + mockFindPage.mockImplementation(() => { + throw new Error('Test error') + }) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/error-article'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + // Should still call next even on error + expect(mockNext).toHaveBeenCalled() + }) + + test('should handle mixed valid and invalid articles', async () => { + const testPage: Partial = { + title: 'Valid Article', + intro: 'Valid intro', + relativePath: 'test/valid.md', + applicableVersions: ['free-pro-team@latest'], + } + + mockFindPage.mockReturnValueOnce(testPage as unknown as Page).mockReturnValueOnce(undefined) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/valid-article', '/invalid-article'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Valid Article', + intro: 'Valid intro', + href: '/test/valid', + category: ['test'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) + + test('should try page-relative path when content-relative fails', async () => { + const testPage: Partial = { + title: 'Relative Article', + intro: 'Relative intro', + relativePath: 'copilot/relative-article.md', + applicableVersions: ['free-pro-team@latest'], + } + + // Mock findPage to fail on first call (content-relative) and succeed on second (page-relative) + mockFindPage.mockReturnValueOnce(undefined).mockReturnValueOnce(testPage as unknown as Page) + + const req = createMockRequest({ + rawCarousels: { recommended: ['relative-article'] }, + relativePath: 'copilot/index.md', + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockFindPage).toHaveBeenCalledTimes(2) + expect(mockFindPage).toHaveBeenCalledWith( + '/en/relative-article', + req.context!.pages, + req.context!.redirects, + ) + expect(mockFindPage).toHaveBeenCalledWith( + '/en/copilot/relative-article', + req.context!.pages, + req.context!.redirects, + ) + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Relative Article', + intro: 'Relative intro', + href: '/copilot/relative-article', + category: ['copilot'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) + + test('returns paths without language or version prefixes', async () => { + const testPage: Partial = { + title: 'Tutorial Page', + intro: 'Tutorial intro', + relativePath: 'copilot/tutorials/tutorial-page/index.md', + applicableVersions: ['free-pro-team@latest'], + } + + mockFindPage.mockReturnValue(testPage as unknown as Page) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/copilot/tutorials/tutorial-page'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + expect(mockFindPage).toHaveBeenCalledWith( + '/en/copilot/tutorials/tutorial-page', + req.context!.pages, + req.context!.redirects, + ) + + // Verify that the href is a clean path without language/version + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Tutorial Page', + intro: 'Tutorial intro', + href: '/copilot/tutorials/tutorial-page', + category: ['copilot', 'tutorials', 'tutorial-page'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) + + test('should filter out articles not available in current version', async () => { + // Create a test page that is only available in fpt, not ghec + const fptOnlyPage: Partial = { + title: 'FPT Only Article', + intro: 'This article is only for FPT', + relativePath: 'test/fpt-only.md', + applicableVersions: ['free-pro-team@latest'], // Not available in ghec + } + + mockFindPage.mockReturnValue(fptOnlyPage as unknown as Page) + + // Create a request context where we're viewing the GHEC version + const req = createMockRequest( + { rawCarousels: { recommended: ['/test/fpt-only'] } }, + { + currentVersion: 'enterprise-cloud@latest', // Current context is GHEC, not FPT + currentLanguage: 'en', + }, + ) + + await resolveCarousels(req, mockRes, mockNext) + + // The carousels should not be added since the article isn't available in enterprise-cloud + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toBeUndefined() + expect(mockNext).toHaveBeenCalled() + }) + + test('should deduplicate articles within a carousel', async () => { + const testPage: Partial = { + title: 'Duplicate Article', + intro: 'Duplicate intro', + relativePath: 'test/duplicate.md', + applicableVersions: ['free-pro-team@latest'], + } + + mockFindPage.mockReturnValue(testPage as unknown as Page) + + const req = createMockRequest({ + rawCarousels: { recommended: ['/test/duplicate', '/test/duplicate', '/test/duplicate'] }, + }) + + await resolveCarousels(req, mockRes, mockNext) + + // Should only have one article, not three duplicates + expect( + (req.context!.page as Page & { carousels?: Record }).carousels, + ).toEqual({ + recommended: [ + { + title: 'Duplicate Article', + intro: 'Duplicate intro', + href: '/test/duplicate', + category: ['test'], + }, + ], + }) + expect(mockNext).toHaveBeenCalled() + }) +}) diff --git a/src/frame/tests/resolve-recommended.test.ts b/src/frame/tests/resolve-recommended.test.ts deleted file mode 100644 index a9667a5cd93a..000000000000 --- a/src/frame/tests/resolve-recommended.test.ts +++ /dev/null @@ -1,298 +0,0 @@ -import { describe, test, expect, vi, beforeEach } from 'vitest' -import type { Response, NextFunction } from 'express' -import type { ExtendedRequest } from '@/types' -import findPage from '@/frame/lib/find-page' -import resolveRecommended from '../middleware/resolve-recommended' - -// Mock the findPage function -vi.mock('@/frame/lib/find-page', () => ({ - default: vi.fn(), -})) - -// Mock the renderContent function -vi.mock('@/content-render/index', () => ({ - renderContent: vi.fn((content) => `

    ${content}

    `), -})) - -describe('resolveRecommended middleware', () => { - const mockFindPage = vi.mocked(findPage) - - const createMockRequest = (pageData: any = {}, contextData: any = {}): ExtendedRequest => - ({ - context: { - page: pageData, - pages: { - '/test-article': { - title: 'Test Article', - intro: 'Test intro', - relativePath: 'test/article.md', - }, - }, - redirects: {}, - currentVersion: 'free-pro-team@latest', - currentLanguage: 'en', - ...contextData, - }, - }) as ExtendedRequest - - const mockRes = {} as Response - const mockNext = vi.fn() as NextFunction - - beforeEach(() => { - vi.clearAllMocks() - }) - - test('should call next when no context', async () => { - const req = {} as ExtendedRequest - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockNext).toHaveBeenCalled() - expect(mockFindPage).not.toHaveBeenCalled() - }) - - test('should call next when no page', async () => { - const req = { context: {} } as ExtendedRequest - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockNext).toHaveBeenCalled() - expect(mockFindPage).not.toHaveBeenCalled() - }) - - test('should call next when no pages collection', async () => { - const req = createMockRequest({ rawRecommended: ['/test-article'] }, { pages: undefined }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockNext).toHaveBeenCalled() - expect(mockFindPage).not.toHaveBeenCalled() - }) - - test('should call next when no rawRecommended', async () => { - const req = createMockRequest() - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockNext).toHaveBeenCalled() - expect(mockFindPage).not.toHaveBeenCalled() - }) - - test('should resolve recommended articles when they exist', async () => { - const testPage: Partial = { - title: 'Test Article', - intro: 'Test intro', - relativePath: 'copilot/tutorials/article.md', - applicableVersions: ['free-pro-team@latest'], - } - - mockFindPage.mockReturnValue(testPage as any) - - const req = createMockRequest({ rawRecommended: ['/copilot/tutorials/article'] }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockFindPage).toHaveBeenCalledWith( - '/en/copilot/tutorials/article', - req.context!.pages, - req.context!.redirects, - ) - expect((req.context!.page as any).recommended).toEqual([ - { - title: 'Test Article', - intro: '

    Test intro

    ', - href: '/copilot/tutorials/article', - category: ['copilot', 'tutorials'], - }, - ]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should not resolve spotlight articles when there are recommended articles', async () => { - const testPage: Partial = { - title: 'Test Article', - intro: 'Test intro', - relativePath: 'copilot/tutorials/article.md', - applicableVersions: ['free-pro-team@latest'], - } - - mockFindPage.mockReturnValueOnce(testPage as any) - - const req = createMockRequest({ - rawRecommended: ['/copilot/tutorials/article'], - spotlight: [{ article: '/copilot/tutorials/spotlight-article' }], - }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockFindPage).toHaveBeenCalledTimes(1) - expect(mockFindPage).toHaveBeenCalledWith( - '/en/copilot/tutorials/article', - req.context!.pages, - req.context!.redirects, - ) - expect((req.context!.page as any).recommended).toEqual([ - { - title: 'Test Article', - intro: '

    Test intro

    ', - href: '/copilot/tutorials/article', - category: ['copilot', 'tutorials'], - }, - ]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should handle articles not found', async () => { - mockFindPage.mockReturnValue(undefined) - - const req = createMockRequest({ rawRecommended: ['/nonexistent-article'] }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockFindPage).toHaveBeenCalledWith( - '/en/nonexistent-article', - req.context!.pages, - req.context!.redirects, - ) - expect((req.context!.page as any).recommended).toEqual([]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should handle errors gracefully', async () => { - mockFindPage.mockImplementation(() => { - throw new Error('Test error') - }) - - const req = createMockRequest({ rawRecommended: ['/error-article'] }) - - await resolveRecommended(req, mockRes, mockNext) - - expect((req.context!.page as any).recommended).toEqual([]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should handle mixed valid and invalid articles', async () => { - const testPage: Partial = { - title: 'Valid Article', - intro: 'Valid intro', - relativePath: 'test/valid.md', - applicableVersions: ['free-pro-team@latest'], - } - - mockFindPage.mockReturnValueOnce(testPage as any).mockReturnValueOnce(undefined) - - const req = createMockRequest({ rawRecommended: ['/valid-article', '/invalid-article'] }) - - await resolveRecommended(req, mockRes, mockNext) - - expect((req.context!.page as any).recommended).toEqual([ - { - title: 'Valid Article', - intro: '

    Valid intro

    ', - href: '/test/valid', - category: ['test'], - }, - ]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should try page-relative path when content-relative fails', async () => { - const testPage: Partial = { - title: 'Relative Article', - intro: 'Relative intro', - relativePath: 'copilot/relative-article.md', - applicableVersions: ['free-pro-team@latest'], - } - - // Mock findPage to fail on first call (content-relative) and succeed on second (page-relative) - mockFindPage.mockReturnValueOnce(undefined).mockReturnValueOnce(testPage as any) - - const req = createMockRequest({ - rawRecommended: ['relative-article'], - relativePath: 'copilot/index.md', - }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockFindPage).toHaveBeenCalledTimes(2) - expect(mockFindPage).toHaveBeenCalledWith( - '/en/relative-article', - req.context!.pages, - req.context!.redirects, - ) - expect(mockFindPage).toHaveBeenCalledWith( - '/en/copilot/relative-article', - req.context!.pages, - req.context!.redirects, - ) - expect((req.context!.page as any).recommended).toEqual([ - { - title: 'Relative Article', - intro: '

    Relative intro

    ', - href: '/copilot/relative-article', // Updated to clean path - category: ['copilot'], - }, - ]) - expect(mockNext).toHaveBeenCalled() - }) - - test('returns paths without language or version prefixes', async () => { - const testPage: Partial = { - title: 'Tutorial Page', - intro: 'Tutorial intro', - relativePath: 'copilot/tutorials/tutorial-page/index.md', - applicableVersions: ['free-pro-team@latest'], - } - - mockFindPage.mockReturnValue(testPage as any) - - const req = createMockRequest({ rawRecommended: ['/copilot/tutorials/tutorial-page'] }) - - await resolveRecommended(req, mockRes, mockNext) - - expect(mockFindPage).toHaveBeenCalledWith( - '/en/copilot/tutorials/tutorial-page', - req.context!.pages, - req.context!.redirects, - ) - - // Verify that the href is a clean path without language/version, that gets - // added on the React side. - expect((req.context!.page as any).recommended).toEqual([ - { - title: 'Tutorial Page', - intro: '

    Tutorial intro

    ', - href: '/copilot/tutorials/tutorial-page', - category: ['copilot', 'tutorials', 'tutorial-page'], - }, - ]) - expect(mockNext).toHaveBeenCalled() - }) - - test('should filter out articles not available in current version', async () => { - // Create a test page that is only available in fpt, not ghec - const fptOnlyPage: Partial = { - title: 'FPT Only Article', - intro: 'This article is only for FPT', - relativePath: 'test/fpt-only.md', - applicableVersions: ['free-pro-team@latest'], // Not available in ghec - } - - mockFindPage.mockReturnValue(fptOnlyPage as any) - - // Create a request context where we're viewing the GHEC version - const req = createMockRequest( - { rawRecommended: ['/test/fpt-only'] }, - { - currentVersion: 'enterprise-cloud@latest', // Current context is GHEC, not FPT - currentLanguage: 'en', - }, - ) - - await resolveRecommended(req, mockRes, mockNext) - - // The recommended array should be empty since the article isn't available in enterprise-cloud - expect((req.context!.page as any).recommended).toEqual([]) - expect(mockNext).toHaveBeenCalled() - }) -}) diff --git a/src/ghes-releases/README.md b/src/ghes-releases/README.md index b483e3458e88..5405221d81be 100644 --- a/src/ghes-releases/README.md +++ b/src/ghes-releases/README.md @@ -53,4 +53,82 @@ Templates in `src/ghes-releases/lib/release-templates` are Markdown, YAML frontm ## GHES deprecations -Every day a workflow runs to check whether it's time to create new deprecation tracking issues. New deprecation tracking issues get opened 7 days before the deprecation date. There is only one template used to generate the deprecation tracking issue (`src/ghes-releases/lib/deprecation-steps.md`). \ No newline at end of file +Every day a workflow runs to check whether it's time to create new deprecation tracking issues. New deprecation tracking issues get opened 7 days before the deprecation date. There is only one template used to generate the deprecation tracking issue (`src/ghes-releases/lib/deprecation-steps.md`). + +## Script Commands + +### Running scripts + +The following scripts are available for manual execution: + +| Script | Description | +|-------------------------------|--------------------------------------------------| +| `npm run create-enterprise-issue` | Create new release tracking issues for GHES. | +| `npm run deprecate-ghes` | Create new deprecation tracking issues for GHES. | +| `npm run deprecate-ghes-archive` | Archive deprecation tracking issues. | +| `npm run release-banner` | Update the release banner. | +| `npm run update-enterprise-dates` | Update enterprise release dates. | + +For example, to create new release tracking issues, run: +```bash +npm run create-enterprise-issue +``` + +Run tests: +```bash +npm run test -- src/ghes-releases/tests +``` + +### Manual operations + +The scripts in `src/ghes-releases/scripts/` support manual execution for: +- Creating release tracking issues +- Creating deprecation tracking issues +- Validating release dates +- Testing issue generation + +## Connection to Related Subjects + +### `src/versions` + +The GHES release process is tightly coupled with versioning: +- Release numbers in `src/versions/lib/enterprise-server-releases.ts` +- New releases add to `supported` array +- Deprecated releases move to `deprecated` array +- Version detection logic uses these arrays + +### `src/archives` + +When a GHES version is deprecated: +1. Content is archived from `docs-internal` to `docs-ghes-X.XX` repos +2. Archive middleware proxies requests to archived content +3. See `src/archives/` for archival process + +Release and deprecation are coordinated: +- Release: Add new version to supported list +- Deprecation: Move old version to deprecated, trigger archival +- Both processes have tracking issues with checklists + +## Known Limitations + +### Automated workflow timing +- Workflows check daily for release/deprecation dates +- Issues created on code freeze date (releases) or 7 days before (deprecations) +- No manual trigger for early issue creation + +### Template system +- Liquid variables are custom (not same as content Liquid) +- Template changes require understanding of issue linking +- No preview mode for template rendering + +### Coordination requirements +- Multiple teams involved (Docs, Enterprise, Release Engineering) +- Manual checklist completion required +- Dependencies between issues must be manually tracked + +### Release schedule changes +- Dates in `enterprise-dates.json` must be manually updated +- No automated sync with Enterprise release calendar +- Changes require code update and deployment + +We are not expecting significant new investment here, but we will continue to support GHES releases as needed. diff --git a/src/ghes-releases/lib/enterprise-dates.json b/src/ghes-releases/lib/enterprise-dates.json index 61f6659d96f7..08f687be2dd9 100644 --- a/src/ghes-releases/lib/enterprise-dates.json +++ b/src/ghes-releases/lib/enterprise-dates.json @@ -258,9 +258,9 @@ "generalAvailabilityDate": "2025-10-14" }, "3.19": { - "releaseDate": "2025-11-11", + "releaseDate": "2025-12-02", "deprecationDate": "2026-12-09", - "releaseCandidateDate": "2025-11-11", + "releaseCandidateDate": "2025-12-02", "generalAvailabilityDate": "2025-12-09" }, "3.20": { diff --git a/src/ghes-releases/scripts/deprecate/update-automated-pipelines.ts b/src/ghes-releases/scripts/deprecate/update-automated-pipelines.ts index 984f5b17c63f..3e3fb3489181 100755 --- a/src/ghes-releases/scripts/deprecate/update-automated-pipelines.ts +++ b/src/ghes-releases/scripts/deprecate/update-automated-pipelines.ts @@ -91,17 +91,28 @@ export async function updateAutomatedPipelines() { .map((version) => version.openApiVersionName) for (const pipeline of pipelines) { - if (!existsSync(`src/${pipeline}/data`)) continue + // secret-scanning has a different directory structure than the others + const directoryWithReleases = + pipeline === 'secret-scanning' + ? 'src/secret-scanning/data/pattern-docs' + : `src/${pipeline}/data` + if (!existsSync(directoryWithReleases)) continue + const isCalendarDateVersioned = JSON.parse( await readFile(`src/${pipeline}/lib/config.json`, 'utf-8'), )['api-versions'] - const directoryListing = await readdir(`src/${pipeline}/data`) + const directoryListing = await readdir(directoryWithReleases) // filter the directory list to only include directories that start with // basenames with numbered releases (e.g., ghes-). const existingDataDir = directoryListing.filter((directory) => numberedReleaseBaseNames.some((basename) => directory.startsWith(basename)), ) + + if (!existingDataDir.length) { + throw new Error(`Cannot find ghes- release directories in ${directoryWithReleases}.`) + } + const expectedDirectory = isCalendarDateVersioned ? versionNamesCalDate : versionNames // Get a list of data directories to remove (deprecate) and remove them diff --git a/src/github-apps/README.md b/src/github-apps/README.md index fb770f8e87ad..c9a389021d76 100644 --- a/src/github-apps/README.md +++ b/src/github-apps/README.md @@ -68,3 +68,25 @@ Slack: `#docs-engineering` Repo: `github/docs-engineering` If you have a question about the GitHub Apps pipeline, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with the GitHub Apps pipeline, you can open an issue in the `github/docs-engineering` repository. + +## Ownership & On-call + +### Ownership +- **Team**: Docs Engineering +- **Source data**: API Platform team (github/rest-api-description) + +### On-call procedures +If the GitHub Apps pipeline fails: +1. Check workflow logs in `.github/workflows/sync-openapi.yml` +2. Verify access to `github/rest-api-description` repo +3. Check for OpenAPI schema changes +4. Escalate to #docs-engineering if stuck +5. Contact API Platform team for source data issues + +### Monitoring +- Pipeline runs automatically on schedule (shared with REST/Webhooks) +- PRs created with `github-openapi-bot` label +- Failures visible in GitHub Actions +- SHA tracking in `config.json` for version history + +We are not expecting further significant development on this pipeline. We will continue to support incoming changes from the rest-api-description. diff --git a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json index 9ece0a266855..db5cc4344391 100644 --- a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json @@ -90,6 +90,42 @@ "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", "permissions": [ + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "write" + }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "write" + }, { "category": "dependabot", "slug": "lists-the-repositories-dependabot-can-access-in-an-organization", @@ -1037,30 +1073,6 @@ } ] }, - "custom_properties_for_organizations": { - "title": "Custom properties for organizations", - "displayTitle": "Organization permissions for \"Custom properties for organizations\"", - "permissions": [ - { - "category": "orgs", - "slug": "get-all-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/organizations/{org}/org-properties/values", - "additional-permissions": false, - "access": "read" - }, - { - "category": "orgs", - "slug": "create-or-update-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/organizations/{org}/org-properties/values", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_custom_properties": { "title": "Custom properties", "displayTitle": "Organization permissions for \"Custom properties\"", @@ -2280,6 +2292,15 @@ "additional-permissions": false, "access": "read" }, + { + "category": "projects", + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", + "additional-permissions": false, + "access": "write" + }, { "category": "projects", "slug": "get-project-field-for-organization", @@ -2333,6 +2354,24 @@ "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", "additional-permissions": false, "access": "write" + }, + { + "category": "projects", + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views", + "additional-permissions": false, + "access": "write" + }, + { + "category": "projects", + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items", + "additional-permissions": false, + "access": "read" } ] }, @@ -2663,282 +2702,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", @@ -3171,6 +2934,15 @@ "additional-permissions": false, "access": "read" }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "read" + }, { "category": "actions", "slug": "get-github-actions-cache-usage-for-a-repository", @@ -3582,6 +3354,33 @@ "additional-permissions": false, "access": "write" }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "write" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "write" + }, { "category": "actions", "slug": "get-github-actions-permissions-for-a-repository", @@ -4803,7 +4602,7 @@ { "category": "repos", "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations", "additional-permissions": false, @@ -4812,7 +4611,7 @@ { "category": "repos", "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}", "additional-permissions": false, @@ -6381,6 +6180,24 @@ "additional-permissions": true, "access": "write" }, + { + "category": "issues", + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "additional-permissions": false, + "access": "write" + }, + { + "category": "issues", + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "additional-permissions": false, + "access": "write" + }, { "category": "reactions", "slug": "list-reactions-for-an-issue-comment", diff --git a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json index bb8b0d310bff..1d5cf4cafe87 100644 --- a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json @@ -1,5 +1,29 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -540,6 +564,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2664,6 +2712,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -3022,18 +3082,6 @@ } ], "orgs": [ - { - "slug": "get-all-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/organizations/{org}/org-properties/values" - }, - { - "slug": "create-or-update-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/organizations/{org}/org-properties/values" - }, { "slug": "update-an-organization", "subcategory": "orgs", @@ -3784,6 +3832,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -3819,6 +3873,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -3986,42 +4052,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -4093,30 +4123,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4232,13 +4238,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -4778,66 +4784,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations", "subcategory": "members", @@ -4916,66 +4862,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json index fb7be3f3c76d..897fa8cca686 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json @@ -1,4 +1,197 @@ { + "enterprise_teams": { + "title": "Enterprise teams", + "displayTitle": "Enterprise permissions for \"Enterprise teams\"", + "permissions": [ + { + "category": "enterprise-teams", + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + } + ] + }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", @@ -108,6 +301,50 @@ "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", "permissions": [ + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependabot", "slug": "lists-the-repositories-dependabot-can-access-in-an-organization", @@ -1261,34 +1498,6 @@ } ] }, - "custom_properties_for_organizations": { - "title": "Custom properties for organizations", - "displayTitle": "Organization permissions for \"Custom properties for organizations\"", - "permissions": [ - { - "category": "orgs", - "slug": "get-all-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/organizations/{org}/org-properties/values", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "orgs", - "slug": "create-or-update-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/organizations/{org}/org-properties/values", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_custom_properties": { "title": "Custom properties", "displayTitle": "Organization permissions for \"Custom properties\"", @@ -2862,6 +3071,17 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "projects", + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "projects", "slug": "get-project-field-for-organization", @@ -2927,6 +3147,28 @@ "user-to-server": true, "server-to-server": true, "additional-permissions": false + }, + { + "category": "projects", + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "projects", + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false } ] }, @@ -3037,625 +3279,289 @@ }, "organization_self_hosted_runners": { "title": "Self-hosted runners", - "displayTitle": "Organization permissions for \"Self-hosted runners\"", - "permissions": [ - { - "category": "actions", - "slug": "list-self-hosted-runner-groups-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-self-hosted-runner-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runner-groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-a-self-hosted-runner-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "update-a-self-hosted-runner-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "patch", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "delete-a-self-hosted-runner-group-from-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-github-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-runner-applications-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/downloads", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-registration-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/registration-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-remove-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/remove-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "delete-a-self-hosted-runner-from-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, + "displayTitle": "Organization permissions for \"Self-hosted runners\"", + "permissions": [ { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "list-self-hosted-runner-groups-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runner-groups", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "create-a-self-hosted-runner-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runner-groups", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "get-a-self-hosted-runner-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "update-a-self-hosted-runner-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "delete-a-self-hosted-runner-group-from-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", + "category": "actions", + "slug": "list-github-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", + "category": "actions", + "slug": "list-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", + "category": "actions", + "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", + "category": "actions", + "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", + "category": "actions", + "slug": "list-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/teams/{team_id}/discussions", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", + "category": "actions", + "slug": "set-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", + "category": "actions", + "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", + "category": "actions", + "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", + "category": "actions", + "slug": "list-self-hosted-runners-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "list-runner-applications-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runners/downloads", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", + "category": "actions", + "slug": "create-a-registration-token-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/registration-token", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "category": "actions", + "slug": "create-a-remove-token-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/remove-token", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "get-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "delete-a-self-hosted-runner-from-an-organization", + "subcategory": "self-hosted-runners", "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", + "category": "actions", + "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", + "category": "actions", + "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", + "category": "actions", + "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", "access": "write", "user-to-server": true, "server-to-server": true, @@ -3943,6 +3849,17 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "actions", "slug": "get-github-actions-cache-usage-for-a-repository", @@ -4444,6 +4361,39 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "actions", "slug": "get-github-actions-permissions-for-a-repository", @@ -5955,7 +5905,7 @@ { "category": "repos", "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations", "access": "write", @@ -5966,7 +5916,7 @@ { "category": "repos", "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}", "access": "read", @@ -8016,6 +7966,28 @@ "server-to-server": true, "additional-permissions": true }, + { + "category": "issues", + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "issues", + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "reactions", "slug": "list-reactions-for-an-issue-comment", diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json index 2222cf930560..abee81b98881 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json @@ -1,5 +1,53 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -540,6 +588,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2385,6 +2457,110 @@ "requestPath": "/emojis" } ], + "enterprise-teams": [ + { + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships" + }, + { + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add" + }, + { + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove" + }, + { + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations" + }, + { + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add" + }, + { + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove" + }, + { + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + } + ], "git": [ { "slug": "create-a-blob", @@ -2566,6 +2742,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -2930,18 +3118,6 @@ "verb": "get", "requestPath": "/organizations" }, - { - "slug": "get-all-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/organizations/{org}/org-properties/values" - }, - { - "slug": "create-or-update-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/organizations/{org}/org-properties/values" - }, { "slug": "get-an-organization", "subcategory": "orgs", @@ -3898,6 +4074,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -3933,6 +4115,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -4108,42 +4302,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -4233,30 +4391,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4372,13 +4506,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -4948,66 +5082,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations", "subcategory": "members", @@ -5086,66 +5160,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json index 3f04ea237349..5b4ea2c293f4 100644 --- a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json @@ -1,5 +1,53 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -540,6 +588,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2651,6 +2723,110 @@ "requestPath": "/emojis" } ], + "enterprise-teams": [ + { + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships" + }, + { + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add" + }, + { + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove" + }, + { + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations" + }, + { + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add" + }, + { + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove" + }, + { + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + } + ], "gists": [ { "slug": "list-gists-for-the-authenticated-user", @@ -2984,6 +3160,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -3404,18 +3592,6 @@ "verb": "get", "requestPath": "/organizations" }, - { - "slug": "get-all-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/organizations/{org}/org-properties/values" - }, - { - "slug": "create-or-update-custom-property-values-for-an-organization", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/organizations/{org}/org-properties/values" - }, { "slug": "get-an-organization", "subcategory": "orgs", @@ -4360,6 +4536,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -4395,6 +4577,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -4570,42 +4764,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -4695,30 +4853,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4834,13 +4968,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -5434,66 +5568,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations", "subcategory": "members", @@ -5572,66 +5646,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json index a29f78ac415d..3f06c5993c94 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json @@ -1,115 +1,4 @@ { - "enterprise_copilot_metrics": { - "title": "Enterprise Copilot metrics", - "displayTitle": "Enterprise permissions for \"Enterprise Copilot metrics\"", - "permissions": [ - { - "category": "copilot", - "slug": "get-copilot-enterprise-usage-metrics-for-a-specific-day", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/enterprise-1-day", - "additional-permissions": false, - "access": "read" - }, - { - "category": "copilot", - "slug": "get-copilot-enterprise-usage-metrics", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/enterprise-28-day/latest", - "additional-permissions": false, - "access": "read" - }, - { - "category": "copilot", - "slug": "get-copilot-users-usage-metrics-for-a-specific-day", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/users-1-day", - "additional-permissions": false, - "access": "read" - }, - { - "category": "copilot", - "slug": "get-copilot-users-usage-metrics", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/users-28-day/latest", - "additional-permissions": false, - "access": "read" - } - ] - }, - "enterprise_custom_properties_for_organizations": { - "title": "Enterprise custom properties for organizations", - "displayTitle": "Enterprise permissions for \"Enterprise custom properties for organizations\"", - "permissions": [ - { - "category": "enterprise-admin", - "slug": "get-organization-custom-properties-schema-for-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/schema", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "create-or-update-organization-custom-property-definitions-on-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/org-properties/schema", - "additional-permissions": false, - "access": "admin" - }, - { - "category": "enterprise-admin", - "slug": "get-an-organization-custom-property-definition-from-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "create-or-update-an-organization-custom-property-definition-on-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}", - "additional-permissions": false, - "access": "admin" - }, - { - "category": "enterprise-admin", - "slug": "remove-an-organization-custom-property-definition-from-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "delete", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}", - "additional-permissions": false, - "access": "admin" - }, - { - "category": "enterprise-admin", - "slug": "list-custom-property-values-for-organizations-in-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/values", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "create-or-update-custom-property-values-for-organizations-in-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/org-properties/values", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", @@ -210,6 +99,42 @@ "additional-permissions": true, "access": "read" }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "write" + }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "write" + }, { "category": "dependabot", "slug": "lists-the-repositories-dependabot-can-access-in-an-organization", @@ -2372,6 +2297,48 @@ } ] }, + "organization_copilot_metrics": { + "title": "Organization Copilot metrics", + "displayTitle": "Organization permissions for \"Organization Copilot metrics\"", + "permissions": [ + { + "category": "copilot", + "slug": "get-copilot-organization-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-1-day", + "additional-permissions": false, + "access": "read" + }, + { + "category": "copilot", + "slug": "get-copilot-organization-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-28-day/latest", + "additional-permissions": false, + "access": "read" + }, + { + "category": "copilot", + "slug": "get-copilot-organization-users-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-1-day", + "additional-permissions": false, + "access": "read" + }, + { + "category": "copilot", + "slug": "get-copilot-organization-users-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-28-day/latest", + "additional-permissions": false, + "access": "read" + } + ] + }, "organization_announcement_banners": { "title": "Organization announcement banners", "displayTitle": "Organization permissions for \"Organization announcement banners\"", @@ -2696,6 +2663,39 @@ } ] }, + "organization_dependabot_dismissal_requests": { + "title": "Organization dismissal requests for Dependabot", + "displayTitle": "Organization permissions for \"Organization dismissal requests for Dependabot\"", + "permissions": [ + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "write" + }, + { + "category": "dependabot", + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "write" + } + ] + }, "organization_code_scanning_dismissal_requests": { "title": "Organization dismissal requests for code scanning", "displayTitle": "Organization permissions for \"Organization dismissal requests for code scanning\"", @@ -2838,6 +2838,15 @@ "additional-permissions": false, "access": "read" }, + { + "category": "projects", + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", + "additional-permissions": false, + "access": "write" + }, { "category": "projects", "slug": "get-project-field-for-organization", @@ -2891,6 +2900,24 @@ "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", "additional-permissions": false, "access": "write" + }, + { + "category": "projects", + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views", + "additional-permissions": false, + "access": "write" + }, + { + "category": "projects", + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items", + "additional-permissions": false, + "access": "read" } ] }, @@ -3254,282 +3281,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", @@ -3762,6 +3513,15 @@ "additional-permissions": false, "access": "read" }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "read" + }, { "category": "actions", "slug": "get-github-actions-cache-usage-for-a-repository", @@ -4173,6 +3933,33 @@ "additional-permissions": false, "access": "write" }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "read" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "additional-permissions": false, + "access": "write" + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "additional-permissions": false, + "access": "write" + }, { "category": "actions", "slug": "get-github-actions-permissions-for-a-repository", @@ -5394,7 +5181,7 @@ { "category": "repos", "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations", "additional-permissions": false, @@ -5403,7 +5190,7 @@ { "category": "repos", "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}", "additional-permissions": false, @@ -6758,6 +6545,51 @@ "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", "additional-permissions": false, "access": "write" + }, + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "create-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "post", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "read" + }, + { + "category": "dependabot", + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "read" } ] }, @@ -7062,6 +6894,24 @@ "additional-permissions": true, "access": "write" }, + { + "category": "issues", + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "additional-permissions": false, + "access": "write" + }, + { + "category": "issues", + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "additional-permissions": false, + "access": "write" + }, { "category": "reactions", "slug": "list-reactions-for-an-issue-comment", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json index 6853b864ccf8..b23840892a1b 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json @@ -1,5 +1,29 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -540,6 +564,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2056,30 +2104,6 @@ } ], "copilot": [ - { - "slug": "get-copilot-enterprise-usage-metrics-for-a-specific-day", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/enterprise-1-day" - }, - { - "slug": "get-copilot-enterprise-usage-metrics", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/enterprise-28-day/latest" - }, - { - "slug": "get-copilot-users-usage-metrics-for-a-specific-day", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/users-1-day" - }, - { - "slug": "get-copilot-users-usage-metrics", - "subcategory": "copilot-usage-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics/reports/users-28-day/latest" - }, { "slug": "get-copilot-seat-information-and-settings-for-an-organization", "subcategory": "copilot-user-management", @@ -2122,6 +2146,30 @@ "verb": "get", "requestPath": "/orgs/{org}/copilot/metrics" }, + { + "slug": "get-copilot-organization-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-1-day" + }, + { + "slug": "get-copilot-organization-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-28-day/latest" + }, + { + "slug": "get-copilot-organization-users-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-1-day" + }, + { + "slug": "get-copilot-organization-users-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-28-day/latest" + }, { "slug": "get-copilot-seat-assignment-details-for-a-user", "subcategory": "copilot-user-management", @@ -2214,6 +2262,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -2261,6 +2315,36 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "create-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "post", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -2437,86 +2521,6 @@ "requestPath": "/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/{protection_rule_id}" } ], - "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-organization-custom-properties-schema-for-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/schema" - }, - { - "slug": "create-or-update-organization-custom-property-definitions-on-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/org-properties/schema" - }, - { - "slug": "get-an-organization-custom-property-definition-from-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}" - }, - { - "slug": "create-or-update-an-organization-custom-property-definition-on-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}" - }, - { - "slug": "remove-an-organization-custom-property-definition-from-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "delete", - "requestPath": "/enterprises/{enterprise}/org-properties/schema/{custom_property_name}" - }, - { - "slug": "list-custom-property-values-for-organizations-in-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/org-properties/values" - }, - { - "slug": "create-or-update-custom-property-values-for-organizations-in-an-enterprise", - "subcategory": "custom-properties-for-orgs", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/org-properties/values" - }, - { - "slug": "create-an-enterprise-repository-ruleset", - "subcategory": "rules", - "verb": "post", - "requestPath": "/enterprises/{enterprise}/rulesets" - }, - { - "slug": "get-an-enterprise-repository-ruleset", - "subcategory": "rules", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/rulesets/{ruleset_id}" - }, - { - "slug": "update-an-enterprise-repository-ruleset", - "subcategory": "rules", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/rulesets/{ruleset_id}" - }, - { - "slug": "delete-an-enterprise-repository-ruleset", - "subcategory": "rules", - "verb": "delete", - "requestPath": "/enterprises/{enterprise}/rulesets/{ruleset_id}" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - } - ], "gists": [ { "slug": "create-a-gist", @@ -2758,6 +2762,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -3998,6 +4014,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -4033,6 +4055,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -4200,42 +4234,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -4307,30 +4305,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4446,13 +4420,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -5114,66 +5088,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -5282,66 +5196,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json index 0cd1126c2fa7..391e173752e2 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json @@ -624,6 +624,199 @@ } ] }, + "enterprise_teams": { + "title": "Enterprise teams", + "displayTitle": "Enterprise permissions for \"Enterprise teams\"", + "permissions": [ + { + "category": "enterprise-teams", + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "enterprise-teams", + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + } + ] + }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", @@ -755,6 +948,50 @@ "server-to-server": true, "additional-permissions": true }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependabot", "slug": "lists-the-repositories-dependabot-can-access-in-an-organization", @@ -3381,6 +3618,56 @@ } ] }, + "organization_copilot_metrics": { + "title": "Organization Copilot metrics", + "displayTitle": "Organization permissions for \"Organization Copilot metrics\"", + "permissions": [ + { + "category": "copilot", + "slug": "get-copilot-organization-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-1-day", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "copilot", + "slug": "get-copilot-organization-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-28-day/latest", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "copilot", + "slug": "get-copilot-organization-users-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-1-day", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "copilot", + "slug": "get-copilot-organization-users-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-28-day/latest", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + } + ] + }, "organization_announcement_banners": { "title": "Organization announcement banners", "displayTitle": "Organization permissions for \"Organization announcement banners\"", @@ -3769,6 +4056,45 @@ } ] }, + "organization_dependabot_dismissal_requests": { + "title": "Organization dismissal requests for Dependabot", + "displayTitle": "Organization permissions for \"Organization dismissal requests for Dependabot\"", + "permissions": [ + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true + }, + { + "category": "dependabot", + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true + } + ] + }, "organization_code_scanning_dismissal_requests": { "title": "Organization dismissal requests for code scanning", "displayTitle": "Organization permissions for \"Organization dismissal requests for code scanning\"", @@ -4039,6 +4365,17 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "projects", + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "projects", "slug": "get-project-field-for-organization", @@ -4104,6 +4441,28 @@ "user-to-server": true, "server-to-server": true, "additional-permissions": false + }, + { + "category": "projects", + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "projects", + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false } ] }, @@ -4333,545 +4692,209 @@ "additional-permissions": false }, { - "category": "actions", - "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-runner-applications-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/downloads", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-registration-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/registration-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-remove-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/remove-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "delete-a-self-hosted-runner-from-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", + "category": "actions", + "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "category": "actions", + "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", + "category": "actions", + "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", + "category": "actions", + "slug": "list-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "set-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", + "category": "actions", + "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", + "category": "actions", + "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", + "category": "actions", + "slug": "list-self-hosted-runners-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", + "requestPath": "/orgs/{org}/actions/runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", + "category": "actions", + "slug": "list-runner-applications-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners/downloads", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", + "category": "actions", + "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", + "category": "actions", + "slug": "create-a-registration-token-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/registration-token", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "create-a-remove-token-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runners/remove-token", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "get-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "category": "actions", + "slug": "delete-a-self-hosted-runner-from-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", + "category": "actions", + "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", + "category": "actions", + "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "category": "actions", + "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", + "category": "actions", + "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", "access": "write", "user-to-server": true, "server-to-server": true, @@ -5159,6 +5182,17 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "actions", + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "actions", "slug": "get-github-actions-cache-usage-for-a-repository", @@ -5660,6 +5694,39 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "actions", + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "actions", + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "actions", "slug": "get-github-actions-permissions-for-a-repository", @@ -7171,7 +7238,7 @@ { "category": "repos", "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations", "access": "write", @@ -7182,7 +7249,7 @@ { "category": "repos", "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}", "access": "read", @@ -8965,6 +9032,61 @@ "user-to-server": true, "server-to-server": true, "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "create-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "post", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true + }, + { + "category": "dependabot", + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true } ] }, @@ -9342,6 +9464,28 @@ "server-to-server": true, "additional-permissions": true }, + { + "category": "issues", + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "issues", + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "reactions", "slug": "list-reactions-for-an-issue-comment", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json index 83750eee1733..62be6ce0aeda 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json @@ -1,5 +1,29 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-enterprise", "subcategory": "cache", @@ -12,6 +36,30 @@ "verb": "put", "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer" }, + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -552,6 +600,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2098,6 +2170,30 @@ "verb": "get", "requestPath": "/orgs/{org}/copilot/metrics" }, + { + "slug": "get-copilot-organization-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-1-day" + }, + { + "slug": "get-copilot-organization-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-28-day/latest" + }, + { + "slug": "get-copilot-organization-users-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-1-day" + }, + { + "slug": "get-copilot-organization-users-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-28-day/latest" + }, { "slug": "get-copilot-seat-assignment-details-for-a-user", "subcategory": "copilot-user-management", @@ -2198,6 +2294,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -2245,6 +2347,36 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "create-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "post", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -2749,6 +2881,110 @@ "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}" } ], + "enterprise-teams": [ + { + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships" + }, + { + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add" + }, + { + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove" + }, + { + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations" + }, + { + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add" + }, + { + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove" + }, + { + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + } + ], "git": [ { "slug": "create-a-blob", @@ -2930,6 +3166,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -4382,6 +4630,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -4417,6 +4671,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -4592,42 +4858,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -4717,30 +4947,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4856,13 +5062,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -5548,66 +5754,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -5716,66 +5862,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json index 981118a13200..1b90eec59368 100644 --- a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json @@ -1,5 +1,29 @@ { "actions": [ + { + "slug": "get-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-enterprise", + "subcategory": "cache", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-enterprise", "subcategory": "cache", @@ -12,6 +36,30 @@ "verb": "put", "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer" }, + { + "slug": "get-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "get", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-an-organization", + "subcategory": "cache", + "verb": "put", + "requestPath": "/organizations/{org}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-an-organization", "subcategory": "cache", @@ -552,6 +600,30 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}" }, + { + "slug": "get-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "set-github-actions-cache-retention-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/retention-limit" + }, + { + "slug": "get-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, + { + "slug": "set-github-actions-cache-storage-limit-for-a-repository", + "subcategory": "cache", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/actions/cache/storage-limit" + }, { "slug": "get-github-actions-cache-usage-for-a-repository", "subcategory": "cache", @@ -2346,6 +2418,30 @@ "verb": "get", "requestPath": "/orgs/{org}/copilot/metrics" }, + { + "slug": "get-copilot-organization-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-1-day" + }, + { + "slug": "get-copilot-organization-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/organization-28-day/latest" + }, + { + "slug": "get-copilot-organization-users-usage-metrics-for-a-specific-day", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-1-day" + }, + { + "slug": "get-copilot-organization-users-usage-metrics", + "subcategory": "copilot-usage-metrics", + "verb": "get", + "requestPath": "/orgs/{org}/copilot/metrics/reports/users-28-day/latest" + }, { "slug": "get-copilot-seat-assignment-details-for-a-user", "subcategory": "copilot-user-management", @@ -2446,6 +2542,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -2493,6 +2595,36 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "create-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "post", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "cancel-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -2997,6 +3129,110 @@ "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}" } ], + "enterprise-teams": [ + { + "slug": "list-enterprise-teams", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "create-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams" + }, + { + "slug": "list-members-in-an-enterprise-team", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships" + }, + { + "slug": "bulk-add-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/add" + }, + { + "slug": "bulk-remove-team-members", + "subcategory": "enterprise-team-members", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/remove" + }, + { + "slug": "get-enterprise-team-membership", + "subcategory": "enterprise-team-members", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "add-team-member", + "subcategory": "enterprise-team-members", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "remove-team-membership", + "subcategory": "enterprise-team-members", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/memberships/{username}" + }, + { + "slug": "get-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations" + }, + { + "slug": "add-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/add" + }, + { + "slug": "remove-organization-assignments", + "subcategory": "enterprise-team-organizations", + "verb": "post", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/remove" + }, + { + "slug": "get-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "add-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "delete-an-organization-assignment", + "subcategory": "enterprise-team-organizations", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{enterprise-team}/organizations/{org}" + }, + { + "slug": "get-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "update-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "patch", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + }, + { + "slug": "delete-an-enterprise-team", + "subcategory": "enterprise-teams", + "verb": "delete", + "requestPath": "/enterprises/{enterprise}/teams/{team_slug}" + } + ], "gists": [ { "slug": "list-gists-for-the-authenticated-user", @@ -3330,6 +3566,18 @@ "verb": "delete", "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}" }, + { + "slug": "pin-an-issue-comment", + "subcategory": "comments", + "verb": "put", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, + { + "slug": "unpin-an-issue-comment", + "subcategory": "comments", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/issues/comments/{comment_id}/pin" + }, { "slug": "list-issue-events-for-a-repository", "subcategory": "events", @@ -4826,6 +5074,12 @@ "verb": "get", "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" }, + { + "slug": "add-a-field-to-an-organization-owned-project", + "subcategory": "fields", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" + }, { "slug": "get-project-field-for-organization", "subcategory": "fields", @@ -4861,6 +5115,18 @@ "subcategory": "items", "verb": "delete", "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" + }, + { + "slug": "create-a-view-for-an-organization-owned-project", + "subcategory": "views", + "verb": "post", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views" + }, + { + "slug": "list-items-for-an-organization-project-view", + "subcategory": "items", + "verb": "get", + "requestPath": "/orgs/{org}/projectsV2/{project_number}/views/{view_number}/items" } ], "pulls": [ @@ -5036,42 +5302,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -5161,30 +5391,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -5300,13 +5506,13 @@ }, { "slug": "create-an-attestation", - "subcategory": "repos", + "subcategory": "attestations", "verb": "post", "requestPath": "/repos/{owner}/{repo}/attestations" }, { "slug": "list-attestations", - "subcategory": "repos", + "subcategory": "attestations", "verb": "get", "requestPath": "/repos/{owner}/{repo}/attestations/{subject_digest}" }, @@ -6022,66 +6228,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -6190,66 +6336,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-pending-team-invitations-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json index 57ae751b9a1d..36afc65c3aa5 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json @@ -1523,282 +1523,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat.json index 4424cfc34aa4..d8309cbda8d2 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat.json @@ -1656,18 +1656,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2774,42 +2762,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -2881,30 +2833,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3438,66 +3366,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -3588,66 +3456,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json index b0918fcb7925..8db01b792f14 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json @@ -2085,342 +2085,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-rest.json index b17510f179a8..c1dac958087c 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-rest.json @@ -3196,42 +3196,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3321,30 +3285,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3916,66 +3856,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4066,66 +3946,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.14-2022-11-28/user-to-server-rest.json index 23cfc43b9322..87f339be8c9c 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/user-to-server-rest.json @@ -3372,42 +3372,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3497,30 +3461,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4110,66 +4050,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4260,66 +4140,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json index e630a54d992b..541750efdf14 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json @@ -1613,282 +1613,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat.json index 71a943914807..f9bbd46b77fd 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat.json @@ -1724,18 +1724,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2842,42 +2830,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -2949,30 +2901,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3512,66 +3440,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -3662,66 +3530,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json index 0c3e0c65fa99..f1aa07c97b8f 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json @@ -2195,342 +2195,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-rest.json index 7eaf498de5b1..0a8901435672 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-rest.json @@ -3264,42 +3264,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3389,30 +3353,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3984,66 +3924,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4134,66 +4014,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.15-2022-11-28/user-to-server-rest.json index cbc4be7132fc..f5f61f438e74 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/user-to-server-rest.json @@ -3440,42 +3440,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3565,30 +3529,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4184,66 +4124,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4334,66 +4214,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat-permissions.json index c5288cc87962..513df1809668 100644 --- a/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat-permissions.json @@ -1664,282 +1664,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat.json index 50181bee8125..b2aa2801123d 100644 --- a/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.16-2022-11-28/fine-grained-pat.json @@ -1724,18 +1724,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2874,42 +2862,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -2981,30 +2933,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3550,66 +3478,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -3700,66 +3568,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-permissions.json index f917dfb9b254..ba47503206b8 100644 --- a/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-permissions.json @@ -2256,342 +2256,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-rest.json index e7051051251c..cbb76b46d1e2 100644 --- a/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.16-2022-11-28/server-to-server-rest.json @@ -3296,42 +3296,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3421,30 +3385,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4022,66 +3962,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4172,66 +4052,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.16-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.16-2022-11-28/user-to-server-rest.json index 886bf654a39d..440bba49ff2d 100644 --- a/src/github-apps/data/ghes-3.16-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.16-2022-11-28/user-to-server-rest.json @@ -3472,42 +3472,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3597,30 +3561,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4222,66 +4162,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4372,66 +4252,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat-permissions.json index 54a2613599ef..4e3b78ef423e 100644 --- a/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat-permissions.json @@ -1715,282 +1715,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat.json index d337d5a4f310..81660fe11a79 100644 --- a/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.17-2022-11-28/fine-grained-pat.json @@ -1724,18 +1724,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2880,42 +2868,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -2987,30 +2939,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3598,66 +3526,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -3748,66 +3616,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-permissions.json index 48d67cb9047b..b8f9965e83d9 100644 --- a/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-permissions.json @@ -2317,342 +2317,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-rest.json index e2e86531ac70..6148a87ae775 100644 --- a/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.17-2022-11-28/server-to-server-rest.json @@ -3302,42 +3302,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3427,30 +3391,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4064,66 +4004,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4214,66 +4094,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.17-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.17-2022-11-28/user-to-server-rest.json index d0dd7cfe7d0e..8108426c14ab 100644 --- a/src/github-apps/data/ghes-3.17-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.17-2022-11-28/user-to-server-rest.json @@ -3478,42 +3478,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3603,30 +3567,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4270,66 +4210,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4420,66 +4300,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat-permissions.json index 635dac5b2e8a..2a87bff8d911 100644 --- a/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat-permissions.json @@ -1784,282 +1784,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat.json index 389d41d71ac9..41735cbf6ef5 100644 --- a/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.18-2022-11-28/fine-grained-pat.json @@ -1742,18 +1742,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2904,42 +2892,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3011,30 +2963,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3646,66 +3574,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -3796,66 +3664,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-permissions.json index 9b42f0d6d484..71db361d947a 100644 --- a/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-permissions.json @@ -2472,342 +2472,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", diff --git a/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-rest.json index c32ca6f9b81f..62814581d14a 100644 --- a/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.18-2022-11-28/server-to-server-rest.json @@ -3370,42 +3370,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3495,30 +3459,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4156,66 +4096,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4306,66 +4186,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.18-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.18-2022-11-28/user-to-server-rest.json index 58295cb8117c..342d2438a602 100644 --- a/src/github-apps/data/ghes-3.18-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.18-2022-11-28/user-to-server-rest.json @@ -3546,42 +3546,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3671,30 +3635,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4362,66 +4302,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4512,66 +4392,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat-permissions.json index 039234c71905..f5e77c6c29ce 100644 --- a/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat-permissions.json @@ -1113,42 +1113,6 @@ "additional-permissions": false, "access": "write" }, - { - "category": "teams", - "slug": "list-team-projects", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "check-team-permissions-for-a-project", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "additional-permissions": true, - "access": "read" - }, - { - "category": "teams", - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "additional-permissions": true, - "access": "read" - }, { "category": "teams", "slug": "list-team-repositories", @@ -1511,6 +1475,30 @@ } ] }, + "organization_dependabot_dismissal_requests": { + "title": "Organization dismissal requests for Dependabot", + "displayTitle": "Organization permissions for \"Organization dismissal requests for Dependabot\"", + "permissions": [ + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "write" + } + ] + }, "organization_code_scanning_dismissal_requests": { "title": "Organization dismissal requests for code scanning", "displayTitle": "Organization permissions for \"Organization dismissal requests for code scanning\"", @@ -1655,183 +1643,6 @@ } ] }, - "organization_projects": { - "title": "Projects", - "displayTitle": "Organization permissions for \"Projects\"", - "permissions": [ - { - "category": "projects", - "slug": "list-projects-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "get-project-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "list-project-fields-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "get-project-field-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields/{field_id}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "list-items-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "add-item-to-organization-owned-project", - "subcategory": "items", - "verb": "post", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items", - "additional-permissions": false, - "access": "write" - }, - { - "category": "projects", - "slug": "get-an-item-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "projects", - "slug": "update-project-item-for-organization", - "subcategory": "items", - "verb": "patch", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "projects", - "slug": "delete-project-item-for-organization", - "subcategory": "items", - "verb": "delete", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "additional-permissions": true, - "access": "admin" - }, - { - "category": "teams", - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "additional-permissions": true, - "access": "admin" - }, - { - "category": "projects-classic", - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}", - "additional-permissions": true, - "access": "read" - }, - { - "category": "projects-classic", - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}", - "additional-permissions": true, - "access": "write" - }, - { - "category": "projects-classic", - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}", - "additional-permissions": true, - "access": "write" - }, - { - "category": "projects-classic", - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves", - "additional-permissions": true, - "access": "write" - }, - { - "category": "projects-classic", - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators", - "additional-permissions": true, - "access": "admin" - }, - { - "category": "projects-classic", - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "additional-permissions": true, - "access": "admin" - }, - { - "category": "projects-classic", - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "additional-permissions": true, - "access": "admin" - }, - { - "category": "projects-classic", - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission", - "additional-permissions": true, - "access": "admin" - } - ] - }, "secret_scanning_dismissal_requests": { "title": "Secret scanning alert dismissal requests", "displayTitle": "Organization permissions for \"Secret scanning alert dismissal requests\"", @@ -2183,282 +1994,6 @@ } ] }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "read" - }, - { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "read" - }, - { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_actions_variables": { "title": "Variables", "displayTitle": "Organization permissions for \"Variables\"", @@ -4931,6 +4466,33 @@ "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", "additional-permissions": false, "access": "write" + }, + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "additional-permissions": true, + "access": "read" } ] }, diff --git a/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat.json index 9c78efec35fd..240c3c6c0362 100644 --- a/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghes-3.19-2022-11-28/fine-grained-pat.json @@ -1650,6 +1650,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -1697,6 +1703,24 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -1874,18 +1898,6 @@ } ], "enterprise-admin": [ - { - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log" - }, - { - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "licensing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security" - }, { "slug": "list-pre-receive-hooks-for-an-organization", "subcategory": "org-pre-receive-hooks", @@ -2907,112 +2919,6 @@ "requestPath": "/orgs/{org}/private-registries/{secret_name}" } ], - "projects": [ - { - "slug": "list-projects-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2" - }, - { - "slug": "get-project-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}" - }, - { - "slug": "list-project-fields-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" - }, - { - "slug": "get-project-field-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields/{field_id}" - }, - { - "slug": "list-items-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "add-item-to-organization-owned-project", - "subcategory": "items", - "verb": "post", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "get-an-item-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "update-project-item-for-organization", - "subcategory": "items", - "verb": "patch", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "delete-project-item-for-organization", - "subcategory": "items", - "verb": "delete", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - } - ], - "projects-classic": [ - { - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves" - }, - { - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators" - }, - { - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission" - } - ], "pulls": [ { "slug": "list-pull-requests", @@ -3178,42 +3084,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3285,30 +3155,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -3944,66 +3790,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4046,30 +3832,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}/memberships/{username}" }, - { - "slug": "list-team-projects", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects" - }, - { - "slug": "check-team-permissions-for-a-project", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, { "slug": "list-team-repositories", "subcategory": "teams", @@ -4118,66 +3880,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-permissions.json index 4bdf99c297ac..5fd050985719 100644 --- a/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-permissions.json @@ -1729,50 +1729,6 @@ "server-to-server": true, "additional-permissions": false }, - { - "category": "teams", - "slug": "list-team-projects", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "check-team-permissions-for-a-project", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "teams", - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, { "category": "teams", "slug": "list-team-repositories", @@ -2211,6 +2167,34 @@ } ] }, + "organization_dependabot_dismissal_requests": { + "title": "Organization dismissal requests for Dependabot", + "displayTitle": "Organization permissions for \"Organization dismissal requests for Dependabot\"", + "permissions": [ + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true + } + ] + }, "organization_code_scanning_dismissal_requests": { "title": "Organization dismissal requests for code scanning", "displayTitle": "Organization permissions for \"Organization dismissal requests for code scanning\"", @@ -2483,221 +2467,6 @@ } ] }, - "organization_projects": { - "title": "Projects", - "displayTitle": "Organization permissions for \"Projects\"", - "permissions": [ - { - "category": "projects", - "slug": "list-projects-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "get-project-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "list-project-fields-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "get-project-field-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields/{field_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "list-items-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "add-item-to-organization-owned-project", - "subcategory": "items", - "verb": "post", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "get-an-item-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "update-project-item-for-organization", - "subcategory": "items", - "verb": "patch", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "projects", - "slug": "delete-project-item-for-organization", - "subcategory": "items", - "verb": "delete", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "teams", - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission", - "access": "admin", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - } - ] - }, "secret_scanning_dismissal_requests": { "title": "Secret scanning alert dismissal requests", "displayTitle": "Organization permissions for \"Secret scanning alert dismissal requests\"", @@ -2902,556 +2671,220 @@ "additional-permissions": false }, { - "category": "actions", - "slug": "list-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-self-hosted-runners-in-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", - "subcategory": "self-hosted-runner-groups", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-self-hosted-runners-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-runner-applications-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/downloads", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-registration-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/registration-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "create-a-remove-token-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/remove-token", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "delete-a-self-hosted-runner-from-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "get", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "post", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "put", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", - "subcategory": "self-hosted-runners", - "verb": "delete", - "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, - "team_discussions": { - "title": "Team discussions", - "displayTitle": "Organization permissions for \"Team discussions\"", - "permissions": [ - { - "category": "teams", - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", + "category": "actions", + "slug": "list-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", + "category": "actions", + "slug": "set-repository-access-for-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "category": "actions", + "slug": "add-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "reactions", - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", + "category": "actions", + "slug": "remove-repository-access-to-a-self-hosted-runner-group-in-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", "access": "write", "user-to-server": true, "server-to-server": true, - "additional-permissions": false + "additional-permissions": true }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", + "category": "actions", + "slug": "list-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "set-self-hosted-runners-in-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", + "category": "actions", + "slug": "add-a-self-hosted-runner-to-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "teams", - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions", + "category": "actions", + "slug": "remove-a-self-hosted-runner-from-a-group-for-an-organization", + "subcategory": "self-hosted-runner-groups", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", + "category": "actions", + "slug": "list-self-hosted-runners-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", + "requestPath": "/orgs/{org}/actions/runners", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", - "access": "write", + "category": "actions", + "slug": "list-runner-applications-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners/downloads", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}", + "category": "actions", + "slug": "create-configuration-for-a-just-in-time-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/generate-jitconfig", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", - "access": "read", + "category": "actions", + "slug": "create-a-registration-token-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/registration-token", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "create-a-remove-token-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments", + "requestPath": "/orgs/{org}/actions/runners/remove-token", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", + "category": "actions", + "slug": "get-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "category": "actions", + "slug": "delete-a-self-hosted-runner-from-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "teams", - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", - "access": "write", + "category": "actions", + "slug": "list-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "get", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "read", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", - "access": "read", + "category": "actions", + "slug": "add-custom-labels-to-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "post", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "category": "actions", + "slug": "set-custom-labels-for-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "put", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", - "access": "read", + "category": "actions", + "slug": "remove-all-custom-labels-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels", + "access": "write", "user-to-server": true, "server-to-server": true, "additional-permissions": false }, { - "category": "reactions", - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions", + "category": "actions", + "slug": "remove-a-custom-label-from-a-self-hosted-runner-for-an-organization", + "subcategory": "self-hosted-runners", + "verb": "delete", + "requestPath": "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", "access": "write", "user-to-server": true, "server-to-server": true, @@ -6629,6 +6062,39 @@ "user-to-server": true, "server-to-server": true, "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependabot", + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": true } ] }, @@ -7922,100 +7388,6 @@ } ] }, - "repository_projects": { - "title": "Projects", - "displayTitle": "Repository permissions for \"Projects\"", - "permissions": [ - { - "category": "projects-classic", - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "projects-classic", - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - } - ] - }, "pull_requests": { "title": "Pull requests", "displayTitle": "Repository permissions for \"Pull requests\"", diff --git a/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-rest.json index 514b6cfb0c5d..259d6f44a81a 100644 --- a/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghes-3.19-2022-11-28/server-to-server-rest.json @@ -1790,6 +1790,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -1837,6 +1843,24 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -3419,112 +3443,6 @@ "requestPath": "/orgs/{org}/private-registries/{secret_name}" } ], - "projects": [ - { - "slug": "list-projects-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2" - }, - { - "slug": "get-project-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}" - }, - { - "slug": "list-project-fields-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" - }, - { - "slug": "get-project-field-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields/{field_id}" - }, - { - "slug": "list-items-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "add-item-to-organization-owned-project", - "subcategory": "items", - "verb": "post", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "get-an-item-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "update-project-item-for-organization", - "subcategory": "items", - "verb": "patch", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "delete-project-item-for-organization", - "subcategory": "items", - "verb": "delete", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - } - ], - "projects-classic": [ - { - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves" - }, - { - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators" - }, - { - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission" - } - ], "pulls": [ { "slug": "list-pull-requests", @@ -3698,42 +3616,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3823,30 +3705,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4508,66 +4366,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4610,30 +4408,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}/memberships/{username}" }, - { - "slug": "list-team-projects", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects" - }, - { - "slug": "check-team-permissions-for-a-project", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, { "slug": "list-team-repositories", "subcategory": "teams", @@ -4682,66 +4456,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/data/ghes-3.19-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghes-3.19-2022-11-28/user-to-server-rest.json index 8dc2e0af0c9d..30372a349977 100644 --- a/src/github-apps/data/ghes-3.19-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghes-3.19-2022-11-28/user-to-server-rest.json @@ -1838,6 +1838,12 @@ "verb": "delete", "requestPath": "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}" }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-an-organization", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/orgs/{org}/dismissal-requests/dependabot" + }, { "slug": "list-dependabot-alerts-for-a-repository", "subcategory": "alerts", @@ -1885,6 +1891,24 @@ "subcategory": "secrets", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}" + }, + { + "slug": "list-dismissal-requests-for-dependabot-alerts-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot" + }, + { + "slug": "get-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" + }, + { + "slug": "review-a-dismissal-request-for-a-dependabot-alert-for-a-repository", + "subcategory": "alert-dismissal-requests", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}" } ], "dependency-graph": [ @@ -3595,112 +3619,6 @@ "requestPath": "/orgs/{org}/private-registries/{secret_name}" } ], - "projects": [ - { - "slug": "list-projects-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2" - }, - { - "slug": "get-project-for-organization", - "subcategory": "projects", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}" - }, - { - "slug": "list-project-fields-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields" - }, - { - "slug": "get-project-field-for-organization", - "subcategory": "fields", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/fields/{field_id}" - }, - { - "slug": "list-items-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "add-item-to-organization-owned-project", - "subcategory": "items", - "verb": "post", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items" - }, - { - "slug": "get-an-item-for-an-organization-owned-project", - "subcategory": "items", - "verb": "get", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "update-project-item-for-organization", - "subcategory": "items", - "verb": "patch", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - }, - { - "slug": "delete-project-item-for-organization", - "subcategory": "items", - "verb": "delete", - "requestPath": "/orgs/{org}/projectsV2/{project_number}/items/{item_id}" - } - ], - "projects-classic": [ - { - "slug": "get-a-project-column", - "subcategory": "columns", - "verb": "get", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "update-an-existing-project-column", - "subcategory": "columns", - "verb": "patch", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "delete-a-project-column", - "subcategory": "columns", - "verb": "delete", - "requestPath": "/projects/columns/{column_id}" - }, - { - "slug": "move-a-project-column", - "subcategory": "columns", - "verb": "post", - "requestPath": "/projects/columns/{column_id}/moves" - }, - { - "slug": "list-project-collaborators", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators" - }, - { - "slug": "add-project-collaborator", - "subcategory": "collaborators", - "verb": "put", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "remove-user-as-a-collaborator", - "subcategory": "collaborators", - "verb": "delete", - "requestPath": "/projects/{project_id}/collaborators/{username}" - }, - { - "slug": "get-project-permission-for-a-user", - "subcategory": "collaborators", - "verb": "get", - "requestPath": "/projects/{project_id}/collaborators/{username}/permission" - } - ], "pulls": [ { "slug": "list-pull-requests", @@ -3874,42 +3792,6 @@ } ], "reactions": [ - { - "slug": "list-reactions-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "delete-team-discussion-comment-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions" - }, - { - "slug": "delete-team-discussion-reaction", - "subcategory": "reactions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}" - }, { "slug": "list-reactions-for-a-commit-comment", "subcategory": "reactions", @@ -3999,30 +3881,6 @@ "subcategory": "reactions", "verb": "delete", "requestPath": "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}" - }, - { - "slug": "list-reactions-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-comment-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions" - }, - { - "slug": "list-reactions-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" - }, - { - "slug": "create-reaction-for-a-team-discussion-legacy", - "subcategory": "reactions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/reactions" } ], "releases": [ @@ -4714,66 +4572,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}" }, - { - "slug": "list-discussions", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "create-a-discussion", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions" - }, - { - "slug": "get-a-discussion", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-a-connection-between-an-external-group-and-a-team", "subcategory": "external-groups", @@ -4816,30 +4614,6 @@ "verb": "delete", "requestPath": "/orgs/{org}/teams/{team_slug}/memberships/{username}" }, - { - "slug": "list-team-projects", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects" - }, - { - "slug": "check-team-permissions-for-a-project", - "subcategory": "teams", - "verb": "get", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "add-or-update-team-project-permissions", - "subcategory": "teams", - "verb": "put", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, - { - "slug": "remove-a-project-from-a-team", - "subcategory": "teams", - "verb": "delete", - "requestPath": "/orgs/{org}/teams/{team_slug}/projects/{project_id}" - }, { "slug": "list-team-repositories", "subcategory": "teams", @@ -4888,66 +4662,6 @@ "verb": "delete", "requestPath": "/teams/{team_id}" }, - { - "slug": "list-discussions-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "create-a-discussion-legacy", - "subcategory": "discussions", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions" - }, - { - "slug": "get-a-discussion-legacy", - "subcategory": "discussions", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "update-a-discussion-legacy", - "subcategory": "discussions", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "delete-a-discussion-legacy", - "subcategory": "discussions", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}" - }, - { - "slug": "list-discussion-comments-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "create-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "post", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments" - }, - { - "slug": "get-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "get", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "update-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "patch", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, - { - "slug": "delete-a-discussion-comment-legacy", - "subcategory": "discussion-comments", - "verb": "delete", - "requestPath": "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}" - }, { "slug": "list-team-members-legacy", "subcategory": "members", diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index c74a77aaa4d2..e51a1151d0e3 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "dafe0f9ac291168cb41ccc752fbdde576ae44f63" + "sha": "d8c9917f2b069832fd8ca6a189f1ed38c7b16d49" } \ No newline at end of file diff --git a/src/github-apps/lib/index.ts b/src/github-apps/lib/index.ts index 0aab639fb5c1..98d840ef0a96 100644 --- a/src/github-apps/lib/index.ts +++ b/src/github-apps/lib/index.ts @@ -12,6 +12,7 @@ interface AppsConfig { // Note: Using 'any' for AppsData to maintain compatibility with existing consumers that expect different shapes type AppsData = any +const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1' const ENABLED_APPS_DIR = 'src/github-apps/data' const githubAppsData = new Map>() @@ -29,6 +30,12 @@ export async function getAppsData( docsVersion: string, apiVersion?: string, ): Promise { + if (DEBUG) { + console.log( + `[DEBUG] getAppsData: ROOT=${process.env.ROOT || '(not set)'}, path=${ENABLED_APPS_DIR}`, + ) + } + const pageTypeMap = githubAppsData.get(pageType)! const filename = `${pageType}.json` const openApiVersion = getOpenApiVersion(docsVersion) + (apiVersion ? `-${apiVersion}` : '') diff --git a/src/graphql/README.md b/src/graphql/README.md index ae54f80bb946..9f336b11bdfc 100644 --- a/src/graphql/README.md +++ b/src/graphql/README.md @@ -1,39 +1,155 @@ # GraphQL -## About this directory +The graphql subject handles GitHub's GraphQL API documentation, including schema synchronization, data generation, and documentation rendering. It fetches schema data from GitHub's GraphQL API and generates version-specific JSON files used to render the docs. -* `src/graphql/lib` and `src/graphql/scripts` are human-editable. -* `src/graphql/data/**` are generated by [scripts](./scripts). +## Purpose & Scope -## Editable files +This subject is responsible for: +- Syncing GraphQL schema from GitHub's API +- Generating version-specific schema JSON files +- Managing GraphQL previews, upcoming changes, and changelog +- Middleware that injects GraphQL data into page context +- Rendering GraphQL reference documentation +- Validating GraphQL schema data structure -* `src/graphql/lib/validator.json` - - JSON schema used in `tests/graphql.ts`. -* `src/graphql/lib/non-schema-scalars.json` - - An array of scalar types that live in [`graphql-ruby`](https://github.com/rmosolgo/graphql-ruby/tree/356d9d369e444423bf06cab3dc767ec75fbc6745/lib/graphql/types) only. These are - not part of the core GraphQL spec. -* `src/graphql/lib/types.json` - - High-level GraphQL types and kinds. +## Architecture & Key Assets -## Data files +### Key capabilities and their locations -Generated by `src/graphql/scripts/sync.ts`: +- **Schema synchronization** - `scripts/sync.ts` fetches schema from GitHub's GraphQL API +- **Data generation** - Generates version-specific JSON files in `data/VERSION/` directories (e.g., `data/ghec/schema.json`) +- **Validation** - `lib/validator.ts` validates schema structure +- **Data loading** - `lib/index.ts` provides functions to load GraphQL data in Next.js pages +- **Content rendering** - Markdown files in `content/graphql/` use Liquid to render documentation -* `src/graphql/data/schema-VERSION.json` (separate files per version) -* `src/graphql/data/previews.json` -* `src/graphql/data/upcoming-changes.json` -* `src/graphql/data/changelog.json` +## Setup & Usage -## Rendering docs +### Syncing GraphQL schema -When the server starts, `middleware/graphql.ts` accesses the static JSON files, fetches the data for the current version, and adds it to the `context` object. The added properties are: +Run the sync script to fetch latest schema: -* `context.graphql.schemaForCurrentVersion` -* `context.graphql.previewsForCurrentVersion` -* `context.graphql.upcomingChangesForCurrentVersion` -* `context.graphql.changelog` +```bash +npm run sync-graphql +``` -Markdown files in `content/graphql` use Liquid to loop over these context properties. The Liquid calls HTML files in the `includes` directory to do most of the rendering. +This: +1. Fetches schema from GitHub's GraphQL API for each version +2. Generates `data/VERSION/schema.json` files (e.g., `data/ghec/schema.json`) +3. Builds `data/previews.json`, `data/upcoming-changes.json`, `data/changelog.json` + +### Running tests + +```bash +npm run test -- src/graphql/tests +``` + +### How rendering works + +1. GraphQL data is loaded directly in Next.js pages using `getServerSideProps` +2. Functions from `lib/index.ts` like `getGraphqlSchema()` provide the data +3. Data includes: + - Schema for current version + - Previews for current version + - Upcoming changes for current version + - Changelog +4. Markdown files in `content/graphql/` use Liquid to loop over this data +5. Liquid calls HTML includes in `includes/` for rendering + +## Data & External Dependencies + +### Data inputs +- GitHub GraphQL API - Schema introspection queries +- `lib/non-schema-scalars.json` - Custom scalar types from graphql-ruby +- `lib/types.json` - High-level GraphQL types and kinds +- `lib/validator.json` - JSON schema for validation + +### Dependencies +- GitHub GraphQL API access +- `graphql-ruby` library scalars +- JSON schema validator (AJV) +- `@/versions` - Version mapping for schema files + +### Data outputs +- `data/schema-VERSION.json` - One file per version (ghec, ghes-3.11, etc.) +- `data/previews.json` - Preview features across versions +- `data/upcoming-changes.json` - Upcoming breaking changes +- `data/changelog.json` - GraphQL API changelog entries + +### Generated files + +All files in `data/` are generated and should not be manually edited: +- ✅ Edit: `lib/*.json`, `scripts/*.ts` +- ❌ Don't edit: `data/*.json` (regenerate with sync script) + +## Cross-links & Ownership + +### Related subjects +- [`src/rest`](../rest/README.md) - Similar pattern for REST API docs +- [`src/webhooks`](../webhooks/README.md) - Similar pattern for webhooks docs +- [`src/content-render`](../content-render/README.md) - Liquid rendering of GraphQL data +- Content files in `content/graphql/` - GraphQL documentation pages + +### Internal documentation +- GitHub GraphQL API: https://docs.github.com/graphql +- graphql-ruby scalars: https://github.com/rmosolgo/graphql-ruby + +## Current State & Next Steps + +### Editable files + +Human-editable configuration: +- `lib/validator.ts` - TypeScript file for validating schema in `tests/graphql.ts` +- `lib/non-schema-scalars.json` - Scalar types from graphql-ruby (not in core spec) +- `lib/types.json` - High-level GraphQL types and kinds + +### Version-specific schemas + +Schema files generated per version: +- `data/ghec/schema.json` - GitHub Enterprise Cloud +- `data/ghes-3.11/schema.json`, `data/ghes-3.10/schema.json`, etc. - GHES versions +- Older versions may be archived + +### Content authoring + +Writers can add content to Markdown files in `content/graphql/` alongside Liquid: +- Note that Markdown files exist for every URL in GraphQL docs +- Liquid loops over `context.graphql.*` properties +- Most rendering happens in `includes/` HTML files + +### Known limitations +- Schema sync requires API access +- Generated files can be large (100KB+ per version) +- Changes to upstream schema require re-sync +- Validation schema must be kept in sync with expected structure + +### Sync workflow + +Automated sync (if configured): +- Scheduled workflow checks for schema updates +- Creates PR if changes detected +- Manual sync: `npm run sync-graphql` + +### Adding new schema versions + +When a new GHES version releases: +1. Update version list in sync script +2. Run `npm run sync-graphql` +3. Commit new `data/ghes-X.XX/schema.json` file +4. Update content if needed + +### Troubleshooting + +**Sync fails:** +- Check API access and authentication +- Verify version mappings are correct +- Check for schema validation errors + +**Schema not loading:** +- Verify `data/VERSION/schema.json` exists (e.g., `data/ghec/schema.json`) +- Verify version detection logic + +**Content not rendering:** +- Check Liquid syntax in `content/graphql/` +- Verify context properties are available +- Check includes in `includes/` directory -Note that Markdown files exist in `content/graphql` for every URL available in our GraphQL -documentation. Writers can add content to the Markdown files alongside the Liquid. diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json index 5735597dbfef..3926434280d4 100644 --- a/src/graphql/data/fpt/changelog.json +++ b/src/graphql/data/fpt/changelog.json @@ -1,4 +1,556 @@ [ + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [] + } + ], + "previewChanges": [], + "upcomingChanges": [ + { + "title": "The following changes will be made to the schema:", + "changes": [ + "

    On member Team.viewerCanSubscribe:viewerCanSubscribe will be removed. Effective 2026-07-01.

    ", + "

    On member Team.viewerSubscription:viewerSubscription will be removed. Effective 2026-07-01.

    " + ] + } + ], + "date": "2026-02-13" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type AgentAssignmentInput was added

    ", + "

    Input field baseRef of type String was added to input object type AgentAssignmentInput

    ", + "

    Input field customAgent of type String was added to input object type AgentAssignmentInput

    ", + "

    Input field customInstructions of type String was added to input object type AgentAssignmentInput

    ", + "

    Input field targetRepositoryId of type ID was added to input object type AgentAssignmentInput

    ", + "

    Input field agentAssignment of type AgentAssignmentInput was added to input object type AddAssigneesToAssignableInput

    ", + "

    Input field agentAssignment of type AgentAssignmentInput was added to input object type CreateIssueInput

    ", + "

    Input field agentAssignment of type AgentAssignmentInput was added to input object type ReplaceActorsForAssignableInput

    ", + "

    Input field agentAssignment of type AgentAssignmentInput was added to input object type UpdateIssueInput

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-02-07" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type IpAllowListUserLevelEnforcementEnabledSettingValue was added

    ", + "

    Enum value DISABLED was added to enum IpAllowListUserLevelEnforcementEnabledSettingValue

    ", + "

    Enum value ENABLED was added to enum IpAllowListUserLevelEnforcementEnabledSettingValue

    ", + "

    Type UpdateIpAllowListUserLevelEnforcementEnabledSettingInput was added

    ", + "

    Input field clientMutationId of type String was added to input object type UpdateIpAllowListUserLevelEnforcementEnabledSettingInput

    ", + "

    Input field ownerId of type ID! was added to input object type UpdateIpAllowListUserLevelEnforcementEnabledSettingInput

    ", + "

    Input field settingValue of type IpAllowListUserLevelEnforcementEnabledSettingValue! was added to input object type UpdateIpAllowListUserLevelEnforcementEnabledSettingInput

    ", + "

    Type UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload was added

    ", + "

    Field clientMutationId was added to object type UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload

    ", + "

    Field owner was added to object type UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload

    ", + "

    Field ipAllowListUserLevelEnforcementEnabledSetting was added to object type EnterpriseOwnerInfo

    ", + "

    Field updateIpAllowListUserLevelEnforcementEnabledSetting was added to object type Mutation

    ", + "

    Argument input: UpdateIpAllowListUserLevelEnforcementEnabledSettingInput! added to field Mutation.updateIpAllowListUserLevelEnforcementEnabledSetting

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-02-05" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Field Issue.projectItems changed type from 'ProjectV2ItemConnection!toProjectV2ItemConnection'

    ", + "

    Field PullRequest.projectItems changed type from 'ProjectV2ItemConnection!toProjectV2ItemConnection'

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-28" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Input field actorLogins of type '[String!]was added to input object typeReplaceActorsForAssignableInput'

    ", + "

    Input field ReplaceActorsForAssignableInput.actorIds changed type from '[ID!]!to[ID!]'

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-23" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type RequestReviewsByLoginInput was added

    ", + "

    Input field botLogins of type '[String!]was added to input object typeRequestReviewsByLoginInput'

    ", + "

    Input field clientMutationId of type String was added to input object type RequestReviewsByLoginInput

    ", + "

    Input field pullRequestId of type ID! was added to input object type RequestReviewsByLoginInput

    ", + "

    Input field teamSlugs of type '[String!]was added to input object typeRequestReviewsByLoginInput'

    ", + "

    Input field union of type Boolean with default value false was added to input object type RequestReviewsByLoginInput

    ", + "

    Input field userLogins of type '[String!]was added to input object typeRequestReviewsByLoginInput'

    ", + "

    Type RequestReviewsByLoginPayload was added

    ", + "

    Field actor was added to object type RequestReviewsByLoginPayload

    ", + "

    Field clientMutationId was added to object type RequestReviewsByLoginPayload

    ", + "

    Field pullRequest was added to object type RequestReviewsByLoginPayload

    ", + "

    Field requestedReviewersEdge was added to object type RequestReviewsByLoginPayload

    ", + "

    Field requestReviewsByLogin was added to object type Mutation

    ", + "

    Argument input: RequestReviewsByLoginInput! added to field Mutation.requestReviewsByLogin

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-22" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Argument query: String added to field PullRequest.suggestedReviewerActors

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-21" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type UpdateEnterpriseTeamDiscussionsSettingInput was removed

    ", + "

    Type UpdateEnterpriseTeamDiscussionsSettingPayload was removed

    ", + "

    Field teamDiscussionsSettingOrganizations was removed from object type EnterpriseOwnerInfo

    ", + "

    Field updateEnterpriseTeamDiscussionsSetting was removed from object type Mutation

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [ + { + "title": "The following changes will be made to the schema:", + "changes": [ + "

    On member EnterpriseOwnerInfo.teamDiscussionsSetting:teamDiscussionsSetting will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    " + ] + } + ], + "date": "2026-01-14" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type CreateTeamDiscussionInput was removed

    ", + "

    Type CreateTeamDiscussionPayload was removed

    ", + "

    Type DeleteTeamDiscussionInput was removed

    ", + "

    Type DeleteTeamDiscussionPayload was removed

    ", + "

    Type TeamDiscussion was removed

    ", + "

    Type TeamDiscussionConnection was removed

    ", + "

    Type TeamDiscussionEdge was removed

    ", + "

    Type TeamDiscussionOrder was removed

    ", + "

    Type TeamDiscussionOrderField was removed

    ", + "

    Type UpdateTeamDiscussionInput was removed

    ", + "

    Type UpdateTeamDiscussionPayload was removed

    ", + "

    Field createTeamDiscussion was removed from object type Mutation

    ", + "

    Field deleteTeamDiscussion was removed from object type Mutation

    ", + "

    Field updateTeamDiscussion was removed from object type Mutation

    ", + "

    Field discussion was removed from object type Team

    ", + "

    Field discussions was removed from object type Team

    ", + "

    Field discussionsResourcePath was removed from object type Team

    ", + "

    Field discussionsUrl was removed from object type Team

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-08" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type CreateTeamDiscussionInput was added

    ", + "

    Input field body of type String was added to input object type CreateTeamDiscussionInput

    ", + "

    Input field clientMutationId of type String was added to input object type CreateTeamDiscussionInput

    ", + "

    Input field private of type Boolean was added to input object type CreateTeamDiscussionInput

    ", + "

    Input field teamId of type ID was added to input object type CreateTeamDiscussionInput

    ", + "

    Input field title of type String was added to input object type CreateTeamDiscussionInput

    ", + "

    Type CreateTeamDiscussionPayload was added

    ", + "

    Field clientMutationId was added to object type CreateTeamDiscussionPayload

    ", + "

    Field teamDiscussion was added to object type CreateTeamDiscussionPayload

    ", + "

    Type DeleteTeamDiscussionInput was added

    ", + "

    Input field clientMutationId of type String was added to input object type DeleteTeamDiscussionInput

    ", + "

    Input field id of type ID! was added to input object type DeleteTeamDiscussionInput

    ", + "

    Type DeleteTeamDiscussionPayload was added

    ", + "

    Field clientMutationId was added to object type DeleteTeamDiscussionPayload

    ", + "

    Type TeamDiscussion was added

    ", + "

    TeamDiscussion object implements Comment interface

    ", + "

    TeamDiscussion object implements Deletable interface

    ", + "

    TeamDiscussion object implements Node interface

    ", + "

    TeamDiscussion object implements Reactable interface

    ", + "

    TeamDiscussion object implements Subscribable interface

    ", + "

    TeamDiscussion object implements UniformResourceLocatable interface

    ", + "

    TeamDiscussion object implements Updatable interface

    ", + "

    TeamDiscussion object implements UpdatableComment interface

    ", + "

    Field author was added to object type TeamDiscussion

    ", + "

    Field authorAssociation was added to object type TeamDiscussion

    ", + "

    Field body was added to object type TeamDiscussion

    ", + "

    Field bodyHTML was added to object type TeamDiscussion

    ", + "

    Field bodyText was added to object type TeamDiscussion

    ", + "

    Field bodyVersion was added to object type TeamDiscussion

    ", + "

    Field commentsResourcePath was added to object type TeamDiscussion

    ", + "

    Field commentsUrl was added to object type TeamDiscussion

    ", + "

    Field createdAt was added to object type TeamDiscussion

    ", + "

    Field createdViaEmail was added to object type TeamDiscussion

    ", + "

    Field databaseId was added to object type TeamDiscussion

    ", + "

    Field editor was added to object type TeamDiscussion

    ", + "

    Field id was added to object type TeamDiscussion

    ", + "

    Field includesCreatedEdit was added to object type TeamDiscussion

    ", + "

    Field isPinned was added to object type TeamDiscussion

    ", + "

    Field isPrivate was added to object type TeamDiscussion

    ", + "

    Field lastEditedAt was added to object type TeamDiscussion

    ", + "

    Field number was added to object type TeamDiscussion

    ", + "

    Field publishedAt was added to object type TeamDiscussion

    ", + "

    Field reactionGroups was added to object type TeamDiscussion

    ", + "

    Field reactions was added to object type TeamDiscussion

    ", + "

    Argument after: String added to field TeamDiscussion.reactions

    ", + "

    Argument before: String added to field TeamDiscussion.reactions

    ", + "

    Argument content: ReactionContent added to field TeamDiscussion.reactions

    ", + "

    Argument first: Int added to field TeamDiscussion.reactions

    ", + "

    Argument last: Int added to field TeamDiscussion.reactions

    ", + "

    Argument orderBy: ReactionOrder added to field TeamDiscussion.reactions

    ", + "

    Field resourcePath was added to object type TeamDiscussion

    ", + "

    Field team was added to object type TeamDiscussion

    ", + "

    Field title was added to object type TeamDiscussion

    ", + "

    Field updatedAt was added to object type TeamDiscussion

    ", + "

    Field url was added to object type TeamDiscussion

    ", + "

    Field userContentEdits was added to object type TeamDiscussion

    ", + "

    Argument after: String added to field TeamDiscussion.userContentEdits

    ", + "

    Argument before: String added to field TeamDiscussion.userContentEdits

    ", + "

    Argument first: Int added to field TeamDiscussion.userContentEdits

    ", + "

    Argument last: Int added to field TeamDiscussion.userContentEdits

    ", + "

    Field viewerCanDelete was added to object type TeamDiscussion

    ", + "

    Field viewerCanPin was added to object type TeamDiscussion

    ", + "

    Field viewerCanReact was added to object type TeamDiscussion

    ", + "

    Field viewerCanSubscribe was added to object type TeamDiscussion

    ", + "

    Field viewerCanUpdate was added to object type TeamDiscussion

    ", + "

    Field viewerCannotUpdateReasons was added to object type TeamDiscussion

    ", + "

    Field viewerDidAuthor was added to object type TeamDiscussion

    ", + "

    Field viewerSubscription was added to object type TeamDiscussion

    ", + "

    Type TeamDiscussionConnection was added

    ", + "

    Field edges was added to object type TeamDiscussionConnection

    ", + "

    Field nodes was added to object type TeamDiscussionConnection

    ", + "

    Field pageInfo was added to object type TeamDiscussionConnection

    ", + "

    Field totalCount was added to object type TeamDiscussionConnection

    ", + "

    Type TeamDiscussionEdge was added

    ", + "

    Field cursor was added to object type TeamDiscussionEdge

    ", + "

    Field node was added to object type TeamDiscussionEdge

    ", + "

    Type TeamDiscussionOrder was added

    ", + "

    Input field direction of type OrderDirection! was added to input object type TeamDiscussionOrder

    ", + "

    Input field field of type TeamDiscussionOrderField! was added to input object type TeamDiscussionOrder

    ", + "

    Type TeamDiscussionOrderField was added

    ", + "

    Enum value 'CREATED_ATwas added to enumTeamDiscussionOrderField'

    ", + "

    Type UpdateTeamDiscussionInput was added

    ", + "

    Input field body of type String was added to input object type UpdateTeamDiscussionInput

    ", + "

    Input field bodyVersion of type String was added to input object type UpdateTeamDiscussionInput

    ", + "

    Input field clientMutationId of type String was added to input object type UpdateTeamDiscussionInput

    ", + "

    Input field id of type ID! was added to input object type UpdateTeamDiscussionInput

    ", + "

    Input field pinned of type Boolean was added to input object type UpdateTeamDiscussionInput

    ", + "

    Input field title of type String was added to input object type UpdateTeamDiscussionInput

    ", + "

    Type UpdateTeamDiscussionPayload was added

    ", + "

    Field clientMutationId was added to object type UpdateTeamDiscussionPayload

    ", + "

    Field teamDiscussion was added to object type UpdateTeamDiscussionPayload

    ", + "

    Field createTeamDiscussion was added to object type Mutation

    ", + "

    Argument input: CreateTeamDiscussionInput! added to field Mutation.createTeamDiscussion

    ", + "

    Field deleteTeamDiscussion was added to object type Mutation

    ", + "

    Argument input: DeleteTeamDiscussionInput! added to field Mutation.deleteTeamDiscussion

    ", + "

    Field updateTeamDiscussion was added to object type Mutation

    ", + "

    Argument input: UpdateTeamDiscussionInput! added to field Mutation.updateTeamDiscussion

    ", + "

    Field discussion was added to object type Team

    ", + "

    Argument number: Int! added to field Team.discussion

    ", + "

    Field discussions was added to object type Team

    ", + "

    Argument after: String added to field Team.discussions

    ", + "

    Argument before: String added to field Team.discussions

    ", + "

    Argument first: Int added to field Team.discussions

    ", + "

    Argument isPinned: Boolean added to field Team.discussions

    ", + "

    Argument last: Int added to field Team.discussions

    ", + "

    Argument orderBy: TeamDiscussionOrder added to field Team.discussions

    ", + "

    Field discussionsResourcePath was added to object type Team

    ", + "

    Field discussionsUrl was added to object type Team

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [ + { + "title": "The following changes will be made to the schema:", + "changes": [ + "

    On member CreateTeamDiscussionInput.body:body will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member CreateTeamDiscussionInput.private:private will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member CreateTeamDiscussionInput.teamId:teamId will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member CreateTeamDiscussionInput.title:title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member CreateTeamDiscussionPayload.teamDiscussion:teamDiscussion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.authorAssociation:authorAssociation will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.bodyVersion:bodyVersion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.commentsResourcePath:commentsResourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.commentsUrl:commentsUrl will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.isPinned:isPinned will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.isPrivate:isPrivate will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.number:number will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.resourcePath:resourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.team:team will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.title:title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.url:url will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    ", + "

    On member TeamDiscussion.viewerCanPin:viewerCanPin will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Effective 2024-07-01.

    " + ] + } + ], + "date": "2026-01-06" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type CreateTeamDiscussionInput was removed

    ", + "

    Type CreateTeamDiscussionPayload was removed

    ", + "

    Type DeleteTeamDiscussionInput was removed

    ", + "

    Type DeleteTeamDiscussionPayload was removed

    ", + "

    Type TeamDiscussion was removed

    ", + "

    Type TeamDiscussionConnection was removed

    ", + "

    Type TeamDiscussionEdge was removed

    ", + "

    Type TeamDiscussionOrder was removed

    ", + "

    Type TeamDiscussionOrderField was removed

    ", + "

    Type UpdateTeamDiscussionInput was removed

    ", + "

    Type UpdateTeamDiscussionPayload was removed

    ", + "

    Field createTeamDiscussion was removed from object type Mutation

    ", + "

    Field deleteTeamDiscussion was removed from object type Mutation

    ", + "

    Field updateTeamDiscussion was removed from object type Mutation

    ", + "

    Field discussion was removed from object type Team

    ", + "

    Field discussions was removed from object type Team

    ", + "

    Field discussionsResourcePath was removed from object type Team

    ", + "

    Field discussionsUrl was removed from object type Team

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-05" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type CreateTeamDiscussionCommentInput was removed

    ", + "

    Type CreateTeamDiscussionCommentPayload was removed

    ", + "

    Type DeleteTeamDiscussionCommentInput was removed

    ", + "

    Type DeleteTeamDiscussionCommentPayload was removed

    ", + "

    Type TeamDiscussionComment was removed

    ", + "

    Type TeamDiscussionCommentConnection was removed

    ", + "

    Type TeamDiscussionCommentEdge was removed

    ", + "

    Type TeamDiscussionCommentOrder was removed

    ", + "

    Type TeamDiscussionCommentOrderField was removed

    ", + "

    Type UpdateTeamDiscussionCommentInput was removed

    ", + "

    Type UpdateTeamDiscussionCommentPayload was removed

    ", + "

    Field createTeamDiscussionComment was removed from object type Mutation

    ", + "

    Field deleteTeamDiscussionComment was removed from object type Mutation

    ", + "

    Field updateTeamDiscussionComment was removed from object type Mutation

    ", + "

    Field comments (deprecated) was removed from object type TeamDiscussion

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-01-04" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [] + } + ], + "previewChanges": [], + "upcomingChanges": [ + { + "title": "The following changes will be made to the schema:", + "changes": [ + "

    On member ReviewRequest.requestedBy:requestedBy will be removed. Use requestedByActor instead. Effective 2026-04-01.

    " + ] + } + ], + "date": "2025-12-13" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Type CreateRepositoryCustomPropertyInput was added

    ", + "

    Input field allowedValues of type '[String!]was added to input object typeCreateRepositoryCustomPropertyInput'

    ", + "

    Input field clientMutationId of type String was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field defaultValue of type String was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field description of type String was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field propertyName of type String! was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field regex of type String was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field required of type Boolean was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field sourceId of type ID! was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field valueType of type CustomPropertyValueType! was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Input field valuesEditableBy of type RepositoryCustomPropertyValuesEditableBy was added to input object type CreateRepositoryCustomPropertyInput

    ", + "

    Type CreateRepositoryCustomPropertyPayload was added

    ", + "

    Field clientMutationId was added to object type CreateRepositoryCustomPropertyPayload

    ", + "

    Field repositoryCustomProperty was added to object type CreateRepositoryCustomPropertyPayload

    ", + "

    Type CustomPropertySource was added

    ", + "

    Member Enterprise was added to Union type CustomPropertySource

    ", + "

    Member Organization was added to Union type CustomPropertySource

    ", + "

    Type CustomPropertyValue was added

    ", + "

    Type CustomPropertyValueInput was added

    ", + "

    Input field propertyName of type String! was added to input object type CustomPropertyValueInput

    ", + "

    Input field value of type CustomPropertyValue was added to input object type CustomPropertyValueInput

    ", + "

    Type CustomPropertyValueType was added

    ", + "

    Enum value 'MULTI_SELECTwas added to enumCustomPropertyValueType'

    ", + "

    Enum value 'SINGLE_SELECTwas added to enumCustomPropertyValueType'

    ", + "

    Enum value STRING was added to enum CustomPropertyValueType

    ", + "

    Enum value 'TRUE_FALSEwas added to enumCustomPropertyValueType'

    ", + "

    Enum value URL was added to enum CustomPropertyValueType

    ", + "

    Type DeleteRepositoryCustomPropertyInput was added

    ", + "

    Input field clientMutationId of type String was added to input object type DeleteRepositoryCustomPropertyInput

    ", + "

    Input field id of type ID! was added to input object type DeleteRepositoryCustomPropertyInput

    ", + "

    Type DeleteRepositoryCustomPropertyPayload was added

    ", + "

    Field clientMutationId was added to object type DeleteRepositoryCustomPropertyPayload

    ", + "

    Field repositoryCustomProperty was added to object type DeleteRepositoryCustomPropertyPayload

    ", + "

    Type PromoteRepositoryCustomPropertyInput was added

    ", + "

    Input field clientMutationId of type String was added to input object type PromoteRepositoryCustomPropertyInput

    ", + "

    Input field repositoryCustomPropertyId of type ID! was added to input object type PromoteRepositoryCustomPropertyInput

    ", + "

    Type PromoteRepositoryCustomPropertyPayload was added

    ", + "

    Field clientMutationId was added to object type PromoteRepositoryCustomPropertyPayload

    ", + "

    Field repositoryCustomProperty was added to object type PromoteRepositoryCustomPropertyPayload

    ", + "

    Type RepositoryCustomProperty was added

    ", + "

    RepositoryCustomProperty object implements Node interface

    ", + "

    Field allowedValues was added to object type RepositoryCustomProperty

    ", + "

    Field defaultValue was added to object type RepositoryCustomProperty

    ", + "

    Field description was added to object type RepositoryCustomProperty

    ", + "

    Field id was added to object type RepositoryCustomProperty

    ", + "

    Field propertyName was added to object type RepositoryCustomProperty

    ", + "

    Field regex was added to object type RepositoryCustomProperty

    ", + "

    Field required was added to object type RepositoryCustomProperty

    ", + "

    Field source was added to object type RepositoryCustomProperty

    ", + "

    Field valueType was added to object type RepositoryCustomProperty

    ", + "

    Field valuesEditableBy was added to object type RepositoryCustomProperty

    ", + "

    Type RepositoryCustomPropertyConnection was added

    ", + "

    Field edges was added to object type RepositoryCustomPropertyConnection

    ", + "

    Field nodes was added to object type RepositoryCustomPropertyConnection

    ", + "

    Field pageInfo was added to object type RepositoryCustomPropertyConnection

    ", + "

    Field totalCount was added to object type RepositoryCustomPropertyConnection

    ", + "

    Type RepositoryCustomPropertyEdge was added

    ", + "

    Field cursor was added to object type RepositoryCustomPropertyEdge

    ", + "

    Field node was added to object type RepositoryCustomPropertyEdge

    ", + "

    Type RepositoryCustomPropertyValue was added

    ", + "

    Field propertyName was added to object type RepositoryCustomPropertyValue

    ", + "

    Field value was added to object type RepositoryCustomPropertyValue

    ", + "

    Type RepositoryCustomPropertyValueConnection was added

    ", + "

    Field edges was added to object type RepositoryCustomPropertyValueConnection

    ", + "

    Field nodes was added to object type RepositoryCustomPropertyValueConnection

    ", + "

    Field pageInfo was added to object type RepositoryCustomPropertyValueConnection

    ", + "

    Field totalCount was added to object type RepositoryCustomPropertyValueConnection

    ", + "

    Type RepositoryCustomPropertyValueEdge was added

    ", + "

    Field cursor was added to object type RepositoryCustomPropertyValueEdge

    ", + "

    Field node was added to object type RepositoryCustomPropertyValueEdge

    ", + "

    Type RepositoryCustomPropertyValuesEditableBy was added

    ", + "

    Enum value 'ORG_ACTORSwas added to enumRepositoryCustomPropertyValuesEditableBy'

    ", + "

    Enum value 'ORG_AND_REPO_ACTORSwas added to enumRepositoryCustomPropertyValuesEditableBy'

    ", + "

    Type SetRepositoryCustomPropertyValuesInput was added

    ", + "

    Input field clientMutationId of type String was added to input object type SetRepositoryCustomPropertyValuesInput

    ", + "

    Input field properties of type '[CustomPropertyValueInput!]!was added to input object typeSetRepositoryCustomPropertyValuesInput'

    ", + "

    Input field repositoryId of type ID! was added to input object type SetRepositoryCustomPropertyValuesInput

    ", + "

    Type SetRepositoryCustomPropertyValuesPayload was added

    ", + "

    Field clientMutationId was added to object type SetRepositoryCustomPropertyValuesPayload

    ", + "

    Field repository was added to object type SetRepositoryCustomPropertyValuesPayload

    ", + "

    Type UpdateRepositoryCustomPropertyInput was added

    ", + "

    Input field allowedValues of type '[String!]was added to input object typeUpdateRepositoryCustomPropertyInput'

    ", + "

    Input field clientMutationId of type String was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field defaultValue of type String was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field description of type String was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field regex of type String was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field repositoryCustomPropertyId of type ID! was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field required of type Boolean was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Input field valuesEditableBy of type RepositoryCustomPropertyValuesEditableBy was added to input object type UpdateRepositoryCustomPropertyInput

    ", + "

    Type UpdateRepositoryCustomPropertyPayload was added

    ", + "

    Field clientMutationId was added to object type UpdateRepositoryCustomPropertyPayload

    ", + "

    Field repositoryCustomProperty was added to object type UpdateRepositoryCustomPropertyPayload

    ", + "

    Field repositoryCustomProperties was added to object type Enterprise

    ", + "

    Argument after: String added to field Enterprise.repositoryCustomProperties

    ", + "

    Argument before: String added to field Enterprise.repositoryCustomProperties

    ", + "

    Argument first: Int added to field Enterprise.repositoryCustomProperties

    ", + "

    Argument last: Int added to field Enterprise.repositoryCustomProperties

    ", + "

    Field repositoryCustomProperty was added to object type Enterprise

    ", + "

    Argument propertyName: String! added to field Enterprise.repositoryCustomProperty

    ", + "

    Field createRepositoryCustomProperty was added to object type Mutation

    ", + "

    Argument input: CreateRepositoryCustomPropertyInput! added to field Mutation.createRepositoryCustomProperty

    ", + "

    Field deleteRepositoryCustomProperty was added to object type Mutation

    ", + "

    Argument input: DeleteRepositoryCustomPropertyInput! added to field Mutation.deleteRepositoryCustomProperty

    ", + "

    Field promoteRepositoryCustomProperty was added to object type Mutation

    ", + "

    Argument input: PromoteRepositoryCustomPropertyInput! added to field Mutation.promoteRepositoryCustomProperty

    ", + "

    Field setRepositoryCustomPropertyValues was added to object type Mutation

    ", + "

    Argument input: SetRepositoryCustomPropertyValuesInput! added to field Mutation.setRepositoryCustomPropertyValues

    ", + "

    Field updateRepositoryCustomProperty was added to object type Mutation

    ", + "

    Argument input: UpdateRepositoryCustomPropertyInput! added to field Mutation.updateRepositoryCustomProperty

    ", + "

    Field repositoryCustomProperties was added to object type Organization

    ", + "

    Argument after: String added to field Organization.repositoryCustomProperties

    ", + "

    Argument before: String added to field Organization.repositoryCustomProperties

    ", + "

    Argument first: Int added to field Organization.repositoryCustomProperties

    ", + "

    Argument last: Int added to field Organization.repositoryCustomProperties

    ", + "

    Field repositoryCustomProperty was added to object type Organization

    ", + "

    Argument propertyName: String! added to field Organization.repositoryCustomProperty

    ", + "

    Field repositoryCustomPropertyValue was added to object type Repository

    ", + "

    Argument propertyName: String! added to field Repository.repositoryCustomPropertyValue

    ", + "

    Field repositoryCustomPropertyValues was added to object type Repository

    ", + "

    Argument after: String added to field Repository.repositoryCustomPropertyValues

    ", + "

    Argument before: String added to field Repository.repositoryCustomPropertyValues

    ", + "

    Argument first: Int added to field Repository.repositoryCustomPropertyValues

    ", + "

    Argument last: Int added to field Repository.repositoryCustomPropertyValues

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2025-12-10" + }, + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

    Field automaticCopilotCodeReviewEnabled was removed from object type PullRequestParameters

    ", + "

    Input field automaticCopilotCodeReviewEnabled was removed from input object type PullRequestParametersInput

    " + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2025-12-05" + }, { "schemaChanges": [ { diff --git a/src/graphql/data/fpt/graphql_upcoming_changes.public.yml b/src/graphql/data/fpt/graphql_upcoming_changes.public.yml index 26920cb943e5..cce607d1e2bf 100644 --- a/src/graphql/data/fpt/graphql_upcoming_changes.public.yml +++ b/src/graphql/data/fpt/graphql_upcoming_changes.public.yml @@ -402,65 +402,9 @@ upcoming_changes: date: '2024-04-01T00:00:00+00:00' criticality: breaking owner: calvinchilds - - location: CreateTeamDiscussionCommentInput.body + - location: EnterpriseOwnerInfo.teamDiscussionsSetting description: - '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionCommentInput.discussionId - description: - '`discussionId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionCommentPayload.teamDiscussionComment - description: - '`teamDiscussionComment` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.body - description: - '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.private - description: - '`private` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.teamId - description: - '`teamId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.title - description: - '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionPayload.teamDiscussion - description: - '`teamDiscussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ + '`teamDiscussionsSetting` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.' reason: The Team Discussions feature is deprecated in favor of Organization Discussions. date: '2024-07-01T00:00:00+00:00' @@ -496,158 +440,6 @@ upcoming_changes: date: '2024-07-01T00:00:00+00:00' criticality: breaking owner: JanKoszewski - - location: TeamDiscussion.authorAssociation - description: - '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.bodyVersion - description: - '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.comments - description: - '`comments` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.commentsResourcePath - description: - '`commentsResourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.commentsUrl - description: - '`commentsUrl` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.isPinned - description: - '`isPinned` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.isPrivate - description: - '`isPrivate` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.number - description: - '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.resourcePath - description: - '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.team - description: - '`team` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.title - description: - '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.url - description: - '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.viewerCanPin - description: - '`viewerCanPin` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.authorAssociation - description: - '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.bodyVersion - description: - '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.discussion - description: - '`discussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.number - description: - '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.resourcePath - description: - '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.url - description: - '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - location: Workflow.hasWorkflowDispatchTrigger description: '`hasWorkflowDispatchTrigger` will be removed. Use `has_workflow_dispatch_trigger_for_branch(branch_ref)` @@ -7596,6 +7388,12 @@ upcoming_changes: date: '2026-04-01T00:00:00+00:00' criticality: breaking owner: audit_logs + - location: ReviewRequest.requestedBy + description: '`requestedBy` will be removed. Use `requestedByActor` instead.' + reason: '`requestedBy` will be removed.' + date: '2026-04-01T00:00:00+00:00' + criticality: breaking + owner: github/client-apps-platform - location: TeamAddMemberAuditEntry.action description: '`action` will be removed.' reason: The GraphQL audit-log is deprecated. Please use the REST API instead. @@ -8184,3 +7982,19 @@ upcoming_changes: date: '2026-04-01T00:00:00+00:00' criticality: breaking owner: audit_logs + - location: Team.viewerCanSubscribe + description: '`viewerCanSubscribe` will be removed.' + reason: + '`Team.viewerCanSubscribe` will be removed. Team notifications subscriptions + are being deprecated.' + date: '2026-07-01T00:00:00+00:00' + criticality: breaking + owner: peter-evans + - location: Team.viewerSubscription + description: '`viewerSubscription` will be removed.' + reason: + '`Team.viewerSubscription` will be removed. Team notifications subscriptions + are being deprecated.' + date: '2026-07-01T00:00:00+00:00' + criticality: breaking + owner: peter-evans diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql index a052abfcbb8a..83f9c4357d5a 100644 --- a/src/graphql/data/fpt/schema.docs.graphql +++ b/src/graphql/data/fpt/schema.docs.graphql @@ -355,6 +355,11 @@ enum ActorType { Autogenerated input type of AddAssigneesToAssignable """ input AddAssigneesToAssignableInput { + """ + Configuration for assigning Copilot to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The id of the assignable object to add assignees to. """ @@ -1126,8 +1131,6 @@ input AddReactionInput { "PullRequestReview" "PullRequestReviewComment" "Release" - "TeamDiscussion" - "TeamDiscussionComment" ] abstractType: "Reactable" ) @@ -1420,6 +1423,31 @@ type AddedToProjectV2Event implements Node & ProjectV2Event { wasAutomated: Boolean! } +""" +Represents configuration for assigning Copilot to an issue (public variant) +""" +input AgentAssignmentInput { + """ + The base ref/branch for the repository. Defaults to the default branch if not provided. + """ + baseRef: String + + """ + Custom agent for Copilot. + """ + customAgent: String + + """ + Custom instructions for Copilot. + """ + customInstructions: String + + """ + The Node ID of the target repository where Copilot should work. Defaults to the issue's repository if not provided. + """ + targetRepositoryId: ID @possibleTypes(concreteTypes: ["Repository"]) +} + """ Copilot Agentic fields in context of the current viewer. """ @@ -2617,7 +2645,7 @@ Parameters to be used for the branch_name_pattern rule """ type BranchNamePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -2642,7 +2670,7 @@ Parameters to be used for the branch_name_pattern rule """ input BranchNamePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -5662,7 +5690,7 @@ Parameters to be used for the commit_author_email_pattern rule """ type CommitAuthorEmailPatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -5687,7 +5715,7 @@ Parameters to be used for the commit_author_email_pattern rule """ input CommitAuthorEmailPatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6184,7 +6212,7 @@ Parameters to be used for the commit_message_pattern rule """ type CommitMessagePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6209,7 +6237,7 @@ Parameters to be used for the commit_message_pattern rule """ input CommitMessagePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6274,7 +6302,7 @@ Parameters to be used for the committer_email_pattern rule """ type CommitterEmailPatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6299,7 +6327,7 @@ Parameters to be used for the committer_email_pattern rule """ input CommitterEmailPatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -8141,6 +8169,11 @@ type CreateIpAllowListEntryPayload { Autogenerated input type of CreateIssue """ input CreateIssueInput { + """ + Configuration for assigning Copilot to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The Node ID of assignees for this issue. """ @@ -8724,6 +8757,76 @@ type CreateRefPayload { ref: Ref } +""" +Autogenerated input type of CreateRepositoryCustomProperty +""" +input CreateRepositoryCustomPropertyInput { + """ + The allowed values for the custom property. + """ + allowedValues: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The default value for the custom property if the property is required. + """ + defaultValue: String + + """ + The description of the custom property. + """ + description: String + + """ + The name of the custom property. + """ + propertyName: String! + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + Whether the custom property is required. + """ + required: Boolean + + """ + The global relay id of the source in which a new custom property should be created in. + """ + sourceId: ID! @possibleTypes(concreteTypes: ["Enterprise", "Organization"], abstractType: "CustomPropertySource") + + """ + The value type for the custom property. + """ + valueType: CustomPropertyValueType! + + """ + The allowed actors who can edit the values of a custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy +} + +""" +Autogenerated return type of CreateRepositoryCustomProperty. +""" +type CreateRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The newly created repository custom property. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ Autogenerated input type of CreateRepository """ @@ -9143,130 +9246,6 @@ type CreateSponsorshipsPayload { sponsorables: [Sponsorable!] } -""" -Autogenerated input type of CreateTeamDiscussionComment -""" -input CreateTeamDiscussionCommentInput { - """ - The content of the comment. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `body` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - body: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the discussion to which the comment belongs. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `discussionId` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - discussionId: ID @possibleTypes(concreteTypes: ["TeamDiscussion"]) -} - -""" -Autogenerated return type of CreateTeamDiscussionComment. -""" -type CreateTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The new comment. - """ - teamDiscussionComment: TeamDiscussionComment - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) -} - -""" -Autogenerated input type of CreateTeamDiscussion -""" -input CreateTeamDiscussionInput { - """ - The content of the discussion. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `body` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - body: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - If true, restricts the visibility of this discussion to team members and - organization owners. If false or not specified, allows any organization member - to view this discussion. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `private` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - private: Boolean - - """ - The ID of the team to which the discussion belongs. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `teamId` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - teamId: ID @possibleTypes(concreteTypes: ["Team"]) - - """ - The title of the discussion. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `title` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - title: String -} - -""" -Autogenerated return type of CreateTeamDiscussion. -""" -type CreateTeamDiscussionPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The new discussion. - """ - teamDiscussion: TeamDiscussion - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) -} - """ Autogenerated input type of CreateUserList """ @@ -9782,6 +9761,64 @@ type CrossReferencedEvent implements Node & UniformResourceLocatable { willCloseTarget: Boolean! } +""" +Sources which can have custom properties defined. +""" +union CustomPropertySource = Enterprise | Organization + +""" +A custom property value can be either a string or an array of strings. All +property types support only a single string value, except for the multi-select +type, which supports only a string array. +""" +scalar CustomPropertyValue + +""" +The custom property name and value to be set. +""" +input CustomPropertyValueInput { + """ + The name of the custom property. + """ + propertyName: String! + + """ + The value to set for the custom property. Using a value of null will unset the + property value, reverting to the default value if the property is required. + """ + value: CustomPropertyValue +} + +""" +The allowed value types for a custom property definition. +""" +enum CustomPropertyValueType { + """ + A multi-select value. + """ + MULTI_SELECT + + """ + A single-select value. + """ + SINGLE_SELECT + + """ + A string value. + """ + STRING + + """ + A true/false value. + """ + TRUE_FALSE + + """ + A URL value. + """ + URL +} + """ The Common Vulnerability Scoring System """ @@ -10589,74 +10626,54 @@ type DeleteRefPayload { } """ -Autogenerated input type of DeleteRepositoryRuleset +Autogenerated input type of DeleteRepositoryCustomProperty """ -input DeleteRepositoryRulesetInput { +input DeleteRepositoryCustomPropertyInput { """ A unique identifier for the client performing the mutation. """ clientMutationId: String """ - The global relay id of the repository ruleset to be deleted. + The global relay id of the custom property to be deleted. """ - repositoryRulesetId: ID! @possibleTypes(concreteTypes: ["RepositoryRuleset"]) + id: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) } """ -Autogenerated return type of DeleteRepositoryRuleset. +Autogenerated return type of DeleteRepositoryCustomProperty. """ -type DeleteRepositoryRulesetPayload { +type DeleteRepositoryCustomPropertyPayload { """ A unique identifier for the client performing the mutation. """ clientMutationId: String -} -""" -Autogenerated input type of DeleteTeamDiscussionComment -""" -input DeleteTeamDiscussionCommentInput { """ - A unique identifier for the client performing the mutation. + The deleted custom property. """ - clientMutationId: String - - """ - The ID of the comment to delete. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussionComment"]) -} - -""" -Autogenerated return type of DeleteTeamDiscussionComment. -""" -type DeleteTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String + repositoryCustomProperty: RepositoryCustomProperty } """ -Autogenerated input type of DeleteTeamDiscussion +Autogenerated input type of DeleteRepositoryRuleset """ -input DeleteTeamDiscussionInput { +input DeleteRepositoryRulesetInput { """ A unique identifier for the client performing the mutation. """ clientMutationId: String """ - The discussion ID to delete. + The global relay id of the repository ruleset to be deleted. """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussion"]) + repositoryRulesetId: ID! @possibleTypes(concreteTypes: ["RepositoryRuleset"]) } """ -Autogenerated return type of DeleteTeamDiscussion. +Autogenerated return type of DeleteRepositoryRuleset. """ -type DeleteTeamDiscussionPayload { +type DeleteRepositoryRulesetPayload { """ A unique identifier for the client performing the mutation. """ @@ -13660,6 +13677,41 @@ type Enterprise implements Node { """ readmeHTML: HTML! + """ + A list of repository custom properties for this enterprise. + """ + repositoryCustomProperties( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyConnection + + """ + Returns a single repository custom property for the current enterprise by name. + """ + repositoryCustomProperty( + """ + The name of the repository custom property to be returned. + """ + propertyName: String! + ): RepositoryCustomProperty + """ The HTTP path for this enterprise. """ @@ -15010,6 +15062,11 @@ type EnterpriseOwnerInfo { """ ipAllowListForInstalledAppsEnabledSetting: IpAllowListForInstalledAppsEnabledSettingValue! + """ + The setting value for whether the enterprise has IP allow list user-level enforcement enabled. + """ + ipAllowListUserLevelEnforcementEnabledSetting: IpAllowListUserLevelEnforcementEnabledSettingValue! + """ Whether or not the base repository permission is currently being updated. """ @@ -15739,41 +15796,9 @@ type EnterpriseOwnerInfo { The setting value for whether team discussions are enabled for organizations in this enterprise. """ teamDiscussionsSetting: EnterpriseEnabledDisabledSettingValue! - - """ - A list of enterprise organizations configured with the provided team discussions setting value. - """ - teamDiscussionsSettingOrganizations( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Ordering options for organizations with this setting. - """ - orderBy: OrganizationOrder = {field: LOGIN, direction: ASC} - - """ - The setting value to find organizations for. - """ - value: Boolean! - ): OrganizationConnection! + @deprecated( + reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." + ) """ The setting value for what methods of two-factor authentication the enterprise prevents its users from having. @@ -18827,6 +18852,21 @@ Types that can own an IP allow list. """ union IpAllowListOwner = App | Enterprise | Organization +""" +The possible values for the IP allow list user-level enforcement enabled setting. +""" +enum IpAllowListUserLevelEnforcementEnabledSettingValue { + """ + The setting is disabled for the owner. + """ + DISABLED + + """ + The setting is enabled for the owner. + """ + ENABLED +} + """ An Issue is a place to discuss ideas, enhancements, tasks, and bugs for a project. """ @@ -19297,7 +19337,7 @@ type Issue implements Assignable & Closable & Comment & Deletable & Labelable & Returns the last _n_ elements from the list. """ last: Int - ): ProjectV2ItemConnection! + ): ProjectV2ItemConnection """ Find a project by number. @@ -25263,6 +25303,16 @@ type Mutation { input: CreateRepositoryInput! ): CreateRepositoryPayload + """ + Create a repository custom property. + """ + createRepositoryCustomProperty( + """ + Parameters for CreateRepositoryCustomProperty + """ + input: CreateRepositoryCustomPropertyInput! + ): CreateRepositoryCustomPropertyPayload + """ Create a repository ruleset """ @@ -25314,26 +25364,6 @@ type Mutation { input: CreateSponsorshipsInput! ): CreateSponsorshipsPayload - """ - Creates a new team discussion. - """ - createTeamDiscussion( - """ - Parameters for CreateTeamDiscussion - """ - input: CreateTeamDiscussionInput! - ): CreateTeamDiscussionPayload - - """ - Creates a new team discussion comment. - """ - createTeamDiscussionComment( - """ - Parameters for CreateTeamDiscussionComment - """ - input: CreateTeamDiscussionCommentInput! - ): CreateTeamDiscussionCommentPayload - """ Creates a new user list. """ @@ -25594,34 +25624,24 @@ type Mutation { ): DeleteRefPayload """ - Delete a repository ruleset + Delete a repository custom property. """ - deleteRepositoryRuleset( + deleteRepositoryCustomProperty( """ - Parameters for DeleteRepositoryRuleset + Parameters for DeleteRepositoryCustomProperty """ - input: DeleteRepositoryRulesetInput! - ): DeleteRepositoryRulesetPayload + input: DeleteRepositoryCustomPropertyInput! + ): DeleteRepositoryCustomPropertyPayload """ - Deletes a team discussion. - """ - deleteTeamDiscussion( - """ - Parameters for DeleteTeamDiscussion - """ - input: DeleteTeamDiscussionInput! - ): DeleteTeamDiscussionPayload - - """ - Deletes a team discussion comment. + Delete a repository ruleset """ - deleteTeamDiscussionComment( + deleteRepositoryRuleset( """ - Parameters for DeleteTeamDiscussionComment + Parameters for DeleteRepositoryRuleset """ - input: DeleteTeamDiscussionCommentInput! - ): DeleteTeamDiscussionCommentPayload + input: DeleteRepositoryRulesetInput! + ): DeleteRepositoryRulesetPayload """ Deletes a user list. @@ -25935,6 +25955,16 @@ type Mutation { input: PinIssueInput! ): PinIssuePayload + """ + Promote a repository custom property to the enterprise level. + """ + promoteRepositoryCustomProperty( + """ + Parameters for PromoteRepositoryCustomProperty + """ + input: PromoteRepositoryCustomPropertyInput! + ): PromoteRepositoryCustomPropertyPayload + """ Publish an existing sponsorship tier that is currently still a draft to a GitHub Sponsors profile. """ @@ -26176,6 +26206,16 @@ type Mutation { input: RequestReviewsInput! ): RequestReviewsPayload + """ + Set review requests on a pull request using login strings instead of IDs. + """ + requestReviewsByLogin( + """ + Parameters for RequestReviewsByLogin + """ + input: RequestReviewsByLoginInput! + ): RequestReviewsByLoginPayload + """ Rerequests an existing check suite. """ @@ -26256,6 +26296,16 @@ type Mutation { input: SetOrganizationInteractionLimitInput! ): SetOrganizationInteractionLimitPayload + """ + Set repository custom property values for a repository. + """ + setRepositoryCustomPropertyValues( + """ + Parameters for SetRepositoryCustomPropertyValues + """ + input: SetRepositoryCustomPropertyValuesInput! + ): SetRepositoryCustomPropertyValuesPayload + """ Sets an interaction limit setting for a repository. """ @@ -26689,16 +26739,6 @@ type Mutation { input: UpdateEnterpriseRepositoryProjectsSettingInput! ): UpdateEnterpriseRepositoryProjectsSettingPayload - """ - Sets whether team discussions are enabled for an enterprise. - """ - updateEnterpriseTeamDiscussionsSetting( - """ - Parameters for UpdateEnterpriseTeamDiscussionsSetting - """ - input: UpdateEnterpriseTeamDiscussionsSettingInput! - ): UpdateEnterpriseTeamDiscussionsSettingPayload - """ Sets the two-factor authentication methods that users of an enterprise may not use. """ @@ -26759,6 +26799,16 @@ type Mutation { input: UpdateIpAllowListForInstalledAppsEnabledSettingInput! ): UpdateIpAllowListForInstalledAppsEnabledSettingPayload + """ + Sets whether IP allow list user-level enforcement is enabled on an enterprise. + """ + updateIpAllowListUserLevelEnforcementEnabledSetting( + """ + Parameters for UpdateIpAllowListUserLevelEnforcementEnabledSetting + """ + input: UpdateIpAllowListUserLevelEnforcementEnabledSettingInput! + ): UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload + """ Updates an Issue. """ @@ -27049,6 +27099,16 @@ type Mutation { input: UpdateRepositoryInput! ): UpdateRepositoryPayload + """ + Update a repository custom property. + """ + updateRepositoryCustomProperty( + """ + Parameters for UpdateRepositoryCustomProperty + """ + input: UpdateRepositoryCustomPropertyInput! + ): UpdateRepositoryCustomPropertyPayload + """ Update a repository ruleset """ @@ -27089,26 +27149,6 @@ type Mutation { input: UpdateSubscriptionInput! ): UpdateSubscriptionPayload - """ - Updates a team discussion. - """ - updateTeamDiscussion( - """ - Parameters for UpdateTeamDiscussion - """ - input: UpdateTeamDiscussionInput! - ): UpdateTeamDiscussionPayload - - """ - Updates a discussion comment. - """ - updateTeamDiscussionComment( - """ - Parameters for UpdateTeamDiscussionComment - """ - input: UpdateTeamDiscussionCommentInput! - ): UpdateTeamDiscussionCommentPayload - """ Updates team review assignment. """ @@ -33264,6 +33304,41 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr name: String! ): Repository + """ + A list of custom properties for this organization. + """ + repositoryCustomProperties( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyConnection + + """ + Returns a single custom property from the current organization by name. + """ + repositoryCustomProperty( + """ + The name of the custom property to be returned. + """ + propertyName: String! + ): RepositoryCustomProperty + """ Discussion comments this user has authored. """ @@ -40299,6 +40374,36 @@ enum ProjectV2WorkflowsOrderField { UPDATED_AT } +""" +Autogenerated input type of PromoteRepositoryCustomProperty +""" +input PromoteRepositoryCustomPropertyInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the repository custom property to be promoted. + """ + repositoryCustomPropertyId: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) +} + +""" +Autogenerated return type of PromoteRepositoryCustomProperty. +""" +type PromoteRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The repository custom property that has been promoted. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ A property that must match """ @@ -41063,7 +41168,7 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab Returns the last _n_ elements from the list. """ last: Int - ): ProjectV2ItemConnection! + ): ProjectV2ItemConnection """ Find a project by number. @@ -41333,6 +41438,11 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab Returns the last _n_ elements from the list. """ last: Int + + """ + Search actors with query on user name and login. + """ + query: String ): SuggestedReviewerActorConnection! """ @@ -41948,13 +42058,6 @@ type PullRequestParameters { """ allowedMergeMethods: [PullRequestAllowedMergeMethods!] - """ - Request Copilot code review for new pull requests automatically if the author - has access to Copilot code review and their premium requests quota has not - reached the limit. - """ - automaticCopilotCodeReviewEnabled: Boolean! - """ New, reviewable commits pushed will dismiss previous pull request review approvals. """ @@ -41998,13 +42101,6 @@ input PullRequestParametersInput { """ allowedMergeMethods: [PullRequestAllowedMergeMethods!] - """ - Request Copilot code review for new pull requests automatically if the author - has access to Copilot code review and their premium requests quota has not - reached the limit. - """ - automaticCopilotCodeReviewEnabled: Boolean - """ New, reviewable commits pushed will dismiss previous pull request review approvals. """ @@ -46155,8 +46251,6 @@ input RemoveReactionInput { "PullRequestReview" "PullRequestReviewComment" "Release" - "TeamDiscussion" - "TeamDiscussionComment" ] abstractType: "Reactable" ) @@ -46606,14 +46700,27 @@ Autogenerated input type of ReplaceActorsForAssignable """ input ReplaceActorsForAssignableInput { """ - The ids of the actors to replace the existing assignees. + The ids of the actors to replace the existing assignees. May be used as an + alternative to or in conjunction with actorLogins. """ - actorIds: [ID!]! + actorIds: [ID!] @possibleTypes( concreteTypes: ["Bot", "EnterpriseUserAccount", "Mannequin", "Organization", "User"] abstractType: "Actor" ) + """ + The usernames of the actors to replace the existing assignees. May be used as + an alternative to or in conjunction with actorIds. For bots, use the login + format with [bot] suffix (e.g., 'my-app[bot]'). + """ + actorLogins: [String!] + + """ + Configuration for assigning an AI agent to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The id of the assignable object to replace the assignees for. """ @@ -51498,6 +51605,41 @@ type Repository implements Node & PackageOwner & ProjectOwner & ProjectV2Recent orderBy: ReleaseOrder ): ReleaseConnection! + """ + A custom property value for the repository. + """ + repositoryCustomPropertyValue( + """ + The name of the custom property to retrieve the value for. + """ + propertyName: String! + ): RepositoryCustomPropertyValue + + """ + A list of custom properties and their associated values for a repository. + """ + repositoryCustomPropertyValues( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyValueConnection + """ A list of applied repository-topic associations for this repository. """ @@ -52109,6 +52251,171 @@ enum RepositoryContributionType { REPOSITORY } +""" +A repository custom property. +""" +type RepositoryCustomProperty implements Node { + """ + The allowed values for the custom property. Required if `value_type` is `single_select` or `multi_select`. + """ + allowedValues: [String!] + + """ + The default value of the custom property, if the property is `required`. + """ + defaultValue: CustomPropertyValue + + """ + The description of the custom property. + """ + description: String + + """ + The Node ID of the RepositoryCustomProperty object + """ + id: ID! + + """ + The name of the custom property. + """ + propertyName: String! + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + Whether the custom property is required. + """ + required: Boolean + + """ + The source type of the custom property. + """ + source: CustomPropertySource! + + """ + The value type of the custom property. + """ + valueType: CustomPropertyValueType! + + """ + Who can edit the values of this repository custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy! +} + +""" +The connection type for RepositoryCustomProperty. +""" +type RepositoryCustomPropertyConnection { + """ + A list of edges. + """ + edges: [RepositoryCustomPropertyEdge] + + """ + A list of nodes. + """ + nodes: [RepositoryCustomProperty] + + """ + Information to aid in pagination. + """ + pageInfo: PageInfo! + + """ + Identifies the total count of items in the connection. + """ + totalCount: Int! +} + +""" +An edge in a connection. +""" +type RepositoryCustomPropertyEdge { + """ + A cursor for use in pagination. + """ + cursor: String! + + """ + The item at the end of the edge. + """ + node: RepositoryCustomProperty +} + +""" +A value associated with a repository custom property. +""" +type RepositoryCustomPropertyValue { + """ + The name of the custom property. + """ + propertyName: String! + + """ + The value of the custom property. + """ + value: CustomPropertyValue! +} + +""" +The connection type for RepositoryCustomPropertyValue. +""" +type RepositoryCustomPropertyValueConnection { + """ + A list of edges. + """ + edges: [RepositoryCustomPropertyValueEdge] + + """ + A list of nodes. + """ + nodes: [RepositoryCustomPropertyValue] + + """ + Information to aid in pagination. + """ + pageInfo: PageInfo! + + """ + Identifies the total count of items in the connection. + """ + totalCount: Int! +} + +""" +An edge in a connection. +""" +type RepositoryCustomPropertyValueEdge { + """ + A cursor for use in pagination. + """ + cursor: String! + + """ + The item at the end of the edge. + """ + node: RepositoryCustomPropertyValue +} + +""" +The allowed actors who can edit the values of a custom property. +""" +enum RepositoryCustomPropertyValuesEditableBy { + """ + The organization actors. + """ + ORG_ACTORS + + """ + The organization and repository actors. + """ + ORG_AND_REPO_ACTORS +} + """ Represents an author of discussions in repositories. """ @@ -54448,6 +54755,66 @@ type ReprioritizeSubIssuePayload { issue: Issue } +""" +Autogenerated input type of RequestReviewsByLogin +""" +input RequestReviewsByLoginInput { + """ + The logins of the bots to request reviews from, including the [bot] suffix (e.g., 'copilot-pull-request-reviewer[bot]'). + """ + botLogins: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The Node ID of the pull request to modify. + """ + pullRequestId: ID! @possibleTypes(concreteTypes: ["PullRequest"]) + + """ + The slugs of the teams to request reviews from (format: 'org/team-slug'). + """ + teamSlugs: [String!] + + """ + Add users to the set rather than replace. + """ + union: Boolean = false + + """ + The login strings of the users to request reviews from. + """ + userLogins: [String!] +} + +""" +Autogenerated return type of RequestReviewsByLogin. +""" +type RequestReviewsByLoginPayload { + """ + Identifies the actor who performed the event. + """ + actor: Actor + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The pull request that is getting requests. + """ + pullRequest: PullRequest + + """ + The edge from the pull request to the requested reviewers. + """ + requestedReviewersEdge: UserEdge +} + """ Autogenerated input type of RequestReviews """ @@ -56362,6 +56729,41 @@ type SetOrganizationInteractionLimitPayload { organization: Organization } +""" +Autogenerated input type of SetRepositoryCustomPropertyValues +""" +input SetRepositoryCustomPropertyValuesInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + A list of custom property names and associated values to apply. + """ + properties: [CustomPropertyValueInput!]! + + """ + The ID of the repository to set properties for. + """ + repositoryId: ID! @possibleTypes(concreteTypes: ["Repository"]) +} + +""" +Autogenerated return type of SetRepositoryCustomPropertyValues. +""" +type SetRepositoryCustomPropertyValuesPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The repository that the custom properties were set for. + """ + repository: Repository +} + """ Autogenerated input type of SetRepositoryInteractionLimit """ @@ -60579,7 +60981,7 @@ Parameters to be used for the tag_name_pattern rule """ type TagNamePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -60604,7 +61006,7 @@ Parameters to be used for the tag_name_pattern rule """ input TagNamePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -60723,61 +61125,6 @@ type Team implements MemberStatusable & Node & Subscribable { """ description: String - """ - Find a team discussion by its number. - """ - discussion( - """ - The sequence number of the discussion to find. - """ - number: Int! - ): TeamDiscussion - - """ - A list of team discussions. - """ - discussions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - If provided, filters discussions according to whether or not they are pinned. - """ - isPinned: Boolean - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Order for connection - """ - orderBy: TeamDiscussionOrder - ): TeamDiscussionConnection! - - """ - The HTTP path for team discussions - """ - discussionsResourcePath: URI! - - """ - The HTTP URL for team discussions - """ - discussionsUrl: URI! - """ The HTTP path for editing this team """ @@ -61094,14 +61441,20 @@ type Team implements MemberStatusable & Node & Subscribable { viewerCanAdminister: Boolean! """ - Check if the viewer is able to change their subscription status for the repository. + Check if the viewer is able to change their subscription status for the subscribable entity. """ viewerCanSubscribe: Boolean! + @deprecated( + reason: "`Team.viewerCanSubscribe` will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC." + ) """ Identifies if the viewer is watching, not watching, or ignoring the subscribable entity. """ viewerSubscription: SubscriptionState + @deprecated( + reason: "`Team.viewerSubscription` will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC." + ) } """ @@ -61760,648 +62113,6 @@ type TeamConnection { totalCount: Int! } -""" -A team discussion. -""" -type TeamDiscussion implements Comment & Deletable & Node & Reactable & Subscribable & UniformResourceLocatable & Updatable & UpdatableComment { - """ - The actor who authored the comment. - """ - author: Actor - - """ - Author's association with the discussion's team. - """ - authorAssociation: CommentAuthorAssociation! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The body as Markdown. - """ - body: String! - - """ - The body rendered to HTML. - """ - bodyHTML: HTML! - - """ - The body rendered to text. - """ - bodyText: String! - - """ - Identifies the discussion body hash. - """ - bodyVersion: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of comments on this discussion. - """ - comments( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - When provided, filters the connection such that results begin with the comment with this number. - """ - fromComment: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Order for connection - """ - orderBy: TeamDiscussionCommentOrder - ): TeamDiscussionCommentConnection! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The HTTP path for discussion comments - """ - commentsResourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The HTTP URL for discussion comments - """ - commentsUrl: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was created. - """ - createdAt: DateTime! - - """ - Check if this comment was created via an email reply. - """ - createdViaEmail: Boolean! - - """ - Identifies the primary key from the database. - """ - databaseId: Int - - """ - The actor who edited the comment. - """ - editor: Actor - - """ - The Node ID of the TeamDiscussion object - """ - id: ID! - - """ - Check if this comment was edited and includes an edit with the creation data - """ - includesCreatedEdit: Boolean! - - """ - Whether or not the discussion is pinned. - """ - isPinned: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Whether or not the discussion is only visible to team members and organization owners. - """ - isPrivate: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The moment the editor made the last edit - """ - lastEditedAt: DateTime - - """ - Identifies the discussion within its team. - """ - number: Int! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies when the comment was published at. - """ - publishedAt: DateTime - - """ - A list of reactions grouped by content left on the subject. - """ - reactionGroups: [ReactionGroup!] - - """ - A list of Reactions left on the Issue. - """ - reactions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Allows filtering Reactions by emoji. - """ - content: ReactionContent - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Allows specifying the order in which reactions are returned. - """ - orderBy: ReactionOrder - ): ReactionConnection! - - """ - The HTTP path for this discussion - """ - resourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The team that defines the context of this discussion. - """ - team: Team! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The title of the discussion - """ - title: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was last updated. - """ - updatedAt: DateTime! - - """ - The HTTP URL for this discussion - """ - url: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of edits to this content. - """ - userContentEdits( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - ): UserContentEditConnection - - """ - Check if the current viewer can delete this object. - """ - viewerCanDelete: Boolean! - - """ - Whether or not the current viewer can pin this discussion. - """ - viewerCanPin: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Can user react to this subject - """ - viewerCanReact: Boolean! - - """ - Check if the viewer is able to change their subscription status for the repository. - """ - viewerCanSubscribe: Boolean! - - """ - Check if the current viewer can update this object. - """ - viewerCanUpdate: Boolean! - - """ - Reasons why the current viewer can not update this comment. - """ - viewerCannotUpdateReasons: [CommentCannotUpdateReason!]! - - """ - Did the viewer author this comment. - """ - viewerDidAuthor: Boolean! - - """ - Identifies if the viewer is watching, not watching, or ignoring the subscribable entity. - """ - viewerSubscription: SubscriptionState -} - -""" -A comment on a team discussion. -""" -type TeamDiscussionComment implements Comment & Deletable & Node & Reactable & UniformResourceLocatable & Updatable & UpdatableComment { - """ - The actor who authored the comment. - """ - author: Actor - - """ - Author's association with the comment's team. - """ - authorAssociation: CommentAuthorAssociation! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The body as Markdown. - """ - body: String! - - """ - The body rendered to HTML. - """ - bodyHTML: HTML! - - """ - The body rendered to text. - """ - bodyText: String! - - """ - The current version of the body content. - """ - bodyVersion: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was created. - """ - createdAt: DateTime! - - """ - Check if this comment was created via an email reply. - """ - createdViaEmail: Boolean! - - """ - Identifies the primary key from the database. - """ - databaseId: Int - - """ - The discussion this comment is about. - """ - discussion: TeamDiscussion! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The actor who edited the comment. - """ - editor: Actor - - """ - The Node ID of the TeamDiscussionComment object - """ - id: ID! - - """ - Check if this comment was edited and includes an edit with the creation data - """ - includesCreatedEdit: Boolean! - - """ - The moment the editor made the last edit - """ - lastEditedAt: DateTime - - """ - Identifies the comment number. - """ - number: Int! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies when the comment was published at. - """ - publishedAt: DateTime - - """ - A list of reactions grouped by content left on the subject. - """ - reactionGroups: [ReactionGroup!] - - """ - A list of Reactions left on the Issue. - """ - reactions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Allows filtering Reactions by emoji. - """ - content: ReactionContent - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Allows specifying the order in which reactions are returned. - """ - orderBy: ReactionOrder - ): ReactionConnection! - - """ - The HTTP path for this comment - """ - resourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was last updated. - """ - updatedAt: DateTime! - - """ - The HTTP URL for this comment - """ - url: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of edits to this content. - """ - userContentEdits( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - ): UserContentEditConnection - - """ - Check if the current viewer can delete this object. - """ - viewerCanDelete: Boolean! - - """ - Can user react to this subject - """ - viewerCanReact: Boolean! - - """ - Check if the current viewer can update this object. - """ - viewerCanUpdate: Boolean! - - """ - Reasons why the current viewer can not update this comment. - """ - viewerCannotUpdateReasons: [CommentCannotUpdateReason!]! - - """ - Did the viewer author this comment. - """ - viewerDidAuthor: Boolean! -} - -""" -The connection type for TeamDiscussionComment. -""" -type TeamDiscussionCommentConnection { - """ - A list of edges. - """ - edges: [TeamDiscussionCommentEdge] - - """ - A list of nodes. - """ - nodes: [TeamDiscussionComment] - - """ - Information to aid in pagination. - """ - pageInfo: PageInfo! - - """ - Identifies the total count of items in the connection. - """ - totalCount: Int! -} - -""" -An edge in a connection. -""" -type TeamDiscussionCommentEdge { - """ - A cursor for use in pagination. - """ - cursor: String! - - """ - The item at the end of the edge. - """ - node: TeamDiscussionComment -} - -""" -Ways in which team discussion comment connections can be ordered. -""" -input TeamDiscussionCommentOrder { - """ - The direction in which to order nodes. - """ - direction: OrderDirection! - - """ - The field by which to order nodes. - """ - field: TeamDiscussionCommentOrderField! -} - -""" -Properties by which team discussion comment connections can be ordered. -""" -enum TeamDiscussionCommentOrderField { - """ - Allows sequential ordering of team discussion comments (which is equivalent to chronological ordering). - """ - NUMBER -} - -""" -The connection type for TeamDiscussion. -""" -type TeamDiscussionConnection { - """ - A list of edges. - """ - edges: [TeamDiscussionEdge] - - """ - A list of nodes. - """ - nodes: [TeamDiscussion] - - """ - Information to aid in pagination. - """ - pageInfo: PageInfo! - - """ - Identifies the total count of items in the connection. - """ - totalCount: Int! -} - -""" -An edge in a connection. -""" -type TeamDiscussionEdge { - """ - A cursor for use in pagination. - """ - cursor: String! - - """ - The item at the end of the edge. - """ - node: TeamDiscussion -} - -""" -Ways in which team discussion connections can be ordered. -""" -input TeamDiscussionOrder { - """ - The direction in which to order nodes. - """ - direction: OrderDirection! - - """ - The field by which to order nodes. - """ - field: TeamDiscussionOrderField! -} - -""" -Properties by which team discussion connections can be ordered. -""" -enum TeamDiscussionOrderField { - """ - Allows chronological ordering of team discussions. - """ - CREATED_AT -} - """ An edge in a connection. """ @@ -65435,46 +65146,6 @@ type UpdateEnterpriseRepositoryProjectsSettingPayload { message: String } -""" -Autogenerated input type of UpdateEnterpriseTeamDiscussionsSetting -""" -input UpdateEnterpriseTeamDiscussionsSettingInput { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the enterprise on which to set the team discussions setting. - """ - enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) - - """ - The value for the team discussions setting on the enterprise. - """ - settingValue: EnterpriseEnabledDisabledSettingValue! -} - -""" -Autogenerated return type of UpdateEnterpriseTeamDiscussionsSetting. -""" -type UpdateEnterpriseTeamDiscussionsSettingPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The enterprise with the updated team discussions setting. - """ - enterprise: Enterprise - - """ - A message confirming the result of updating the team discussions setting. - """ - message: String -} - """ Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting """ @@ -65715,6 +65386,41 @@ type UpdateIpAllowListForInstalledAppsEnabledSettingPayload { owner: IpAllowListOwner } +""" +Autogenerated input type of UpdateIpAllowListUserLevelEnforcementEnabledSetting +""" +input UpdateIpAllowListUserLevelEnforcementEnabledSettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the owner. + """ + ownerId: ID! @possibleTypes(concreteTypes: ["App", "Enterprise", "Organization"], abstractType: "IpAllowListOwner") + + """ + The value for the IP allow list user-level enforcement enabled setting. + """ + settingValue: IpAllowListUserLevelEnforcementEnabledSettingValue! +} + +""" +Autogenerated return type of UpdateIpAllowListUserLevelEnforcementEnabledSetting. +""" +type UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The IP allow list owner on which the setting was updated. + """ + owner: IpAllowListOwner +} + """ Autogenerated input type of UpdateIssueComment """ @@ -65754,6 +65460,11 @@ type UpdateIssueCommentPayload { Autogenerated input type of UpdateIssue """ input UpdateIssueInput { + """ + Configuration for assigning an AI agent to this issue. + """ + agentAssignment: AgentAssignmentInput + """ An array of Node IDs of users or bots for this issue. """ @@ -66884,6 +66595,66 @@ type UpdateRefsPayload { clientMutationId: String } +""" +Autogenerated input type of UpdateRepositoryCustomProperty +""" +input UpdateRepositoryCustomPropertyInput { + """ + The updated allowed values for the custom property. + """ + allowedValues: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The updated default value for the custom property if the property is required. + """ + defaultValue: String + + """ + The updated description of the custom property. + """ + description: String + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + The global relay id of the source of the custom property. + """ + repositoryCustomPropertyId: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) + + """ + Whether the updated custom property is required. + """ + required: Boolean + + """ + The updated actors who can edit the values of the custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy +} + +""" +Autogenerated return type of UpdateRepositoryCustomProperty. +""" +type UpdateRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The updated repository custom property. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ Autogenerated input type of UpdateRepository """ @@ -67137,7 +66908,7 @@ input UpdateSubscriptionInput { """ subscribableId: ID! @possibleTypes( - concreteTypes: ["Commit", "Discussion", "Issue", "PullRequest", "Repository", "Team", "TeamDiscussion"] + concreteTypes: ["Commit", "Discussion", "Issue", "PullRequest", "Repository", "Team"] abstractType: "Subscribable" ) } @@ -67157,97 +66928,6 @@ type UpdateSubscriptionPayload { subscribable: Subscribable } -""" -Autogenerated input type of UpdateTeamDiscussionComment -""" -input UpdateTeamDiscussionCommentInput { - """ - The updated text of the comment. - """ - body: String! - - """ - The current version of the body content. - """ - bodyVersion: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the comment to modify. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussionComment"]) -} - -""" -Autogenerated return type of UpdateTeamDiscussionComment. -""" -type UpdateTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The updated comment. - """ - teamDiscussionComment: TeamDiscussionComment -} - -""" -Autogenerated input type of UpdateTeamDiscussion -""" -input UpdateTeamDiscussionInput { - """ - The updated text of the discussion. - """ - body: String - - """ - The current version of the body content. If provided, this update operation - will be rejected if the given version does not match the latest version on the server. - """ - bodyVersion: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The Node ID of the discussion to modify. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussion"]) - - """ - If provided, sets the pinned state of the updated discussion. - """ - pinned: Boolean - - """ - The updated title of the discussion. - """ - title: String -} - -""" -Autogenerated return type of UpdateTeamDiscussion. -""" -type UpdateTeamDiscussionPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The updated discussion. - """ - teamDiscussion: TeamDiscussion -} - """ Autogenerated input type of UpdateTeamReviewAssignment """ diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json index 4766206c9fcc..da3a5da17c9f 100644 --- a/src/graphql/data/fpt/schema.json +++ b/src/graphql/data/fpt/schema.json @@ -3461,6 +3461,40 @@ } ] }, + { + "name": "createRepositoryCustomProperty", + "kind": "mutations", + "id": "createrepositorycustomproperty", + "href": "/graphql/reference/mutations#createrepositorycustomproperty", + "description": "

    Create a repository custom property.

    ", + "inputFields": [ + { + "name": "input", + "type": "CreateRepositoryCustomPropertyInput!", + "id": "createrepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#createrepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The newly created repository custom property.

    " + } + ] + }, { "name": "createRepositoryRuleset", "kind": "mutations", @@ -3631,78 +3665,6 @@ } ] }, - { - "name": "createTeamDiscussion", - "kind": "mutations", - "id": "createteamdiscussion", - "href": "/graphql/reference/mutations#createteamdiscussion", - "description": "

    Creates a new team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "CreateTeamDiscussionInput!", - "id": "createteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#createteamdiscussioninput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussion", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    The new discussion.

    ", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - } - ] - }, - { - "name": "createTeamDiscussionComment", - "kind": "mutations", - "id": "createteamdiscussioncomment", - "href": "/graphql/reference/mutations#createteamdiscussioncomment", - "description": "

    Creates a new team discussion comment.

    ", - "inputFields": [ - { - "name": "input", - "type": "CreateTeamDiscussionCommentInput!", - "id": "createteamdiscussioncommentinput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#createteamdiscussioncommentinput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussionComment", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    The new comment.

    ", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - } - ] - }, { "name": "createUserList", "kind": "mutations", @@ -4562,18 +4524,18 @@ ] }, { - "name": "deleteRepositoryRuleset", + "name": "deleteRepositoryCustomProperty", "kind": "mutations", - "id": "deleterepositoryruleset", - "href": "/graphql/reference/mutations#deleterepositoryruleset", - "description": "

    Delete a repository ruleset.

    ", + "id": "deleterepositorycustomproperty", + "href": "/graphql/reference/mutations#deleterepositorycustomproperty", + "description": "

    Delete a repository custom property.

    ", "inputFields": [ { "name": "input", - "type": "DeleteRepositoryRulesetInput!", - "id": "deleterepositoryrulesetinput", + "type": "DeleteRepositoryCustomPropertyInput!", + "id": "deleterepositorycustompropertyinput", "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput" + "href": "/graphql/reference/input-objects#deleterepositorycustompropertyinput" } ], "returnFields": [ @@ -4584,48 +4546,30 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string", "description": "

    A unique identifier for the client performing the mutation.

    " - } - ] - }, - { - "name": "deleteTeamDiscussion", - "kind": "mutations", - "id": "deleteteamdiscussion", - "href": "/graphql/reference/mutations#deleteteamdiscussion", - "description": "

    Deletes a team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "DeleteTeamDiscussionInput!", - "id": "deleteteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleteteamdiscussioninput" - } - ], - "returnFields": [ + }, { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The deleted custom property.

    " } ] }, { - "name": "deleteTeamDiscussionComment", + "name": "deleteRepositoryRuleset", "kind": "mutations", - "id": "deleteteamdiscussioncomment", - "href": "/graphql/reference/mutations#deleteteamdiscussioncomment", - "description": "

    Deletes a team discussion comment.

    ", + "id": "deleterepositoryruleset", + "href": "/graphql/reference/mutations#deleterepositoryruleset", + "description": "

    Delete a repository ruleset.

    ", "inputFields": [ { "name": "input", - "type": "DeleteTeamDiscussionCommentInput!", - "id": "deleteteamdiscussioncommentinput", + "type": "DeleteRepositoryRulesetInput!", + "id": "deleterepositoryrulesetinput", "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleteteamdiscussioncommentinput" + "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput" } ], "returnFields": [ @@ -5715,6 +5659,40 @@ } ] }, + { + "name": "promoteRepositoryCustomProperty", + "kind": "mutations", + "id": "promoterepositorycustomproperty", + "href": "/graphql/reference/mutations#promoterepositorycustomproperty", + "description": "

    Promote a repository custom property to the enterprise level.

    ", + "inputFields": [ + { + "name": "input", + "type": "PromoteRepositoryCustomPropertyInput!", + "id": "promoterepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#promoterepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The repository custom property that has been promoted.

    " + } + ] + }, { "name": "publishSponsorsTier", "kind": "mutations", @@ -6635,6 +6613,56 @@ } ] }, + { + "name": "requestReviewsByLogin", + "kind": "mutations", + "id": "requestreviewsbylogin", + "href": "/graphql/reference/mutations#requestreviewsbylogin", + "description": "

    Set review requests on a pull request using login strings instead of IDs.

    ", + "inputFields": [ + { + "name": "input", + "type": "RequestReviewsByLoginInput!", + "id": "requestreviewsbylogininput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#requestreviewsbylogininput" + } + ], + "returnFields": [ + { + "name": "actor", + "type": "Actor", + "id": "actor", + "kind": "interfaces", + "href": "/graphql/reference/interfaces#actor", + "description": "

    Identifies the actor who performed the event.

    " + }, + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "pullRequest", + "type": "PullRequest", + "id": "pullrequest", + "kind": "objects", + "href": "/graphql/reference/objects#pullrequest", + "description": "

    The pull request that is getting requests.

    " + }, + { + "name": "requestedReviewersEdge", + "type": "UserEdge", + "id": "useredge", + "kind": "objects", + "href": "/graphql/reference/objects#useredge", + "description": "

    The edge from the pull request to the requested reviewers.

    " + } + ] + }, { "name": "rerequestCheckSuite", "kind": "mutations", @@ -6915,6 +6943,40 @@ } ] }, + { + "name": "setRepositoryCustomPropertyValues", + "kind": "mutations", + "id": "setrepositorycustompropertyvalues", + "href": "/graphql/reference/mutations#setrepositorycustompropertyvalues", + "description": "

    Set repository custom property values for a repository.

    ", + "inputFields": [ + { + "name": "input", + "type": "SetRepositoryCustomPropertyValuesInput!", + "id": "setrepositorycustompropertyvaluesinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#setrepositorycustompropertyvaluesinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repository", + "type": "Repository", + "id": "repository", + "kind": "objects", + "href": "/graphql/reference/objects#repository", + "description": "

    The repository that the custom properties were set for.

    " + } + ] + }, { "name": "setRepositoryInteractionLimit", "kind": "mutations", @@ -8507,48 +8569,6 @@ } ] }, - { - "name": "updateEnterpriseTeamDiscussionsSetting", - "kind": "mutations", - "id": "updateenterpriseteamdiscussionssetting", - "href": "/graphql/reference/mutations#updateenterpriseteamdiscussionssetting", - "description": "

    Sets whether team discussions are enabled for an enterprise.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateEnterpriseTeamDiscussionsSettingInput!", - "id": "updateenterpriseteamdiscussionssettinginput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateenterpriseteamdiscussionssettinginput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "enterprise", - "type": "Enterprise", - "id": "enterprise", - "kind": "objects", - "href": "/graphql/reference/objects#enterprise", - "description": "

    The enterprise with the updated team discussions setting.

    " - }, - { - "name": "message", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A message confirming the result of updating the team discussions setting.

    " - } - ] - }, { "name": "updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting", "kind": "mutations", @@ -8769,6 +8789,40 @@ } ] }, + { + "name": "updateIpAllowListUserLevelEnforcementEnabledSetting", + "kind": "mutations", + "id": "updateipallowlistuserlevelenforcementenabledsetting", + "href": "/graphql/reference/mutations#updateipallowlistuserlevelenforcementenabledsetting", + "description": "

    Sets whether IP allow list user-level enforcement is enabled on an enterprise.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateIpAllowListUserLevelEnforcementEnabledSettingInput!", + "id": "updateipallowlistuserlevelenforcementenabledsettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateipallowlistuserlevelenforcementenabledsettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "owner", + "type": "IpAllowListOwner", + "id": "ipallowlistowner", + "kind": "unions", + "href": "/graphql/reference/unions#ipallowlistowner", + "description": "

    The IP allow list owner on which the setting was updated.

    " + } + ] + }, { "name": "updateIssue", "kind": "mutations", @@ -9683,6 +9737,40 @@ } ] }, + { + "name": "updateRepositoryCustomProperty", + "kind": "mutations", + "id": "updaterepositorycustomproperty", + "href": "/graphql/reference/mutations#updaterepositorycustomproperty", + "description": "

    Update a repository custom property.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateRepositoryCustomPropertyInput!", + "id": "updaterepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updaterepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The updated repository custom property.

    " + } + ] + }, { "name": "updateRepositoryRuleset", "kind": "mutations", @@ -9827,74 +9915,6 @@ } ] }, - { - "name": "updateTeamDiscussion", - "kind": "mutations", - "id": "updateteamdiscussion", - "href": "/graphql/reference/mutations#updateteamdiscussion", - "description": "

    Updates a team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateTeamDiscussionInput!", - "id": "updateteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateteamdiscussioninput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussion", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    The updated discussion.

    " - } - ] - }, - { - "name": "updateTeamDiscussionComment", - "kind": "mutations", - "id": "updateteamdiscussioncomment", - "href": "/graphql/reference/mutations#updateteamdiscussioncomment", - "description": "

    Updates a discussion comment.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateTeamDiscussionCommentInput!", - "id": "updateteamdiscussioncommentinput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateteamdiscussioncommentinput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussionComment", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    The updated comment.

    " - } - ] - }, { "name": "updateTeamReviewAssignment", "kind": "mutations", @@ -11897,7 +11917,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -15193,7 +15213,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -16022,7 +16042,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -16063,7 +16083,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -22469,6 +22489,76 @@ "kind": "scalars", "href": "/graphql/reference/scalars#html" }, + { + "name": "repositoryCustomProperties", + "description": "

    A list of repository custom properties for this enterprise.

    ", + "type": "RepositoryCustomPropertyConnection", + "id": "repositorycustompropertyconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryCustomProperty", + "description": "

    Returns a single repository custom property for the current enterprise by name.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the repository custom property to be returned.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, { "name": "resourcePath", "description": "

    The HTTP path for this enterprise.

    ", @@ -24290,6 +24380,14 @@ "kind": "enums", "href": "/graphql/reference/enums#ipallowlistforinstalledappsenabledsettingvalue" }, + { + "name": "ipAllowListUserLevelEnforcementEnabledSetting", + "description": "

    The setting value for whether the enterprise has IP allow list user-level enforcement enabled.

    ", + "type": "IpAllowListUserLevelEnforcementEnabledSettingValue!", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue" + }, { "name": "isUpdatingDefaultRepositoryPermission", "description": "

    Whether or not the base repository permission is currently being updated.

    ", @@ -25698,77 +25796,9 @@ "type": "EnterpriseEnabledDisabledSettingValue!", "id": "enterpriseenableddisabledsettingvalue", "kind": "enums", - "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" - }, - { - "name": "teamDiscussionsSettingOrganizations", - "description": "

    A list of enterprise organizations configured with the provided team discussions setting value.

    ", - "type": "OrganizationConnection!", - "id": "organizationconnection", - "kind": "objects", - "href": "/graphql/reference/objects#organizationconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Ordering options for organizations with this setting.

    ", - "type": { - "name": "OrganizationOrder", - "id": "organizationorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#organizationorder" - } - }, - { - "name": "value", - "description": "

    The setting value to find organizations for.

    ", - "type": { - "name": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - } - ] + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue", + "isDeprecated": true, + "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " }, { "name": "twoFactorDisallowedMethodsSetting", @@ -30114,7 +30144,7 @@ { "name": "projectItems", "description": "

    List of project items associated with this issue.

    ", - "type": "ProjectV2ItemConnection!", + "type": "ProjectV2ItemConnection", "id": "projectv2itemconnection", "kind": "objects", "href": "/graphql/reference/objects#projectv2itemconnection", @@ -44591,6 +44621,76 @@ } ] }, + { + "name": "repositoryCustomProperties", + "description": "

    A list of custom properties for this organization.

    ", + "type": "RepositoryCustomPropertyConnection", + "id": "repositorycustompropertyconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryCustomProperty", + "description": "

    Returns a single custom property from the current organization by name.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the custom property to be returned.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, { "name": "repositoryDiscussionComments", "description": "

    Discussion comments this user has authored.

    ", @@ -54656,7 +54756,7 @@ { "name": "projectItems", "description": "

    List of project items associated with this pull request.

    ", - "type": "ProjectV2ItemConnection!", + "type": "ProjectV2ItemConnection", "id": "projectv2itemconnection", "kind": "objects", "href": "/graphql/reference/objects#projectv2itemconnection", @@ -55234,6 +55334,16 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" } + }, + { + "name": "query", + "description": "

    Search actors with query on user name and login.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } } ] }, @@ -56182,14 +56292,6 @@ "kind": "enums", "href": "/graphql/reference/enums#pullrequestallowedmergemethods" }, - { - "name": "automaticCopilotCodeReviewEnabled", - "description": "

    Request Copilot code review for new pull requests automatically if the author\nhas access to Copilot code review and their premium requests quota has not\nreached the limit.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, { "name": "dismissStaleReviewsOnPush", "description": "

    New, reviewable commits pushed will dismiss previous pull request review approvals.

    ", @@ -67942,12 +68044,82 @@ ] }, { - "name": "repositoryTopics", - "description": "

    A list of applied repository-topic associations for this repository.

    ", - "type": "RepositoryTopicConnection!", - "id": "repositorytopicconnection", + "name": "repositoryCustomPropertyValue", + "description": "

    A custom property value for the repository.

    ", + "type": "RepositoryCustomPropertyValue", + "id": "repositorycustompropertyvalue", "kind": "objects", - "href": "/graphql/reference/objects#repositorytopicconnection", + "href": "/graphql/reference/objects#repositorycustompropertyvalue", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the custom property to retrieve the value for.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, + { + "name": "repositoryCustomPropertyValues", + "description": "

    A list of custom properties and their associated values for a repository.

    ", + "type": "RepositoryCustomPropertyValueConnection", + "id": "repositorycustompropertyvalueconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalueconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryTopics", + "description": "

    A list of applied repository-topic associations for this repository.

    ", + "type": "RepositoryTopicConnection!", + "id": "repositorytopicconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorytopicconnection", "arguments": [ { "name": "after", @@ -68904,6 +69076,259 @@ } ] }, + { + "name": "RepositoryCustomProperty", + "kind": "objects", + "id": "repositorycustomproperty", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    A repository custom property.

    ", + "implements": [ + { + "name": "Node", + "id": "node", + "href": "/graphql/reference/interfaces#node" + } + ], + "fields": [ + { + "name": "allowedValues", + "description": "

    The allowed values for the custom property. Required if value_type is single_select or multi_select.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The default value of the custom property, if the property is required.

    ", + "type": "CustomPropertyValue", + "id": "custompropertyvalue", + "kind": "scalars", + "href": "/graphql/reference/scalars#custompropertyvalue" + }, + { + "name": "description", + "description": "

    The description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "id", + "description": "

    The Node ID of the RepositoryCustomProperty object.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id" + }, + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "required", + "description": "

    Whether the custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "source", + "description": "

    The source type of the custom property.

    ", + "type": "CustomPropertySource!", + "id": "custompropertysource", + "kind": "unions", + "href": "/graphql/reference/unions#custompropertysource" + }, + { + "name": "valueType", + "description": "

    The value type of the custom property.

    ", + "type": "CustomPropertyValueType!", + "id": "custompropertyvaluetype", + "kind": "enums", + "href": "/graphql/reference/enums#custompropertyvaluetype" + }, + { + "name": "valuesEditableBy", + "description": "

    Who can edit the values of this repository custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy!", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, + { + "name": "RepositoryCustomPropertyConnection", + "kind": "objects", + "id": "repositorycustompropertyconnection", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "description": "

    The connection type for RepositoryCustomProperty.

    ", + "fields": [ + { + "name": "edges", + "description": "

    A list of edges.

    ", + "type": "[RepositoryCustomPropertyEdge]", + "id": "repositorycustompropertyedge", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyedge" + }, + { + "name": "nodes", + "description": "

    A list of nodes.

    ", + "type": "[RepositoryCustomProperty]", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty" + }, + { + "name": "pageInfo", + "description": "

    Information to aid in pagination.

    ", + "type": "PageInfo!", + "id": "pageinfo", + "kind": "objects", + "href": "/graphql/reference/objects#pageinfo" + }, + { + "name": "totalCount", + "description": "

    Identifies the total count of items in the connection.

    ", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + ] + }, + { + "name": "RepositoryCustomPropertyEdge", + "kind": "objects", + "id": "repositorycustompropertyedge", + "href": "/graphql/reference/objects#repositorycustompropertyedge", + "description": "

    An edge in a connection.

    ", + "fields": [ + { + "name": "cursor", + "description": "

    A cursor for use in pagination.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "node", + "description": "

    The item at the end of the edge.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty" + } + ] + }, + { + "name": "RepositoryCustomPropertyValue", + "kind": "objects", + "id": "repositorycustompropertyvalue", + "href": "/graphql/reference/objects#repositorycustompropertyvalue", + "description": "

    A value associated with a repository custom property.

    ", + "fields": [ + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "value", + "description": "

    The value of the custom property.

    ", + "type": "CustomPropertyValue!", + "id": "custompropertyvalue", + "kind": "scalars", + "href": "/graphql/reference/scalars#custompropertyvalue" + } + ] + }, + { + "name": "RepositoryCustomPropertyValueConnection", + "kind": "objects", + "id": "repositorycustompropertyvalueconnection", + "href": "/graphql/reference/objects#repositorycustompropertyvalueconnection", + "description": "

    The connection type for RepositoryCustomPropertyValue.

    ", + "fields": [ + { + "name": "edges", + "description": "

    A list of edges.

    ", + "type": "[RepositoryCustomPropertyValueEdge]", + "id": "repositorycustompropertyvalueedge", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalueedge" + }, + { + "name": "nodes", + "description": "

    A list of nodes.

    ", + "type": "[RepositoryCustomPropertyValue]", + "id": "repositorycustompropertyvalue", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalue" + }, + { + "name": "pageInfo", + "description": "

    Information to aid in pagination.

    ", + "type": "PageInfo!", + "id": "pageinfo", + "kind": "objects", + "href": "/graphql/reference/objects#pageinfo" + }, + { + "name": "totalCount", + "description": "

    Identifies the total count of items in the connection.

    ", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + ] + }, + { + "name": "RepositoryCustomPropertyValueEdge", + "kind": "objects", + "id": "repositorycustompropertyvalueedge", + "href": "/graphql/reference/objects#repositorycustompropertyvalueedge", + "description": "

    An edge in a connection.

    ", + "fields": [ + { + "name": "cursor", + "description": "

    A cursor for use in pagination.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "node", + "description": "

    The item at the end of the edge.

    ", + "type": "RepositoryCustomPropertyValue", + "id": "repositorycustompropertyvalue", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalue" + } + ] + }, { "name": "RepositoryEdge", "kind": "objects", @@ -75313,7 +75738,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -75554,142 +75979,36 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "discussion", - "description": "

    Find a team discussion by its number.

    ", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "arguments": [ - { - "name": "number", - "description": "

    The sequence number of the discussion to find.

    ", - "type": { - "name": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] + "name": "editTeamResourcePath", + "description": "

    The HTTP path for editing this team.

    ", + "type": "URI!", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" }, { - "name": "discussions", - "description": "

    A list of team discussions.

    ", - "type": "TeamDiscussionConnection!", - "id": "teamdiscussionconnection", + "name": "editTeamUrl", + "description": "

    The HTTP URL for editing this team.

    ", + "type": "URI!", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" + }, + { + "name": "id", + "description": "

    The Node ID of the Team object.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id" + }, + { + "name": "invitations", + "description": "

    A list of pending invitations for users to this team.

    ", + "type": "OrganizationInvitationConnection", + "id": "organizationinvitationconnection", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "isPinned", - "description": "

    If provided, filters discussions according to whether or not they are pinned.

    ", - "type": { - "name": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Order for connection.

    ", - "type": { - "name": "TeamDiscussionOrder", - "id": "teamdiscussionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#teamdiscussionorder" - } - } - ] - }, - { - "name": "discussionsResourcePath", - "description": "

    The HTTP path for team discussions.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "discussionsUrl", - "description": "

    The HTTP URL for team discussions.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "editTeamResourcePath", - "description": "

    The HTTP path for editing this team.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "editTeamUrl", - "description": "

    The HTTP URL for editing this team.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "id", - "description": "

    The Node ID of the Team object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "invitations", - "description": "

    A list of pending invitations for users to this team.

    ", - "type": "OrganizationInvitationConnection", - "id": "organizationinvitationconnection", - "kind": "objects", - "href": "/graphql/reference/objects#organizationinvitationconnection", + "href": "/graphql/reference/objects#organizationinvitationconnection", "arguments": [ { "name": "after", @@ -76244,11 +76563,13 @@ }, { "name": "viewerCanSubscribe", - "description": "

    Check if the viewer is able to change their subscription status for the repository.

    ", + "description": "

    Check if the viewer is able to change their subscription status for the subscribable entity.

    ", "type": "Boolean!", "id": "boolean", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#boolean", + "isDeprecated": true, + "deprecationReason": "

    Team.viewerCanSubscribe will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC.

    " }, { "name": "viewerSubscription", @@ -76256,7 +76577,9 @@ "type": "SubscriptionState", "id": "subscriptionstate", "kind": "enums", - "href": "/graphql/reference/enums#subscriptionstate" + "href": "/graphql/reference/enums#subscriptionstate", + "isDeprecated": true, + "deprecationReason": "

    Team.viewerSubscription will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC.

    " } ] }, @@ -76900,1274 +77223,258 @@ }, { "name": "createdAt", - "description": "

    The time the action was initiated.

    ", - "type": "PreciseDateTime!", - "id": "precisedatetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#precisedatetime", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "id", - "description": "

    The Node ID of the TeamChangeParentTeamAuditEntry object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "isLdapMapped", - "description": "

    Whether the team was mapped to an LDAP Group.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "operationType", - "description": "

    The corresponding operation type for the action.

    ", - "type": "OperationType", - "id": "operationtype", - "kind": "enums", - "href": "/graphql/reference/enums#operationtype", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organization", - "description": "

    The Organization associated with the Audit Entry.

    ", - "type": "Organization", - "id": "organization", - "kind": "objects", - "href": "/graphql/reference/objects#organization", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationName", - "description": "

    The name of the Organization.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationResourcePath", - "description": "

    The HTTP path for the organization.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationUrl", - "description": "

    The HTTP URL for the organization.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeam", - "description": "

    The new parent team.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamName", - "description": "

    The name of the new parent team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamNameWas", - "description": "

    The name of the former parent team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamResourcePath", - "description": "

    The HTTP path for the parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamUrl", - "description": "

    The HTTP URL for the parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWas", - "description": "

    The former parent team.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWasResourcePath", - "description": "

    The HTTP path for the previous parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWasUrl", - "description": "

    The HTTP URL for the previous parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "team", - "description": "

    The team associated with the action.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team" - }, - { - "name": "teamName", - "description": "

    The name of the team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "teamResourcePath", - "description": "

    The HTTP path for this team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "teamUrl", - "description": "

    The HTTP URL for this team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "user", - "description": "

    The user affected by the action.

    ", - "type": "User", - "id": "user", - "kind": "objects", - "href": "/graphql/reference/objects#user", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userLogin", - "description": "

    For actions involving two users, the actor is the initiator and the user is the affected user.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userResourcePath", - "description": "

    The HTTP path for the user.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userUrl", - "description": "

    The HTTP URL for the user.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - } - ] - }, - { - "name": "TeamConnection", - "kind": "objects", - "id": "teamconnection", - "href": "/graphql/reference/objects#teamconnection", - "description": "

    The connection type for Team.

    ", - "fields": [ - { - "name": "edges", - "description": "

    A list of edges.

    ", - "type": "[TeamEdge]", - "id": "teamedge", - "kind": "objects", - "href": "/graphql/reference/objects#teamedge" - }, - { - "name": "nodes", - "description": "

    A list of nodes.

    ", - "type": "[Team]", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team" - }, - { - "name": "pageInfo", - "description": "

    Information to aid in pagination.

    ", - "type": "PageInfo!", - "id": "pageinfo", - "kind": "objects", - "href": "/graphql/reference/objects#pageinfo" - }, - { - "name": "totalCount", - "description": "

    Identifies the total count of items in the connection.

    ", - "type": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - ] - }, - { - "name": "TeamDiscussion", - "kind": "objects", - "id": "teamdiscussion", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    A team discussion.

    ", - "implements": [ - { - "name": "Comment", - "id": "comment", - "href": "/graphql/reference/interfaces#comment" - }, - { - "name": "Deletable", - "id": "deletable", - "href": "/graphql/reference/interfaces#deletable" - }, - { - "name": "Node", - "id": "node", - "href": "/graphql/reference/interfaces#node" - }, - { - "name": "Reactable", - "id": "reactable", - "href": "/graphql/reference/interfaces#reactable" - }, - { - "name": "Subscribable", - "id": "subscribable", - "href": "/graphql/reference/interfaces#subscribable" - }, - { - "name": "UniformResourceLocatable", - "id": "uniformresourcelocatable", - "href": "/graphql/reference/interfaces#uniformresourcelocatable" - }, - { - "name": "Updatable", - "id": "updatable", - "href": "/graphql/reference/interfaces#updatable" - }, - { - "name": "UpdatableComment", - "id": "updatablecomment", - "href": "/graphql/reference/interfaces#updatablecomment" - } - ], - "fields": [ - { - "name": "author", - "description": "

    The actor who authored the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "authorAssociation", - "description": "

    Author's association with the discussion's team.

    ", - "type": "CommentAuthorAssociation!", - "id": "commentauthorassociation", - "kind": "enums", - "href": "/graphql/reference/enums#commentauthorassociation", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "body", - "description": "

    The body as Markdown.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyHTML", - "description": "

    The body rendered to HTML.

    ", - "type": "HTML!", - "id": "html", - "kind": "scalars", - "href": "/graphql/reference/scalars#html" - }, - { - "name": "bodyText", - "description": "

    The body rendered to text.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    Identifies the discussion body hash.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "comments", - "description": "

    A list of comments on this discussion.

    ", - "type": "TeamDiscussionCommentConnection!", - "id": "teamdiscussioncommentconnection", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncommentconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "fromComment", - "description": "

    When provided, filters the connection such that results begin with the comment with this number.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Order for connection.

    ", - "type": { - "name": "TeamDiscussionCommentOrder", - "id": "teamdiscussioncommentorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#teamdiscussioncommentorder" - } - } - ], - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "commentsResourcePath", - "description": "

    The HTTP path for discussion comments.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "commentsUrl", - "description": "

    The HTTP URL for discussion comments.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "createdAt", - "description": "

    Identifies the date and time when the object was created.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "createdViaEmail", - "description": "

    Check if this comment was created via an email reply.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "databaseId", - "description": "

    Identifies the primary key from the database.

    ", - "type": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - }, - { - "name": "editor", - "description": "

    The actor who edited the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "id", - "description": "

    The Node ID of the TeamDiscussion object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "includesCreatedEdit", - "description": "

    Check if this comment was edited and includes an edit with the creation data.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "isPinned", - "description": "

    Whether or not the discussion is pinned.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "isPrivate", - "description": "

    Whether or not the discussion is only visible to team members and organization owners.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "lastEditedAt", - "description": "

    The moment the editor made the last edit.

    ", - "type": "DateTime", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "number", - "description": "

    Identifies the discussion within its team.

    ", - "type": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "publishedAt", - "description": "

    Identifies when the comment was published at.

    ", - "type": "DateTime", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "reactionGroups", - "description": "

    A list of reactions grouped by content left on the subject.

    ", - "type": "[ReactionGroup!]", - "id": "reactiongroup", - "kind": "objects", - "href": "/graphql/reference/objects#reactiongroup" - }, - { - "name": "reactions", - "description": "

    A list of Reactions left on the Issue.

    ", - "type": "ReactionConnection!", - "id": "reactionconnection", - "kind": "objects", - "href": "/graphql/reference/objects#reactionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "content", - "description": "

    Allows filtering Reactions by emoji.

    ", - "type": { - "name": "ReactionContent", - "id": "reactioncontent", - "kind": "enums", - "href": "/graphql/reference/enums#reactioncontent" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Allows specifying the order in which reactions are returned.

    ", - "type": { - "name": "ReactionOrder", - "id": "reactionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#reactionorder" - } - } - ] - }, - { - "name": "resourcePath", - "description": "

    The HTTP path for this discussion.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "team", - "description": "

    The team that defines the context of this discussion.

    ", - "type": "Team!", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "title", - "description": "

    The title of the discussion.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "updatedAt", - "description": "

    Identifies the date and time when the object was last updated.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "url", - "description": "

    The HTTP URL for this discussion.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "userContentEdits", - "description": "

    A list of edits to this content.

    ", - "type": "UserContentEditConnection", - "id": "usercontenteditconnection", - "kind": "objects", - "href": "/graphql/reference/objects#usercontenteditconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] - }, - { - "name": "viewerCanDelete", - "description": "

    Check if the current viewer can delete this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanPin", - "description": "

    Whether or not the current viewer can pin this discussion.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "viewerCanReact", - "description": "

    Can user react to this subject.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanSubscribe", - "description": "

    Check if the viewer is able to change their subscription status for the repository.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanUpdate", - "description": "

    Check if the current viewer can update this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCannotUpdateReasons", - "description": "

    Reasons why the current viewer can not update this comment.

    ", - "type": "[CommentCannotUpdateReason!]!", - "id": "commentcannotupdatereason", - "kind": "enums", - "href": "/graphql/reference/enums#commentcannotupdatereason" - }, - { - "name": "viewerDidAuthor", - "description": "

    Did the viewer author this comment.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerSubscription", - "description": "

    Identifies if the viewer is watching, not watching, or ignoring the subscribable entity.

    ", - "type": "SubscriptionState", - "id": "subscriptionstate", - "kind": "enums", - "href": "/graphql/reference/enums#subscriptionstate" - } - ] - }, - { - "name": "TeamDiscussionComment", - "kind": "objects", - "id": "teamdiscussioncomment", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    A comment on a team discussion.

    ", - "implements": [ - { - "name": "Comment", - "id": "comment", - "href": "/graphql/reference/interfaces#comment" - }, - { - "name": "Deletable", - "id": "deletable", - "href": "/graphql/reference/interfaces#deletable" - }, - { - "name": "Node", - "id": "node", - "href": "/graphql/reference/interfaces#node" - }, - { - "name": "Reactable", - "id": "reactable", - "href": "/graphql/reference/interfaces#reactable" - }, - { - "name": "UniformResourceLocatable", - "id": "uniformresourcelocatable", - "href": "/graphql/reference/interfaces#uniformresourcelocatable" - }, - { - "name": "Updatable", - "id": "updatable", - "href": "/graphql/reference/interfaces#updatable" - }, - { - "name": "UpdatableComment", - "id": "updatablecomment", - "href": "/graphql/reference/interfaces#updatablecomment" - } - ], - "fields": [ - { - "name": "author", - "description": "

    The actor who authored the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "authorAssociation", - "description": "

    Author's association with the comment's team.

    ", - "type": "CommentAuthorAssociation!", - "id": "commentauthorassociation", - "kind": "enums", - "href": "/graphql/reference/enums#commentauthorassociation", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "body", - "description": "

    The body as Markdown.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyHTML", - "description": "

    The body rendered to HTML.

    ", - "type": "HTML!", - "id": "html", - "kind": "scalars", - "href": "/graphql/reference/scalars#html" - }, - { - "name": "bodyText", - "description": "

    The body rendered to text.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "createdAt", - "description": "

    Identifies the date and time when the object was created.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "createdViaEmail", - "description": "

    Check if this comment was created via an email reply.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "databaseId", - "description": "

    Identifies the primary key from the database.

    ", - "type": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - }, - { - "name": "discussion", - "description": "

    The discussion this comment is about.

    ", - "type": "TeamDiscussion!", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "editor", - "description": "

    The actor who edited the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" + "description": "

    The time the action was initiated.

    ", + "type": "PreciseDateTime!", + "id": "precisedatetime", + "kind": "scalars", + "href": "/graphql/reference/scalars#precisedatetime", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { "name": "id", - "description": "

    The Node ID of the TeamDiscussionComment object.

    ", + "description": "

    The Node ID of the TeamChangeParentTeamAuditEntry object.

    ", "type": "ID!", "id": "id", "kind": "scalars", "href": "/graphql/reference/scalars#id" }, { - "name": "includesCreatedEdit", - "description": "

    Check if this comment was edited and includes an edit with the creation data.

    ", - "type": "Boolean!", + "name": "isLdapMapped", + "description": "

    Whether the team was mapped to an LDAP Group.

    ", + "type": "Boolean", "id": "boolean", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#boolean", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "lastEditedAt", - "description": "

    The moment the editor made the last edit.

    ", - "type": "DateTime", - "id": "datetime", + "name": "operationType", + "description": "

    The corresponding operation type for the action.

    ", + "type": "OperationType", + "id": "operationtype", + "kind": "enums", + "href": "/graphql/reference/enums#operationtype", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, + { + "name": "organization", + "description": "

    The Organization associated with the Audit Entry.

    ", + "type": "Organization", + "id": "organization", + "kind": "objects", + "href": "/graphql/reference/objects#organization", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, + { + "name": "organizationName", + "description": "

    The name of the Organization.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "number", - "description": "

    Identifies the comment number.

    ", - "type": "Int!", - "id": "int", + "name": "organizationResourcePath", + "description": "

    The HTTP path for the organization.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#int", + "href": "/graphql/reference/scalars#uri", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "publishedAt", - "description": "

    Identifies when the comment was published at.

    ", - "type": "DateTime", - "id": "datetime", + "name": "organizationUrl", + "description": "

    The HTTP URL for the organization.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "reactionGroups", - "description": "

    A list of reactions grouped by content left on the subject.

    ", - "type": "[ReactionGroup!]", - "id": "reactiongroup", + "name": "parentTeam", + "description": "

    The new parent team.

    ", + "type": "Team", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#reactiongroup" + "href": "/graphql/reference/objects#team", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "reactions", - "description": "

    A list of Reactions left on the Issue.

    ", - "type": "ReactionConnection!", - "id": "reactionconnection", - "kind": "objects", - "href": "/graphql/reference/objects#reactionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "content", - "description": "

    Allows filtering Reactions by emoji.

    ", - "type": { - "name": "ReactionContent", - "id": "reactioncontent", - "kind": "enums", - "href": "/graphql/reference/enums#reactioncontent" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Allows specifying the order in which reactions are returned.

    ", - "type": { - "name": "ReactionOrder", - "id": "reactionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#reactionorder" - } - } - ] + "name": "parentTeamName", + "description": "

    The name of the new parent team.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "resourcePath", - "description": "

    The HTTP path for this comment.

    ", - "type": "URI!", - "id": "uri", + "name": "parentTeamNameWas", + "description": "

    The name of the former parent team.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#uri", + "href": "/graphql/reference/scalars#string", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "updatedAt", - "description": "

    Identifies the date and time when the object was last updated.

    ", - "type": "DateTime!", - "id": "datetime", + "name": "parentTeamResourcePath", + "description": "

    The HTTP path for the parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "url", - "description": "

    The HTTP URL for this comment.

    ", - "type": "URI!", + "name": "parentTeamUrl", + "description": "

    The HTTP URL for the parent team.

    ", + "type": "URI", "id": "uri", "kind": "scalars", "href": "/graphql/reference/scalars#uri", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "userContentEdits", - "description": "

    A list of edits to this content.

    ", - "type": "UserContentEditConnection", - "id": "usercontenteditconnection", + "name": "parentTeamWas", + "description": "

    The former parent team.

    ", + "type": "Team", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#usercontenteditconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] + "href": "/graphql/reference/objects#team", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanDelete", - "description": "

    Check if the current viewer can delete this object.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "parentTeamWasResourcePath", + "description": "

    The HTTP path for the previous parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanReact", - "description": "

    Can user react to this subject.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "parentTeamWasUrl", + "description": "

    The HTTP URL for the previous parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanUpdate", - "description": "

    Check if the current viewer can update this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "name": "team", + "description": "

    The team associated with the action.

    ", + "type": "Team", + "id": "team", + "kind": "objects", + "href": "/graphql/reference/objects#team" }, { - "name": "viewerCannotUpdateReasons", - "description": "

    Reasons why the current viewer can not update this comment.

    ", - "type": "[CommentCannotUpdateReason!]!", - "id": "commentcannotupdatereason", - "kind": "enums", - "href": "/graphql/reference/enums#commentcannotupdatereason" + "name": "teamName", + "description": "

    The name of the team.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" }, { - "name": "viewerDidAuthor", - "description": "

    Did the viewer author this comment.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "teamResourcePath", + "description": "

    The HTTP path for this team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - ] - }, - { - "name": "TeamDiscussionCommentConnection", - "kind": "objects", - "id": "teamdiscussioncommentconnection", - "href": "/graphql/reference/objects#teamdiscussioncommentconnection", - "description": "

    The connection type for TeamDiscussionComment.

    ", - "fields": [ - { - "name": "edges", - "description": "

    A list of edges.

    ", - "type": "[TeamDiscussionCommentEdge]", - "id": "teamdiscussioncommentedge", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncommentedge" + "href": "/graphql/reference/scalars#uri" }, { - "name": "nodes", - "description": "

    A list of nodes.

    ", - "type": "[TeamDiscussionComment]", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment" + "name": "teamUrl", + "description": "

    The HTTP URL for this team.

    ", + "type": "URI", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" }, { - "name": "pageInfo", - "description": "

    Information to aid in pagination.

    ", - "type": "PageInfo!", - "id": "pageinfo", + "name": "user", + "description": "

    The user affected by the action.

    ", + "type": "User", + "id": "user", "kind": "objects", - "href": "/graphql/reference/objects#pageinfo" + "href": "/graphql/reference/objects#user", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "totalCount", - "description": "

    Identifies the total count of items in the connection.

    ", - "type": "Int!", - "id": "int", + "name": "userLogin", + "description": "

    For actions involving two users, the actor is the initiator and the user is the affected user.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - ] - }, - { - "name": "TeamDiscussionCommentEdge", - "kind": "objects", - "id": "teamdiscussioncommentedge", - "href": "/graphql/reference/objects#teamdiscussioncommentedge", - "description": "

    An edge in a connection.

    ", - "fields": [ + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, { - "name": "cursor", - "description": "

    A cursor for use in pagination.

    ", - "type": "String!", - "id": "string", + "name": "userResourcePath", + "description": "

    The HTTP path for the user.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#string" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "node", - "description": "

    The item at the end of the edge.

    ", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment" + "name": "userUrl", + "description": "

    The HTTP URL for the user.

    ", + "type": "URI", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " } ] }, { - "name": "TeamDiscussionConnection", + "name": "TeamConnection", "kind": "objects", - "id": "teamdiscussionconnection", - "href": "/graphql/reference/objects#teamdiscussionconnection", - "description": "

    The connection type for TeamDiscussion.

    ", + "id": "teamconnection", + "href": "/graphql/reference/objects#teamconnection", + "description": "

    The connection type for Team.

    ", "fields": [ { "name": "edges", "description": "

    A list of edges.

    ", - "type": "[TeamDiscussionEdge]", - "id": "teamdiscussionedge", + "type": "[TeamEdge]", + "id": "teamedge", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussionedge" + "href": "/graphql/reference/objects#teamedge" }, { "name": "nodes", "description": "

    A list of nodes.

    ", - "type": "[TeamDiscussion]", - "id": "teamdiscussion", + "type": "[Team]", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion" + "href": "/graphql/reference/objects#team" }, { "name": "pageInfo", @@ -78187,31 +77494,6 @@ } ] }, - { - "name": "TeamDiscussionEdge", - "kind": "objects", - "id": "teamdiscussionedge", - "href": "/graphql/reference/objects#teamdiscussionedge", - "description": "

    An edge in a connection.

    ", - "fields": [ - { - "name": "cursor", - "description": "

    A cursor for use in pagination.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "node", - "description": "

    The item at the end of the edge.

    ", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion" - } - ] - }, { "name": "TeamEdge", "kind": "objects", @@ -89352,6 +88634,35 @@ } ] }, + { + "name": "CustomPropertyValueType", + "kind": "enums", + "id": "custompropertyvaluetype", + "href": "/graphql/reference/enums#custompropertyvaluetype", + "description": "

    The allowed value types for a custom property definition.

    ", + "values": [ + { + "name": "MULTI_SELECT", + "description": "

    A multi-select value.

    " + }, + { + "name": "SINGLE_SELECT", + "description": "

    A single-select value.

    " + }, + { + "name": "STRING", + "description": "

    A string value.

    " + }, + { + "name": "TRUE_FALSE", + "description": "

    A true/false value.

    " + }, + { + "name": "URL", + "description": "

    A URL value.

    " + } + ] + }, { "name": "DefaultRepositoryPermissionField", "kind": "enums", @@ -90413,6 +89724,23 @@ } ] }, + { + "name": "IpAllowListUserLevelEnforcementEnabledSettingValue", + "kind": "enums", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue", + "description": "

    The possible values for the IP allow list user-level enforcement enabled setting.

    ", + "values": [ + { + "name": "DISABLED", + "description": "

    The setting is disabled for the owner.

    " + }, + { + "name": "ENABLED", + "description": "

    The setting is enabled for the owner.

    " + } + ] + }, { "name": "IssueClosedStateReason", "kind": "enums", @@ -93306,6 +92634,23 @@ } ] }, + { + "name": "RepositoryCustomPropertyValuesEditableBy", + "kind": "enums", + "id": "repositorycustompropertyvalueseditableby", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby", + "description": "

    The allowed actors who can edit the values of a custom property.

    ", + "values": [ + { + "name": "ORG_ACTORS", + "description": "

    The organization actors.

    " + }, + { + "name": "ORG_AND_REPO_ACTORS", + "description": "

    The organization and repository actors.

    " + } + ] + }, { "name": "RepositoryInteractionLimit", "kind": "enums", @@ -95542,32 +94887,6 @@ } ] }, - { - "name": "TeamDiscussionCommentOrderField", - "kind": "enums", - "id": "teamdiscussioncommentorderfield", - "href": "/graphql/reference/enums#teamdiscussioncommentorderfield", - "description": "

    Properties by which team discussion comment connections can be ordered.

    ", - "values": [ - { - "name": "NUMBER", - "description": "

    Allows sequential ordering of team discussion comments (which is equivalent to chronological ordering).

    " - } - ] - }, - { - "name": "TeamDiscussionOrderField", - "kind": "enums", - "id": "teamdiscussionorderfield", - "href": "/graphql/reference/enums#teamdiscussionorderfield", - "description": "

    Properties by which team discussion connections can be ordered.

    ", - "values": [ - { - "name": "CREATED_AT", - "description": "

    Allows chronological ordering of team discussions.

    " - } - ] - }, { "name": "TeamMemberOrderField", "kind": "enums", @@ -96182,6 +95501,25 @@ } ] }, + { + "name": "CustomPropertySource", + "kind": "unions", + "id": "custompropertysource", + "href": "/graphql/reference/unions#custompropertysource", + "description": "

    Sources which can have custom properties defined.

    ", + "possibleTypes": [ + { + "name": "Enterprise", + "id": "enterprise", + "href": "/graphql/reference/objects#enterprise" + }, + { + "name": "Organization", + "id": "organization", + "href": "/graphql/reference/objects#organization" + } + ] + }, { "name": "DeploymentReviewer", "kind": "unions", @@ -98319,6 +97657,14 @@ "href": "/graphql/reference/input-objects#addassigneestoassignableinput", "description": "

    Autogenerated input type of AddAssigneesToAssignable.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning Copilot to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assignableId", "description": "

    The id of the assignable object to add assignees to.

    ", @@ -99215,6 +98561,48 @@ } ] }, + { + "name": "AgentAssignmentInput", + "kind": "inputObjects", + "id": "agentassignmentinput", + "href": "/graphql/reference/input-objects#agentassignmentinput", + "description": "

    Represents configuration for assigning Copilot to an issue (public variant).

    ", + "inputFields": [ + { + "name": "baseRef", + "description": "

    The base ref/branch for the repository. Defaults to the default branch if not provided.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "customAgent", + "description": "

    Custom agent for Copilot.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "customInstructions", + "description": "

    Custom instructions for Copilot.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "targetRepositoryId", + "description": "

    The Node ID of the target repository where Copilot should work. Defaults to the issue's repository if not provided.

    ", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "ApproveDeploymentsInput", "kind": "inputObjects", @@ -99378,7 +98766,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100316,7 +99704,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100407,7 +99795,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100481,7 +99869,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -101550,6 +100938,14 @@ "href": "/graphql/reference/input-objects#createissueinput", "description": "

    Autogenerated input type of CreateIssue.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning Copilot to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assigneeIds", "description": "

    The Node ID of assignees for this issue.

    ", @@ -102232,6 +101628,96 @@ } ] }, + { + "name": "CreateRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "createrepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#createrepositorycustompropertyinput", + "description": "

    Autogenerated input type of CreateRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "allowedValues", + "description": "

    The allowed values for the custom property.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The default value for the custom property if the property is required.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "description", + "description": "

    The description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "required", + "description": "

    Whether the custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "sourceId", + "description": "

    The global relay id of the source in which a new custom property should be created in.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "valueType", + "description": "

    The value type for the custom property.

    ", + "type": "CustomPropertyValueType!", + "id": "custompropertyvaluetype", + "kind": "enums", + "href": "/graphql/reference/enums#custompropertyvaluetype" + }, + { + "name": "valuesEditableBy", + "description": "

    The allowed actors who can edit the values of a custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, { "name": "CreateRepositoryInput", "kind": "inputObjects", @@ -102719,20 +102205,12 @@ ] }, { - "name": "CreateTeamDiscussionCommentInput", + "name": "CreateUserListInput", "kind": "inputObjects", - "id": "createteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#createteamdiscussioncommentinput", - "description": "

    Autogenerated input type of CreateTeamDiscussionComment.

    ", + "id": "createuserlistinput", + "href": "/graphql/reference/input-objects#createuserlistinput", + "description": "

    Autogenerated input type of CreateUserList.

    ", "inputFields": [ - { - "name": "body", - "description": "

    The content of the comment. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: body will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, { "name": "clientMutationId", "description": "

    A unique identifier for the client performing the mutation.

    ", @@ -102742,60 +102220,25 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "discussionId", - "description": "

    The ID of the discussion to which the comment belongs. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: discussionId will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "ID", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "CreateTeamDiscussionInput", - "kind": "inputObjects", - "id": "createteamdiscussioninput", - "href": "/graphql/reference/input-objects#createteamdiscussioninput", - "description": "

    Autogenerated input type of CreateTeamDiscussion.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The content of the discussion. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: body will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", + "name": "description", + "description": "

    A description of the list.

    ", "type": "String", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" }, { - "name": "private", - "description": "

    If true, restricts the visibility of this discussion to team members and\norganization owners. If false or not specified, allows any organization member\nto view this discussion.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: private will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", + "name": "isPrivate", + "description": "

    Whether or not the list is private.

    ", "type": "Boolean", "id": "boolean", "kind": "scalars", "href": "/graphql/reference/scalars#boolean" }, { - "name": "teamId", - "description": "

    The ID of the team to which the discussion belongs. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: teamId will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "ID", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "title", - "description": "

    The title of the discussion. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: title will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", + "name": "name", + "description": "

    The name of the new list.

    ", + "type": "String!", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" @@ -102803,43 +102246,27 @@ ] }, { - "name": "CreateUserListInput", + "name": "CustomPropertyValueInput", "kind": "inputObjects", - "id": "createuserlistinput", - "href": "/graphql/reference/input-objects#createuserlistinput", - "description": "

    Autogenerated input type of CreateUserList.

    ", + "id": "custompropertyvalueinput", + "href": "/graphql/reference/input-objects#custompropertyvalueinput", + "description": "

    The custom property name and value to be set.

    ", "inputFields": [ { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "description", - "description": "

    A description of the list.

    ", - "type": "String", + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" }, { - "name": "isPrivate", - "description": "

    Whether or not the list is private.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "name", - "description": "

    The name of the new list.

    ", - "type": "String!", - "id": "string", + "name": "value", + "description": "

    The value to set for the custom property. Using a value of null will unset the\nproperty value, reverting to the default value if the property is required.

    ", + "type": "CustomPropertyValue", + "id": "custompropertyvalue", "kind": "scalars", - "href": "/graphql/reference/scalars#string" + "href": "/graphql/reference/scalars#custompropertyvalue" } ] }, @@ -103493,37 +102920,11 @@ ] }, { - "name": "DeleteRepositoryRulesetInput", - "kind": "inputObjects", - "id": "deleterepositoryrulesetinput", - "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput", - "description": "

    Autogenerated input type of DeleteRepositoryRuleset.

    ", - "inputFields": [ - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "repositoryRulesetId", - "description": "

    The global relay id of the repository ruleset to be deleted.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "DeleteTeamDiscussionCommentInput", + "name": "DeleteRepositoryCustomPropertyInput", "kind": "inputObjects", - "id": "deleteteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#deleteteamdiscussioncommentinput", - "description": "

    Autogenerated input type of DeleteTeamDiscussionComment.

    ", + "id": "deleterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#deleterepositorycustompropertyinput", + "description": "

    Autogenerated input type of DeleteRepositoryCustomProperty.

    ", "inputFields": [ { "name": "clientMutationId", @@ -103535,7 +102936,7 @@ }, { "name": "id", - "description": "

    The ID of the comment to delete.

    ", + "description": "

    The global relay id of the custom property to be deleted.

    ", "type": "ID!", "id": "id", "kind": "scalars", @@ -103545,11 +102946,11 @@ ] }, { - "name": "DeleteTeamDiscussionInput", + "name": "DeleteRepositoryRulesetInput", "kind": "inputObjects", - "id": "deleteteamdiscussioninput", - "href": "/graphql/reference/input-objects#deleteteamdiscussioninput", - "description": "

    Autogenerated input type of DeleteTeamDiscussion.

    ", + "id": "deleterepositoryrulesetinput", + "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput", + "description": "

    Autogenerated input type of DeleteRepositoryRuleset.

    ", "inputFields": [ { "name": "clientMutationId", @@ -103560,8 +102961,8 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "id", - "description": "

    The discussion ID to delete.

    ", + "name": "repositoryRulesetId", + "description": "

    The global relay id of the repository ruleset to be deleted.

    ", "type": "ID!", "id": "id", "kind": "scalars", @@ -106262,6 +105663,32 @@ } ] }, + { + "name": "PromoteRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "promoterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#promoterepositorycustompropertyinput", + "description": "

    Autogenerated input type of PromoteRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "repositoryCustomPropertyId", + "description": "

    The ID of the repository custom property to be promoted.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "PropertyTargetDefinitionInput", "kind": "inputObjects", @@ -106361,14 +105788,6 @@ "kind": "enums", "href": "/graphql/reference/enums#pullrequestallowedmergemethods" }, - { - "name": "automaticCopilotCodeReviewEnabled", - "description": "

    Request Copilot code review for new pull requests automatically if the author\nhas access to Copilot code review and their premium requests quota has not\nreached the limit.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, { "name": "dismissStaleReviewsOnPush", "description": "

    New, reviewable commits pushed will dismiss previous pull request review approvals.

    ", @@ -107200,13 +106619,29 @@ "inputFields": [ { "name": "actorIds", - "description": "

    The ids of the actors to replace the existing assignees.

    ", - "type": "[ID!]!", + "description": "

    The ids of the actors to replace the existing assignees. May be used as an\nalternative to or in conjunction with actorLogins.

    ", + "type": "[ID!]", "id": "id", "kind": "scalars", "href": "/graphql/reference/scalars#id", "isDeprecated": false }, + { + "name": "actorLogins", + "description": "

    The usernames of the actors to replace the existing assignees. May be used as\nan alternative to or in conjunction with actorIds. For bots, use the login\nformat with [bot] suffix (e.g., 'my-app[bot]').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "agentAssignment", + "description": "

    Configuration for assigning an AI agent to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assignableId", "description": "

    The id of the assignable object to replace the assignees for.

    ", @@ -107594,6 +107029,64 @@ } ] }, + { + "name": "RequestReviewsByLoginInput", + "kind": "inputObjects", + "id": "requestreviewsbylogininput", + "href": "/graphql/reference/input-objects#requestreviewsbylogininput", + "description": "

    Autogenerated input type of RequestReviewsByLogin.

    ", + "inputFields": [ + { + "name": "botLogins", + "description": "

    The logins of the bots to request reviews from, including the [bot] suffix (e.g., 'copilot-pull-request-reviewer[bot]').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "pullRequestId", + "description": "

    The Node ID of the pull request to modify.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "teamSlugs", + "description": "

    The slugs of the teams to request reviews from (format: 'org/team-slug').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "union", + "description": "

    Add users to the set rather than replace.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "userLogins", + "description": "

    The login strings of the users to request reviews from.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + ] + }, { "name": "RequestReviewsInput", "kind": "inputObjects", @@ -108329,6 +107822,40 @@ } ] }, + { + "name": "SetRepositoryCustomPropertyValuesInput", + "kind": "inputObjects", + "id": "setrepositorycustompropertyvaluesinput", + "href": "/graphql/reference/input-objects#setrepositorycustompropertyvaluesinput", + "description": "

    Autogenerated input type of SetRepositoryCustomPropertyValues.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "properties", + "description": "

    A list of custom property names and associated values to apply.

    ", + "type": "[CustomPropertyValueInput!]!", + "id": "custompropertyvalueinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#custompropertyvalueinput" + }, + { + "name": "repositoryId", + "description": "

    The ID of the repository to set properties for.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "SetRepositoryInteractionLimitInput", "kind": "inputObjects", @@ -108863,7 +108390,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -108895,56 +108422,6 @@ } ] }, - { - "name": "TeamDiscussionCommentOrder", - "kind": "inputObjects", - "id": "teamdiscussioncommentorder", - "href": "/graphql/reference/input-objects#teamdiscussioncommentorder", - "description": "

    Ways in which team discussion comment connections can be ordered.

    ", - "inputFields": [ - { - "name": "direction", - "description": "

    The direction in which to order nodes.

    ", - "type": "OrderDirection!", - "id": "orderdirection", - "kind": "enums", - "href": "/graphql/reference/enums#orderdirection" - }, - { - "name": "field", - "description": "

    The field by which to order nodes.

    ", - "type": "TeamDiscussionCommentOrderField!", - "id": "teamdiscussioncommentorderfield", - "kind": "enums", - "href": "/graphql/reference/enums#teamdiscussioncommentorderfield" - } - ] - }, - { - "name": "TeamDiscussionOrder", - "kind": "inputObjects", - "id": "teamdiscussionorder", - "href": "/graphql/reference/input-objects#teamdiscussionorder", - "description": "

    Ways in which team discussion connections can be ordered.

    ", - "inputFields": [ - { - "name": "direction", - "description": "

    The direction in which to order nodes.

    ", - "type": "OrderDirection!", - "id": "orderdirection", - "kind": "enums", - "href": "/graphql/reference/enums#orderdirection" - }, - { - "name": "field", - "description": "

    The field by which to order nodes.

    ", - "type": "TeamDiscussionOrderField!", - "id": "teamdiscussionorderfield", - "kind": "enums", - "href": "/graphql/reference/enums#teamdiscussionorderfield" - } - ] - }, { "name": "TeamMemberOrder", "kind": "inputObjects", @@ -110642,40 +110119,6 @@ } ] }, - { - "name": "UpdateEnterpriseTeamDiscussionsSettingInput", - "kind": "inputObjects", - "id": "updateenterpriseteamdiscussionssettinginput", - "href": "/graphql/reference/input-objects#updateenterpriseteamdiscussionssettinginput", - "description": "

    Autogenerated input type of UpdateEnterpriseTeamDiscussionsSetting.

    ", - "inputFields": [ - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "enterpriseId", - "description": "

    The ID of the enterprise on which to set the team discussions setting.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "settingValue", - "description": "

    The value for the team discussions setting on the enterprise.

    ", - "type": "EnterpriseEnabledDisabledSettingValue!", - "id": "enterpriseenableddisabledsettingvalue", - "kind": "enums", - "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" - } - ] - }, { "name": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput", "kind": "inputObjects", @@ -110912,6 +110355,40 @@ } ] }, + { + "name": "UpdateIpAllowListUserLevelEnforcementEnabledSettingInput", + "kind": "inputObjects", + "id": "updateipallowlistuserlevelenforcementenabledsettinginput", + "href": "/graphql/reference/input-objects#updateipallowlistuserlevelenforcementenabledsettinginput", + "description": "

    Autogenerated input type of UpdateIpAllowListUserLevelEnforcementEnabledSetting.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "ownerId", + "description": "

    The ID of the owner.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

    The value for the IP allow list user-level enforcement enabled setting.

    ", + "type": "IpAllowListUserLevelEnforcementEnabledSettingValue!", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue" + } + ] + }, { "name": "UpdateIssueCommentInput", "kind": "inputObjects", @@ -110953,6 +110430,14 @@ "href": "/graphql/reference/input-objects#updateissueinput", "description": "

    Autogenerated input type of UpdateIssue.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning an AI agent to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assigneeIds", "description": "

    An array of Node IDs of users or bots for this issue.

    ", @@ -112109,6 +111594,80 @@ } ] }, + { + "name": "UpdateRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "updaterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#updaterepositorycustompropertyinput", + "description": "

    Autogenerated input type of UpdateRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "allowedValues", + "description": "

    The updated allowed values for the custom property.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The updated default value for the custom property if the property is required.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "description", + "description": "

    The updated description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "repositoryCustomPropertyId", + "description": "

    The global relay id of the source of the custom property.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "required", + "description": "

    Whether the updated custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "valuesEditableBy", + "description": "

    The updated actors who can edit the values of the custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, { "name": "UpdateRepositoryInput", "kind": "inputObjects", @@ -112416,106 +111975,6 @@ } ] }, - { - "name": "UpdateTeamDiscussionCommentInput", - "kind": "inputObjects", - "id": "updateteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#updateteamdiscussioncommentinput", - "description": "

    Autogenerated input type of UpdateTeamDiscussionComment.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The updated text of the comment.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "id", - "description": "

    The ID of the comment to modify.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "UpdateTeamDiscussionInput", - "kind": "inputObjects", - "id": "updateteamdiscussioninput", - "href": "/graphql/reference/input-objects#updateteamdiscussioninput", - "description": "

    Autogenerated input type of UpdateTeamDiscussion.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The updated text of the discussion.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content. If provided, this update operation\nwill be rejected if the given version does not match the latest version on the server.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "id", - "description": "

    The Node ID of the discussion to modify.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "pinned", - "description": "

    If provided, sets the pinned state of the updated discussion.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "title", - "description": "

    The updated title of the discussion.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - ] - }, { "name": "UpdateTeamReviewAssignmentInput", "kind": "inputObjects", @@ -112967,6 +112426,13 @@ "id": "boolean", "href": "/graphql/reference/scalars#boolean" }, + { + "name": "CustomPropertyValue", + "kind": "scalars", + "id": "custompropertyvalue", + "href": "/graphql/reference/scalars#custompropertyvalue", + "description": "

    A custom property value can be either a string or an array of strings. All\nproperty types support only a single string value, except for the multi-select\ntype, which supports only a string array.

    " + }, { "name": "Date", "kind": "scalars", diff --git a/src/graphql/data/fpt/upcoming-changes.json b/src/graphql/data/fpt/upcoming-changes.json index 6fcc489e4f35..42a408cba243 100644 --- a/src/graphql/data/fpt/upcoming-changes.json +++ b/src/graphql/data/fpt/upcoming-changes.json @@ -1,4 +1,22 @@ { + "2026-07-01": [ + { + "location": "Team.viewerSubscription", + "description": "

    viewerSubscription will be removed.

    ", + "reason": "

    Team.viewerSubscription will be removed. Team notifications subscriptions are being deprecated.

    ", + "date": "2026-07-01", + "criticality": "breaking", + "owner": "peter-evans" + }, + { + "location": "Team.viewerCanSubscribe", + "description": "

    viewerCanSubscribe will be removed.

    ", + "reason": "

    Team.viewerCanSubscribe will be removed. Team notifications subscriptions are being deprecated.

    ", + "date": "2026-07-01", + "criticality": "breaking", + "owner": "peter-evans" + } + ], "2026-04-01": [ { "location": "TeamRemoveRepositoryAuditEntry.userUrl", @@ -784,6 +802,14 @@ "criticality": "breaking", "owner": "audit_logs" }, + { + "location": "ReviewRequest.requestedBy", + "description": "

    requestedBy will be removed. Use requestedByActor instead.

    ", + "reason": "

    requestedBy will be removed.

    ", + "date": "2026-04-01", + "criticality": "breaking", + "owner": "github/client-apps-platform" + }, { "location": "RepositoryVisibilityChangeEnableAuditEntry.userUrl", "description": "

    userUrl will be removed.

    ", @@ -9772,158 +9798,6 @@ } ], "2024-07-01": [ - { - "location": "TeamDiscussionComment.url", - "description": "

    url will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.resourcePath", - "description": "

    resourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.number", - "description": "

    number will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.discussion", - "description": "

    discussion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.bodyVersion", - "description": "

    bodyVersion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.authorAssociation", - "description": "

    authorAssociation will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.viewerCanPin", - "description": "

    viewerCanPin will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.url", - "description": "

    url will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.title", - "description": "

    title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.team", - "description": "

    team will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.resourcePath", - "description": "

    resourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.number", - "description": "

    number will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.isPrivate", - "description": "

    isPrivate will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.isPinned", - "description": "

    isPinned will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.commentsUrl", - "description": "

    commentsUrl will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.commentsResourcePath", - "description": "

    commentsResourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.comments", - "description": "

    comments will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.bodyVersion", - "description": "

    bodyVersion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.authorAssociation", - "description": "

    authorAssociation will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, { "location": "PullRequestReviewComment.databaseId", "description": "

    databaseId will be removed. Use fullDatabaseId instead.

    ", @@ -9957,64 +9831,8 @@ "owner": "jdennes" }, { - "location": "CreateTeamDiscussionPayload.teamDiscussion", - "description": "

    teamDiscussion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.title", - "description": "

    title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.teamId", - "description": "

    teamId will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.private", - "description": "

    private will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.body", - "description": "

    body will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentPayload.teamDiscussionComment", - "description": "

    teamDiscussionComment will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentInput.discussionId", - "description": "

    discussionId will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentInput.body", - "description": "

    body will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", + "location": "EnterpriseOwnerInfo.teamDiscussionsSetting", + "description": "

    teamDiscussionsSetting will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", "date": "2024-07-01", "criticality": "breaking", diff --git a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml index 26920cb943e5..cce607d1e2bf 100644 --- a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml +++ b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml @@ -402,65 +402,9 @@ upcoming_changes: date: '2024-04-01T00:00:00+00:00' criticality: breaking owner: calvinchilds - - location: CreateTeamDiscussionCommentInput.body + - location: EnterpriseOwnerInfo.teamDiscussionsSetting description: - '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionCommentInput.discussionId - description: - '`discussionId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionCommentPayload.teamDiscussionComment - description: - '`teamDiscussionComment` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.body - description: - '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.private - description: - '`private` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.teamId - description: - '`teamId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionInput.title - description: - '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: CreateTeamDiscussionPayload.teamDiscussion - description: - '`teamDiscussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ + '`teamDiscussionsSetting` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.' reason: The Team Discussions feature is deprecated in favor of Organization Discussions. date: '2024-07-01T00:00:00+00:00' @@ -496,158 +440,6 @@ upcoming_changes: date: '2024-07-01T00:00:00+00:00' criticality: breaking owner: JanKoszewski - - location: TeamDiscussion.authorAssociation - description: - '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.bodyVersion - description: - '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.comments - description: - '`comments` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.commentsResourcePath - description: - '`commentsResourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.commentsUrl - description: - '`commentsUrl` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.isPinned - description: - '`isPinned` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.isPrivate - description: - '`isPrivate` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.number - description: - '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.resourcePath - description: - '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.team - description: - '`team` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.title - description: - '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.url - description: - '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussion.viewerCanPin - description: - '`viewerCanPin` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.authorAssociation - description: - '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.bodyVersion - description: - '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.discussion - description: - '`discussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.number - description: - '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.resourcePath - description: - '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - - location: TeamDiscussionComment.url - description: - '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ - to find a suitable replacement.' - reason: The Team Discussions feature is deprecated in favor of Organization Discussions. - date: '2024-07-01T00:00:00+00:00' - criticality: breaking - owner: deborah-digges - location: Workflow.hasWorkflowDispatchTrigger description: '`hasWorkflowDispatchTrigger` will be removed. Use `has_workflow_dispatch_trigger_for_branch(branch_ref)` @@ -7596,6 +7388,12 @@ upcoming_changes: date: '2026-04-01T00:00:00+00:00' criticality: breaking owner: audit_logs + - location: ReviewRequest.requestedBy + description: '`requestedBy` will be removed. Use `requestedByActor` instead.' + reason: '`requestedBy` will be removed.' + date: '2026-04-01T00:00:00+00:00' + criticality: breaking + owner: github/client-apps-platform - location: TeamAddMemberAuditEntry.action description: '`action` will be removed.' reason: The GraphQL audit-log is deprecated. Please use the REST API instead. @@ -8184,3 +7982,19 @@ upcoming_changes: date: '2026-04-01T00:00:00+00:00' criticality: breaking owner: audit_logs + - location: Team.viewerCanSubscribe + description: '`viewerCanSubscribe` will be removed.' + reason: + '`Team.viewerCanSubscribe` will be removed. Team notifications subscriptions + are being deprecated.' + date: '2026-07-01T00:00:00+00:00' + criticality: breaking + owner: peter-evans + - location: Team.viewerSubscription + description: '`viewerSubscription` will be removed.' + reason: + '`Team.viewerSubscription` will be removed. Team notifications subscriptions + are being deprecated.' + date: '2026-07-01T00:00:00+00:00' + criticality: breaking + owner: peter-evans diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql index a052abfcbb8a..83f9c4357d5a 100644 --- a/src/graphql/data/ghec/schema.docs.graphql +++ b/src/graphql/data/ghec/schema.docs.graphql @@ -355,6 +355,11 @@ enum ActorType { Autogenerated input type of AddAssigneesToAssignable """ input AddAssigneesToAssignableInput { + """ + Configuration for assigning Copilot to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The id of the assignable object to add assignees to. """ @@ -1126,8 +1131,6 @@ input AddReactionInput { "PullRequestReview" "PullRequestReviewComment" "Release" - "TeamDiscussion" - "TeamDiscussionComment" ] abstractType: "Reactable" ) @@ -1420,6 +1423,31 @@ type AddedToProjectV2Event implements Node & ProjectV2Event { wasAutomated: Boolean! } +""" +Represents configuration for assigning Copilot to an issue (public variant) +""" +input AgentAssignmentInput { + """ + The base ref/branch for the repository. Defaults to the default branch if not provided. + """ + baseRef: String + + """ + Custom agent for Copilot. + """ + customAgent: String + + """ + Custom instructions for Copilot. + """ + customInstructions: String + + """ + The Node ID of the target repository where Copilot should work. Defaults to the issue's repository if not provided. + """ + targetRepositoryId: ID @possibleTypes(concreteTypes: ["Repository"]) +} + """ Copilot Agentic fields in context of the current viewer. """ @@ -2617,7 +2645,7 @@ Parameters to be used for the branch_name_pattern rule """ type BranchNamePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -2642,7 +2670,7 @@ Parameters to be used for the branch_name_pattern rule """ input BranchNamePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -5662,7 +5690,7 @@ Parameters to be used for the commit_author_email_pattern rule """ type CommitAuthorEmailPatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -5687,7 +5715,7 @@ Parameters to be used for the commit_author_email_pattern rule """ input CommitAuthorEmailPatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6184,7 +6212,7 @@ Parameters to be used for the commit_message_pattern rule """ type CommitMessagePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6209,7 +6237,7 @@ Parameters to be used for the commit_message_pattern rule """ input CommitMessagePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6274,7 +6302,7 @@ Parameters to be used for the committer_email_pattern rule """ type CommitterEmailPatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -6299,7 +6327,7 @@ Parameters to be used for the committer_email_pattern rule """ input CommitterEmailPatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -8141,6 +8169,11 @@ type CreateIpAllowListEntryPayload { Autogenerated input type of CreateIssue """ input CreateIssueInput { + """ + Configuration for assigning Copilot to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The Node ID of assignees for this issue. """ @@ -8724,6 +8757,76 @@ type CreateRefPayload { ref: Ref } +""" +Autogenerated input type of CreateRepositoryCustomProperty +""" +input CreateRepositoryCustomPropertyInput { + """ + The allowed values for the custom property. + """ + allowedValues: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The default value for the custom property if the property is required. + """ + defaultValue: String + + """ + The description of the custom property. + """ + description: String + + """ + The name of the custom property. + """ + propertyName: String! + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + Whether the custom property is required. + """ + required: Boolean + + """ + The global relay id of the source in which a new custom property should be created in. + """ + sourceId: ID! @possibleTypes(concreteTypes: ["Enterprise", "Organization"], abstractType: "CustomPropertySource") + + """ + The value type for the custom property. + """ + valueType: CustomPropertyValueType! + + """ + The allowed actors who can edit the values of a custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy +} + +""" +Autogenerated return type of CreateRepositoryCustomProperty. +""" +type CreateRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The newly created repository custom property. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ Autogenerated input type of CreateRepository """ @@ -9143,130 +9246,6 @@ type CreateSponsorshipsPayload { sponsorables: [Sponsorable!] } -""" -Autogenerated input type of CreateTeamDiscussionComment -""" -input CreateTeamDiscussionCommentInput { - """ - The content of the comment. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `body` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - body: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the discussion to which the comment belongs. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `discussionId` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - discussionId: ID @possibleTypes(concreteTypes: ["TeamDiscussion"]) -} - -""" -Autogenerated return type of CreateTeamDiscussionComment. -""" -type CreateTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The new comment. - """ - teamDiscussionComment: TeamDiscussionComment - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) -} - -""" -Autogenerated input type of CreateTeamDiscussion -""" -input CreateTeamDiscussionInput { - """ - The content of the discussion. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `body` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - body: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - If true, restricts the visibility of this discussion to team members and - organization owners. If false or not specified, allows any organization member - to view this discussion. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `private` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - private: Boolean - - """ - The ID of the team to which the discussion belongs. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `teamId` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - teamId: ID @possibleTypes(concreteTypes: ["Team"]) - - """ - The title of the discussion. This field is required. - - **Upcoming Change on 2024-07-01 UTC** - **Description:** `title` will be removed. Follow the guide at - https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to - find a suitable replacement. - **Reason:** The Team Discussions feature is deprecated in favor of Organization Discussions. - """ - title: String -} - -""" -Autogenerated return type of CreateTeamDiscussion. -""" -type CreateTeamDiscussionPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The new discussion. - """ - teamDiscussion: TeamDiscussion - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) -} - """ Autogenerated input type of CreateUserList """ @@ -9782,6 +9761,64 @@ type CrossReferencedEvent implements Node & UniformResourceLocatable { willCloseTarget: Boolean! } +""" +Sources which can have custom properties defined. +""" +union CustomPropertySource = Enterprise | Organization + +""" +A custom property value can be either a string or an array of strings. All +property types support only a single string value, except for the multi-select +type, which supports only a string array. +""" +scalar CustomPropertyValue + +""" +The custom property name and value to be set. +""" +input CustomPropertyValueInput { + """ + The name of the custom property. + """ + propertyName: String! + + """ + The value to set for the custom property. Using a value of null will unset the + property value, reverting to the default value if the property is required. + """ + value: CustomPropertyValue +} + +""" +The allowed value types for a custom property definition. +""" +enum CustomPropertyValueType { + """ + A multi-select value. + """ + MULTI_SELECT + + """ + A single-select value. + """ + SINGLE_SELECT + + """ + A string value. + """ + STRING + + """ + A true/false value. + """ + TRUE_FALSE + + """ + A URL value. + """ + URL +} + """ The Common Vulnerability Scoring System """ @@ -10589,74 +10626,54 @@ type DeleteRefPayload { } """ -Autogenerated input type of DeleteRepositoryRuleset +Autogenerated input type of DeleteRepositoryCustomProperty """ -input DeleteRepositoryRulesetInput { +input DeleteRepositoryCustomPropertyInput { """ A unique identifier for the client performing the mutation. """ clientMutationId: String """ - The global relay id of the repository ruleset to be deleted. + The global relay id of the custom property to be deleted. """ - repositoryRulesetId: ID! @possibleTypes(concreteTypes: ["RepositoryRuleset"]) + id: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) } """ -Autogenerated return type of DeleteRepositoryRuleset. +Autogenerated return type of DeleteRepositoryCustomProperty. """ -type DeleteRepositoryRulesetPayload { +type DeleteRepositoryCustomPropertyPayload { """ A unique identifier for the client performing the mutation. """ clientMutationId: String -} -""" -Autogenerated input type of DeleteTeamDiscussionComment -""" -input DeleteTeamDiscussionCommentInput { """ - A unique identifier for the client performing the mutation. + The deleted custom property. """ - clientMutationId: String - - """ - The ID of the comment to delete. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussionComment"]) -} - -""" -Autogenerated return type of DeleteTeamDiscussionComment. -""" -type DeleteTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String + repositoryCustomProperty: RepositoryCustomProperty } """ -Autogenerated input type of DeleteTeamDiscussion +Autogenerated input type of DeleteRepositoryRuleset """ -input DeleteTeamDiscussionInput { +input DeleteRepositoryRulesetInput { """ A unique identifier for the client performing the mutation. """ clientMutationId: String """ - The discussion ID to delete. + The global relay id of the repository ruleset to be deleted. """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussion"]) + repositoryRulesetId: ID! @possibleTypes(concreteTypes: ["RepositoryRuleset"]) } """ -Autogenerated return type of DeleteTeamDiscussion. +Autogenerated return type of DeleteRepositoryRuleset. """ -type DeleteTeamDiscussionPayload { +type DeleteRepositoryRulesetPayload { """ A unique identifier for the client performing the mutation. """ @@ -13660,6 +13677,41 @@ type Enterprise implements Node { """ readmeHTML: HTML! + """ + A list of repository custom properties for this enterprise. + """ + repositoryCustomProperties( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyConnection + + """ + Returns a single repository custom property for the current enterprise by name. + """ + repositoryCustomProperty( + """ + The name of the repository custom property to be returned. + """ + propertyName: String! + ): RepositoryCustomProperty + """ The HTTP path for this enterprise. """ @@ -15010,6 +15062,11 @@ type EnterpriseOwnerInfo { """ ipAllowListForInstalledAppsEnabledSetting: IpAllowListForInstalledAppsEnabledSettingValue! + """ + The setting value for whether the enterprise has IP allow list user-level enforcement enabled. + """ + ipAllowListUserLevelEnforcementEnabledSetting: IpAllowListUserLevelEnforcementEnabledSettingValue! + """ Whether or not the base repository permission is currently being updated. """ @@ -15739,41 +15796,9 @@ type EnterpriseOwnerInfo { The setting value for whether team discussions are enabled for organizations in this enterprise. """ teamDiscussionsSetting: EnterpriseEnabledDisabledSettingValue! - - """ - A list of enterprise organizations configured with the provided team discussions setting value. - """ - teamDiscussionsSettingOrganizations( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Ordering options for organizations with this setting. - """ - orderBy: OrganizationOrder = {field: LOGIN, direction: ASC} - - """ - The setting value to find organizations for. - """ - value: Boolean! - ): OrganizationConnection! + @deprecated( + reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." + ) """ The setting value for what methods of two-factor authentication the enterprise prevents its users from having. @@ -18827,6 +18852,21 @@ Types that can own an IP allow list. """ union IpAllowListOwner = App | Enterprise | Organization +""" +The possible values for the IP allow list user-level enforcement enabled setting. +""" +enum IpAllowListUserLevelEnforcementEnabledSettingValue { + """ + The setting is disabled for the owner. + """ + DISABLED + + """ + The setting is enabled for the owner. + """ + ENABLED +} + """ An Issue is a place to discuss ideas, enhancements, tasks, and bugs for a project. """ @@ -19297,7 +19337,7 @@ type Issue implements Assignable & Closable & Comment & Deletable & Labelable & Returns the last _n_ elements from the list. """ last: Int - ): ProjectV2ItemConnection! + ): ProjectV2ItemConnection """ Find a project by number. @@ -25263,6 +25303,16 @@ type Mutation { input: CreateRepositoryInput! ): CreateRepositoryPayload + """ + Create a repository custom property. + """ + createRepositoryCustomProperty( + """ + Parameters for CreateRepositoryCustomProperty + """ + input: CreateRepositoryCustomPropertyInput! + ): CreateRepositoryCustomPropertyPayload + """ Create a repository ruleset """ @@ -25314,26 +25364,6 @@ type Mutation { input: CreateSponsorshipsInput! ): CreateSponsorshipsPayload - """ - Creates a new team discussion. - """ - createTeamDiscussion( - """ - Parameters for CreateTeamDiscussion - """ - input: CreateTeamDiscussionInput! - ): CreateTeamDiscussionPayload - - """ - Creates a new team discussion comment. - """ - createTeamDiscussionComment( - """ - Parameters for CreateTeamDiscussionComment - """ - input: CreateTeamDiscussionCommentInput! - ): CreateTeamDiscussionCommentPayload - """ Creates a new user list. """ @@ -25594,34 +25624,24 @@ type Mutation { ): DeleteRefPayload """ - Delete a repository ruleset + Delete a repository custom property. """ - deleteRepositoryRuleset( + deleteRepositoryCustomProperty( """ - Parameters for DeleteRepositoryRuleset + Parameters for DeleteRepositoryCustomProperty """ - input: DeleteRepositoryRulesetInput! - ): DeleteRepositoryRulesetPayload + input: DeleteRepositoryCustomPropertyInput! + ): DeleteRepositoryCustomPropertyPayload """ - Deletes a team discussion. - """ - deleteTeamDiscussion( - """ - Parameters for DeleteTeamDiscussion - """ - input: DeleteTeamDiscussionInput! - ): DeleteTeamDiscussionPayload - - """ - Deletes a team discussion comment. + Delete a repository ruleset """ - deleteTeamDiscussionComment( + deleteRepositoryRuleset( """ - Parameters for DeleteTeamDiscussionComment + Parameters for DeleteRepositoryRuleset """ - input: DeleteTeamDiscussionCommentInput! - ): DeleteTeamDiscussionCommentPayload + input: DeleteRepositoryRulesetInput! + ): DeleteRepositoryRulesetPayload """ Deletes a user list. @@ -25935,6 +25955,16 @@ type Mutation { input: PinIssueInput! ): PinIssuePayload + """ + Promote a repository custom property to the enterprise level. + """ + promoteRepositoryCustomProperty( + """ + Parameters for PromoteRepositoryCustomProperty + """ + input: PromoteRepositoryCustomPropertyInput! + ): PromoteRepositoryCustomPropertyPayload + """ Publish an existing sponsorship tier that is currently still a draft to a GitHub Sponsors profile. """ @@ -26176,6 +26206,16 @@ type Mutation { input: RequestReviewsInput! ): RequestReviewsPayload + """ + Set review requests on a pull request using login strings instead of IDs. + """ + requestReviewsByLogin( + """ + Parameters for RequestReviewsByLogin + """ + input: RequestReviewsByLoginInput! + ): RequestReviewsByLoginPayload + """ Rerequests an existing check suite. """ @@ -26256,6 +26296,16 @@ type Mutation { input: SetOrganizationInteractionLimitInput! ): SetOrganizationInteractionLimitPayload + """ + Set repository custom property values for a repository. + """ + setRepositoryCustomPropertyValues( + """ + Parameters for SetRepositoryCustomPropertyValues + """ + input: SetRepositoryCustomPropertyValuesInput! + ): SetRepositoryCustomPropertyValuesPayload + """ Sets an interaction limit setting for a repository. """ @@ -26689,16 +26739,6 @@ type Mutation { input: UpdateEnterpriseRepositoryProjectsSettingInput! ): UpdateEnterpriseRepositoryProjectsSettingPayload - """ - Sets whether team discussions are enabled for an enterprise. - """ - updateEnterpriseTeamDiscussionsSetting( - """ - Parameters for UpdateEnterpriseTeamDiscussionsSetting - """ - input: UpdateEnterpriseTeamDiscussionsSettingInput! - ): UpdateEnterpriseTeamDiscussionsSettingPayload - """ Sets the two-factor authentication methods that users of an enterprise may not use. """ @@ -26759,6 +26799,16 @@ type Mutation { input: UpdateIpAllowListForInstalledAppsEnabledSettingInput! ): UpdateIpAllowListForInstalledAppsEnabledSettingPayload + """ + Sets whether IP allow list user-level enforcement is enabled on an enterprise. + """ + updateIpAllowListUserLevelEnforcementEnabledSetting( + """ + Parameters for UpdateIpAllowListUserLevelEnforcementEnabledSetting + """ + input: UpdateIpAllowListUserLevelEnforcementEnabledSettingInput! + ): UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload + """ Updates an Issue. """ @@ -27049,6 +27099,16 @@ type Mutation { input: UpdateRepositoryInput! ): UpdateRepositoryPayload + """ + Update a repository custom property. + """ + updateRepositoryCustomProperty( + """ + Parameters for UpdateRepositoryCustomProperty + """ + input: UpdateRepositoryCustomPropertyInput! + ): UpdateRepositoryCustomPropertyPayload + """ Update a repository ruleset """ @@ -27089,26 +27149,6 @@ type Mutation { input: UpdateSubscriptionInput! ): UpdateSubscriptionPayload - """ - Updates a team discussion. - """ - updateTeamDiscussion( - """ - Parameters for UpdateTeamDiscussion - """ - input: UpdateTeamDiscussionInput! - ): UpdateTeamDiscussionPayload - - """ - Updates a discussion comment. - """ - updateTeamDiscussionComment( - """ - Parameters for UpdateTeamDiscussionComment - """ - input: UpdateTeamDiscussionCommentInput! - ): UpdateTeamDiscussionCommentPayload - """ Updates team review assignment. """ @@ -33264,6 +33304,41 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr name: String! ): Repository + """ + A list of custom properties for this organization. + """ + repositoryCustomProperties( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyConnection + + """ + Returns a single custom property from the current organization by name. + """ + repositoryCustomProperty( + """ + The name of the custom property to be returned. + """ + propertyName: String! + ): RepositoryCustomProperty + """ Discussion comments this user has authored. """ @@ -40299,6 +40374,36 @@ enum ProjectV2WorkflowsOrderField { UPDATED_AT } +""" +Autogenerated input type of PromoteRepositoryCustomProperty +""" +input PromoteRepositoryCustomPropertyInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the repository custom property to be promoted. + """ + repositoryCustomPropertyId: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) +} + +""" +Autogenerated return type of PromoteRepositoryCustomProperty. +""" +type PromoteRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The repository custom property that has been promoted. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ A property that must match """ @@ -41063,7 +41168,7 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab Returns the last _n_ elements from the list. """ last: Int - ): ProjectV2ItemConnection! + ): ProjectV2ItemConnection """ Find a project by number. @@ -41333,6 +41438,11 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab Returns the last _n_ elements from the list. """ last: Int + + """ + Search actors with query on user name and login. + """ + query: String ): SuggestedReviewerActorConnection! """ @@ -41948,13 +42058,6 @@ type PullRequestParameters { """ allowedMergeMethods: [PullRequestAllowedMergeMethods!] - """ - Request Copilot code review for new pull requests automatically if the author - has access to Copilot code review and their premium requests quota has not - reached the limit. - """ - automaticCopilotCodeReviewEnabled: Boolean! - """ New, reviewable commits pushed will dismiss previous pull request review approvals. """ @@ -41998,13 +42101,6 @@ input PullRequestParametersInput { """ allowedMergeMethods: [PullRequestAllowedMergeMethods!] - """ - Request Copilot code review for new pull requests automatically if the author - has access to Copilot code review and their premium requests quota has not - reached the limit. - """ - automaticCopilotCodeReviewEnabled: Boolean - """ New, reviewable commits pushed will dismiss previous pull request review approvals. """ @@ -46155,8 +46251,6 @@ input RemoveReactionInput { "PullRequestReview" "PullRequestReviewComment" "Release" - "TeamDiscussion" - "TeamDiscussionComment" ] abstractType: "Reactable" ) @@ -46606,14 +46700,27 @@ Autogenerated input type of ReplaceActorsForAssignable """ input ReplaceActorsForAssignableInput { """ - The ids of the actors to replace the existing assignees. + The ids of the actors to replace the existing assignees. May be used as an + alternative to or in conjunction with actorLogins. """ - actorIds: [ID!]! + actorIds: [ID!] @possibleTypes( concreteTypes: ["Bot", "EnterpriseUserAccount", "Mannequin", "Organization", "User"] abstractType: "Actor" ) + """ + The usernames of the actors to replace the existing assignees. May be used as + an alternative to or in conjunction with actorIds. For bots, use the login + format with [bot] suffix (e.g., 'my-app[bot]'). + """ + actorLogins: [String!] + + """ + Configuration for assigning an AI agent to this issue. + """ + agentAssignment: AgentAssignmentInput + """ The id of the assignable object to replace the assignees for. """ @@ -51498,6 +51605,41 @@ type Repository implements Node & PackageOwner & ProjectOwner & ProjectV2Recent orderBy: ReleaseOrder ): ReleaseConnection! + """ + A custom property value for the repository. + """ + repositoryCustomPropertyValue( + """ + The name of the custom property to retrieve the value for. + """ + propertyName: String! + ): RepositoryCustomPropertyValue + + """ + A list of custom properties and their associated values for a repository. + """ + repositoryCustomPropertyValues( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): RepositoryCustomPropertyValueConnection + """ A list of applied repository-topic associations for this repository. """ @@ -52109,6 +52251,171 @@ enum RepositoryContributionType { REPOSITORY } +""" +A repository custom property. +""" +type RepositoryCustomProperty implements Node { + """ + The allowed values for the custom property. Required if `value_type` is `single_select` or `multi_select`. + """ + allowedValues: [String!] + + """ + The default value of the custom property, if the property is `required`. + """ + defaultValue: CustomPropertyValue + + """ + The description of the custom property. + """ + description: String + + """ + The Node ID of the RepositoryCustomProperty object + """ + id: ID! + + """ + The name of the custom property. + """ + propertyName: String! + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + Whether the custom property is required. + """ + required: Boolean + + """ + The source type of the custom property. + """ + source: CustomPropertySource! + + """ + The value type of the custom property. + """ + valueType: CustomPropertyValueType! + + """ + Who can edit the values of this repository custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy! +} + +""" +The connection type for RepositoryCustomProperty. +""" +type RepositoryCustomPropertyConnection { + """ + A list of edges. + """ + edges: [RepositoryCustomPropertyEdge] + + """ + A list of nodes. + """ + nodes: [RepositoryCustomProperty] + + """ + Information to aid in pagination. + """ + pageInfo: PageInfo! + + """ + Identifies the total count of items in the connection. + """ + totalCount: Int! +} + +""" +An edge in a connection. +""" +type RepositoryCustomPropertyEdge { + """ + A cursor for use in pagination. + """ + cursor: String! + + """ + The item at the end of the edge. + """ + node: RepositoryCustomProperty +} + +""" +A value associated with a repository custom property. +""" +type RepositoryCustomPropertyValue { + """ + The name of the custom property. + """ + propertyName: String! + + """ + The value of the custom property. + """ + value: CustomPropertyValue! +} + +""" +The connection type for RepositoryCustomPropertyValue. +""" +type RepositoryCustomPropertyValueConnection { + """ + A list of edges. + """ + edges: [RepositoryCustomPropertyValueEdge] + + """ + A list of nodes. + """ + nodes: [RepositoryCustomPropertyValue] + + """ + Information to aid in pagination. + """ + pageInfo: PageInfo! + + """ + Identifies the total count of items in the connection. + """ + totalCount: Int! +} + +""" +An edge in a connection. +""" +type RepositoryCustomPropertyValueEdge { + """ + A cursor for use in pagination. + """ + cursor: String! + + """ + The item at the end of the edge. + """ + node: RepositoryCustomPropertyValue +} + +""" +The allowed actors who can edit the values of a custom property. +""" +enum RepositoryCustomPropertyValuesEditableBy { + """ + The organization actors. + """ + ORG_ACTORS + + """ + The organization and repository actors. + """ + ORG_AND_REPO_ACTORS +} + """ Represents an author of discussions in repositories. """ @@ -54448,6 +54755,66 @@ type ReprioritizeSubIssuePayload { issue: Issue } +""" +Autogenerated input type of RequestReviewsByLogin +""" +input RequestReviewsByLoginInput { + """ + The logins of the bots to request reviews from, including the [bot] suffix (e.g., 'copilot-pull-request-reviewer[bot]'). + """ + botLogins: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The Node ID of the pull request to modify. + """ + pullRequestId: ID! @possibleTypes(concreteTypes: ["PullRequest"]) + + """ + The slugs of the teams to request reviews from (format: 'org/team-slug'). + """ + teamSlugs: [String!] + + """ + Add users to the set rather than replace. + """ + union: Boolean = false + + """ + The login strings of the users to request reviews from. + """ + userLogins: [String!] +} + +""" +Autogenerated return type of RequestReviewsByLogin. +""" +type RequestReviewsByLoginPayload { + """ + Identifies the actor who performed the event. + """ + actor: Actor + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The pull request that is getting requests. + """ + pullRequest: PullRequest + + """ + The edge from the pull request to the requested reviewers. + """ + requestedReviewersEdge: UserEdge +} + """ Autogenerated input type of RequestReviews """ @@ -56362,6 +56729,41 @@ type SetOrganizationInteractionLimitPayload { organization: Organization } +""" +Autogenerated input type of SetRepositoryCustomPropertyValues +""" +input SetRepositoryCustomPropertyValuesInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + A list of custom property names and associated values to apply. + """ + properties: [CustomPropertyValueInput!]! + + """ + The ID of the repository to set properties for. + """ + repositoryId: ID! @possibleTypes(concreteTypes: ["Repository"]) +} + +""" +Autogenerated return type of SetRepositoryCustomPropertyValues. +""" +type SetRepositoryCustomPropertyValuesPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The repository that the custom properties were set for. + """ + repository: Repository +} + """ Autogenerated input type of SetRepositoryInteractionLimit """ @@ -60579,7 +60981,7 @@ Parameters to be used for the tag_name_pattern rule """ type TagNamePatternParameters { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -60604,7 +61006,7 @@ Parameters to be used for the tag_name_pattern rule """ input TagNamePatternParametersInput { """ - How this rule will appear to users. + How this rule appears when configuring it. """ name: String @@ -60723,61 +61125,6 @@ type Team implements MemberStatusable & Node & Subscribable { """ description: String - """ - Find a team discussion by its number. - """ - discussion( - """ - The sequence number of the discussion to find. - """ - number: Int! - ): TeamDiscussion - - """ - A list of team discussions. - """ - discussions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - If provided, filters discussions according to whether or not they are pinned. - """ - isPinned: Boolean - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Order for connection - """ - orderBy: TeamDiscussionOrder - ): TeamDiscussionConnection! - - """ - The HTTP path for team discussions - """ - discussionsResourcePath: URI! - - """ - The HTTP URL for team discussions - """ - discussionsUrl: URI! - """ The HTTP path for editing this team """ @@ -61094,14 +61441,20 @@ type Team implements MemberStatusable & Node & Subscribable { viewerCanAdminister: Boolean! """ - Check if the viewer is able to change their subscription status for the repository. + Check if the viewer is able to change their subscription status for the subscribable entity. """ viewerCanSubscribe: Boolean! + @deprecated( + reason: "`Team.viewerCanSubscribe` will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC." + ) """ Identifies if the viewer is watching, not watching, or ignoring the subscribable entity. """ viewerSubscription: SubscriptionState + @deprecated( + reason: "`Team.viewerSubscription` will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC." + ) } """ @@ -61760,648 +62113,6 @@ type TeamConnection { totalCount: Int! } -""" -A team discussion. -""" -type TeamDiscussion implements Comment & Deletable & Node & Reactable & Subscribable & UniformResourceLocatable & Updatable & UpdatableComment { - """ - The actor who authored the comment. - """ - author: Actor - - """ - Author's association with the discussion's team. - """ - authorAssociation: CommentAuthorAssociation! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The body as Markdown. - """ - body: String! - - """ - The body rendered to HTML. - """ - bodyHTML: HTML! - - """ - The body rendered to text. - """ - bodyText: String! - - """ - Identifies the discussion body hash. - """ - bodyVersion: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of comments on this discussion. - """ - comments( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - When provided, filters the connection such that results begin with the comment with this number. - """ - fromComment: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Order for connection - """ - orderBy: TeamDiscussionCommentOrder - ): TeamDiscussionCommentConnection! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The HTTP path for discussion comments - """ - commentsResourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The HTTP URL for discussion comments - """ - commentsUrl: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was created. - """ - createdAt: DateTime! - - """ - Check if this comment was created via an email reply. - """ - createdViaEmail: Boolean! - - """ - Identifies the primary key from the database. - """ - databaseId: Int - - """ - The actor who edited the comment. - """ - editor: Actor - - """ - The Node ID of the TeamDiscussion object - """ - id: ID! - - """ - Check if this comment was edited and includes an edit with the creation data - """ - includesCreatedEdit: Boolean! - - """ - Whether or not the discussion is pinned. - """ - isPinned: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Whether or not the discussion is only visible to team members and organization owners. - """ - isPrivate: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The moment the editor made the last edit - """ - lastEditedAt: DateTime - - """ - Identifies the discussion within its team. - """ - number: Int! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies when the comment was published at. - """ - publishedAt: DateTime - - """ - A list of reactions grouped by content left on the subject. - """ - reactionGroups: [ReactionGroup!] - - """ - A list of Reactions left on the Issue. - """ - reactions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Allows filtering Reactions by emoji. - """ - content: ReactionContent - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Allows specifying the order in which reactions are returned. - """ - orderBy: ReactionOrder - ): ReactionConnection! - - """ - The HTTP path for this discussion - """ - resourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The team that defines the context of this discussion. - """ - team: Team! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The title of the discussion - """ - title: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was last updated. - """ - updatedAt: DateTime! - - """ - The HTTP URL for this discussion - """ - url: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of edits to this content. - """ - userContentEdits( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - ): UserContentEditConnection - - """ - Check if the current viewer can delete this object. - """ - viewerCanDelete: Boolean! - - """ - Whether or not the current viewer can pin this discussion. - """ - viewerCanPin: Boolean! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Can user react to this subject - """ - viewerCanReact: Boolean! - - """ - Check if the viewer is able to change their subscription status for the repository. - """ - viewerCanSubscribe: Boolean! - - """ - Check if the current viewer can update this object. - """ - viewerCanUpdate: Boolean! - - """ - Reasons why the current viewer can not update this comment. - """ - viewerCannotUpdateReasons: [CommentCannotUpdateReason!]! - - """ - Did the viewer author this comment. - """ - viewerDidAuthor: Boolean! - - """ - Identifies if the viewer is watching, not watching, or ignoring the subscribable entity. - """ - viewerSubscription: SubscriptionState -} - -""" -A comment on a team discussion. -""" -type TeamDiscussionComment implements Comment & Deletable & Node & Reactable & UniformResourceLocatable & Updatable & UpdatableComment { - """ - The actor who authored the comment. - """ - author: Actor - - """ - Author's association with the comment's team. - """ - authorAssociation: CommentAuthorAssociation! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The body as Markdown. - """ - body: String! - - """ - The body rendered to HTML. - """ - bodyHTML: HTML! - - """ - The body rendered to text. - """ - bodyText: String! - - """ - The current version of the body content. - """ - bodyVersion: String! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was created. - """ - createdAt: DateTime! - - """ - Check if this comment was created via an email reply. - """ - createdViaEmail: Boolean! - - """ - Identifies the primary key from the database. - """ - databaseId: Int - - """ - The discussion this comment is about. - """ - discussion: TeamDiscussion! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - The actor who edited the comment. - """ - editor: Actor - - """ - The Node ID of the TeamDiscussionComment object - """ - id: ID! - - """ - Check if this comment was edited and includes an edit with the creation data - """ - includesCreatedEdit: Boolean! - - """ - The moment the editor made the last edit - """ - lastEditedAt: DateTime - - """ - Identifies the comment number. - """ - number: Int! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies when the comment was published at. - """ - publishedAt: DateTime - - """ - A list of reactions grouped by content left on the subject. - """ - reactionGroups: [ReactionGroup!] - - """ - A list of Reactions left on the Issue. - """ - reactions( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Allows filtering Reactions by emoji. - """ - content: ReactionContent - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - - """ - Allows specifying the order in which reactions are returned. - """ - orderBy: ReactionOrder - ): ReactionConnection! - - """ - The HTTP path for this comment - """ - resourcePath: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - Identifies the date and time when the object was last updated. - """ - updatedAt: DateTime! - - """ - The HTTP URL for this comment - """ - url: URI! - @deprecated( - reason: "The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC." - ) - - """ - A list of edits to this content. - """ - userContentEdits( - """ - Returns the elements in the list that come after the specified cursor. - """ - after: String - - """ - Returns the elements in the list that come before the specified cursor. - """ - before: String - - """ - Returns the first _n_ elements from the list. - """ - first: Int - - """ - Returns the last _n_ elements from the list. - """ - last: Int - ): UserContentEditConnection - - """ - Check if the current viewer can delete this object. - """ - viewerCanDelete: Boolean! - - """ - Can user react to this subject - """ - viewerCanReact: Boolean! - - """ - Check if the current viewer can update this object. - """ - viewerCanUpdate: Boolean! - - """ - Reasons why the current viewer can not update this comment. - """ - viewerCannotUpdateReasons: [CommentCannotUpdateReason!]! - - """ - Did the viewer author this comment. - """ - viewerDidAuthor: Boolean! -} - -""" -The connection type for TeamDiscussionComment. -""" -type TeamDiscussionCommentConnection { - """ - A list of edges. - """ - edges: [TeamDiscussionCommentEdge] - - """ - A list of nodes. - """ - nodes: [TeamDiscussionComment] - - """ - Information to aid in pagination. - """ - pageInfo: PageInfo! - - """ - Identifies the total count of items in the connection. - """ - totalCount: Int! -} - -""" -An edge in a connection. -""" -type TeamDiscussionCommentEdge { - """ - A cursor for use in pagination. - """ - cursor: String! - - """ - The item at the end of the edge. - """ - node: TeamDiscussionComment -} - -""" -Ways in which team discussion comment connections can be ordered. -""" -input TeamDiscussionCommentOrder { - """ - The direction in which to order nodes. - """ - direction: OrderDirection! - - """ - The field by which to order nodes. - """ - field: TeamDiscussionCommentOrderField! -} - -""" -Properties by which team discussion comment connections can be ordered. -""" -enum TeamDiscussionCommentOrderField { - """ - Allows sequential ordering of team discussion comments (which is equivalent to chronological ordering). - """ - NUMBER -} - -""" -The connection type for TeamDiscussion. -""" -type TeamDiscussionConnection { - """ - A list of edges. - """ - edges: [TeamDiscussionEdge] - - """ - A list of nodes. - """ - nodes: [TeamDiscussion] - - """ - Information to aid in pagination. - """ - pageInfo: PageInfo! - - """ - Identifies the total count of items in the connection. - """ - totalCount: Int! -} - -""" -An edge in a connection. -""" -type TeamDiscussionEdge { - """ - A cursor for use in pagination. - """ - cursor: String! - - """ - The item at the end of the edge. - """ - node: TeamDiscussion -} - -""" -Ways in which team discussion connections can be ordered. -""" -input TeamDiscussionOrder { - """ - The direction in which to order nodes. - """ - direction: OrderDirection! - - """ - The field by which to order nodes. - """ - field: TeamDiscussionOrderField! -} - -""" -Properties by which team discussion connections can be ordered. -""" -enum TeamDiscussionOrderField { - """ - Allows chronological ordering of team discussions. - """ - CREATED_AT -} - """ An edge in a connection. """ @@ -65435,46 +65146,6 @@ type UpdateEnterpriseRepositoryProjectsSettingPayload { message: String } -""" -Autogenerated input type of UpdateEnterpriseTeamDiscussionsSetting -""" -input UpdateEnterpriseTeamDiscussionsSettingInput { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the enterprise on which to set the team discussions setting. - """ - enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) - - """ - The value for the team discussions setting on the enterprise. - """ - settingValue: EnterpriseEnabledDisabledSettingValue! -} - -""" -Autogenerated return type of UpdateEnterpriseTeamDiscussionsSetting. -""" -type UpdateEnterpriseTeamDiscussionsSettingPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The enterprise with the updated team discussions setting. - """ - enterprise: Enterprise - - """ - A message confirming the result of updating the team discussions setting. - """ - message: String -} - """ Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting """ @@ -65715,6 +65386,41 @@ type UpdateIpAllowListForInstalledAppsEnabledSettingPayload { owner: IpAllowListOwner } +""" +Autogenerated input type of UpdateIpAllowListUserLevelEnforcementEnabledSetting +""" +input UpdateIpAllowListUserLevelEnforcementEnabledSettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the owner. + """ + ownerId: ID! @possibleTypes(concreteTypes: ["App", "Enterprise", "Organization"], abstractType: "IpAllowListOwner") + + """ + The value for the IP allow list user-level enforcement enabled setting. + """ + settingValue: IpAllowListUserLevelEnforcementEnabledSettingValue! +} + +""" +Autogenerated return type of UpdateIpAllowListUserLevelEnforcementEnabledSetting. +""" +type UpdateIpAllowListUserLevelEnforcementEnabledSettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The IP allow list owner on which the setting was updated. + """ + owner: IpAllowListOwner +} + """ Autogenerated input type of UpdateIssueComment """ @@ -65754,6 +65460,11 @@ type UpdateIssueCommentPayload { Autogenerated input type of UpdateIssue """ input UpdateIssueInput { + """ + Configuration for assigning an AI agent to this issue. + """ + agentAssignment: AgentAssignmentInput + """ An array of Node IDs of users or bots for this issue. """ @@ -66884,6 +66595,66 @@ type UpdateRefsPayload { clientMutationId: String } +""" +Autogenerated input type of UpdateRepositoryCustomProperty +""" +input UpdateRepositoryCustomPropertyInput { + """ + The updated allowed values for the custom property. + """ + allowedValues: [String!] + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The updated default value for the custom property if the property is required. + """ + defaultValue: String + + """ + The updated description of the custom property. + """ + description: String + + """ + The regex pattern that the value of the custom property must match, if the `value_type` is `string`. + """ + regex: String + + """ + The global relay id of the source of the custom property. + """ + repositoryCustomPropertyId: ID! @possibleTypes(concreteTypes: ["RepositoryCustomProperty"]) + + """ + Whether the updated custom property is required. + """ + required: Boolean + + """ + The updated actors who can edit the values of the custom property. + """ + valuesEditableBy: RepositoryCustomPropertyValuesEditableBy +} + +""" +Autogenerated return type of UpdateRepositoryCustomProperty. +""" +type UpdateRepositoryCustomPropertyPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The updated repository custom property. + """ + repositoryCustomProperty: RepositoryCustomProperty +} + """ Autogenerated input type of UpdateRepository """ @@ -67137,7 +66908,7 @@ input UpdateSubscriptionInput { """ subscribableId: ID! @possibleTypes( - concreteTypes: ["Commit", "Discussion", "Issue", "PullRequest", "Repository", "Team", "TeamDiscussion"] + concreteTypes: ["Commit", "Discussion", "Issue", "PullRequest", "Repository", "Team"] abstractType: "Subscribable" ) } @@ -67157,97 +66928,6 @@ type UpdateSubscriptionPayload { subscribable: Subscribable } -""" -Autogenerated input type of UpdateTeamDiscussionComment -""" -input UpdateTeamDiscussionCommentInput { - """ - The updated text of the comment. - """ - body: String! - - """ - The current version of the body content. - """ - bodyVersion: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The ID of the comment to modify. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussionComment"]) -} - -""" -Autogenerated return type of UpdateTeamDiscussionComment. -""" -type UpdateTeamDiscussionCommentPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The updated comment. - """ - teamDiscussionComment: TeamDiscussionComment -} - -""" -Autogenerated input type of UpdateTeamDiscussion -""" -input UpdateTeamDiscussionInput { - """ - The updated text of the discussion. - """ - body: String - - """ - The current version of the body content. If provided, this update operation - will be rejected if the given version does not match the latest version on the server. - """ - bodyVersion: String - - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The Node ID of the discussion to modify. - """ - id: ID! @possibleTypes(concreteTypes: ["TeamDiscussion"]) - - """ - If provided, sets the pinned state of the updated discussion. - """ - pinned: Boolean - - """ - The updated title of the discussion. - """ - title: String -} - -""" -Autogenerated return type of UpdateTeamDiscussion. -""" -type UpdateTeamDiscussionPayload { - """ - A unique identifier for the client performing the mutation. - """ - clientMutationId: String - - """ - The updated discussion. - """ - teamDiscussion: TeamDiscussion -} - """ Autogenerated input type of UpdateTeamReviewAssignment """ diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json index 4766206c9fcc..da3a5da17c9f 100644 --- a/src/graphql/data/ghec/schema.json +++ b/src/graphql/data/ghec/schema.json @@ -3461,6 +3461,40 @@ } ] }, + { + "name": "createRepositoryCustomProperty", + "kind": "mutations", + "id": "createrepositorycustomproperty", + "href": "/graphql/reference/mutations#createrepositorycustomproperty", + "description": "

    Create a repository custom property.

    ", + "inputFields": [ + { + "name": "input", + "type": "CreateRepositoryCustomPropertyInput!", + "id": "createrepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#createrepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The newly created repository custom property.

    " + } + ] + }, { "name": "createRepositoryRuleset", "kind": "mutations", @@ -3631,78 +3665,6 @@ } ] }, - { - "name": "createTeamDiscussion", - "kind": "mutations", - "id": "createteamdiscussion", - "href": "/graphql/reference/mutations#createteamdiscussion", - "description": "

    Creates a new team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "CreateTeamDiscussionInput!", - "id": "createteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#createteamdiscussioninput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussion", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    The new discussion.

    ", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - } - ] - }, - { - "name": "createTeamDiscussionComment", - "kind": "mutations", - "id": "createteamdiscussioncomment", - "href": "/graphql/reference/mutations#createteamdiscussioncomment", - "description": "

    Creates a new team discussion comment.

    ", - "inputFields": [ - { - "name": "input", - "type": "CreateTeamDiscussionCommentInput!", - "id": "createteamdiscussioncommentinput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#createteamdiscussioncommentinput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussionComment", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    The new comment.

    ", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - } - ] - }, { "name": "createUserList", "kind": "mutations", @@ -4562,18 +4524,18 @@ ] }, { - "name": "deleteRepositoryRuleset", + "name": "deleteRepositoryCustomProperty", "kind": "mutations", - "id": "deleterepositoryruleset", - "href": "/graphql/reference/mutations#deleterepositoryruleset", - "description": "

    Delete a repository ruleset.

    ", + "id": "deleterepositorycustomproperty", + "href": "/graphql/reference/mutations#deleterepositorycustomproperty", + "description": "

    Delete a repository custom property.

    ", "inputFields": [ { "name": "input", - "type": "DeleteRepositoryRulesetInput!", - "id": "deleterepositoryrulesetinput", + "type": "DeleteRepositoryCustomPropertyInput!", + "id": "deleterepositorycustompropertyinput", "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput" + "href": "/graphql/reference/input-objects#deleterepositorycustompropertyinput" } ], "returnFields": [ @@ -4584,48 +4546,30 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string", "description": "

    A unique identifier for the client performing the mutation.

    " - } - ] - }, - { - "name": "deleteTeamDiscussion", - "kind": "mutations", - "id": "deleteteamdiscussion", - "href": "/graphql/reference/mutations#deleteteamdiscussion", - "description": "

    Deletes a team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "DeleteTeamDiscussionInput!", - "id": "deleteteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleteteamdiscussioninput" - } - ], - "returnFields": [ + }, { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The deleted custom property.

    " } ] }, { - "name": "deleteTeamDiscussionComment", + "name": "deleteRepositoryRuleset", "kind": "mutations", - "id": "deleteteamdiscussioncomment", - "href": "/graphql/reference/mutations#deleteteamdiscussioncomment", - "description": "

    Deletes a team discussion comment.

    ", + "id": "deleterepositoryruleset", + "href": "/graphql/reference/mutations#deleterepositoryruleset", + "description": "

    Delete a repository ruleset.

    ", "inputFields": [ { "name": "input", - "type": "DeleteTeamDiscussionCommentInput!", - "id": "deleteteamdiscussioncommentinput", + "type": "DeleteRepositoryRulesetInput!", + "id": "deleterepositoryrulesetinput", "kind": "input-objects", - "href": "/graphql/reference/input-objects#deleteteamdiscussioncommentinput" + "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput" } ], "returnFields": [ @@ -5715,6 +5659,40 @@ } ] }, + { + "name": "promoteRepositoryCustomProperty", + "kind": "mutations", + "id": "promoterepositorycustomproperty", + "href": "/graphql/reference/mutations#promoterepositorycustomproperty", + "description": "

    Promote a repository custom property to the enterprise level.

    ", + "inputFields": [ + { + "name": "input", + "type": "PromoteRepositoryCustomPropertyInput!", + "id": "promoterepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#promoterepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The repository custom property that has been promoted.

    " + } + ] + }, { "name": "publishSponsorsTier", "kind": "mutations", @@ -6635,6 +6613,56 @@ } ] }, + { + "name": "requestReviewsByLogin", + "kind": "mutations", + "id": "requestreviewsbylogin", + "href": "/graphql/reference/mutations#requestreviewsbylogin", + "description": "

    Set review requests on a pull request using login strings instead of IDs.

    ", + "inputFields": [ + { + "name": "input", + "type": "RequestReviewsByLoginInput!", + "id": "requestreviewsbylogininput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#requestreviewsbylogininput" + } + ], + "returnFields": [ + { + "name": "actor", + "type": "Actor", + "id": "actor", + "kind": "interfaces", + "href": "/graphql/reference/interfaces#actor", + "description": "

    Identifies the actor who performed the event.

    " + }, + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "pullRequest", + "type": "PullRequest", + "id": "pullrequest", + "kind": "objects", + "href": "/graphql/reference/objects#pullrequest", + "description": "

    The pull request that is getting requests.

    " + }, + { + "name": "requestedReviewersEdge", + "type": "UserEdge", + "id": "useredge", + "kind": "objects", + "href": "/graphql/reference/objects#useredge", + "description": "

    The edge from the pull request to the requested reviewers.

    " + } + ] + }, { "name": "rerequestCheckSuite", "kind": "mutations", @@ -6915,6 +6943,40 @@ } ] }, + { + "name": "setRepositoryCustomPropertyValues", + "kind": "mutations", + "id": "setrepositorycustompropertyvalues", + "href": "/graphql/reference/mutations#setrepositorycustompropertyvalues", + "description": "

    Set repository custom property values for a repository.

    ", + "inputFields": [ + { + "name": "input", + "type": "SetRepositoryCustomPropertyValuesInput!", + "id": "setrepositorycustompropertyvaluesinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#setrepositorycustompropertyvaluesinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repository", + "type": "Repository", + "id": "repository", + "kind": "objects", + "href": "/graphql/reference/objects#repository", + "description": "

    The repository that the custom properties were set for.

    " + } + ] + }, { "name": "setRepositoryInteractionLimit", "kind": "mutations", @@ -8507,48 +8569,6 @@ } ] }, - { - "name": "updateEnterpriseTeamDiscussionsSetting", - "kind": "mutations", - "id": "updateenterpriseteamdiscussionssetting", - "href": "/graphql/reference/mutations#updateenterpriseteamdiscussionssetting", - "description": "

    Sets whether team discussions are enabled for an enterprise.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateEnterpriseTeamDiscussionsSettingInput!", - "id": "updateenterpriseteamdiscussionssettinginput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateenterpriseteamdiscussionssettinginput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "enterprise", - "type": "Enterprise", - "id": "enterprise", - "kind": "objects", - "href": "/graphql/reference/objects#enterprise", - "description": "

    The enterprise with the updated team discussions setting.

    " - }, - { - "name": "message", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A message confirming the result of updating the team discussions setting.

    " - } - ] - }, { "name": "updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting", "kind": "mutations", @@ -8769,6 +8789,40 @@ } ] }, + { + "name": "updateIpAllowListUserLevelEnforcementEnabledSetting", + "kind": "mutations", + "id": "updateipallowlistuserlevelenforcementenabledsetting", + "href": "/graphql/reference/mutations#updateipallowlistuserlevelenforcementenabledsetting", + "description": "

    Sets whether IP allow list user-level enforcement is enabled on an enterprise.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateIpAllowListUserLevelEnforcementEnabledSettingInput!", + "id": "updateipallowlistuserlevelenforcementenabledsettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateipallowlistuserlevelenforcementenabledsettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "owner", + "type": "IpAllowListOwner", + "id": "ipallowlistowner", + "kind": "unions", + "href": "/graphql/reference/unions#ipallowlistowner", + "description": "

    The IP allow list owner on which the setting was updated.

    " + } + ] + }, { "name": "updateIssue", "kind": "mutations", @@ -9683,6 +9737,40 @@ } ] }, + { + "name": "updateRepositoryCustomProperty", + "kind": "mutations", + "id": "updaterepositorycustomproperty", + "href": "/graphql/reference/mutations#updaterepositorycustomproperty", + "description": "

    Update a repository custom property.

    ", + "inputFields": [ + { + "name": "input", + "type": "UpdateRepositoryCustomPropertyInput!", + "id": "updaterepositorycustompropertyinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updaterepositorycustompropertyinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

    A unique identifier for the client performing the mutation.

    " + }, + { + "name": "repositoryCustomProperty", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    The updated repository custom property.

    " + } + ] + }, { "name": "updateRepositoryRuleset", "kind": "mutations", @@ -9827,74 +9915,6 @@ } ] }, - { - "name": "updateTeamDiscussion", - "kind": "mutations", - "id": "updateteamdiscussion", - "href": "/graphql/reference/mutations#updateteamdiscussion", - "description": "

    Updates a team discussion.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateTeamDiscussionInput!", - "id": "updateteamdiscussioninput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateteamdiscussioninput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussion", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    The updated discussion.

    " - } - ] - }, - { - "name": "updateTeamDiscussionComment", - "kind": "mutations", - "id": "updateteamdiscussioncomment", - "href": "/graphql/reference/mutations#updateteamdiscussioncomment", - "description": "

    Updates a discussion comment.

    ", - "inputFields": [ - { - "name": "input", - "type": "UpdateTeamDiscussionCommentInput!", - "id": "updateteamdiscussioncommentinput", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#updateteamdiscussioncommentinput" - } - ], - "returnFields": [ - { - "name": "clientMutationId", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "description": "

    A unique identifier for the client performing the mutation.

    " - }, - { - "name": "teamDiscussionComment", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    The updated comment.

    " - } - ] - }, { "name": "updateTeamReviewAssignment", "kind": "mutations", @@ -11897,7 +11917,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -15193,7 +15213,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -16022,7 +16042,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -16063,7 +16083,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -22469,6 +22489,76 @@ "kind": "scalars", "href": "/graphql/reference/scalars#html" }, + { + "name": "repositoryCustomProperties", + "description": "

    A list of repository custom properties for this enterprise.

    ", + "type": "RepositoryCustomPropertyConnection", + "id": "repositorycustompropertyconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryCustomProperty", + "description": "

    Returns a single repository custom property for the current enterprise by name.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the repository custom property to be returned.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, { "name": "resourcePath", "description": "

    The HTTP path for this enterprise.

    ", @@ -24290,6 +24380,14 @@ "kind": "enums", "href": "/graphql/reference/enums#ipallowlistforinstalledappsenabledsettingvalue" }, + { + "name": "ipAllowListUserLevelEnforcementEnabledSetting", + "description": "

    The setting value for whether the enterprise has IP allow list user-level enforcement enabled.

    ", + "type": "IpAllowListUserLevelEnforcementEnabledSettingValue!", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue" + }, { "name": "isUpdatingDefaultRepositoryPermission", "description": "

    Whether or not the base repository permission is currently being updated.

    ", @@ -25698,77 +25796,9 @@ "type": "EnterpriseEnabledDisabledSettingValue!", "id": "enterpriseenableddisabledsettingvalue", "kind": "enums", - "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" - }, - { - "name": "teamDiscussionsSettingOrganizations", - "description": "

    A list of enterprise organizations configured with the provided team discussions setting value.

    ", - "type": "OrganizationConnection!", - "id": "organizationconnection", - "kind": "objects", - "href": "/graphql/reference/objects#organizationconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Ordering options for organizations with this setting.

    ", - "type": { - "name": "OrganizationOrder", - "id": "organizationorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#organizationorder" - } - }, - { - "name": "value", - "description": "

    The setting value to find organizations for.

    ", - "type": { - "name": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - } - ] + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue", + "isDeprecated": true, + "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " }, { "name": "twoFactorDisallowedMethodsSetting", @@ -30114,7 +30144,7 @@ { "name": "projectItems", "description": "

    List of project items associated with this issue.

    ", - "type": "ProjectV2ItemConnection!", + "type": "ProjectV2ItemConnection", "id": "projectv2itemconnection", "kind": "objects", "href": "/graphql/reference/objects#projectv2itemconnection", @@ -44591,6 +44621,76 @@ } ] }, + { + "name": "repositoryCustomProperties", + "description": "

    A list of custom properties for this organization.

    ", + "type": "RepositoryCustomPropertyConnection", + "id": "repositorycustompropertyconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryCustomProperty", + "description": "

    Returns a single custom property from the current organization by name.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the custom property to be returned.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, { "name": "repositoryDiscussionComments", "description": "

    Discussion comments this user has authored.

    ", @@ -54656,7 +54756,7 @@ { "name": "projectItems", "description": "

    List of project items associated with this pull request.

    ", - "type": "ProjectV2ItemConnection!", + "type": "ProjectV2ItemConnection", "id": "projectv2itemconnection", "kind": "objects", "href": "/graphql/reference/objects#projectv2itemconnection", @@ -55234,6 +55334,16 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" } + }, + { + "name": "query", + "description": "

    Search actors with query on user name and login.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } } ] }, @@ -56182,14 +56292,6 @@ "kind": "enums", "href": "/graphql/reference/enums#pullrequestallowedmergemethods" }, - { - "name": "automaticCopilotCodeReviewEnabled", - "description": "

    Request Copilot code review for new pull requests automatically if the author\nhas access to Copilot code review and their premium requests quota has not\nreached the limit.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, { "name": "dismissStaleReviewsOnPush", "description": "

    New, reviewable commits pushed will dismiss previous pull request review approvals.

    ", @@ -67942,12 +68044,82 @@ ] }, { - "name": "repositoryTopics", - "description": "

    A list of applied repository-topic associations for this repository.

    ", - "type": "RepositoryTopicConnection!", - "id": "repositorytopicconnection", + "name": "repositoryCustomPropertyValue", + "description": "

    A custom property value for the repository.

    ", + "type": "RepositoryCustomPropertyValue", + "id": "repositorycustompropertyvalue", "kind": "objects", - "href": "/graphql/reference/objects#repositorytopicconnection", + "href": "/graphql/reference/objects#repositorycustompropertyvalue", + "arguments": [ + { + "name": "propertyName", + "description": "

    The name of the custom property to retrieve the value for.

    ", + "type": { + "name": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + } + ] + }, + { + "name": "repositoryCustomPropertyValues", + "description": "

    A list of custom properties and their associated values for a repository.

    ", + "type": "RepositoryCustomPropertyValueConnection", + "id": "repositorycustompropertyvalueconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalueconnection", + "arguments": [ + { + "name": "after", + "description": "

    Returns the elements in the list that come after the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

    Returns the elements in the list that come before the specified cursor.

    ", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

    Returns the first n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

    Returns the last n elements from the list.

    ", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "repositoryTopics", + "description": "

    A list of applied repository-topic associations for this repository.

    ", + "type": "RepositoryTopicConnection!", + "id": "repositorytopicconnection", + "kind": "objects", + "href": "/graphql/reference/objects#repositorytopicconnection", "arguments": [ { "name": "after", @@ -68904,6 +69076,259 @@ } ] }, + { + "name": "RepositoryCustomProperty", + "kind": "objects", + "id": "repositorycustomproperty", + "href": "/graphql/reference/objects#repositorycustomproperty", + "description": "

    A repository custom property.

    ", + "implements": [ + { + "name": "Node", + "id": "node", + "href": "/graphql/reference/interfaces#node" + } + ], + "fields": [ + { + "name": "allowedValues", + "description": "

    The allowed values for the custom property. Required if value_type is single_select or multi_select.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The default value of the custom property, if the property is required.

    ", + "type": "CustomPropertyValue", + "id": "custompropertyvalue", + "kind": "scalars", + "href": "/graphql/reference/scalars#custompropertyvalue" + }, + { + "name": "description", + "description": "

    The description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "id", + "description": "

    The Node ID of the RepositoryCustomProperty object.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id" + }, + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "required", + "description": "

    Whether the custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "source", + "description": "

    The source type of the custom property.

    ", + "type": "CustomPropertySource!", + "id": "custompropertysource", + "kind": "unions", + "href": "/graphql/reference/unions#custompropertysource" + }, + { + "name": "valueType", + "description": "

    The value type of the custom property.

    ", + "type": "CustomPropertyValueType!", + "id": "custompropertyvaluetype", + "kind": "enums", + "href": "/graphql/reference/enums#custompropertyvaluetype" + }, + { + "name": "valuesEditableBy", + "description": "

    Who can edit the values of this repository custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy!", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, + { + "name": "RepositoryCustomPropertyConnection", + "kind": "objects", + "id": "repositorycustompropertyconnection", + "href": "/graphql/reference/objects#repositorycustompropertyconnection", + "description": "

    The connection type for RepositoryCustomProperty.

    ", + "fields": [ + { + "name": "edges", + "description": "

    A list of edges.

    ", + "type": "[RepositoryCustomPropertyEdge]", + "id": "repositorycustompropertyedge", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyedge" + }, + { + "name": "nodes", + "description": "

    A list of nodes.

    ", + "type": "[RepositoryCustomProperty]", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty" + }, + { + "name": "pageInfo", + "description": "

    Information to aid in pagination.

    ", + "type": "PageInfo!", + "id": "pageinfo", + "kind": "objects", + "href": "/graphql/reference/objects#pageinfo" + }, + { + "name": "totalCount", + "description": "

    Identifies the total count of items in the connection.

    ", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + ] + }, + { + "name": "RepositoryCustomPropertyEdge", + "kind": "objects", + "id": "repositorycustompropertyedge", + "href": "/graphql/reference/objects#repositorycustompropertyedge", + "description": "

    An edge in a connection.

    ", + "fields": [ + { + "name": "cursor", + "description": "

    A cursor for use in pagination.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "node", + "description": "

    The item at the end of the edge.

    ", + "type": "RepositoryCustomProperty", + "id": "repositorycustomproperty", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustomproperty" + } + ] + }, + { + "name": "RepositoryCustomPropertyValue", + "kind": "objects", + "id": "repositorycustompropertyvalue", + "href": "/graphql/reference/objects#repositorycustompropertyvalue", + "description": "

    A value associated with a repository custom property.

    ", + "fields": [ + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "value", + "description": "

    The value of the custom property.

    ", + "type": "CustomPropertyValue!", + "id": "custompropertyvalue", + "kind": "scalars", + "href": "/graphql/reference/scalars#custompropertyvalue" + } + ] + }, + { + "name": "RepositoryCustomPropertyValueConnection", + "kind": "objects", + "id": "repositorycustompropertyvalueconnection", + "href": "/graphql/reference/objects#repositorycustompropertyvalueconnection", + "description": "

    The connection type for RepositoryCustomPropertyValue.

    ", + "fields": [ + { + "name": "edges", + "description": "

    A list of edges.

    ", + "type": "[RepositoryCustomPropertyValueEdge]", + "id": "repositorycustompropertyvalueedge", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalueedge" + }, + { + "name": "nodes", + "description": "

    A list of nodes.

    ", + "type": "[RepositoryCustomPropertyValue]", + "id": "repositorycustompropertyvalue", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalue" + }, + { + "name": "pageInfo", + "description": "

    Information to aid in pagination.

    ", + "type": "PageInfo!", + "id": "pageinfo", + "kind": "objects", + "href": "/graphql/reference/objects#pageinfo" + }, + { + "name": "totalCount", + "description": "

    Identifies the total count of items in the connection.

    ", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + ] + }, + { + "name": "RepositoryCustomPropertyValueEdge", + "kind": "objects", + "id": "repositorycustompropertyvalueedge", + "href": "/graphql/reference/objects#repositorycustompropertyvalueedge", + "description": "

    An edge in a connection.

    ", + "fields": [ + { + "name": "cursor", + "description": "

    A cursor for use in pagination.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "node", + "description": "

    The item at the end of the edge.

    ", + "type": "RepositoryCustomPropertyValue", + "id": "repositorycustompropertyvalue", + "kind": "objects", + "href": "/graphql/reference/objects#repositorycustompropertyvalue" + } + ] + }, { "name": "RepositoryEdge", "kind": "objects", @@ -75313,7 +75738,7 @@ "fields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -75554,142 +75979,36 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "discussion", - "description": "

    Find a team discussion by its number.

    ", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "arguments": [ - { - "name": "number", - "description": "

    The sequence number of the discussion to find.

    ", - "type": { - "name": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] + "name": "editTeamResourcePath", + "description": "

    The HTTP path for editing this team.

    ", + "type": "URI!", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" }, { - "name": "discussions", - "description": "

    A list of team discussions.

    ", - "type": "TeamDiscussionConnection!", - "id": "teamdiscussionconnection", + "name": "editTeamUrl", + "description": "

    The HTTP URL for editing this team.

    ", + "type": "URI!", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" + }, + { + "name": "id", + "description": "

    The Node ID of the Team object.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id" + }, + { + "name": "invitations", + "description": "

    A list of pending invitations for users to this team.

    ", + "type": "OrganizationInvitationConnection", + "id": "organizationinvitationconnection", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "isPinned", - "description": "

    If provided, filters discussions according to whether or not they are pinned.

    ", - "type": { - "name": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Order for connection.

    ", - "type": { - "name": "TeamDiscussionOrder", - "id": "teamdiscussionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#teamdiscussionorder" - } - } - ] - }, - { - "name": "discussionsResourcePath", - "description": "

    The HTTP path for team discussions.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "discussionsUrl", - "description": "

    The HTTP URL for team discussions.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "editTeamResourcePath", - "description": "

    The HTTP path for editing this team.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "editTeamUrl", - "description": "

    The HTTP URL for editing this team.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "id", - "description": "

    The Node ID of the Team object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "invitations", - "description": "

    A list of pending invitations for users to this team.

    ", - "type": "OrganizationInvitationConnection", - "id": "organizationinvitationconnection", - "kind": "objects", - "href": "/graphql/reference/objects#organizationinvitationconnection", + "href": "/graphql/reference/objects#organizationinvitationconnection", "arguments": [ { "name": "after", @@ -76244,11 +76563,13 @@ }, { "name": "viewerCanSubscribe", - "description": "

    Check if the viewer is able to change their subscription status for the repository.

    ", + "description": "

    Check if the viewer is able to change their subscription status for the subscribable entity.

    ", "type": "Boolean!", "id": "boolean", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#boolean", + "isDeprecated": true, + "deprecationReason": "

    Team.viewerCanSubscribe will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC.

    " }, { "name": "viewerSubscription", @@ -76256,7 +76577,9 @@ "type": "SubscriptionState", "id": "subscriptionstate", "kind": "enums", - "href": "/graphql/reference/enums#subscriptionstate" + "href": "/graphql/reference/enums#subscriptionstate", + "isDeprecated": true, + "deprecationReason": "

    Team.viewerSubscription will be removed. Team notifications subscriptions are being deprecated. Removal on 2026-07-01 UTC.

    " } ] }, @@ -76900,1274 +77223,258 @@ }, { "name": "createdAt", - "description": "

    The time the action was initiated.

    ", - "type": "PreciseDateTime!", - "id": "precisedatetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#precisedatetime", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "id", - "description": "

    The Node ID of the TeamChangeParentTeamAuditEntry object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "isLdapMapped", - "description": "

    Whether the team was mapped to an LDAP Group.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "operationType", - "description": "

    The corresponding operation type for the action.

    ", - "type": "OperationType", - "id": "operationtype", - "kind": "enums", - "href": "/graphql/reference/enums#operationtype", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organization", - "description": "

    The Organization associated with the Audit Entry.

    ", - "type": "Organization", - "id": "organization", - "kind": "objects", - "href": "/graphql/reference/objects#organization", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationName", - "description": "

    The name of the Organization.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationResourcePath", - "description": "

    The HTTP path for the organization.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "organizationUrl", - "description": "

    The HTTP URL for the organization.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeam", - "description": "

    The new parent team.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamName", - "description": "

    The name of the new parent team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamNameWas", - "description": "

    The name of the former parent team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamResourcePath", - "description": "

    The HTTP path for the parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamUrl", - "description": "

    The HTTP URL for the parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWas", - "description": "

    The former parent team.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWasResourcePath", - "description": "

    The HTTP path for the previous parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "parentTeamWasUrl", - "description": "

    The HTTP URL for the previous parent team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "team", - "description": "

    The team associated with the action.

    ", - "type": "Team", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team" - }, - { - "name": "teamName", - "description": "

    The name of the team.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "teamResourcePath", - "description": "

    The HTTP path for this team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "teamUrl", - "description": "

    The HTTP URL for this team.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri" - }, - { - "name": "user", - "description": "

    The user affected by the action.

    ", - "type": "User", - "id": "user", - "kind": "objects", - "href": "/graphql/reference/objects#user", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userLogin", - "description": "

    For actions involving two users, the actor is the initiator and the user is the affected user.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userResourcePath", - "description": "

    The HTTP path for the user.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - }, - { - "name": "userUrl", - "description": "

    The HTTP URL for the user.

    ", - "type": "URI", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " - } - ] - }, - { - "name": "TeamConnection", - "kind": "objects", - "id": "teamconnection", - "href": "/graphql/reference/objects#teamconnection", - "description": "

    The connection type for Team.

    ", - "fields": [ - { - "name": "edges", - "description": "

    A list of edges.

    ", - "type": "[TeamEdge]", - "id": "teamedge", - "kind": "objects", - "href": "/graphql/reference/objects#teamedge" - }, - { - "name": "nodes", - "description": "

    A list of nodes.

    ", - "type": "[Team]", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team" - }, - { - "name": "pageInfo", - "description": "

    Information to aid in pagination.

    ", - "type": "PageInfo!", - "id": "pageinfo", - "kind": "objects", - "href": "/graphql/reference/objects#pageinfo" - }, - { - "name": "totalCount", - "description": "

    Identifies the total count of items in the connection.

    ", - "type": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - ] - }, - { - "name": "TeamDiscussion", - "kind": "objects", - "id": "teamdiscussion", - "href": "/graphql/reference/objects#teamdiscussion", - "description": "

    A team discussion.

    ", - "implements": [ - { - "name": "Comment", - "id": "comment", - "href": "/graphql/reference/interfaces#comment" - }, - { - "name": "Deletable", - "id": "deletable", - "href": "/graphql/reference/interfaces#deletable" - }, - { - "name": "Node", - "id": "node", - "href": "/graphql/reference/interfaces#node" - }, - { - "name": "Reactable", - "id": "reactable", - "href": "/graphql/reference/interfaces#reactable" - }, - { - "name": "Subscribable", - "id": "subscribable", - "href": "/graphql/reference/interfaces#subscribable" - }, - { - "name": "UniformResourceLocatable", - "id": "uniformresourcelocatable", - "href": "/graphql/reference/interfaces#uniformresourcelocatable" - }, - { - "name": "Updatable", - "id": "updatable", - "href": "/graphql/reference/interfaces#updatable" - }, - { - "name": "UpdatableComment", - "id": "updatablecomment", - "href": "/graphql/reference/interfaces#updatablecomment" - } - ], - "fields": [ - { - "name": "author", - "description": "

    The actor who authored the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "authorAssociation", - "description": "

    Author's association with the discussion's team.

    ", - "type": "CommentAuthorAssociation!", - "id": "commentauthorassociation", - "kind": "enums", - "href": "/graphql/reference/enums#commentauthorassociation", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "body", - "description": "

    The body as Markdown.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyHTML", - "description": "

    The body rendered to HTML.

    ", - "type": "HTML!", - "id": "html", - "kind": "scalars", - "href": "/graphql/reference/scalars#html" - }, - { - "name": "bodyText", - "description": "

    The body rendered to text.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    Identifies the discussion body hash.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "comments", - "description": "

    A list of comments on this discussion.

    ", - "type": "TeamDiscussionCommentConnection!", - "id": "teamdiscussioncommentconnection", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncommentconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "fromComment", - "description": "

    When provided, filters the connection such that results begin with the comment with this number.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Order for connection.

    ", - "type": { - "name": "TeamDiscussionCommentOrder", - "id": "teamdiscussioncommentorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#teamdiscussioncommentorder" - } - } - ], - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "commentsResourcePath", - "description": "

    The HTTP path for discussion comments.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "commentsUrl", - "description": "

    The HTTP URL for discussion comments.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "createdAt", - "description": "

    Identifies the date and time when the object was created.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "createdViaEmail", - "description": "

    Check if this comment was created via an email reply.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "databaseId", - "description": "

    Identifies the primary key from the database.

    ", - "type": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - }, - { - "name": "editor", - "description": "

    The actor who edited the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "id", - "description": "

    The Node ID of the TeamDiscussion object.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id" - }, - { - "name": "includesCreatedEdit", - "description": "

    Check if this comment was edited and includes an edit with the creation data.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "isPinned", - "description": "

    Whether or not the discussion is pinned.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "isPrivate", - "description": "

    Whether or not the discussion is only visible to team members and organization owners.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "lastEditedAt", - "description": "

    The moment the editor made the last edit.

    ", - "type": "DateTime", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "number", - "description": "

    Identifies the discussion within its team.

    ", - "type": "Int!", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "publishedAt", - "description": "

    Identifies when the comment was published at.

    ", - "type": "DateTime", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "reactionGroups", - "description": "

    A list of reactions grouped by content left on the subject.

    ", - "type": "[ReactionGroup!]", - "id": "reactiongroup", - "kind": "objects", - "href": "/graphql/reference/objects#reactiongroup" - }, - { - "name": "reactions", - "description": "

    A list of Reactions left on the Issue.

    ", - "type": "ReactionConnection!", - "id": "reactionconnection", - "kind": "objects", - "href": "/graphql/reference/objects#reactionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "content", - "description": "

    Allows filtering Reactions by emoji.

    ", - "type": { - "name": "ReactionContent", - "id": "reactioncontent", - "kind": "enums", - "href": "/graphql/reference/enums#reactioncontent" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Allows specifying the order in which reactions are returned.

    ", - "type": { - "name": "ReactionOrder", - "id": "reactionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#reactionorder" - } - } - ] - }, - { - "name": "resourcePath", - "description": "

    The HTTP path for this discussion.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "team", - "description": "

    The team that defines the context of this discussion.

    ", - "type": "Team!", - "id": "team", - "kind": "objects", - "href": "/graphql/reference/objects#team", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "title", - "description": "

    The title of the discussion.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "updatedAt", - "description": "

    Identifies the date and time when the object was last updated.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "url", - "description": "

    The HTTP URL for this discussion.

    ", - "type": "URI!", - "id": "uri", - "kind": "scalars", - "href": "/graphql/reference/scalars#uri", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "userContentEdits", - "description": "

    A list of edits to this content.

    ", - "type": "UserContentEditConnection", - "id": "usercontenteditconnection", - "kind": "objects", - "href": "/graphql/reference/objects#usercontenteditconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] - }, - { - "name": "viewerCanDelete", - "description": "

    Check if the current viewer can delete this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanPin", - "description": "

    Whether or not the current viewer can pin this discussion.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "viewerCanReact", - "description": "

    Can user react to this subject.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanSubscribe", - "description": "

    Check if the viewer is able to change their subscription status for the repository.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCanUpdate", - "description": "

    Check if the current viewer can update this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerCannotUpdateReasons", - "description": "

    Reasons why the current viewer can not update this comment.

    ", - "type": "[CommentCannotUpdateReason!]!", - "id": "commentcannotupdatereason", - "kind": "enums", - "href": "/graphql/reference/enums#commentcannotupdatereason" - }, - { - "name": "viewerDidAuthor", - "description": "

    Did the viewer author this comment.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "viewerSubscription", - "description": "

    Identifies if the viewer is watching, not watching, or ignoring the subscribable entity.

    ", - "type": "SubscriptionState", - "id": "subscriptionstate", - "kind": "enums", - "href": "/graphql/reference/enums#subscriptionstate" - } - ] - }, - { - "name": "TeamDiscussionComment", - "kind": "objects", - "id": "teamdiscussioncomment", - "href": "/graphql/reference/objects#teamdiscussioncomment", - "description": "

    A comment on a team discussion.

    ", - "implements": [ - { - "name": "Comment", - "id": "comment", - "href": "/graphql/reference/interfaces#comment" - }, - { - "name": "Deletable", - "id": "deletable", - "href": "/graphql/reference/interfaces#deletable" - }, - { - "name": "Node", - "id": "node", - "href": "/graphql/reference/interfaces#node" - }, - { - "name": "Reactable", - "id": "reactable", - "href": "/graphql/reference/interfaces#reactable" - }, - { - "name": "UniformResourceLocatable", - "id": "uniformresourcelocatable", - "href": "/graphql/reference/interfaces#uniformresourcelocatable" - }, - { - "name": "Updatable", - "id": "updatable", - "href": "/graphql/reference/interfaces#updatable" - }, - { - "name": "UpdatableComment", - "id": "updatablecomment", - "href": "/graphql/reference/interfaces#updatablecomment" - } - ], - "fields": [ - { - "name": "author", - "description": "

    The actor who authored the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" - }, - { - "name": "authorAssociation", - "description": "

    Author's association with the comment's team.

    ", - "type": "CommentAuthorAssociation!", - "id": "commentauthorassociation", - "kind": "enums", - "href": "/graphql/reference/enums#commentauthorassociation", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "body", - "description": "

    The body as Markdown.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyHTML", - "description": "

    The body rendered to HTML.

    ", - "type": "HTML!", - "id": "html", - "kind": "scalars", - "href": "/graphql/reference/scalars#html" - }, - { - "name": "bodyText", - "description": "

    The body rendered to text.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "createdAt", - "description": "

    Identifies the date and time when the object was created.

    ", - "type": "DateTime!", - "id": "datetime", - "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" - }, - { - "name": "createdViaEmail", - "description": "

    Check if this comment was created via an email reply.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "databaseId", - "description": "

    Identifies the primary key from the database.

    ", - "type": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - }, - { - "name": "discussion", - "description": "

    The discussion this comment is about.

    ", - "type": "TeamDiscussion!", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion", - "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " - }, - { - "name": "editor", - "description": "

    The actor who edited the comment.

    ", - "type": "Actor", - "id": "actor", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#actor" + "description": "

    The time the action was initiated.

    ", + "type": "PreciseDateTime!", + "id": "precisedatetime", + "kind": "scalars", + "href": "/graphql/reference/scalars#precisedatetime", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { "name": "id", - "description": "

    The Node ID of the TeamDiscussionComment object.

    ", + "description": "

    The Node ID of the TeamChangeParentTeamAuditEntry object.

    ", "type": "ID!", "id": "id", "kind": "scalars", "href": "/graphql/reference/scalars#id" }, { - "name": "includesCreatedEdit", - "description": "

    Check if this comment was edited and includes an edit with the creation data.

    ", - "type": "Boolean!", + "name": "isLdapMapped", + "description": "

    Whether the team was mapped to an LDAP Group.

    ", + "type": "Boolean", "id": "boolean", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#boolean", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "lastEditedAt", - "description": "

    The moment the editor made the last edit.

    ", - "type": "DateTime", - "id": "datetime", + "name": "operationType", + "description": "

    The corresponding operation type for the action.

    ", + "type": "OperationType", + "id": "operationtype", + "kind": "enums", + "href": "/graphql/reference/enums#operationtype", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, + { + "name": "organization", + "description": "

    The Organization associated with the Audit Entry.

    ", + "type": "Organization", + "id": "organization", + "kind": "objects", + "href": "/graphql/reference/objects#organization", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, + { + "name": "organizationName", + "description": "

    The name of the Organization.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "number", - "description": "

    Identifies the comment number.

    ", - "type": "Int!", - "id": "int", + "name": "organizationResourcePath", + "description": "

    The HTTP path for the organization.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#int", + "href": "/graphql/reference/scalars#uri", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "publishedAt", - "description": "

    Identifies when the comment was published at.

    ", - "type": "DateTime", - "id": "datetime", + "name": "organizationUrl", + "description": "

    The HTTP URL for the organization.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "reactionGroups", - "description": "

    A list of reactions grouped by content left on the subject.

    ", - "type": "[ReactionGroup!]", - "id": "reactiongroup", + "name": "parentTeam", + "description": "

    The new parent team.

    ", + "type": "Team", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#reactiongroup" + "href": "/graphql/reference/objects#team", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "reactions", - "description": "

    A list of Reactions left on the Issue.

    ", - "type": "ReactionConnection!", - "id": "reactionconnection", - "kind": "objects", - "href": "/graphql/reference/objects#reactionconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "content", - "description": "

    Allows filtering Reactions by emoji.

    ", - "type": { - "name": "ReactionContent", - "id": "reactioncontent", - "kind": "enums", - "href": "/graphql/reference/enums#reactioncontent" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "orderBy", - "description": "

    Allows specifying the order in which reactions are returned.

    ", - "type": { - "name": "ReactionOrder", - "id": "reactionorder", - "kind": "input-objects", - "href": "/graphql/reference/input-objects#reactionorder" - } - } - ] + "name": "parentTeamName", + "description": "

    The name of the new parent team.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "resourcePath", - "description": "

    The HTTP path for this comment.

    ", - "type": "URI!", - "id": "uri", + "name": "parentTeamNameWas", + "description": "

    The name of the former parent team.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#uri", + "href": "/graphql/reference/scalars#string", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "updatedAt", - "description": "

    Identifies the date and time when the object was last updated.

    ", - "type": "DateTime!", - "id": "datetime", + "name": "parentTeamResourcePath", + "description": "

    The HTTP path for the parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#datetime" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "url", - "description": "

    The HTTP URL for this comment.

    ", - "type": "URI!", + "name": "parentTeamUrl", + "description": "

    The HTTP URL for the parent team.

    ", + "type": "URI", "id": "uri", "kind": "scalars", "href": "/graphql/reference/scalars#uri", "isDeprecated": true, - "deprecationReason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement. Removal on 2024-07-01 UTC.

    " + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "userContentEdits", - "description": "

    A list of edits to this content.

    ", - "type": "UserContentEditConnection", - "id": "usercontenteditconnection", + "name": "parentTeamWas", + "description": "

    The former parent team.

    ", + "type": "Team", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#usercontenteditconnection", - "arguments": [ - { - "name": "after", - "description": "

    Returns the elements in the list that come after the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "before", - "description": "

    Returns the elements in the list that come before the specified cursor.

    ", - "type": { - "name": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - }, - { - "name": "first", - "description": "

    Returns the first n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - }, - { - "name": "last", - "description": "

    Returns the last n elements from the list.

    ", - "type": { - "name": "Int", - "id": "int", - "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - } - ] + "href": "/graphql/reference/objects#team", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanDelete", - "description": "

    Check if the current viewer can delete this object.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "parentTeamWasResourcePath", + "description": "

    The HTTP path for the previous parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanReact", - "description": "

    Can user react to this subject.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "parentTeamWasUrl", + "description": "

    The HTTP URL for the previous parent team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "viewerCanUpdate", - "description": "

    Check if the current viewer can update this object.

    ", - "type": "Boolean!", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" + "name": "team", + "description": "

    The team associated with the action.

    ", + "type": "Team", + "id": "team", + "kind": "objects", + "href": "/graphql/reference/objects#team" }, { - "name": "viewerCannotUpdateReasons", - "description": "

    Reasons why the current viewer can not update this comment.

    ", - "type": "[CommentCannotUpdateReason!]!", - "id": "commentcannotupdatereason", - "kind": "enums", - "href": "/graphql/reference/enums#commentcannotupdatereason" + "name": "teamName", + "description": "

    The name of the team.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" }, { - "name": "viewerDidAuthor", - "description": "

    Did the viewer author this comment.

    ", - "type": "Boolean!", - "id": "boolean", + "name": "teamResourcePath", + "description": "

    The HTTP path for this team.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - } - ] - }, - { - "name": "TeamDiscussionCommentConnection", - "kind": "objects", - "id": "teamdiscussioncommentconnection", - "href": "/graphql/reference/objects#teamdiscussioncommentconnection", - "description": "

    The connection type for TeamDiscussionComment.

    ", - "fields": [ - { - "name": "edges", - "description": "

    A list of edges.

    ", - "type": "[TeamDiscussionCommentEdge]", - "id": "teamdiscussioncommentedge", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncommentedge" + "href": "/graphql/reference/scalars#uri" }, { - "name": "nodes", - "description": "

    A list of nodes.

    ", - "type": "[TeamDiscussionComment]", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment" + "name": "teamUrl", + "description": "

    The HTTP URL for this team.

    ", + "type": "URI", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri" }, { - "name": "pageInfo", - "description": "

    Information to aid in pagination.

    ", - "type": "PageInfo!", - "id": "pageinfo", + "name": "user", + "description": "

    The user affected by the action.

    ", + "type": "User", + "id": "user", "kind": "objects", - "href": "/graphql/reference/objects#pageinfo" + "href": "/graphql/reference/objects#user", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "totalCount", - "description": "

    Identifies the total count of items in the connection.

    ", - "type": "Int!", - "id": "int", + "name": "userLogin", + "description": "

    For actions involving two users, the actor is the initiator and the user is the affected user.

    ", + "type": "String", + "id": "string", "kind": "scalars", - "href": "/graphql/reference/scalars#int" - } - ] - }, - { - "name": "TeamDiscussionCommentEdge", - "kind": "objects", - "id": "teamdiscussioncommentedge", - "href": "/graphql/reference/objects#teamdiscussioncommentedge", - "description": "

    An edge in a connection.

    ", - "fields": [ + "href": "/graphql/reference/scalars#string", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " + }, { - "name": "cursor", - "description": "

    A cursor for use in pagination.

    ", - "type": "String!", - "id": "string", + "name": "userResourcePath", + "description": "

    The HTTP path for the user.

    ", + "type": "URI", + "id": "uri", "kind": "scalars", - "href": "/graphql/reference/scalars#string" + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " }, { - "name": "node", - "description": "

    The item at the end of the edge.

    ", - "type": "TeamDiscussionComment", - "id": "teamdiscussioncomment", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussioncomment" + "name": "userUrl", + "description": "

    The HTTP URL for the user.

    ", + "type": "URI", + "id": "uri", + "kind": "scalars", + "href": "/graphql/reference/scalars#uri", + "isDeprecated": true, + "deprecationReason": "

    The GraphQL audit-log is deprecated. Please use the REST API instead. Removal on 2026-04-01 UTC.

    " } ] }, { - "name": "TeamDiscussionConnection", + "name": "TeamConnection", "kind": "objects", - "id": "teamdiscussionconnection", - "href": "/graphql/reference/objects#teamdiscussionconnection", - "description": "

    The connection type for TeamDiscussion.

    ", + "id": "teamconnection", + "href": "/graphql/reference/objects#teamconnection", + "description": "

    The connection type for Team.

    ", "fields": [ { "name": "edges", "description": "

    A list of edges.

    ", - "type": "[TeamDiscussionEdge]", - "id": "teamdiscussionedge", + "type": "[TeamEdge]", + "id": "teamedge", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussionedge" + "href": "/graphql/reference/objects#teamedge" }, { "name": "nodes", "description": "

    A list of nodes.

    ", - "type": "[TeamDiscussion]", - "id": "teamdiscussion", + "type": "[Team]", + "id": "team", "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion" + "href": "/graphql/reference/objects#team" }, { "name": "pageInfo", @@ -78187,31 +77494,6 @@ } ] }, - { - "name": "TeamDiscussionEdge", - "kind": "objects", - "id": "teamdiscussionedge", - "href": "/graphql/reference/objects#teamdiscussionedge", - "description": "

    An edge in a connection.

    ", - "fields": [ - { - "name": "cursor", - "description": "

    A cursor for use in pagination.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "node", - "description": "

    The item at the end of the edge.

    ", - "type": "TeamDiscussion", - "id": "teamdiscussion", - "kind": "objects", - "href": "/graphql/reference/objects#teamdiscussion" - } - ] - }, { "name": "TeamEdge", "kind": "objects", @@ -89352,6 +88634,35 @@ } ] }, + { + "name": "CustomPropertyValueType", + "kind": "enums", + "id": "custompropertyvaluetype", + "href": "/graphql/reference/enums#custompropertyvaluetype", + "description": "

    The allowed value types for a custom property definition.

    ", + "values": [ + { + "name": "MULTI_SELECT", + "description": "

    A multi-select value.

    " + }, + { + "name": "SINGLE_SELECT", + "description": "

    A single-select value.

    " + }, + { + "name": "STRING", + "description": "

    A string value.

    " + }, + { + "name": "TRUE_FALSE", + "description": "

    A true/false value.

    " + }, + { + "name": "URL", + "description": "

    A URL value.

    " + } + ] + }, { "name": "DefaultRepositoryPermissionField", "kind": "enums", @@ -90413,6 +89724,23 @@ } ] }, + { + "name": "IpAllowListUserLevelEnforcementEnabledSettingValue", + "kind": "enums", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue", + "description": "

    The possible values for the IP allow list user-level enforcement enabled setting.

    ", + "values": [ + { + "name": "DISABLED", + "description": "

    The setting is disabled for the owner.

    " + }, + { + "name": "ENABLED", + "description": "

    The setting is enabled for the owner.

    " + } + ] + }, { "name": "IssueClosedStateReason", "kind": "enums", @@ -93306,6 +92634,23 @@ } ] }, + { + "name": "RepositoryCustomPropertyValuesEditableBy", + "kind": "enums", + "id": "repositorycustompropertyvalueseditableby", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby", + "description": "

    The allowed actors who can edit the values of a custom property.

    ", + "values": [ + { + "name": "ORG_ACTORS", + "description": "

    The organization actors.

    " + }, + { + "name": "ORG_AND_REPO_ACTORS", + "description": "

    The organization and repository actors.

    " + } + ] + }, { "name": "RepositoryInteractionLimit", "kind": "enums", @@ -95542,32 +94887,6 @@ } ] }, - { - "name": "TeamDiscussionCommentOrderField", - "kind": "enums", - "id": "teamdiscussioncommentorderfield", - "href": "/graphql/reference/enums#teamdiscussioncommentorderfield", - "description": "

    Properties by which team discussion comment connections can be ordered.

    ", - "values": [ - { - "name": "NUMBER", - "description": "

    Allows sequential ordering of team discussion comments (which is equivalent to chronological ordering).

    " - } - ] - }, - { - "name": "TeamDiscussionOrderField", - "kind": "enums", - "id": "teamdiscussionorderfield", - "href": "/graphql/reference/enums#teamdiscussionorderfield", - "description": "

    Properties by which team discussion connections can be ordered.

    ", - "values": [ - { - "name": "CREATED_AT", - "description": "

    Allows chronological ordering of team discussions.

    " - } - ] - }, { "name": "TeamMemberOrderField", "kind": "enums", @@ -96182,6 +95501,25 @@ } ] }, + { + "name": "CustomPropertySource", + "kind": "unions", + "id": "custompropertysource", + "href": "/graphql/reference/unions#custompropertysource", + "description": "

    Sources which can have custom properties defined.

    ", + "possibleTypes": [ + { + "name": "Enterprise", + "id": "enterprise", + "href": "/graphql/reference/objects#enterprise" + }, + { + "name": "Organization", + "id": "organization", + "href": "/graphql/reference/objects#organization" + } + ] + }, { "name": "DeploymentReviewer", "kind": "unions", @@ -98319,6 +97657,14 @@ "href": "/graphql/reference/input-objects#addassigneestoassignableinput", "description": "

    Autogenerated input type of AddAssigneesToAssignable.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning Copilot to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assignableId", "description": "

    The id of the assignable object to add assignees to.

    ", @@ -99215,6 +98561,48 @@ } ] }, + { + "name": "AgentAssignmentInput", + "kind": "inputObjects", + "id": "agentassignmentinput", + "href": "/graphql/reference/input-objects#agentassignmentinput", + "description": "

    Represents configuration for assigning Copilot to an issue (public variant).

    ", + "inputFields": [ + { + "name": "baseRef", + "description": "

    The base ref/branch for the repository. Defaults to the default branch if not provided.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "customAgent", + "description": "

    Custom agent for Copilot.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "customInstructions", + "description": "

    Custom instructions for Copilot.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "targetRepositoryId", + "description": "

    The Node ID of the target repository where Copilot should work. Defaults to the issue's repository if not provided.

    ", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "ApproveDeploymentsInput", "kind": "inputObjects", @@ -99378,7 +98766,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100316,7 +99704,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100407,7 +99795,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -100481,7 +99869,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -101550,6 +100938,14 @@ "href": "/graphql/reference/input-objects#createissueinput", "description": "

    Autogenerated input type of CreateIssue.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning Copilot to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assigneeIds", "description": "

    The Node ID of assignees for this issue.

    ", @@ -102232,6 +101628,96 @@ } ] }, + { + "name": "CreateRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "createrepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#createrepositorycustompropertyinput", + "description": "

    Autogenerated input type of CreateRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "allowedValues", + "description": "

    The allowed values for the custom property.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The default value for the custom property if the property is required.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "description", + "description": "

    The description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "required", + "description": "

    Whether the custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "sourceId", + "description": "

    The global relay id of the source in which a new custom property should be created in.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "valueType", + "description": "

    The value type for the custom property.

    ", + "type": "CustomPropertyValueType!", + "id": "custompropertyvaluetype", + "kind": "enums", + "href": "/graphql/reference/enums#custompropertyvaluetype" + }, + { + "name": "valuesEditableBy", + "description": "

    The allowed actors who can edit the values of a custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, { "name": "CreateRepositoryInput", "kind": "inputObjects", @@ -102719,20 +102205,12 @@ ] }, { - "name": "CreateTeamDiscussionCommentInput", + "name": "CreateUserListInput", "kind": "inputObjects", - "id": "createteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#createteamdiscussioncommentinput", - "description": "

    Autogenerated input type of CreateTeamDiscussionComment.

    ", + "id": "createuserlistinput", + "href": "/graphql/reference/input-objects#createuserlistinput", + "description": "

    Autogenerated input type of CreateUserList.

    ", "inputFields": [ - { - "name": "body", - "description": "

    The content of the comment. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: body will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, { "name": "clientMutationId", "description": "

    A unique identifier for the client performing the mutation.

    ", @@ -102742,60 +102220,25 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "discussionId", - "description": "

    The ID of the discussion to which the comment belongs. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: discussionId will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "ID", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "CreateTeamDiscussionInput", - "kind": "inputObjects", - "id": "createteamdiscussioninput", - "href": "/graphql/reference/input-objects#createteamdiscussioninput", - "description": "

    Autogenerated input type of CreateTeamDiscussion.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The content of the discussion. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: body will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", + "name": "description", + "description": "

    A description of the list.

    ", "type": "String", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" }, { - "name": "private", - "description": "

    If true, restricts the visibility of this discussion to team members and\norganization owners. If false or not specified, allows any organization member\nto view this discussion.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: private will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", + "name": "isPrivate", + "description": "

    Whether or not the list is private.

    ", "type": "Boolean", "id": "boolean", "kind": "scalars", "href": "/graphql/reference/scalars#boolean" }, { - "name": "teamId", - "description": "

    The ID of the team to which the discussion belongs. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: teamId will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "ID", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "title", - "description": "

    The title of the discussion. This field is required.

    \n

    Upcoming Change on 2024-07-01 UTC\nDescription: title will be removed. Follow the guide at\nhttps://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to\nfind a suitable replacement.\nReason: The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "type": "String", + "name": "name", + "description": "

    The name of the new list.

    ", + "type": "String!", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" @@ -102803,43 +102246,27 @@ ] }, { - "name": "CreateUserListInput", + "name": "CustomPropertyValueInput", "kind": "inputObjects", - "id": "createuserlistinput", - "href": "/graphql/reference/input-objects#createuserlistinput", - "description": "

    Autogenerated input type of CreateUserList.

    ", + "id": "custompropertyvalueinput", + "href": "/graphql/reference/input-objects#custompropertyvalueinput", + "description": "

    The custom property name and value to be set.

    ", "inputFields": [ { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "description", - "description": "

    A description of the list.

    ", - "type": "String", + "name": "propertyName", + "description": "

    The name of the custom property.

    ", + "type": "String!", "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" }, { - "name": "isPrivate", - "description": "

    Whether or not the list is private.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "name", - "description": "

    The name of the new list.

    ", - "type": "String!", - "id": "string", + "name": "value", + "description": "

    The value to set for the custom property. Using a value of null will unset the\nproperty value, reverting to the default value if the property is required.

    ", + "type": "CustomPropertyValue", + "id": "custompropertyvalue", "kind": "scalars", - "href": "/graphql/reference/scalars#string" + "href": "/graphql/reference/scalars#custompropertyvalue" } ] }, @@ -103493,37 +102920,11 @@ ] }, { - "name": "DeleteRepositoryRulesetInput", - "kind": "inputObjects", - "id": "deleterepositoryrulesetinput", - "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput", - "description": "

    Autogenerated input type of DeleteRepositoryRuleset.

    ", - "inputFields": [ - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "repositoryRulesetId", - "description": "

    The global relay id of the repository ruleset to be deleted.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "DeleteTeamDiscussionCommentInput", + "name": "DeleteRepositoryCustomPropertyInput", "kind": "inputObjects", - "id": "deleteteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#deleteteamdiscussioncommentinput", - "description": "

    Autogenerated input type of DeleteTeamDiscussionComment.

    ", + "id": "deleterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#deleterepositorycustompropertyinput", + "description": "

    Autogenerated input type of DeleteRepositoryCustomProperty.

    ", "inputFields": [ { "name": "clientMutationId", @@ -103535,7 +102936,7 @@ }, { "name": "id", - "description": "

    The ID of the comment to delete.

    ", + "description": "

    The global relay id of the custom property to be deleted.

    ", "type": "ID!", "id": "id", "kind": "scalars", @@ -103545,11 +102946,11 @@ ] }, { - "name": "DeleteTeamDiscussionInput", + "name": "DeleteRepositoryRulesetInput", "kind": "inputObjects", - "id": "deleteteamdiscussioninput", - "href": "/graphql/reference/input-objects#deleteteamdiscussioninput", - "description": "

    Autogenerated input type of DeleteTeamDiscussion.

    ", + "id": "deleterepositoryrulesetinput", + "href": "/graphql/reference/input-objects#deleterepositoryrulesetinput", + "description": "

    Autogenerated input type of DeleteRepositoryRuleset.

    ", "inputFields": [ { "name": "clientMutationId", @@ -103560,8 +102961,8 @@ "href": "/graphql/reference/scalars#string" }, { - "name": "id", - "description": "

    The discussion ID to delete.

    ", + "name": "repositoryRulesetId", + "description": "

    The global relay id of the repository ruleset to be deleted.

    ", "type": "ID!", "id": "id", "kind": "scalars", @@ -106262,6 +105663,32 @@ } ] }, + { + "name": "PromoteRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "promoterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#promoterepositorycustompropertyinput", + "description": "

    Autogenerated input type of PromoteRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "repositoryCustomPropertyId", + "description": "

    The ID of the repository custom property to be promoted.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "PropertyTargetDefinitionInput", "kind": "inputObjects", @@ -106361,14 +105788,6 @@ "kind": "enums", "href": "/graphql/reference/enums#pullrequestallowedmergemethods" }, - { - "name": "automaticCopilotCodeReviewEnabled", - "description": "

    Request Copilot code review for new pull requests automatically if the author\nhas access to Copilot code review and their premium requests quota has not\nreached the limit.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, { "name": "dismissStaleReviewsOnPush", "description": "

    New, reviewable commits pushed will dismiss previous pull request review approvals.

    ", @@ -107200,13 +106619,29 @@ "inputFields": [ { "name": "actorIds", - "description": "

    The ids of the actors to replace the existing assignees.

    ", - "type": "[ID!]!", + "description": "

    The ids of the actors to replace the existing assignees. May be used as an\nalternative to or in conjunction with actorLogins.

    ", + "type": "[ID!]", "id": "id", "kind": "scalars", "href": "/graphql/reference/scalars#id", "isDeprecated": false }, + { + "name": "actorLogins", + "description": "

    The usernames of the actors to replace the existing assignees. May be used as\nan alternative to or in conjunction with actorIds. For bots, use the login\nformat with [bot] suffix (e.g., 'my-app[bot]').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "agentAssignment", + "description": "

    Configuration for assigning an AI agent to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assignableId", "description": "

    The id of the assignable object to replace the assignees for.

    ", @@ -107594,6 +107029,64 @@ } ] }, + { + "name": "RequestReviewsByLoginInput", + "kind": "inputObjects", + "id": "requestreviewsbylogininput", + "href": "/graphql/reference/input-objects#requestreviewsbylogininput", + "description": "

    Autogenerated input type of RequestReviewsByLogin.

    ", + "inputFields": [ + { + "name": "botLogins", + "description": "

    The logins of the bots to request reviews from, including the [bot] suffix (e.g., 'copilot-pull-request-reviewer[bot]').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "pullRequestId", + "description": "

    The Node ID of the pull request to modify.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "teamSlugs", + "description": "

    The slugs of the teams to request reviews from (format: 'org/team-slug').

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "union", + "description": "

    Add users to the set rather than replace.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "userLogins", + "description": "

    The login strings of the users to request reviews from.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + ] + }, { "name": "RequestReviewsInput", "kind": "inputObjects", @@ -108329,6 +107822,40 @@ } ] }, + { + "name": "SetRepositoryCustomPropertyValuesInput", + "kind": "inputObjects", + "id": "setrepositorycustompropertyvaluesinput", + "href": "/graphql/reference/input-objects#setrepositorycustompropertyvaluesinput", + "description": "

    Autogenerated input type of SetRepositoryCustomPropertyValues.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "properties", + "description": "

    A list of custom property names and associated values to apply.

    ", + "type": "[CustomPropertyValueInput!]!", + "id": "custompropertyvalueinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#custompropertyvalueinput" + }, + { + "name": "repositoryId", + "description": "

    The ID of the repository to set properties for.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "SetRepositoryInteractionLimitInput", "kind": "inputObjects", @@ -108863,7 +108390,7 @@ "inputFields": [ { "name": "name", - "description": "

    How this rule will appear to users.

    ", + "description": "

    How this rule appears when configuring it.

    ", "type": "String", "id": "string", "kind": "scalars", @@ -108895,56 +108422,6 @@ } ] }, - { - "name": "TeamDiscussionCommentOrder", - "kind": "inputObjects", - "id": "teamdiscussioncommentorder", - "href": "/graphql/reference/input-objects#teamdiscussioncommentorder", - "description": "

    Ways in which team discussion comment connections can be ordered.

    ", - "inputFields": [ - { - "name": "direction", - "description": "

    The direction in which to order nodes.

    ", - "type": "OrderDirection!", - "id": "orderdirection", - "kind": "enums", - "href": "/graphql/reference/enums#orderdirection" - }, - { - "name": "field", - "description": "

    The field by which to order nodes.

    ", - "type": "TeamDiscussionCommentOrderField!", - "id": "teamdiscussioncommentorderfield", - "kind": "enums", - "href": "/graphql/reference/enums#teamdiscussioncommentorderfield" - } - ] - }, - { - "name": "TeamDiscussionOrder", - "kind": "inputObjects", - "id": "teamdiscussionorder", - "href": "/graphql/reference/input-objects#teamdiscussionorder", - "description": "

    Ways in which team discussion connections can be ordered.

    ", - "inputFields": [ - { - "name": "direction", - "description": "

    The direction in which to order nodes.

    ", - "type": "OrderDirection!", - "id": "orderdirection", - "kind": "enums", - "href": "/graphql/reference/enums#orderdirection" - }, - { - "name": "field", - "description": "

    The field by which to order nodes.

    ", - "type": "TeamDiscussionOrderField!", - "id": "teamdiscussionorderfield", - "kind": "enums", - "href": "/graphql/reference/enums#teamdiscussionorderfield" - } - ] - }, { "name": "TeamMemberOrder", "kind": "inputObjects", @@ -110642,40 +110119,6 @@ } ] }, - { - "name": "UpdateEnterpriseTeamDiscussionsSettingInput", - "kind": "inputObjects", - "id": "updateenterpriseteamdiscussionssettinginput", - "href": "/graphql/reference/input-objects#updateenterpriseteamdiscussionssettinginput", - "description": "

    Autogenerated input type of UpdateEnterpriseTeamDiscussionsSetting.

    ", - "inputFields": [ - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "enterpriseId", - "description": "

    The ID of the enterprise on which to set the team discussions setting.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "settingValue", - "description": "

    The value for the team discussions setting on the enterprise.

    ", - "type": "EnterpriseEnabledDisabledSettingValue!", - "id": "enterpriseenableddisabledsettingvalue", - "kind": "enums", - "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" - } - ] - }, { "name": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput", "kind": "inputObjects", @@ -110912,6 +110355,40 @@ } ] }, + { + "name": "UpdateIpAllowListUserLevelEnforcementEnabledSettingInput", + "kind": "inputObjects", + "id": "updateipallowlistuserlevelenforcementenabledsettinginput", + "href": "/graphql/reference/input-objects#updateipallowlistuserlevelenforcementenabledsettinginput", + "description": "

    Autogenerated input type of UpdateIpAllowListUserLevelEnforcementEnabledSetting.

    ", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "ownerId", + "description": "

    The ID of the owner.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

    The value for the IP allow list user-level enforcement enabled setting.

    ", + "type": "IpAllowListUserLevelEnforcementEnabledSettingValue!", + "id": "ipallowlistuserlevelenforcementenabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#ipallowlistuserlevelenforcementenabledsettingvalue" + } + ] + }, { "name": "UpdateIssueCommentInput", "kind": "inputObjects", @@ -110953,6 +110430,14 @@ "href": "/graphql/reference/input-objects#updateissueinput", "description": "

    Autogenerated input type of UpdateIssue.

    ", "inputFields": [ + { + "name": "agentAssignment", + "description": "

    Configuration for assigning an AI agent to this issue.

    ", + "type": "AgentAssignmentInput", + "id": "agentassignmentinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#agentassignmentinput" + }, { "name": "assigneeIds", "description": "

    An array of Node IDs of users or bots for this issue.

    ", @@ -112109,6 +111594,80 @@ } ] }, + { + "name": "UpdateRepositoryCustomPropertyInput", + "kind": "inputObjects", + "id": "updaterepositorycustompropertyinput", + "href": "/graphql/reference/input-objects#updaterepositorycustompropertyinput", + "description": "

    Autogenerated input type of UpdateRepositoryCustomProperty.

    ", + "inputFields": [ + { + "name": "allowedValues", + "description": "

    The updated allowed values for the custom property.

    ", + "type": "[String!]", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "clientMutationId", + "description": "

    A unique identifier for the client performing the mutation.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "defaultValue", + "description": "

    The updated default value for the custom property if the property is required.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "description", + "description": "

    The updated description of the custom property.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "regex", + "description": "

    The regex pattern that the value of the custom property must match, if the value_type is string.

    ", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "repositoryCustomPropertyId", + "description": "

    The global relay id of the source of the custom property.

    ", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "required", + "description": "

    Whether the updated custom property is required.

    ", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "valuesEditableBy", + "description": "

    The updated actors who can edit the values of the custom property.

    ", + "type": "RepositoryCustomPropertyValuesEditableBy", + "id": "repositorycustompropertyvalueseditableby", + "kind": "enums", + "href": "/graphql/reference/enums#repositorycustompropertyvalueseditableby" + } + ] + }, { "name": "UpdateRepositoryInput", "kind": "inputObjects", @@ -112416,106 +111975,6 @@ } ] }, - { - "name": "UpdateTeamDiscussionCommentInput", - "kind": "inputObjects", - "id": "updateteamdiscussioncommentinput", - "href": "/graphql/reference/input-objects#updateteamdiscussioncommentinput", - "description": "

    Autogenerated input type of UpdateTeamDiscussionComment.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The updated text of the comment.

    ", - "type": "String!", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "id", - "description": "

    The ID of the comment to modify.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - } - ] - }, - { - "name": "UpdateTeamDiscussionInput", - "kind": "inputObjects", - "id": "updateteamdiscussioninput", - "href": "/graphql/reference/input-objects#updateteamdiscussioninput", - "description": "

    Autogenerated input type of UpdateTeamDiscussion.

    ", - "inputFields": [ - { - "name": "body", - "description": "

    The updated text of the discussion.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "bodyVersion", - "description": "

    The current version of the body content. If provided, this update operation\nwill be rejected if the given version does not match the latest version on the server.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "clientMutationId", - "description": "

    A unique identifier for the client performing the mutation.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - }, - { - "name": "id", - "description": "

    The Node ID of the discussion to modify.

    ", - "type": "ID!", - "id": "id", - "kind": "scalars", - "href": "/graphql/reference/scalars#id", - "isDeprecated": false - }, - { - "name": "pinned", - "description": "

    If provided, sets the pinned state of the updated discussion.

    ", - "type": "Boolean", - "id": "boolean", - "kind": "scalars", - "href": "/graphql/reference/scalars#boolean" - }, - { - "name": "title", - "description": "

    The updated title of the discussion.

    ", - "type": "String", - "id": "string", - "kind": "scalars", - "href": "/graphql/reference/scalars#string" - } - ] - }, { "name": "UpdateTeamReviewAssignmentInput", "kind": "inputObjects", @@ -112967,6 +112426,13 @@ "id": "boolean", "href": "/graphql/reference/scalars#boolean" }, + { + "name": "CustomPropertyValue", + "kind": "scalars", + "id": "custompropertyvalue", + "href": "/graphql/reference/scalars#custompropertyvalue", + "description": "

    A custom property value can be either a string or an array of strings. All\nproperty types support only a single string value, except for the multi-select\ntype, which supports only a string array.

    " + }, { "name": "Date", "kind": "scalars", diff --git a/src/graphql/data/ghec/upcoming-changes.json b/src/graphql/data/ghec/upcoming-changes.json index 6fcc489e4f35..42a408cba243 100644 --- a/src/graphql/data/ghec/upcoming-changes.json +++ b/src/graphql/data/ghec/upcoming-changes.json @@ -1,4 +1,22 @@ { + "2026-07-01": [ + { + "location": "Team.viewerSubscription", + "description": "

    viewerSubscription will be removed.

    ", + "reason": "

    Team.viewerSubscription will be removed. Team notifications subscriptions are being deprecated.

    ", + "date": "2026-07-01", + "criticality": "breaking", + "owner": "peter-evans" + }, + { + "location": "Team.viewerCanSubscribe", + "description": "

    viewerCanSubscribe will be removed.

    ", + "reason": "

    Team.viewerCanSubscribe will be removed. Team notifications subscriptions are being deprecated.

    ", + "date": "2026-07-01", + "criticality": "breaking", + "owner": "peter-evans" + } + ], "2026-04-01": [ { "location": "TeamRemoveRepositoryAuditEntry.userUrl", @@ -784,6 +802,14 @@ "criticality": "breaking", "owner": "audit_logs" }, + { + "location": "ReviewRequest.requestedBy", + "description": "

    requestedBy will be removed. Use requestedByActor instead.

    ", + "reason": "

    requestedBy will be removed.

    ", + "date": "2026-04-01", + "criticality": "breaking", + "owner": "github/client-apps-platform" + }, { "location": "RepositoryVisibilityChangeEnableAuditEntry.userUrl", "description": "

    userUrl will be removed.

    ", @@ -9772,158 +9798,6 @@ } ], "2024-07-01": [ - { - "location": "TeamDiscussionComment.url", - "description": "

    url will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.resourcePath", - "description": "

    resourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.number", - "description": "

    number will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.discussion", - "description": "

    discussion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.bodyVersion", - "description": "

    bodyVersion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussionComment.authorAssociation", - "description": "

    authorAssociation will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.viewerCanPin", - "description": "

    viewerCanPin will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.url", - "description": "

    url will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.title", - "description": "

    title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.team", - "description": "

    team will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.resourcePath", - "description": "

    resourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.number", - "description": "

    number will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.isPrivate", - "description": "

    isPrivate will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.isPinned", - "description": "

    isPinned will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.commentsUrl", - "description": "

    commentsUrl will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.commentsResourcePath", - "description": "

    commentsResourcePath will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.comments", - "description": "

    comments will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.bodyVersion", - "description": "

    bodyVersion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "TeamDiscussion.authorAssociation", - "description": "

    authorAssociation will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, { "location": "PullRequestReviewComment.databaseId", "description": "

    databaseId will be removed. Use fullDatabaseId instead.

    ", @@ -9957,64 +9831,8 @@ "owner": "jdennes" }, { - "location": "CreateTeamDiscussionPayload.teamDiscussion", - "description": "

    teamDiscussion will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.title", - "description": "

    title will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.teamId", - "description": "

    teamId will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.private", - "description": "

    private will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionInput.body", - "description": "

    body will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentPayload.teamDiscussionComment", - "description": "

    teamDiscussionComment will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentInput.discussionId", - "description": "

    discussionId will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", - "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", - "date": "2024-07-01", - "criticality": "breaking", - "owner": "deborah-digges" - }, - { - "location": "CreateTeamDiscussionCommentInput.body", - "description": "

    body will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", + "location": "EnterpriseOwnerInfo.teamDiscussionsSetting", + "description": "

    teamDiscussionsSetting will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/ to find a suitable replacement.

    ", "reason": "

    The Team Discussions feature is deprecated in favor of Organization Discussions.

    ", "date": "2024-07-01", "criticality": "breaking", diff --git a/src/graphql/scripts/sync.ts b/src/graphql/scripts/sync.ts index 5cd1a5b94ec6..9d8a84ed3435 100755 --- a/src/graphql/scripts/sync.ts +++ b/src/graphql/scripts/sync.ts @@ -29,6 +29,27 @@ interface IgnoredChange { types: Array<{ type: string }> } +interface RawPreview { + title: string + toggled_on: string[] + toggled_by: string + announcement?: unknown + updates?: unknown +} + +interface UpcomingChangeEntry { + location: string + date: string + description: string + [key: string]: unknown +} + +interface UpcomingChangesDocument { + upcoming_changes: UpcomingChangeEntry[] +} + +type SchemaPreview = Omit & { toggled_by: string[] } + const graphqlStaticDir = 'src/graphql/data' const dataFilenames = JSON.parse( await fs.readFile('src/graphql/scripts/utils/data-filenames.json', 'utf8'), @@ -54,11 +75,10 @@ async function main() { // 1. UPDATE PREVIEWS const previewsPath = getDataFilepath('previews', graphqlVersion) - // GraphQL preview data structure - complex nested object from YAML - // Using any because processPreviews is an external utility without type definitions - const safeForPublicPreviews = yaml.load( + const rawPreviews = yaml.load( await getRemoteRawContent(previewsPath, graphqlVersion), - ) as any + ) as RawPreview[] + const safeForPublicPreviews: RawPreview[] = Array.isArray(rawPreviews) ? rawPreviews : [] const previewsJson = processPreviews(safeForPublicPreviews) await updateStaticFile( previewsJson, @@ -67,10 +87,9 @@ async function main() { // 2. UPDATE UPCOMING CHANGES const upcomingChangesPath = getDataFilepath('upcomingChanges', graphqlVersion) - // GraphQL upcoming changes data - contains upcoming_changes array - const previousUpcomingChanges = yaml.load(await fs.readFile(upcomingChangesPath, 'utf8')) as { - upcoming_changes: unknown[] - } + const previousUpcomingChanges = yaml.load( + await fs.readFile(upcomingChangesPath, 'utf8'), + ) as UpcomingChangesDocument const safeForPublicChanges = await getRemoteRawContent(upcomingChangesPath, graphqlVersion) await updateFile(upcomingChangesPath, safeForPublicChanges) const upcomingChangesJson = await processUpcomingChanges(safeForPublicChanges) @@ -85,10 +104,13 @@ async function main() { const previousSchemaString = await fs.readFile(previewFilePath, 'utf8') const latestSchema = await getRemoteRawContent(previewFilePath, graphqlVersion) await updateFile(previewFilePath, latestSchema) - // Using any because processSchemas returns complex GraphQL schema structures - const schemaJsonPerVersion = await processSchemas(latestSchema, safeForPublicPreviews) // This is slow! + const previewsForSchema: SchemaPreview[] = safeForPublicPreviews.map((preview) => ({ + ...preview, + toggled_by: [preview.toggled_by].flat(), + })) + const schemaJsonPerVersion = await processSchemas(latestSchema, previewsForSchema) // This is slow! await updateStaticFile( - schemaJsonPerVersion as any, + schemaJsonPerVersion, path.join(graphqlStaticDir, graphqlVersion, 'schema.json'), ) @@ -99,9 +121,8 @@ async function main() { previousSchemaString, latestSchema, safeForPublicPreviews, - previousUpcomingChanges.upcoming_changes as any, - (yaml.load(safeForPublicChanges) as { upcoming_changes: unknown[] }) - .upcoming_changes as any, + previousUpcomingChanges.upcoming_changes, + (yaml.load(safeForPublicChanges) as UpcomingChangesDocument).upcoming_changes, ) if (changelogEntry) { prependDatedEntry( @@ -225,8 +246,8 @@ async function updateFile(filepath: string, content: string) { } // JSON data from GraphQL schema processing - complex nested structures -// Using any because the structure varies (arrays, objects, nested schemas, etc.) -async function updateStaticFile(json: any, filepath: string) { +// Serialize unknown shapes because the structure varies (arrays, objects, nested schemas, etc.) +async function updateStaticFile(json: unknown, filepath: string) { console.log(`Updating static file ${filepath}`) const jsonString = JSON.stringify(json, null, 2) return updateFile(filepath, jsonString) diff --git a/src/graphql/tests/build-changelog.ts b/src/graphql/tests/build-changelog.ts index cf6e34e0dc5b..f5c131468bad 100644 --- a/src/graphql/tests/build-changelog.ts +++ b/src/graphql/tests/build-changelog.ts @@ -19,8 +19,8 @@ interface Preview { title: string description: string toggled_by: string - announcement: any - updates: any + announcement: unknown + updates: unknown toggled_on: string[] owning_teams: string[] } @@ -33,7 +33,7 @@ interface UpcomingChange { interface IgnoredChange { type: string - [key: string]: any + [key: string]: unknown } interface IgnoredChangesSummary { @@ -285,7 +285,7 @@ describe('ignored changes tracking', () => { // This should generate a TypeDescriptionAdded change type that gets ignored await createChangelogEntry(oldSchemaString, newSchemaString, [], [], []) - const ignoredChanges: IgnoredChange[] = getLastIgnoredChanges() + const ignoredChanges: IgnoredChange[] = getLastIgnoredChanges() as unknown as IgnoredChange[] expect(ignoredChanges.length).toBe(1) expect(ignoredChanges[0].type).toBe('TYPE_DESCRIPTION_ADDED') }) diff --git a/src/journeys/README.md b/src/journeys/README.md new file mode 100644 index 000000000000..62b78f5bc72d --- /dev/null +++ b/src/journeys/README.md @@ -0,0 +1,87 @@ +# Journeys + +The **journeys** subject provides guided learning experiences (called "tracks") that help users navigate through a sequence of related documentation articles. Tracks appear on special landing pages and provide contextual navigation to move through articles in a structured learning path. + +## Purpose & Scope + +This subject is responsible for: +- Rendering journey landing pages that display multiple learning tracks +- Providing prev/next navigation within journey track articles +- Resolving journey context based on the current article path +- Rendering Liquid templates in journey metadata (titles, descriptions, guide paths) + +Journey tracks are defined in article frontmatter using the `journeyTracks` field on pages with `layout: journey-landing`. + +## Architecture & Key Assets + +``` +src/journeys/ +├── components/ +│ ├── JourneyTrackCard.tsx # Card showing journey progress with next/prev links +│ ├── JourneyTrackNav.tsx # Navigation bar for prev/next articles in a track +│ └── index.ts # Component exports +├── lib/ +│ ├── get-link-data.ts # Fetches title and href data for journey guide links +│ └── journey-path-resolver.ts # Core logic: resolves journey context and tracks +├── middleware/ +│ └── journey-track.ts # Express middleware that attaches journey data to requests +└── tests/ + └── journey-path-resolver.ts # Unit tests for journey resolution logic +``` + + + +## Setup & Usage + +### Prerequisites +- Journey landing pages must have `layout: journey-landing` in their frontmatter +- Journey tracks are defined in the `journeyTracks` frontmatter field (see example below) + +### Running tests +```bash +npm run test -- src/journeys/tests +``` + +### Example frontmatter for journey landing page +```yaml +--- +title: Enterprise onboarding +layout: journey-landing +journeyTracks: + - id: 'getting_started' + title: 'Getting started with {% data variables.product.prodname_ghe_cloud %}' + description: 'Master the fundamentals and get started with a trial.' + guides: + - '/enterprise-onboarding/choose-an-enterprise-type' + - '/enterprise-onboarding/setting-up-a-trial' + - '/enterprise-onboarding/adding-users' +--- +``` + +## Data & External Dependencies + +### Data inputs +- **Content frontmatter**: `journeyTracks` field on landing pages defines track structure +- **Article metadata**: Article titles and paths are resolved via `get-link-data.ts` +- **Liquid variables**: Track titles, descriptions, and guide paths support Liquid templating + +### Dependencies +- **`@/content-render`**: Used to render Liquid templates in journey metadata +- **`@/frame/lib/path-utils`**: Normalizes paths for consistent matching +- **`@/versions`**: Checks version compatibility between journey pages and articles +- **`@/languages`**: Executes rendering with fallback for internationalization +- **`@/landings`**: Journey components are consumed by landing page layouts + +### Data outputs +- **`req.context.currentJourneyTrack`**: Journey context object with track info and prev/next links +- **`req.context.page.resolvedJourneyTracks`**: Array of resolved track data for landing pages + +## Current State & Next Steps + +### Known limitations +- Journey tracks currently inherit version constraints from their landing page +- Path normalization logic must stay synchronized with other path-handling middleware +- Journey context resolution has some performance overhead due to iterating all pages +- Currently only support a particular page belonging to a single journey track/step - we won't show nav components for all the journeys an article belongs to + +Continued work to expand and add more journey tracks. diff --git a/src/journeys/components/JourneyTrackCard.tsx b/src/journeys/components/JourneyTrackCard.tsx index 26a84fcf4029..7eda7b69e682 100644 --- a/src/journeys/components/JourneyTrackCard.tsx +++ b/src/journeys/components/JourneyTrackCard.tsx @@ -13,9 +13,8 @@ export function JourneyTrackCard({ journey }: Props) { const { locale } = useRouter() const { currentVersion } = useVersion() const { t } = useTranslation('journey_track_nav') - const { trackTitle, journeyTitle, journeyPath, nextGuide, numberOfGuides, currentGuideIndex } = - journey - const fullPath = `/${locale}/${currentVersion}${journeyPath}?feature=journey-landing` + const { trackTitle, journeyPath, nextGuide, numberOfGuides, currentGuideIndex } = journey + const fullPath = `/${locale}/${currentVersion}${journeyPath}` return (

    - {journeyTitle} + {trackTitle}

    - {trackTitle} {t('current_progress') .replace('{n}', `${numberOfGuides}`) @@ -49,6 +47,12 @@ export function JourneyTrackCard({ journey }: Props) { )} + {journey.alternativeNextStep && ( +
    + )}
    ) diff --git a/src/journeys/components/JourneyTrackNav.tsx b/src/journeys/components/JourneyTrackNav.tsx index 91f71bc38368..4dba06ba3eae 100644 --- a/src/journeys/components/JourneyTrackNav.tsx +++ b/src/journeys/components/JourneyTrackNav.tsx @@ -8,7 +8,7 @@ type Props = { export function JourneyTrackNav({ context }: Props) { const { t } = useTranslation('journey_track_nav') - const { prevGuide, nextGuide, trackTitle, currentGuideIndex, numberOfGuides } = context + const { prevGuide, nextGuide, nextTrackFirstGuide } = context return (
    - - {trackTitle} - - {t('current_progress') - .replace('{n}', `${numberOfGuides}`) - .replace('{i}', `${currentGuideIndex + 1}`)} - - - - {nextGuide && ( + {nextGuide ? ( <> {t('next_article')} {nextGuide.title} - )} + ) : nextTrackFirstGuide ? ( + <> + {t('next_article')} + + {nextTrackFirstGuide.trackTitle} + + + ) : null}
    ) diff --git a/src/journeys/lib/journey-path-resolver.ts b/src/journeys/lib/journey-path-resolver.ts index 1bc9b22088bc..ec93200dfe8c 100644 --- a/src/journeys/lib/journey-path-resolver.ts +++ b/src/journeys/lib/journey-path-resolver.ts @@ -13,6 +13,11 @@ export interface JourneyContext { journeyPath: string currentGuideIndex: number numberOfGuides: number + nextTrackFirstGuide?: { + href: string + title: string + trackTitle: string + } nextGuide?: { href: string title: string @@ -21,6 +26,7 @@ export interface JourneyContext { href: string title: string } + alternativeNextStep?: string } export interface JourneyTrack { @@ -43,7 +49,10 @@ type JourneyPage = { id: string title: string description?: string - guides: string[] + guides: Array<{ + href: string + alternativeNextStep?: string + }> }> } @@ -59,6 +68,13 @@ type ContentContext = { // Cache for journey pages so we only filter all pages once let cachedJourneyPages: JourneyPage[] | null = null +// Cache for guide paths to quickly check if a page is part of any journey +let cachedGuidePaths: Set | null = null +let hasDynamicGuides = false + +function needsRendering(str: string): boolean { + return str.includes('{{') || str.includes('{%') || str.includes('[') || str.includes('<') +} function getJourneyPages(pages: Pages): JourneyPage[] { if (!cachedJourneyPages) { @@ -69,6 +85,27 @@ function getJourneyPages(pages: Pages): JourneyPage[] { return cachedJourneyPages } +function getGuidePaths(pages: Pages): Set { + if (!cachedGuidePaths) { + cachedGuidePaths = new Set() + const journeyPages = getJourneyPages(pages) + for (const page of journeyPages) { + if (!page.journeyTracks) continue + for (const track of page.journeyTracks) { + if (!track.guides) continue + for (const guide of track.guides) { + if (needsRendering(guide.href)) { + hasDynamicGuides = true + } else { + cachedGuidePaths.add(normalizeGuidePath(guide.href)) + } + } + } + } + } + return cachedGuidePaths +} + function normalizeGuidePath(path: string): string { // First ensure we have a leading slash for consistent processing const pathWithSlash = path.startsWith('/') ? path : `/${path}` @@ -83,6 +120,32 @@ function normalizeGuidePath(path: string): string { : `/${withoutLanguage || path}` } +/** + * Helper function to fetch guide data (href and title) for a given path + */ +async function fetchGuideData( + guidePath: string, + context: ContentContext, +): Promise<{ href: string; title: string } | null> { + try { + const resultData = await getLinkData(guidePath, context, { + title: true, + intro: false, + fullTitle: false, + }) + if (resultData && resultData.length > 0) { + const linkResult = resultData[0] + return { + href: linkResult.href, + title: linkResult.title || '', + } + } + } catch (error) { + console.warn('Could not get link data for guide:', guidePath, error) + } + return null +} + /** * Resolves the journey context for a given article path. * @@ -98,6 +161,16 @@ export async function resolveJourneyContext( ): Promise { const normalizedPath = normalizeGuidePath(articlePath) + // Optimization: Fast path check + // If we are not forcing a specific journey page, check our global cache + if (!currentJourneyPage) { + const guidePaths = getGuidePaths(pages) + // If we have no dynamic guides and this path isn't in our known guides, return null early. + if (!hasDynamicGuides && !guidePaths.has(normalizedPath)) { + return null + } + } + // Use the current journey page if provided, otherwise find all journey pages const journeyPages = currentJourneyPage ? [currentJourneyPage] : getJourneyPages(pages) @@ -117,6 +190,8 @@ export async function resolveJourneyContext( } } + let trackIndex = 0 + let foundTrackIndex = 0 for (const track of journeyPage.journeyTracks) { if (!track.guides || !Array.isArray(track.guides)) continue @@ -124,19 +199,21 @@ export async function resolveJourneyContext( let guideIndex = -1 for (let i = 0; i < track.guides.length; i++) { - const guidePath = track.guides[i] + const guidePath = track.guides[i].href let renderedGuidePath = guidePath // Handle Liquid conditionals in guide paths - try { - renderedGuidePath = await executeWithFallback( - context, - () => renderContent(guidePath, context, { textOnly: true }), - () => guidePath, - ) - } catch { - // If rendering fails, use the original path rather than erroring - renderedGuidePath = guidePath + if (needsRendering(guidePath)) { + try { + renderedGuidePath = await executeWithFallback( + context, + () => renderContent(guidePath, context, { textOnly: true }), + () => guidePath, + ) + } catch { + // If rendering fails, use the original path rather than erroring + renderedGuidePath = guidePath + } } const normalizedGuidePath = normalizeGuidePath(renderedGuidePath) @@ -148,6 +225,23 @@ export async function resolveJourneyContext( } if (guideIndex >= 0) { + const alternativeNextStep = track.guides[guideIndex].alternativeNextStep || '' + let renderedAlternativeNextStep = alternativeNextStep + + // Handle Liquid conditionals in branching text which likely has links + if (needsRendering(alternativeNextStep)) { + try { + renderedAlternativeNextStep = await executeWithFallback( + context, + () => renderContent(alternativeNextStep, context), + () => alternativeNextStep, + ) + } catch { + // If rendering fails, use the original branching text rather than erroring + renderedAlternativeNextStep = alternativeNextStep + } + } + result = { trackId: track.id, trackName: track.id, @@ -157,52 +251,51 @@ export async function resolveJourneyContext( journeyPage.permalink || Permalink.relativePathToSuffix(journeyPage.relativePath || ''), currentGuideIndex: guideIndex, numberOfGuides: track.guides.length, + alternativeNextStep: renderedAlternativeNextStep, } // Set up previous guide if (guideIndex > 0) { - const prevGuidePath = track.guides[guideIndex - 1] - try { - const resultData = await getLinkData(prevGuidePath, context, { - title: true, - intro: false, - fullTitle: false, - }) - if (resultData && resultData.length > 0) { - const linkResult = resultData[0] - result.prevGuide = { - href: linkResult.href, - title: linkResult.title || '', - } - } - } catch (error) { - console.warn('Could not get link data for previous guide:', prevGuidePath, error) + const prevGuidePath = track.guides[guideIndex - 1].href + const guideData = await fetchGuideData(prevGuidePath, context) + if (guideData) { + result.prevGuide = guideData } } // Set up next guide if (guideIndex < track.guides.length - 1) { - const nextGuidePath = track.guides[guideIndex + 1] - try { - const resultData = await getLinkData(nextGuidePath, context, { - title: true, - intro: false, - fullTitle: false, - }) - if (resultData && resultData.length > 0) { - const linkResult = resultData[0] - result.nextGuide = { - href: linkResult.href, - title: linkResult.title || '', + const nextGuidePath = track.guides[guideIndex + 1].href + const guideData = await fetchGuideData(nextGuidePath, context) + if (guideData) { + result.nextGuide = guideData + } + } + + // Only populate nextTrackFirstGuide when on the last guide of the track + if (guideIndex === track.guides.length - 1) { + foundTrackIndex = trackIndex + + if ( + journeyPage.journeyTracks[foundTrackIndex + 1] && + journeyPage.journeyTracks[foundTrackIndex + 1].guides.length > 0 + ) { + const nextTrack = journeyPage.journeyTracks[foundTrackIndex + 1] + const nextTrackFirstGuidePath = nextTrack.guides[0].href + const guideData = await fetchGuideData(nextTrackFirstGuidePath, context) + if (guideData) { + result.nextTrackFirstGuide = { + ...guideData, + trackTitle: nextTrack.title, } } - } catch (error) { - console.warn('Could not get link data for next guide:', nextGuidePath, error) } } break // Found the track, stop searching } + + trackIndex++ } if (result) break // Found the journey, stop searching @@ -217,21 +310,29 @@ export async function resolveJourneyContext( * Returns an array of JourneyTrack objects with titles, descriptions, and guide links. */ export async function resolveJourneyTracks( - journeyTracks: any[], + journeyTracks: JourneyPage['journeyTracks'], context: ContentContext, ): Promise { + if (!journeyTracks || journeyTracks.length === 0) { + return [] + } + const result = await Promise.all( - journeyTracks.map(async (track: any) => { + journeyTracks.map(async (track) => { // Render Liquid templates in title and description - const renderedTitle = await renderContent(track.title, context, { textOnly: true }) - const renderedDescription = track.description - ? await renderContent(track.description, context, { textOnly: true }) - : undefined + const renderedTitle = needsRendering(track.title) + ? await renderContent(track.title, context, { textOnly: true }) + : track.title + + const renderedDescription = + track.description && needsRendering(track.description) + ? await renderContent(track.description, context, { textOnly: true }) + : track.description const guides = await Promise.all( - track.guides.map(async (guidePath: string) => { - const linkData = await getLinkData(guidePath, context, { title: true }) - const baseHref = linkData?.[0]?.href || guidePath + track.guides.map(async (guide: { href: string; alternativeNextStep?: string }) => { + const linkData = await getLinkData(guide.href, context, { title: true }) + const baseHref = linkData?.[0]?.href || guide.href return { href: baseHref, title: linkData?.[0]?.title || 'Untitled Guide', diff --git a/src/journeys/middleware/journey-track.ts b/src/journeys/middleware/journey-track.ts index e6e412785796..38ddfe618aae 100644 --- a/src/journeys/middleware/journey-track.ts +++ b/src/journeys/middleware/journey-track.ts @@ -1,38 +1,32 @@ import type { Response, NextFunction } from 'express' import type { ExtendedRequest, Context } from '@/types' +import { resolveJourneyTracks, resolveJourneyContext } from '../lib/journey-path-resolver' + export default async function journeyTrack( req: ExtendedRequest & { context: Context }, res: Response, next: NextFunction, ) { + if (req.method !== 'GET' && req.method !== 'HEAD') return next() + if (!req.context) throw new Error('request is not contextualized') if (!req.context.page) return next() - // Only run journey resolution if the page has journey tracks defined - if (!(req.context.page as any).journeyTracks) { - req.context.currentJourneyTrack = null - return next() - } - try { - // Import and use the journey resolver which uses renderContent, need the - // async import since it uses fs Node apis - const journeyResolver = await import('../lib/journey-path-resolver') - - // resolve the journey tracks which renders the journey content like the - // description to handle liquid rendering - const resolvedTracks = await journeyResolver.resolveJourneyTracks( - (req.context.page as any).journeyTracks, - req.context, - ) - - // Store resolved tracks on the page context for later use in getServerSideProps - ;(req.context.page as any).resolvedJourneyTracks = resolvedTracks - - // resolve the current journey context since we're on a journey track page - // i.e. next/prev articles in the track, this article's position in the track - const journeyContext = await journeyResolver.resolveJourneyContext( + // If this page has journey tracks defined, resolve them for the landing page + if ((req.context.page as any).journeyTracks) { + const resolvedTracks = await resolveJourneyTracks( + (req.context.page as any).journeyTracks, + req.context, + ) + + // Store resolved tracks on the page context for later use in getServerSideProps + ;(req.context.page as any).resolvedJourneyTracks = resolvedTracks + } + + // Always try to resolve journey context (for navigation on guide articles) + const journeyContext = await resolveJourneyContext( req.pagePath || '', req.context.pages || {}, req.context, diff --git a/src/journeys/tests/journey-path-resolver.ts b/src/journeys/tests/journey-path-resolver.ts index 510b14a99a8b..891bd940cd16 100644 --- a/src/journeys/tests/journey-path-resolver.ts +++ b/src/journeys/tests/journey-path-resolver.ts @@ -46,11 +46,21 @@ describe('journey-path-resolver', () => { title: 'Getting started', description: 'Learn the basics', guides: [ - '/enterprise-onboarding/setup', - '/enterprise-onboarding/config', - '/enterprise-onboarding/deploy', + { href: '/enterprise-onboarding/setup' }, + { + href: '/enterprise-onboarding/config', + alternativeNextStep: + 'Ready for more? Visit [AUTOTITLE](/enterprise-onboarding/advanced-setup)', + }, + { href: '/enterprise-onboarding/deploy' }, ], }, + { + id: 'advanced', + title: 'Advanced configuration', + description: 'Configure advanced options', + guides: [{ href: '/enterprise-onboarding/advanced-setup' }], + }, ], }, } @@ -100,6 +110,28 @@ describe('journey-path-resolver', () => { }) }) + test('includes alternative next step when provided', async () => { + const result = await resolveJourneyContext( + '/enterprise-onboarding/config', + mockPages, + mockContext, + ) + + expect(result?.alternativeNextStep).toBe( + 'Ready for more? Visit [AUTOTITLE](/enterprise-onboarding/advanced-setup)', + ) + }) + + test('does not populate next track guide when not on last guide', async () => { + const result = await resolveJourneyContext( + '/enterprise-onboarding/config', + mockPages, + mockContext, + ) + + expect(result?.nextTrackFirstGuide).toBeUndefined() + }) + test('handles first article in track (no previous)', async () => { const result = await resolveJourneyContext( '/enterprise-onboarding/setup', @@ -122,6 +154,20 @@ describe('journey-path-resolver', () => { expect(result?.currentGuideIndex).toBe(2) }) + test('populates next track guide when on last guide', async () => { + const result = await resolveJourneyContext( + '/enterprise-onboarding/deploy', + mockPages, + mockContext, + ) + + expect(result?.nextTrackFirstGuide).toEqual({ + href: '/en/enterprise-cloud@latest/enterprise-onboarding/advanced-setup', + title: 'Mock Title for /enterprise-onboarding/advanced-setup', + trackTitle: 'Advanced configuration', + }) + }) + test('normalizes article paths without leading slash', async () => { // The resolver should handle paths without leading slashes // by normalizing them to match the guide paths in the data @@ -149,13 +195,16 @@ describe('journey-path-resolver', () => { id: 'getting_started', title: 'Getting started with {% data variables.product.company_short %}', description: 'Learn the {% data variables.product.company_short %} basics', - guides: ['/enterprise-onboarding/setup', '/enterprise-onboarding/config'], + guides: [ + { href: '/enterprise-onboarding/setup' }, + { href: '/enterprise-onboarding/config' }, + ], }, { id: 'advanced', title: 'Advanced configuration', description: 'Advanced topics for experts', - guides: ['/enterprise-onboarding/advanced-setup'], + guides: [{ href: '/enterprise-onboarding/advanced-setup' }], }, ] @@ -210,7 +259,7 @@ describe('journey-path-resolver', () => { { id: 'no_desc', title: 'Track without description', - guides: ['/some-guide'], + guides: [{ href: '/some-guide' }], }, ] diff --git a/src/landings/README.md b/src/landings/README.md index 10dcc60de7d6..29e5d4053fe0 100644 --- a/src/landings/README.md +++ b/src/landings/README.md @@ -1,7 +1,65 @@ # Landing pages -Landing pages include the Docs home page, the product landing pages, and product guides pages. +The landings subject provides components and logic for rendering various types of landing pages across docs.github.com, including the Docs home page, product landing pages, product guides pages, category pages, and specialized layouts like journey and discovery landings. -## What landing pages are for +## Purpose & Scope -Landing pages provide a hierarchical view of their area, making navigating the Docs easier. +This subject is responsible for: +- Rendering different landing page layouts (product, guides, category, journey, discovery, bespoke) +- Building and displaying featured links, article cards, and guide cards +- Managing landing page context and data requirements +- Providing hierarchical navigation for products and categories +- Displaying article carousels and product releases + +Landing pages serve as navigational hubs that provide a hierarchical view of their area, making it easier to find and discover documentation. + +## Architecture & Key Assets + +| Landing Page Type | Layout Value | Purpose | +|-------------------|--------------|---------| +| Product landing | `product-landing` | Product overview pages with featured links and release notes | +| Product guides | `product-guides` | Product guides listing organized by categories | +| Category landing | `category-landing` | Category pages with hierarchical navigation | +| Table of contents | `toc-landing` | Table of contents pages | +| Journey landing | `journey-landing` | Guided learning journey pages with track navigation | +| Discovery landing | `discovery-landing` | Discovery/exploration pages | +| Home page | (special) | Docs.github.com homepage | + +## Setup & Usage + +### Running tests + +```bash +npm run test -- src/landings/tests +``` + +## Data & External Dependencies + +### Data inputs +- Page frontmatter: `layout`, `featuredLinks`, `journeyTracks`, etc. +- Content tree: Used to build TOC and navigation hierarchies +- Product metadata: Product names, versions, release information + +### Dependencies +- [`@/frame`](../frame/README.md) - Context object, page data, shared components +- [`@/content-render`](../content-render/README.md) - Renders Liquid in featured link titles +- [`@/learning-track`](../learning-track/README.md) - Learning track data resolution +- [`@/journeys`](../journeys/README.md) - Journey track components and data +- [`@/products`](../products/README.md) - Product metadata and groupings +- [`@/versions`](../versions/README.md) - Version-aware content filtering + +### Data outputs +- `req.context.featuredLinks` - Resolved featured link data +- Landing page contexts - Various context objects passed to React components +- Rendered landing pages - Final HTML output + +## Current State & Next Steps + +### Known limitations +- Multiple similar but distinct landing components (could be consolidated) +- Featured links limited to 4 per category to avoid overly tall columns +- Bespoke landing pages require custom components rather than data-driven approach + +### Areas for improvement +- Standardize landing page patterns and consolidate overlapping types +- Make landing pages more data-driven and less code-heavy \ No newline at end of file diff --git a/src/landings/components/ProductArticlesList.tsx b/src/landings/components/ProductArticlesList.tsx index f025e1376a6a..83f7ccba3b7c 100644 --- a/src/landings/components/ProductArticlesList.tsx +++ b/src/landings/components/ProductArticlesList.tsx @@ -2,6 +2,7 @@ import { ActionList } from '@primer/react' import { ProductTreeNode, useMainContext } from '@/frame/components/context/MainContext' import { Link } from '@/frame/components/Link' +import { countArticles } from '@/landings/lib/count-articles' import clsx from 'clsx' import styles from './ProductArticlesList.module.scss' @@ -44,7 +45,7 @@ const ProductTreeNodeList = ({ treeNode }: { treeNode: ProductTreeNode }) => { {childNode.title} {childNode.childPages.length > 0 ? ( -  • {childNode.childPages.length} articles +  • {countArticles(childNode)} articles ) : null} diff --git a/src/landings/components/ProductGuidesContext.tsx b/src/landings/components/ProductGuidesContext.tsx index 65de24591eac..d79cbc216003 100644 --- a/src/landings/components/ProductGuidesContext.tsx +++ b/src/landings/components/ProductGuidesContext.tsx @@ -1,12 +1,13 @@ import { createContext, useContext } from 'react' import pick from 'lodash/pick' +import type { ExtendedRequest } from '@/types' export type LearningTrack = { trackName: string trackProduct: string title: string description: string - guides?: Array<{ href: string; page?: { type: string }; title: string; intro: string }> + guides?: Array<{ href: string; type: string | null; title: string; intro: string }> } export type ArticleGuide = { @@ -38,24 +39,45 @@ export const useProductGuidesContext = (): ProductGuidesContextT => { return context } -export const getProductGuidesContextFromRequest = (req: any): ProductGuidesContextT => { - const page = req.context.page +export const getProductGuidesContextFromRequest = (req: ExtendedRequest): ProductGuidesContextT => { + if (!req.context || !req.context.page) { + throw new Error('Request context or page is missing') + } + + const page = req.context.page as typeof req.context.page & { + learningTracks?: Array> + includeGuides?: Array> + } - const learningTracks: LearningTrack[] = (page.learningTracks || []).map((track: any) => ({ - ...pick(track, ['title', 'description', 'trackName', 'trackProduct']), - guides: (track.guides || []).map((guide: any) => { - return pick(guide, ['title', 'intro', 'href', 'page.type']) + const learningTracks: LearningTrack[] = (page.learningTracks || []).map( + (track: Record) => ({ + title: (track.title as string) || '', + description: (track.description as string) || '', + trackName: (track.trackName as string) || '', + trackProduct: (track.trackProduct as string) || '', + guides: ((track.guides as Array>) || []).map( + (guide: Record) => ({ + title: (guide.title as string) || '', + intro: (guide.intro as string) || '', + href: (guide.href as string) || '', + type: ((guide.page as any)?.type as string) || null, + }), + ), }), - })) + ) return { ...pick(page, ['title', 'intro']), + title: page.title || '', + intro: page.intro || '', learningTracks, - includeGuides: (page.includeGuides || []).map((guide: any) => { + includeGuides: (page.includeGuides || []).map((guide: Record) => { return { - ...pick(guide, ['href', 'title', 'intro']), - type: guide.type || '', - topics: guide.topics || [], + href: (guide.href as string) || '', + title: (guide.title as string) || '', + intro: (guide.intro as string) || '', + type: (guide.type as string) || '', + topics: (guide.topics as Array) || [], } }), } diff --git a/src/landings/components/bespoke/BespokeLanding.tsx b/src/landings/components/bespoke/BespokeLanding.tsx index 7b4b1f85da9e..b1d715c528a2 100644 --- a/src/landings/components/bespoke/BespokeLanding.tsx +++ b/src/landings/components/bespoke/BespokeLanding.tsx @@ -13,7 +13,7 @@ export const BespokeLanding = () => { heroImage, introLinks, tocItems, - recommended, + carousels, includedCategories, landingType, } = useLandingContext() @@ -29,7 +29,16 @@ export const BespokeLanding = () => {
    - + {/* Render carousels */} + {carousels && + Object.entries(carousels).map(([carouselKey, articles]) => ( + + ))} + { heroImage, introLinks, tocItems, - recommended, + carousels, includedCategories, landingType, } = useLandingContext() @@ -25,10 +25,19 @@ export const DiscoveryLanding = () => { return ( -
    +
    - + {/* Render carousels */} + {carousels && + Object.entries(carousels).map(([carouselKey, articles]) => ( + + ))} + { return ( -
    +
    diff --git a/src/landings/components/journey/JourneyLearningTracks.tsx b/src/landings/components/journey/JourneyLearningTracks.tsx index 20cbcc355b34..dc9e456a9fdd 100644 --- a/src/landings/components/journey/JourneyLearningTracks.tsx +++ b/src/landings/components/journey/JourneyLearningTracks.tsx @@ -2,6 +2,7 @@ import { ChevronDownIcon, ChevronUpIcon } from '@primer/octicons-react' import { Details, Timeline, Token, useDetails } from '@primer/react' import { Link } from '@/frame/components/Link' +import { useTranslation } from '@/languages/components/useTranslation' import { JourneyTrack } from '@/journeys/lib/journey-path-resolver' import styles from './JourneyLearningTracks.module.scss' @@ -10,6 +11,8 @@ type JourneyLearningTracksProps = { } export const JourneyLearningTracks = ({ tracks }: JourneyLearningTracksProps) => { + const { t } = useTranslation('journey_landing') + if (!tracks || tracks.length === 0) { return null } @@ -26,7 +29,7 @@ export const JourneyLearningTracks = ({ tracks }: JourneyLearningTracksProps) => >
    -

    {track.title}

    +

    {track.title}

    @@ -49,6 +52,29 @@ export const JourneyLearningTracks = ({ tracks }: JourneyLearningTracksProps) => ) } + // simple single journey + if (tracks.length === 1) { + const track = tracks[0] + + return ( +
    +
    +

    {t('articles_heading')}

    +
    +
      + {(track.guides || []).map((article: { href: string; title: string }) => ( +
    1. + + {article.title} + +
      2. + ))} +
    +
    + ) + } + + // more than one journey has timeline and mobile layout return (
    {/* Desktop: Timeline component */} diff --git a/src/landings/components/shared/LandingArticleGridWithFilter.tsx b/src/landings/components/shared/LandingArticleGridWithFilter.tsx index d3e1fcb87efd..6d0ac66a4d3e 100644 --- a/src/landings/components/shared/LandingArticleGridWithFilter.tsx +++ b/src/landings/components/shared/LandingArticleGridWithFilter.tsx @@ -8,6 +8,7 @@ import { useTranslation } from '@/languages/components/useTranslation' import { ArticleCardItems, ChildTocItem, TocItem } from '@/landings/types' import { LandingType } from '@/landings/context/LandingContext' import type { QueryParams } from '@/search/components/hooks/useMultiQueryParams' +import { fuzzyMatchScore } from '@/landings/lib/fuzzy-match' import styles from './LandingArticleGridWithFilter.module.scss' @@ -151,20 +152,27 @@ export const ArticleGrid = ({ let results = filteredArticlesByLandingType if (searchQuery) { - results = results.filter((token) => { - return Object.values(token).some((value) => { - if (typeof value === 'string') { - return value.toLowerCase().includes(searchQuery.toLowerCase()) - } else if (Array.isArray(value)) { - return value.some((item) => { - if (typeof item === 'string') { - return item.toLowerCase().includes(searchQuery.toLowerCase()) + // Calculate match scores for each article + const scoredResults = results + .map((token) => { + let maxScore = -1 + for (const value of Object.values(token)) { + if (typeof value === 'string') { + maxScore = Math.max(maxScore, fuzzyMatchScore(value, searchQuery)) + } else if (Array.isArray(value)) { + for (const item of value) { + if (typeof item === 'string') { + maxScore = Math.max(maxScore, fuzzyMatchScore(item, searchQuery)) + } } - }) + } } - return false + return { token, score: maxScore } }) - }) + .filter(({ score }) => score >= 0) + .sort((a, b) => b.score - a.score) + + results = scoredResults.map(({ token }) => token) } if (selectedCategory !== ALL_CATEGORIES) { diff --git a/src/landings/components/shared/LandingCarousel.module.scss b/src/landings/components/shared/LandingCarousel.module.scss index 39d29d59f513..9c63521012a2 100644 --- a/src/landings/components/shared/LandingCarousel.module.scss +++ b/src/landings/components/shared/LandingCarousel.module.scss @@ -1,6 +1,20 @@ .carousel { margin-top: 3rem; --carousel-transition-duration: 0.1s; + + // Subsequent carousels with headings get reduced margin + & + & { + margin-top: 1rem; + } +} + +// Remove top margin for carousels without headings that come after another carousel +.carousel.noHeading { + margin-top: 0; + + & + .carousel { + margin-top: 0; + } } .header { @@ -12,6 +26,12 @@ align-items: center; } +// When header only contains navigation (no heading), add top margin to separate from previous carousel +.header:has(.navigation):not(:has(.heading)) { + margin-top: 1rem; + justify-content: flex-end; +} + .heading { font-size: 1.5rem; font-weight: 600; diff --git a/src/landings/components/shared/LandingCarousel.tsx b/src/landings/components/shared/LandingCarousel.tsx index 0ec75e24cf69..b549b3e560eb 100644 --- a/src/landings/components/shared/LandingCarousel.tsx +++ b/src/landings/components/shared/LandingCarousel.tsx @@ -9,7 +9,8 @@ import styles from './LandingCarousel.module.scss' type LandingCarouselProps = { heading?: string - recommended?: ResolvedArticle[] + carouselKey?: string // Optional key for translation lookup (e.g., "recommended") + carouselArticles?: ResolvedArticle[] } // Hook to get current items per view based on screen size @@ -39,14 +40,32 @@ const useResponsiveItemsPerView = () => { return itemsPerView } -export const LandingCarousel = ({ heading = '', recommended }: LandingCarouselProps) => { +export const LandingCarousel = ({ + heading = '', + carouselKey, + carouselArticles, +}: LandingCarouselProps) => { const [currentPage, setCurrentPage] = useState(0) const [isAnimating, setIsAnimating] = useState(false) const itemsPerView = useResponsiveItemsPerView() - const { t } = useTranslation('product_landing') + const { t } = useTranslation('carousels') const router = useRouter() const { currentVersion } = useVersion() - const headingText = heading || t('carousel.recommended') + + // Determine heading text + let headingText = heading + if (!headingText && carouselKey) { + // Try to get translation for the carousel key + const translated = t(carouselKey) + + // Check if we got a real translation or a fallback + const looksLikeFallback = !translated || translated === carouselKey + + if (!looksLikeFallback) { + headingText = translated + } + } + // Ref to store timeout IDs for cleanup const animationTimeoutRef = useRef(null) @@ -55,7 +74,7 @@ export const LandingCarousel = ({ heading = '', recommended }: LandingCarouselPr setCurrentPage(0) }, [itemsPerView]) - const processedItems: ResolvedArticle[] = recommended || [] + const processedItems: ResolvedArticle[] = carouselArticles || [] // Cleanup timeout on unmount useEffect(() => { @@ -116,9 +135,12 @@ export const LandingCarousel = ({ heading = '', recommended }: LandingCarouselPr } return ( -
    +
    -

    {headingText}

    + {headingText &&

    {headingText}

    } {totalItems > itemsPerView && (